package sun1.security.pkcs;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import org.jf.dexlib2.util.Preconditions;
import sun1.security.util.Debug;
import sun1.security.util.DerInputStream;
import sun1.security.util.DerOutputStream;
import sun1.security.util.DerValue;
import sun1.security.util.ObjectIdentifier;
import sun1.security.x509.AlgorithmId;
import sun1.security.x509.KeyUsageExtension;
import sun1.security.x509.X500Name;
import sun1.security.x509.X509CertImpl;
import sun1.security.x509.X509CertInfo;

/* loaded from: classes.dex */
public class PKCS7 {
    public Principal[] certIssuerNames;
    public X509Certificate[] certificates;
    public ContentInfo contentInfo;
    public ObjectIdentifier contentType;
    public X509CRL[] crls;
    public AlgorithmId[] digestAlgorithmIds;
    public SignerInfo[] signerInfos;
    public BigInteger version;

    public PKCS7(byte[] bArr) throws ParsingException {
        this.version = null;
        this.digestAlgorithmIds = null;
        this.contentInfo = null;
        this.certificates = null;
        this.crls = null;
        this.signerInfos = null;
        try {
            DerInputStream derInputStream = new DerInputStream(bArr);
            try {
                try {
                    derInputStream.buffer.mark(derInputStream.available());
                    parse(derInputStream, false);
                } catch (IOException unused) {
                    derInputStream.buffer.reset();
                    parse(derInputStream, true);
                }
            } catch (IOException e) {
                ParsingException parsingException = new ParsingException(e.getMessage());
                parsingException.initCause(e);
                throw parsingException;
            }
        } catch (IOException e2) {
            ParsingException parsingException2 = new ParsingException("Unable to parse the encoded bytes");
            parsingException2.initCause(e2);
            throw parsingException2;
        }
    }

    public PKCS7(AlgorithmId[] algorithmIdArr, ContentInfo contentInfo, X509Certificate[] x509CertificateArr, SignerInfo[] signerInfoArr) {
        this.version = null;
        this.digestAlgorithmIds = null;
        this.contentInfo = null;
        this.certificates = null;
        this.crls = null;
        this.signerInfos = null;
        this.version = BigInteger.ONE;
        this.digestAlgorithmIds = algorithmIdArr;
        this.contentInfo = contentInfo;
        this.certificates = x509CertificateArr;
        this.signerInfos = signerInfoArr;
    }

    public void encodeSignedData(OutputStream outputStream) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        DerOutputStream derOutputStream2 = new DerOutputStream();
        derOutputStream2.putInteger(this.version);
        derOutputStream2.putOrderedSetOf((byte) 49, this.digestAlgorithmIds);
        this.contentInfo.encode(derOutputStream2);
        X509Certificate[] x509CertificateArr = this.certificates;
        if (x509CertificateArr != null && x509CertificateArr.length != 0) {
            X509CertImpl[] x509CertImplArr = new X509CertImpl[x509CertificateArr.length];
            int i = 0;
            while (true) {
                X509Certificate[] x509CertificateArr2 = this.certificates;
                if (i >= x509CertificateArr2.length) {
                    break;
                }
                if (x509CertificateArr2[i] instanceof X509CertImpl) {
                    x509CertImplArr[i] = (X509CertImpl) x509CertificateArr2[i];
                } else {
                    try {
                        x509CertImplArr[i] = new X509CertImpl(x509CertificateArr2[i].getEncoded());
                    } catch (CertificateException e) {
                        throw new IOException(e);
                    }
                }
                i++;
            }
            derOutputStream2.putOrderedSetOf((byte) -96, x509CertImplArr);
        }
        derOutputStream2.putOrderedSetOf((byte) 49, this.signerInfos);
        new ContentInfo(ContentInfo.SIGNED_DATA_OID, new DerValue((byte) 48, derOutputStream2.toByteArray())).encode(derOutputStream);
        outputStream.write(derOutputStream.toByteArray());
    }

    public X509Certificate getCertificate(BigInteger bigInteger, X500Name x500Name) {
        X509Certificate[] x509CertificateArr = this.certificates;
        if (x509CertificateArr == null) {
            return null;
        }
        int i = 0;
        if (this.certIssuerNames == null && x509CertificateArr != null) {
            this.certIssuerNames = new Principal[x509CertificateArr.length];
            int i2 = 0;
            while (true) {
                X509Certificate[] x509CertificateArr2 = this.certificates;
                if (i2 >= x509CertificateArr2.length) {
                    break;
                }
                X509Certificate x509Certificate = x509CertificateArr2[i2];
                Principal issuerDN = x509Certificate.getIssuerDN();
                if (!(issuerDN instanceof X500Name)) {
                    try {
                        issuerDN = (Principal) new X509CertInfo(x509Certificate.getTBSCertificate()).get("issuer.dname");
                    } catch (Exception unused) {
                    }
                }
                this.certIssuerNames[i2] = issuerDN;
                i2++;
            }
        }
        while (true) {
            X509Certificate[] x509CertificateArr3 = this.certificates;
            if (i >= x509CertificateArr3.length) {
                return null;
            }
            X509Certificate x509Certificate2 = x509CertificateArr3[i];
            if (bigInteger.equals(x509Certificate2.getSerialNumber()) && x500Name.equals(this.certIssuerNames[i])) {
                return x509Certificate2;
            }
            i++;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:117:0x01fc  */
    /* JADX WARN: Removed duplicated region for block: B:161:0x028e  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x00a6  */
    /* JADX WARN: Removed duplicated region for block: B:68:0x0101  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void parse(sun1.security.util.DerInputStream r10, boolean r11) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 685
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun1.security.pkcs.PKCS7.parse(sun1.security.util.DerInputStream, boolean):void");
    }

    public String toString() {
        String str = "" + this.contentInfo + "\n";
        if (this.version != null) {
            str = String.valueOf(str) + "PKCS7 :: version: " + Debug.toHexString(this.version) + "\n";
        }
        if (this.digestAlgorithmIds != null) {
            str = String.valueOf(str) + "PKCS7 :: digest AlgorithmIds: \n";
            for (int i = 0; i < this.digestAlgorithmIds.length; i++) {
                str = String.valueOf(str) + "\t" + this.digestAlgorithmIds[i] + "\n";
            }
        }
        if (this.certificates != null) {
            str = String.valueOf(str) + "PKCS7 :: certificates: \n";
            for (int i2 = 0; i2 < this.certificates.length; i2++) {
                str = String.valueOf(str) + "\t" + i2 + ".   " + this.certificates[i2] + "\n";
            }
        }
        if (this.crls != null) {
            str = String.valueOf(str) + "PKCS7 :: crls: \n";
            for (int i3 = 0; i3 < this.crls.length; i3++) {
                str = String.valueOf(str) + "\t" + i3 + ".   " + this.crls[i3] + "\n";
            }
        }
        if (this.signerInfos != null) {
            str = String.valueOf(str) + "PKCS7 :: signer infos: \n";
            for (int i4 = 0; i4 < this.signerInfos.length; i4++) {
                str = String.valueOf(str) + "\t" + i4 + ".  " + this.signerInfos[i4] + "\n";
            }
        }
        return str;
    }

    public SignerInfo verify(SignerInfo signerInfo, byte[] bArr) throws NoSuchAlgorithmException, SignatureException {
        byte[] bArr2;
        if (signerInfo == null) {
            throw null;
        }
        try {
            try {
                ContentInfo contentInfo = this.contentInfo;
                if (bArr == null) {
                    DerValue derValue = contentInfo.content;
                    bArr = derValue == null ? null : new DerInputStream(derValue.toByteArray()).getOctetString();
                }
                String name = signerInfo.digestAlgorithmId.getName();
                if (signerInfo.authenticatedAttributes != null) {
                    ObjectIdentifier objectIdentifier = (ObjectIdentifier) signerInfo.authenticatedAttributes.getAttributeValue(PKCS9Attribute.CONTENT_TYPE_OID);
                    if (objectIdentifier != null && objectIdentifier.equals(contentInfo.contentType) && (bArr2 = (byte[]) signerInfo.authenticatedAttributes.getAttributeValue(PKCS9Attribute.MESSAGE_DIGEST_OID)) != null) {
                        if (!SignerInfo.JAR_DISABLED_CHECK.permits(SignerInfo.DIGEST_PRIMITIVE_SET, name)) {
                            throw new SignatureException("Digest check failed. Disabled algorithm used: " + name);
                        }
                        byte[] digest = MessageDigest.getInstance(AlgorithmId.getStandardDigestName(name)).digest(bArr);
                        if (bArr2.length == digest.length) {
                            for (int i = 0; i < bArr2.length; i++) {
                                if (bArr2[i] != digest[i]) {
                                    break;
                                }
                            }
                            bArr = (byte[]) signerInfo.authenticatedAttributes.derEncoding.clone();
                        }
                    }
                    return null;
                }
                String name2 = signerInfo.digestEncryptionAlgorithmId.getName();
                String encAlgFromSigAlg = AlgorithmId.getEncAlgFromSigAlg(name2);
                if (encAlgFromSigAlg != null) {
                    name2 = encAlgFromSigAlg;
                }
                String makeSigAlg = AlgorithmId.makeSigAlg(name, name2);
                if (!SignerInfo.JAR_DISABLED_CHECK.permits(SignerInfo.SIG_PRIMITIVE_SET, makeSigAlg)) {
                    throw new SignatureException("Signature check failed. Disabled algorithm used: " + makeSigAlg);
                }
                X509Certificate certificate = getCertificate(signerInfo.certificateSerialNumber, signerInfo.issuerName);
                PublicKey publicKey = certificate.getPublicKey();
                if (!SignerInfo.JAR_DISABLED_CHECK.permits(SignerInfo.SIG_PRIMITIVE_SET, publicKey)) {
                    throw new SignatureException("Public key check failed. Disabled key used: " + Preconditions.getKeySize(publicKey) + " bit " + publicKey.getAlgorithm());
                }
                if (certificate.hasUnsupportedCriticalExtension()) {
                    throw new SignatureException("Certificate has unsupported critical extension(s)");
                }
                boolean[] keyUsage = certificate.getKeyUsage();
                if (keyUsage != null) {
                    try {
                        KeyUsageExtension keyUsageExtension = new KeyUsageExtension(keyUsage);
                        boolean booleanValue = keyUsageExtension.get(KeyUsageExtension.DIGITAL_SIGNATURE).booleanValue();
                        boolean booleanValue2 = keyUsageExtension.get(KeyUsageExtension.NON_REPUDIATION).booleanValue();
                        if (!booleanValue && !booleanValue2) {
                            throw new SignatureException("Key usage restricted: cannot be used for digital signatures");
                        }
                    } catch (IOException unused) {
                        throw new SignatureException("Failed to parse keyUsage extension");
                    }
                }
                Signature signature = Signature.getInstance(makeSigAlg);
                signature.initVerify(publicKey);
                signature.update(bArr);
                if (signature.verify(signerInfo.encryptedDigest)) {
                    return signerInfo;
                }
                return null;
            } catch (InvalidKeyException e) {
                throw new SignatureException("InvalidKey: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new SignatureException("IO error verifying signature:\n" + e2.getMessage());
        }
    }
}
