package net.netca.pki.encoding.asn1.pki.cms;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.IKeyAgreement;
import net.netca.pki.encoding.asn1.pki.IKeyWrap;
import net.netca.pki.encoding.asn1.pki.IMac;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.JCEPublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.PublicKeyEncrypter;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public final class AuthenticatedDataBuilder {
    public static final int HMAC_SHA1 = 1;
    public static final int HMAC_SHA224 = 2;
    public static final int HMAC_SHA256 = 3;
    public static final int HMAC_SHA384 = 4;
    public static final int HMAC_SHA3_224 = 6;
    public static final int HMAC_SHA3_256 = 7;
    public static final int HMAC_SHA3_384 = 8;
    public static final int HMAC_SHA3_512 = 9;
    public static final int HMAC_SHA512 = 5;
    public static final int ISSUER_SN_TYPE = 1;
    public static final int SUBJECT_KEYID_TYPE = 2;
    private byte[] content;
    private AlgorithmIdentifier digestAlgorithm;
    private Hashable hasher;
    private IKDF kdfObj;
    private IKeyAgreement keyAgreementObj;
    private IKeyWrap keywrapObj;
    private IMac macObj;
    private PublicKeyEncrypter publicKeyEncrypter;
    private SecureRandomGenerator randGenerator;
    private ArrayList<Integer> certIdTypes = new ArrayList<>();
    private ArrayList<X509Certificate> certs = new ArrayList<>();
    private int macAlgo = -1;
    private int macKeyLength = -1;
    private ArrayList<Attribute> authAttrs = new ArrayList<>();
    private ArrayList<Attribute> unauthAttrs = new ArrayList<>();
    private String contentType = "1.2.840.113549.1.7.1";
    private ArrayList<Integer> keyAgreementCertIdTypes = new ArrayList<>();
    private ArrayList<X509Certificate> keyAgreementCerts = new ArrayList<>();

    private void checkCompleteness() throws PkiException {
        if (this.certs.size() == 0 && this.keyAgreementCerts.size() == 0) {
            throw new PkiException("no recipientInfos");
        }
        if (this.macAlgo < 0) {
            throw new PkiException("no macAlgorithm");
        }
        if (this.macKeyLength <= 0) {
            throw new PkiException("bad macKeyLength");
        }
        if (this.macObj == null) {
            throw new PkiException("no mac implement");
        }
        if (this.content == null) {
            throw new PkiException("no content");
        }
        if (hasAuthAttribute() && this.digestAlgorithm == null) {
            throw new PkiException("no digestAlgorithm");
        }
        if (this.keyAgreementCerts.size() > 0) {
            if (this.keyAgreementObj == null) {
                throw new PkiException("no keyAgreementObj");
            }
            if (this.kdfObj == null) {
                throw new PkiException("no kdfObj");
            }
            if (this.keywrapObj == null) {
                throw new PkiException("no keywrapObj");
            }
        }
    }

    private byte[] genKey() throws PkiException {
        return this.randGenerator.generate(this.macKeyLength);
    }

    public static AuthenticatedDataBuilder getInstance() {
        return new AuthenticatedDataBuilder();
    }

    private RecipientInfo getKeyAgreementRecipientInfo(int i, X509Certificate x509Certificate, byte[] bArr) throws PkiException {
        return RecipientInfo.newKari(KeyAgreeRecipientInfo.buildECCKeyAgreeRecipientInfo(this.keyAgreementObj, this.kdfObj, this.keywrapObj, bArr, this.randGenerator.generate(32), getKeyAgreementkeyEncryptionAlgorithm(), x509Certificate, i));
    }

    private AlgorithmIdentifier getKeyAgreementkeyEncryptionAlgorithm() throws PkiException {
        String str;
        AlgorithmIdentifier CreateAlgorithmIdentifier;
        switch (this.macAlgo) {
            case 1:
                str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA1KDF_SCHEME_OID;
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES128_WRAP);
                break;
            case 2:
            case 6:
                str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA224KDF_SCHEME_OID;
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES128_WRAP);
                break;
            case 3:
            case 7:
                str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_OID;
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES128_WRAP);
                break;
            case 4:
            case 8:
                str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA384KDF_SCHEME_OID;
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES192_WRAP);
                break;
            case 5:
            case 9:
                str = AlgorithmIdentifier.DHSINGLEPASS_STDDH_SHA512KDF_SCHEME_OID;
                CreateAlgorithmIdentifier = AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.AES256_WRAP);
                break;
            default:
                throw new PkiException("unknown algo");
        }
        return new AlgorithmIdentifier(str, CreateAlgorithmIdentifier.getASN1Object());
    }

    private AlgorithmIdentifier getMacAlgorithm() throws PkiException {
        switch (this.macAlgo) {
            case 1:
                return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.HMAC_SHA1_OID);
            case 2:
                return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.HMAC_SHA224_OID);
            case 3:
                return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.HMAC_SHA256_OID);
            case 4:
                return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.HMAC_SHA384_OID);
            case 5:
                return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.HMAC_SHA512_OID);
            case 6:
                return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.HMAC_SHA3_224_OID);
            case 7:
                return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.HMAC_SHA3_256_OID);
            case 8:
                return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.HMAC_SHA3_384_OID);
            case 9:
                return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.HMAC_SHA3_512_OID);
            default:
                throw new PkiException("unsupport mac Algorithm");
        }
    }

    private int getMacKeyLength(int i) {
        switch (i) {
            case 1:
            case 2:
            case 3:
            case 6:
            case 7:
                return 32;
            case 4:
            case 8:
                return 48;
            case 5:
            case 9:
                return 64;
            default:
                return -1;
        }
    }

    private RecipientInfo getRecipientInfo(int i, X509Certificate x509Certificate, byte[] bArr) throws PkiException {
        if (this.publicKeyEncrypter == null) {
            this.publicKeyEncrypter = new JCEPublicKeyEncrypter();
        }
        return new RecipientInfo(new KeyTransRecipientInfo(i, x509Certificate, bArr, this.publicKeyEncrypter).getASN1Object());
    }

    private RecipientInfos getRecipientInfos(byte[] bArr) throws PkiException {
        int size = this.certs.size();
        RecipientInfos recipientInfos = new RecipientInfos();
        for (int i = 0; i < size; i++) {
            recipientInfos.add(getRecipientInfo(this.certIdTypes.get(i).intValue(), this.certs.get(i), bArr));
        }
        int size2 = this.keyAgreementCerts.size();
        for (int i2 = 0; i2 < size2; i2++) {
            recipientInfos.add(getKeyAgreementRecipientInfo(this.keyAgreementCertIdTypes.get(i2).intValue(), this.keyAgreementCerts.get(i2), bArr));
        }
        return recipientInfos;
    }

    private int getVersion() throws PkiException {
        return 0;
    }

    private boolean hasAuthAttribute() throws PkiException {
        return (this.contentType.equals("1.2.840.113549.1.7.1") && this.authAttrs.size() == 0) ? false : true;
    }

    private boolean hasCert(X509Certificate x509Certificate, int i) {
        for (int i2 = 0; i2 < this.certs.size(); i2++) {
            if (this.certs.get(i2).equals(x509Certificate) && this.certIdTypes.get(i2).intValue() == i) {
                return true;
            }
        }
        return false;
    }

    private boolean hasKeyAgreementCert(X509Certificate x509Certificate, int i) {
        for (int i2 = 0; i2 < this.keyAgreementCerts.size(); i2++) {
            if (this.keyAgreementCerts.get(i2).equals(x509Certificate) && this.certIdTypes.get(i2).intValue() == i) {
                return true;
            }
        }
        return false;
    }

    private boolean isEncCert(X509Certificate x509Certificate) {
        Extension extension;
        try {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
                return true;
            }
            return ((NamedBitStringExtension) extension.getExtensionObject()).isSet(2);
        } catch (PkiException unused) {
            return false;
        }
    }

    private boolean isKeyAgreementCert(X509Certificate x509Certificate) {
        Extension extension;
        try {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
                return true;
            }
            return ((NamedBitStringExtension) extension.getExtensionObject()).isSet(4);
        } catch (PkiException unused) {
            return false;
        }
    }

    private Attributes toAuthAttributes() throws PkiException {
        if (!hasAuthAttribute()) {
            return null;
        }
        Attributes attributes = new Attributes(true);
        Iterator<Attribute> it = this.authAttrs.iterator();
        while (it.hasNext()) {
            attributes.add(it.next());
        }
        return attributes;
    }

    private Attributes toUnauthAttrs() throws PkiException {
        if (this.unauthAttrs.size() == 0) {
            return null;
        }
        Attributes attributes = new Attributes();
        Iterator<Attribute> it = this.unauthAttrs.iterator();
        while (it.hasNext()) {
            attributes.add(it.next());
        }
        return attributes;
    }

    public AuthenticatedDataBuilder addAuthAttributes(Attribute attribute) throws PkiException {
        this.authAttrs.add(attribute);
        return this;
    }

    public AuthenticatedDataBuilder addCert(X509Certificate x509Certificate) throws PkiException {
        return addCert(x509Certificate, 1);
    }

    public AuthenticatedDataBuilder addCert(X509Certificate x509Certificate, int i) throws PkiException {
        if (i != 1 && i != 2) {
            throw new PkiException("bad certIdType");
        }
        if (!x509Certificate.isInValidity()) {
            throw new PkiException("cert is not in validity");
        }
        if (isEncCert(x509Certificate)) {
            if (!hasCert(x509Certificate, i)) {
                this.certIdTypes.add(new Integer(i));
                this.certs.add(x509Certificate);
            }
            return this;
        }
        if (!isKeyAgreementCert(x509Certificate)) {
            throw new PkiException("not encrypt certificate");
        }
        if (!hasKeyAgreementCert(x509Certificate, i)) {
            this.keyAgreementCertIdTypes.add(new Integer(i));
            this.keyAgreementCerts.add(x509Certificate);
        }
        return this;
    }

    public AuthenticatedDataBuilder addUnauthAttributes(Attribute attribute) throws PkiException {
        this.unauthAttrs.add(attribute);
        return this;
    }

    public AuthenticatedData mac() throws PkiException {
        byte[] mac;
        checkCompleteness();
        if (this.randGenerator == null) {
            this.randGenerator = JCESecureRandomGenerator.getInstance();
        }
        int version = getVersion();
        byte[] genKey = genKey();
        AlgorithmIdentifier macAlgorithm = getMacAlgorithm();
        Attributes authAttributes = toAuthAttributes();
        if (authAttributes == null) {
            mac = this.macObj.mac(macAlgorithm, genKey, this.content, 0, this.content.length);
        } else {
            if (this.hasher == null) {
                this.hasher = new JCEHasher();
            }
            byte[] hash = this.hasher.hash(this.digestAlgorithm, this.content, 0, this.content.length);
            authAttributes.add(new Attribute(Attribute.CONTENT_TYPE, new ObjectIdentifier(this.contentType)));
            authAttributes.add(new Attribute(Attribute.MESSAGE_DIGEST, new OctetString(hash)));
            byte[] encode = authAttributes.getASN1Object().encode();
            mac = this.macObj.mac(macAlgorithm, genKey, encode, 0, encode.length);
        }
        byte[] bArr = mac;
        EncapsulatedContentInfo encapsulatedContentInfo = new EncapsulatedContentInfo(this.contentType, this.content);
        RecipientInfos recipientInfos = getRecipientInfos(genKey);
        Arrays.fill(genKey, (byte) 0);
        return new AuthenticatedData(version, null, recipientInfos, macAlgorithm, this.digestAlgorithm, encapsulatedContentInfo, authAttributes, bArr, toUnauthAttrs());
    }

    public AuthenticatedDataBuilder setContent(byte[] bArr) throws PkiException {
        this.content = bArr;
        return this;
    }

    public AuthenticatedDataBuilder setContent(byte[] bArr, int i, int i2) throws PkiException {
        this.content = new byte[i2];
        System.arraycopy(bArr, i, this.content, 0, i2);
        return this;
    }

    public AuthenticatedDataBuilder setContentType(String str) throws PkiException {
        new ObjectIdentifier(str);
        this.contentType = str;
        return this;
    }

    public AuthenticatedDataBuilder setDigestAlgorithm(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        this.digestAlgorithm = algorithmIdentifier;
        return this;
    }

    public AuthenticatedDataBuilder setHasher(Hashable hashable) throws PkiException {
        this.hasher = hashable;
        return this;
    }

    public AuthenticatedDataBuilder setKDFImplement(IKDF ikdf) {
        this.kdfObj = ikdf;
        return this;
    }

    public AuthenticatedDataBuilder setKeyAgreementImplement(IKeyAgreement iKeyAgreement) {
        this.keyAgreementObj = iKeyAgreement;
        return this;
    }

    public AuthenticatedDataBuilder setKeyWrapImplement(IKeyWrap iKeyWrap) {
        this.keywrapObj = iKeyWrap;
        return this;
    }

    public AuthenticatedDataBuilder setMacAlgorithm(int i) throws PkiException {
        this.macAlgo = i;
        this.macKeyLength = getMacKeyLength(i);
        if (this.macKeyLength >= 0) {
            return this;
        }
        throw new PkiException("bad macAlgo");
    }

    public AuthenticatedDataBuilder setMacImplement(IMac iMac) {
        this.macObj = iMac;
        return this;
    }

    public AuthenticatedDataBuilder setMacKeyLength(int i) throws PkiException {
        int i2 = i % 8;
        if (i2 == 0) {
            this.macKeyLength = i;
        } else {
            this.macKeyLength = (i + 8) - i2;
        }
        return this;
    }

    public AuthenticatedDataBuilder setPublicKeyEncrypter(PublicKeyEncrypter publicKeyEncrypter) throws PkiException {
        this.publicKeyEncrypter = publicKeyEncrypter;
        return this;
    }
}
