package d.a.a.c;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.Cipher;

/* compiled from: SignerInformation.java */
/* loaded from: classes.dex */
public class cq {

    /* renamed from: a, reason: collision with root package name */
    private cn f7523a;

    /* renamed from: b, reason: collision with root package name */
    private d.a.a.a.c.an f7524b;

    /* renamed from: c, reason: collision with root package name */
    private d.a.a.a.ab.b f7525c;

    /* renamed from: d, reason: collision with root package name */
    private d.a.a.a.ab.b f7526d;
    private final d.a.a.a.v e;
    private final d.a.a.a.v f;
    private ai g;
    private byte[] h;
    private d.a.a.a.n i;
    private bf j;
    private byte[] k;
    private d.a.a.l.y l;
    private d.a.a.a.c.b m;
    private d.a.a.a.c.b n;
    private boolean o;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cq(d.a.a.a.c.an anVar, d.a.a.a.n nVar, ai aiVar, bf bfVar, d.a.a.l.y yVar) {
        this.f7524b = anVar;
        this.i = nVar;
        this.l = yVar;
        this.o = nVar == null;
        d.a.a.a.c.am sid = anVar.getSID();
        if (sid.isTagged()) {
            this.f7523a = new cn(d.a.a.a.o.getInstance(sid.getId()).getOctets());
        } else {
            d.a.a.a.c.t tVar = d.a.a.a.c.t.getInstance(sid.getId());
            this.f7523a = new cn(tVar.getName(), tVar.getSerialNumber().getValue());
        }
        this.f7525c = anVar.getDigestAlgorithm();
        this.e = anVar.getAuthenticatedAttributes();
        this.f = anVar.getUnauthenticatedAttributes();
        this.f7526d = anVar.getDigestEncryptionAlgorithm();
        this.h = anVar.getEncryptedDigest().getOctets();
        this.g = aiVar;
        this.j = bfVar;
    }

    private d.a.a.a.ab.s a(byte[] bArr) throws IOException, ag {
        if (bArr[0] != 48) {
            throw new IOException("not a digest info object");
        }
        d.a.a.a.ab.s sVar = new d.a.a.a.ab.s((d.a.a.a.s) new d.a.a.a.j(bArr).readObject());
        if (sVar.getEncoded().length != bArr.length) {
            throw new ag("malformed RSA signature");
        }
        return sVar;
    }

    private d.a.a.a.bl a(d.a.a.a.bm bmVar, String str) throws ag {
        d.a.a.a.c.b unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes != null && unsignedAttributes.getAll(bmVar).size() > 0) {
            throw new ag("The " + str + " attribute MUST NOT be an unsigned attribute");
        }
        d.a.a.a.c.b signedAttributes = getSignedAttributes();
        if (signedAttributes == null) {
            return null;
        }
        d.a.a.a.e all = signedAttributes.getAll(bmVar);
        switch (all.size()) {
            case 0:
                return null;
            case 1:
                d.a.a.a.v attrValues = ((d.a.a.a.c.a) all.get(0)).getAttrValues();
                if (attrValues.size() != 1) {
                    throw new ag("A " + str + " attribute MUST have a single attribute value");
                }
                return attrValues.getObjectAt(0).getDERObject();
            default:
                throw new ag("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + str + " attribute");
        }
    }

    private d.a.a.a.c.ao a() throws ag {
        d.a.a.a.bl a2 = a(d.a.a.a.c.h.f6725c, "signing-time");
        if (a2 == null) {
            return null;
        }
        try {
            return d.a.a.a.c.ao.getInstance(a2);
        } catch (IllegalArgumentException e) {
            throw new ag("signing-time attribute value not a valid 'Time' structure");
        }
    }

    private boolean a(cs csVar) throws ag {
        String a2 = au.f7360a.a(getDigestAlgOID());
        String c2 = au.f7360a.c(getEncryptionAlgOID());
        String str = String.valueOf(a2) + "with" + c2;
        try {
            if (this.j != null) {
                this.k = this.j.getDigest();
            } else {
                d.a.a.l.i digestCalculator = csVar.getDigestCalculator(getDigestAlgorithmID());
                if (this.g != null) {
                    OutputStream outputStream = digestCalculator.getOutputStream();
                    this.g.write(outputStream);
                    outputStream.close();
                } else if (this.e == null) {
                    throw new ag("data not encapsulated in signature - use detached constructor.");
                }
                this.k = digestCalculator.getDigest();
            }
            d.a.a.a.bl a3 = a(d.a.a.a.c.h.f6723a, "content-type");
            if (a3 == null) {
                if (!this.o && this.e != null) {
                    throw new ag("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new ag("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a3 instanceof d.a.a.a.bm)) {
                    throw new ag("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((d.a.a.a.bm) a3).equals(this.i)) {
                    throw new ag("content-type attribute value does not match eContentType");
                }
            }
            d.a.a.a.bl a4 = a(d.a.a.a.c.h.f6724b, "message-digest");
            if (a4 == null) {
                if (this.e != null) {
                    throw new ag("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a4 instanceof d.a.a.a.o)) {
                    throw new ag("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!d.a.a.o.a.constantTimeAreEqual(this.k, ((d.a.a.a.o) a4).getOctets())) {
                    throw new av("message-digest attribute value does not match calculated value");
                }
            }
            d.a.a.a.c.b signedAttributes = getSignedAttributes();
            if (signedAttributes != null && signedAttributes.getAll(d.a.a.a.c.h.f6726d).size() > 0) {
                throw new ag("A countersignature attribute MUST NOT be a signed attribute");
            }
            d.a.a.a.c.b unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                d.a.a.a.e all = unsignedAttributes.getAll(d.a.a.a.c.h.f6726d);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < all.size()) {
                        if (((d.a.a.a.c.a) all.get(i2)).getAttrValues().size() < 1) {
                            throw new ag("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                d.a.a.l.d contentVerifier = csVar.getContentVerifier(this.l.find(str));
                OutputStream outputStream2 = contentVerifier.getOutputStream();
                if (this.e != null) {
                    outputStream2.write(getEncodedSignedAttributes());
                } else {
                    if (this.j != null) {
                        if (!(contentVerifier instanceof d.a.a.l.w)) {
                            throw new ag("verifier unable to process raw signature");
                        }
                        d.a.a.l.w wVar = (d.a.a.l.w) contentVerifier;
                        return c2.equals("RSA") ? wVar.verify(new d.a.a.a.ab.s(this.f7525c, this.k).getDEREncoded(), getSignature()) : wVar.verify(this.k, getSignature());
                    }
                    if (this.g != null) {
                        this.g.write(outputStream2);
                    }
                }
                outputStream2.close();
                return contentVerifier.verify(getSignature());
            } catch (d.a.a.l.r e) {
                throw new ag("can't create content verifier: " + e.getMessage(), e);
            } catch (IOException e2) {
                throw new ag("can't process mime object to create signature.", e2);
            }
        } catch (d.a.a.l.r e3) {
            throw new ag("can't create digest calculator: " + e3.getMessage(), e3);
        } catch (IOException e4) {
            throw new ag("can't process mime object to create signature.", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new ag("can't find algorithm: " + e5.getMessage(), e5);
        }
    }

    private boolean a(PublicKey publicKey, Provider provider) throws ag, NoSuchAlgorithmException {
        String a2 = au.f7360a.a(getDigestAlgOID());
        Signature b2 = au.f7360a.b(String.valueOf(a2) + "with" + au.f7360a.c(getEncryptionAlgOID()), provider);
        MessageDigest a3 = au.f7360a.a(a2, provider);
        try {
            if (this.j != null) {
                this.k = this.j.getDigest();
            } else {
                if (this.g != null) {
                    this.g.write(new be(a3));
                } else if (this.e == null) {
                    throw new ag("data not encapsulated in signature - use detached constructor.");
                }
                this.k = a3.digest();
            }
            d.a.a.a.bl a4 = a(d.a.a.a.c.h.f6723a, "content-type");
            if (a4 == null) {
                if (!this.o && this.e != null) {
                    throw new ag("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new ag("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a4 instanceof d.a.a.a.bm)) {
                    throw new ag("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((d.a.a.a.bm) a4).equals(this.i)) {
                    throw new ag("content-type attribute value does not match eContentType");
                }
            }
            d.a.a.a.bl a5 = a(d.a.a.a.c.h.f6724b, "message-digest");
            if (a5 == null) {
                if (this.e != null) {
                    throw new ag("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a5 instanceof d.a.a.a.o)) {
                    throw new ag("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!d.a.a.o.a.constantTimeAreEqual(this.k, ((d.a.a.a.o) a5).getOctets())) {
                    throw new av("message-digest attribute value does not match calculated value");
                }
            }
            d.a.a.a.c.b signedAttributes = getSignedAttributes();
            if (signedAttributes != null && signedAttributes.getAll(d.a.a.a.c.h.f6726d).size() > 0) {
                throw new ag("A countersignature attribute MUST NOT be a signed attribute");
            }
            d.a.a.a.c.b unsignedAttributes = getUnsignedAttributes();
            if (unsignedAttributes != null) {
                d.a.a.a.e all = unsignedAttributes.getAll(d.a.a.a.c.h.f6726d);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < all.size()) {
                        if (((d.a.a.a.c.a) all.get(i2)).getAttrValues().size() < 1) {
                            throw new ag("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                b2.initVerify(publicKey);
                if (this.e != null) {
                    b2.update(getEncodedSignedAttributes());
                } else {
                    if (this.j != null) {
                        return a(this.k, publicKey, getSignature(), provider);
                    }
                    if (this.g != null) {
                        this.g.write(new cm(b2));
                    }
                }
                return b2.verify(getSignature());
            } catch (IOException e) {
                throw new ag("can't process mime object to create signature.", e);
            } catch (InvalidKeyException e2) {
                throw new ag("key not appropriate to signature in message.", e2);
            } catch (SignatureException e3) {
                throw new ag("invalid signature format in message: " + e3.getMessage(), e3);
            }
        } catch (IOException e4) {
            throw new ag("can't process mime object to create signature.", e4);
        }
    }

    private boolean a(byte[] bArr, PublicKey publicKey, byte[] bArr2, Provider provider) throws NoSuchAlgorithmException, ag {
        String c2 = au.f7360a.c(getEncryptionAlgOID());
        try {
            if (!c2.equals("RSA")) {
                if (!c2.equals("DSA")) {
                    throw new ag("algorithm: " + c2 + " not supported in base signatures.");
                }
                Signature b2 = au.f7360a.b("NONEwithDSA", provider);
                b2.initVerify(publicKey);
                b2.update(bArr);
                return b2.verify(bArr2);
            }
            Cipher a2 = ac.f7299a.a("RSA/ECB/PKCS1Padding", provider);
            a2.init(2, publicKey);
            d.a.a.a.ab.s a3 = a(a2.doFinal(bArr2));
            if (a3.getAlgorithmId().getObjectId().equals(this.f7525c.getObjectId()) && b(a3.getAlgorithmId().getParameters())) {
                return d.a.a.o.a.constantTimeAreEqual(bArr, a3.getDigest());
            }
            return false;
        } catch (IOException e) {
            throw new ag("Exception decoding signature: " + e, e);
        } catch (GeneralSecurityException e2) {
            throw new ag("Exception processing signature: " + e2, e2);
        }
    }

    private byte[] a(d.a.a.a.ay ayVar) throws IOException {
        if (ayVar != null) {
            return ayVar.getDERObject().getEncoded();
        }
        return null;
    }

    public static cq addCounterSigners(cq cqVar, cr crVar) {
        d.a.a.a.c.an anVar = cqVar.f7524b;
        d.a.a.a.c.b unsignedAttributes = cqVar.getUnsignedAttributes();
        d.a.a.a.e aSN1EncodableVector = unsignedAttributes != null ? unsignedAttributes.toASN1EncodableVector() : new d.a.a.a.e();
        d.a.a.a.e eVar = new d.a.a.a.e();
        Iterator it = crVar.getSigners().iterator();
        while (it.hasNext()) {
            eVar.add(((cq) it.next()).toSignerInfo());
        }
        aSN1EncodableVector.add(new d.a.a.a.c.a(d.a.a.a.c.h.f6726d, new d.a.a.a.bu(eVar)));
        return new cq(new d.a.a.a.c.an(anVar.getSID(), anVar.getDigestAlgorithm(), anVar.getAuthenticatedAttributes(), anVar.getDigestEncryptionAlgorithm(), anVar.getEncryptedDigest(), new d.a.a.a.bu(aSN1EncodableVector)), cqVar.i, cqVar.g, null, new d.a.a.l.g());
    }

    private boolean b(d.a.a.a.ay ayVar) {
        return (ayVar instanceof d.a.a.a.l) || ayVar == null;
    }

    public static cq replaceUnsignedAttributes(cq cqVar, d.a.a.a.c.b bVar) {
        d.a.a.a.c.an anVar = cqVar.f7524b;
        return new cq(new d.a.a.a.c.an(anVar.getSID(), anVar.getDigestAlgorithm(), anVar.getAuthenticatedAttributes(), anVar.getDigestEncryptionAlgorithm(), anVar.getEncryptedDigest(), bVar != null ? new d.a.a.a.bu(bVar.toASN1EncodableVector()) : null), cqVar.i, cqVar.g, null, new d.a.a.l.g());
    }

    public byte[] getContentDigest() {
        if (this.k == null) {
            throw new IllegalStateException("method can only be called after verify.");
        }
        return (byte[]) this.k.clone();
    }

    public d.a.a.a.n getContentType() {
        return this.i;
    }

    public cr getCounterSignatures() {
        int i = 0;
        d.a.a.a.c.b unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes == null) {
            return new cr(new ArrayList(0));
        }
        ArrayList arrayList = new ArrayList();
        d.a.a.a.e all = unsignedAttributes.getAll(d.a.a.a.c.h.f6726d);
        while (true) {
            int i2 = i;
            if (i2 >= all.size()) {
                return new cr(arrayList);
            }
            d.a.a.a.v attrValues = ((d.a.a.a.c.a) all.get(i2)).getAttrValues();
            attrValues.size();
            Enumeration objects = attrValues.getObjects();
            while (objects.hasMoreElements()) {
                d.a.a.a.c.an anVar = d.a.a.a.c.an.getInstance(objects.nextElement());
                arrayList.add(new cq(anVar, null, null, new bb(au.f7360a.a(anVar.getDigestAlgorithm().getObjectId().getId()), null, getSignature()), new d.a.a.l.g()));
            }
            i = i2 + 1;
        }
    }

    public String getDigestAlgOID() {
        return this.f7525c.getObjectId().getId();
    }

    public byte[] getDigestAlgParams() {
        try {
            return a(this.f7525c.getParameters());
        } catch (Exception e) {
            throw new RuntimeException("exception getting digest parameters " + e);
        }
    }

    public d.a.a.a.ab.b getDigestAlgorithmID() {
        return this.f7525c;
    }

    public byte[] getEncodedSignedAttributes() throws IOException {
        if (this.e != null) {
            return this.e.getEncoded("DER");
        }
        return null;
    }

    public String getEncryptionAlgOID() {
        return this.f7526d.getObjectId().getId();
    }

    public byte[] getEncryptionAlgParams() {
        try {
            return a(this.f7526d.getParameters());
        } catch (Exception e) {
            throw new RuntimeException("exception getting encryption parameters " + e);
        }
    }

    public cn getSID() {
        return this.f7523a;
    }

    public byte[] getSignature() {
        return (byte[]) this.h.clone();
    }

    public d.a.a.a.c.b getSignedAttributes() {
        if (this.e != null && this.m == null) {
            this.m = new d.a.a.a.c.b(this.e);
        }
        return this.m;
    }

    public d.a.a.a.c.b getUnsignedAttributes() {
        if (this.f != null && this.n == null) {
            this.n = new d.a.a.a.c.b(this.f);
        }
        return this.n;
    }

    public int getVersion() {
        return this.f7524b.getVersion().getValue().intValue();
    }

    public boolean isCounterSignature() {
        return this.o;
    }

    public d.a.a.a.c.an toASN1Structure() {
        return this.f7524b;
    }

    public d.a.a.a.c.an toSignerInfo() {
        return this.f7524b;
    }

    public boolean verify(cs csVar) throws ag {
        d.a.a.a.c.ao a2 = a();
        if (!csVar.hasAssociatedCertificate() || a2 == null || csVar.getAssociatedCertificate().isValidOn(a2.getDate())) {
            return a(csVar);
        }
        throw new ba("verifier not valid at signingTime");
    }

    public boolean verify(PublicKey publicKey, String str) throws NoSuchAlgorithmException, NoSuchProviderException, ag {
        return verify(publicKey, az.getProvider(str));
    }

    public boolean verify(PublicKey publicKey, Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException, ag {
        a();
        return a(publicKey, provider);
    }

    public boolean verify(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, ag {
        return verify(x509Certificate, az.getProvider(str));
    }

    public boolean verify(X509Certificate x509Certificate, Provider provider) throws NoSuchAlgorithmException, CertificateExpiredException, CertificateNotYetValidException, ag {
        d.a.a.a.c.ao a2 = a();
        if (a2 != null) {
            x509Certificate.checkValidity(a2.getDate());
        }
        return a(x509Certificate.getPublicKey(), provider);
    }
}
