package net.netca.pki.encoding.asn1.pki.cmp;

import java.util.Arrays;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.PublicKey;
import net.netca.pki.encoding.asn1.pki.SubjectPublicKeyInfo;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X500Name;

/* loaded from: classes3.dex */
public class POPOSigningKey {
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("POPOSigningKey");
    private Sequence seq;

    public POPOSigningKey(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("bad POPOSigningKey");
        }
        this.seq = sequence;
    }

    public POPOSigningKey(POPOSigningKeyInput pOPOSigningKeyInput, AlgorithmIdentifier algorithmIdentifier, BitString bitString) throws PkiException {
        if (algorithmIdentifier == null) {
            throw new PkiException("algorithmIdentifier is NULL");
        }
        if (bitString == null) {
            throw new PkiException("signature is NULL");
        }
        this.seq = new Sequence(type);
        if (pOPOSigningKeyInput != null) {
            this.seq.add(new TaggedValue(128, 0, true, pOPOSigningKeyInput.getASN1Object()));
        }
        this.seq.add(algorithmIdentifier.getASN1Object());
        this.seq.add(bitString);
    }

    public POPOSigningKey(POPOSigningKeyInput pOPOSigningKeyInput, AlgorithmIdentifier algorithmIdentifier, byte[] bArr) throws PkiException {
        this(pOPOSigningKeyInput, algorithmIdentifier, new BitString(0, bArr));
    }

    private POPOSigningKey(byte[] bArr) throws PkiException {
        this.seq = (Sequence) ASN1Object.decode(bArr, type);
    }

    public static POPOSigningKey decode(byte[] bArr) throws PkiException {
        return new POPOSigningKey(bArr);
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private boolean hasPoposkInput() {
        return this.seq.size() == 3;
    }

    public Sequence getASN1Object() throws PkiException {
        return this.seq;
    }

    public AlgorithmIdentifier getAlgorithmIdentifier() throws PkiException {
        return new AlgorithmIdentifier((Sequence) (hasPoposkInput() ? this.seq.get(1) : this.seq.get(0)));
    }

    public POPOSigningKeyInput getPoposkInput() throws PkiException {
        if (hasPoposkInput()) {
            return new POPOSigningKeyInput((Sequence) ((TaggedValue) this.seq.get(0)).getInnerValue());
        }
        return null;
    }

    public byte[] getSignature() throws PkiException {
        BitString signatureObject = getSignatureObject();
        if (signatureObject.getUnusedBits() == 0) {
            return signatureObject.getValue();
        }
        throw new PkiException("bitstring has unsusedbits");
    }

    public BitString getSignatureObject() throws PkiException {
        return (BitString) (hasPoposkInput() ? this.seq.get(2) : this.seq.get(1));
    }

    public boolean verify(CertTemplate certTemplate, Verifible verifible) throws PkiException {
        X500Name x500Name;
        byte[] encode;
        PublicKey publicKey;
        POPOSigningKeyInput poposkInput = getPoposkInput();
        SubjectPublicKeyInfo subjectPublicKeyInfo = null;
        if (certTemplate != null) {
            x500Name = certTemplate.getSubject();
            subjectPublicKeyInfo = certTemplate.getSubjectPublicKeyInfo();
        } else {
            x500Name = null;
        }
        if (poposkInput != null) {
            SubjectPublicKeyInfo publicKey2 = poposkInput.getPublicKey();
            if (subjectPublicKeyInfo != null && !Arrays.equals(subjectPublicKeyInfo.getASN1Object().encode(), publicKey2.getASN1Object().encode())) {
                throw new PkiException("the public key in certTemplate and poposkInput mismatch");
            }
            encode = (x500Name == null || subjectPublicKeyInfo == null) ? poposkInput.getASN1Object().encode() : certTemplate.getASN1Object().encode();
            publicKey = publicKey2.getPublicKey();
        } else {
            if (certTemplate == null) {
                throw new PkiException("no certTemplate and poposkInput");
            }
            if (x500Name == null && subjectPublicKeyInfo == null) {
                throw new PkiException("no poposkInput and (no subject or no public key)");
            }
            encode = certTemplate.getASN1Object().encode();
            publicKey = subjectPublicKeyInfo.getPublicKey();
        }
        byte[] bArr = encode;
        return verifible.verify(publicKey, getAlgorithmIdentifier(), bArr, 0, bArr.length, getSignature());
    }
}
