package net.netca.pki.encoding.asn1.pki.cms;

import java.util.ArrayList;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.X509CRL;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.ocsp.OCSPResponse;

/* loaded from: classes3.dex */
public class SignedDataBuilder {
    private ASN1Object content;
    private Hashable hasher;
    private byte[] tbs;
    private ArrayList<Signer> signers = new ArrayList<>();
    private boolean isDetached = false;
    private boolean includeSignCert = true;
    private ArrayList<X509Certificate> certs = new ArrayList<>();
    private ArrayList<X509CRL> crls = new ArrayList<>();
    private ArrayList<OCSPResponse> ocsps = new ArrayList<>();
    private String contentType = "1.2.840.113549.1.7.1";
    private boolean usePKCS7 = false;
    private boolean isQ7 = false;

    private void checkCompleteness() throws PkiException {
        if (this.signers.size() == 0) {
            if (this.certs.size() == 0 && this.crls.size() == 0) {
                throw new PkiException("no certs and crls");
            }
        } else {
            if (this.tbs == null && this.content == null) {
                throw new PkiException("no content");
            }
            for (int i = 0; i < this.signers.size(); i++) {
                if (this.signers.get(i).hasSignedAttribute(this.contentType) && this.hasher == null) {
                    throw new PkiException("no hasher");
                }
            }
        }
    }

    private AlgorithmIdentifiers getDigestAlgorithmIdentifiers(SignerInfos signerInfos) throws PkiException {
        AlgorithmIdentifiers algorithmIdentifiers = new AlgorithmIdentifiers();
        for (int i = 0; i < signerInfos.size(); i++) {
            AlgorithmIdentifier digestAlgorithm = signerInfos.get(i).getDigestAlgorithm();
            if (!hasDigestAlgorithmIdentifier(algorithmIdentifiers, digestAlgorithm)) {
                algorithmIdentifiers.add(digestAlgorithm);
            }
        }
        return algorithmIdentifiers;
    }

    private EncapsulatedContentInfo getEncapsulatedContentInfo() throws PkiException {
        if (this.isQ7 && this.contentType.equals("1.2.840.113549.1.7.1")) {
            this.contentType = "1.2.156.10197.6.1.4.2.1";
        }
        return this.isDetached ? new EncapsulatedContentInfo(this.contentType) : this.content != null ? this.usePKCS7 ? new EncapsulatedContentInfo(this.contentType, this.content) : new EncapsulatedContentInfo(this.contentType, this.content.encode()) : new EncapsulatedContentInfo(this.contentType, this.tbs);
    }

    private byte[] getTbs() throws PkiException {
        return this.content != null ? this.usePKCS7 ? this.content.getASN1Type().encodeContent(this.content) : this.content.encode() : this.tbs;
    }

    private int getVersion() throws PkiException {
        if (this.ocsps.size() > 0) {
            return 5;
        }
        for (int i = 0; i < this.signers.size(); i++) {
            if (this.signers.get(i).getVersion() == 3) {
                return 3;
            }
        }
        return (this.usePKCS7 || this.contentType.equals("1.2.840.113549.1.7.1")) ? 1 : 3;
    }

    private boolean hasDigestAlgorithmIdentifier(AlgorithmIdentifiers algorithmIdentifiers, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        for (int i = 0; i < algorithmIdentifiers.size(); i++) {
            if (algorithmIdentifiers.get(i).getOid().equals(algorithmIdentifier.getOid())) {
                return true;
            }
        }
        return false;
    }

    private boolean hasX509PublicKeyCert(X509Certificate x509Certificate) throws PkiException {
        for (int i = 0; i < this.certs.size(); i++) {
            if (this.certs.get(i).equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private boolean isAllSm2Cert() {
        for (int i = 0; i < this.certs.size(); i++) {
            if (!this.certs.get(i).isSM2()) {
                return false;
            }
        }
        return true;
    }

    private CertificateSet toCerts() throws PkiException {
        int size = this.certs.size();
        if (size == 0) {
            return null;
        }
        CertificateSet certificateSet = new CertificateSet();
        for (int i = 0; i < size; i++) {
            certificateSet.add(new CertificateChoices(this.certs.get(i)));
        }
        return certificateSet;
    }

    private RevocationInfoChoices toCrls() throws PkiException {
        int size = this.crls.size();
        int size2 = this.ocsps.size();
        if (size == 0 && size2 == 0) {
            return null;
        }
        RevocationInfoChoices revocationInfoChoices = new RevocationInfoChoices();
        for (int i = 0; i < size; i++) {
            revocationInfoChoices.add(new RevocationInfoChoice(this.crls.get(i)));
        }
        for (int i2 = 0; i2 < size2; i2++) {
            revocationInfoChoices.add(new RevocationInfoChoice(OtherRevocationInfoFormat.NewOCSPResponse(this.ocsps.get(i2))));
        }
        return revocationInfoChoices;
    }

    public void addCRL(X509CRL x509crl) throws PkiException {
        this.crls.add(x509crl);
    }

    public void addOCSP(OCSPResponse oCSPResponse) throws PkiException {
        this.ocsps.add(oCSPResponse);
    }

    public void addSigner(Signer signer) throws PkiException {
        this.signers.add(signer);
    }

    public void addX509PublicKeyCertificate(X509Certificate x509Certificate) throws PkiException {
        this.certs.add(x509Certificate);
    }

    public void setContent(byte[] bArr) throws PkiException {
        this.tbs = bArr;
    }

    public void setContent(byte[] bArr, int i, int i2) throws PkiException {
        this.tbs = new byte[i2];
        System.arraycopy(bArr, i, this.tbs, 0, i2);
    }

    public void setContentObject(ASN1Object aSN1Object) throws PkiException {
        this.content = aSN1Object;
    }

    public void setContentType(String str) throws PkiException {
        new ObjectIdentifier(str);
        this.contentType = str;
    }

    public void setDetached(boolean z) {
        this.isDetached = z;
    }

    public void setHasher(Hashable hashable) {
        this.hasher = hashable;
    }

    public void setIncludeSignCert(boolean z) {
        this.includeSignCert = z;
    }

    public void setSM2Q7(boolean z) {
        this.isQ7 = z;
    }

    public SignedData setSignatureValue(byte[] bArr) throws PkiException {
        EncapsulatedContentInfo encapsulatedContentInfo = getEncapsulatedContentInfo();
        SignerInfos signerInfos = new SignerInfos();
        int version = getVersion();
        int size = this.signers.size();
        if (size != 1) {
            throw new PkiException("signer count must be one");
        }
        signerInfos.add(this.signers.get(0).setSignatureValue(this.isQ7, bArr));
        AlgorithmIdentifiers digestAlgorithmIdentifiers = getDigestAlgorithmIdentifiers(signerInfos);
        if (this.includeSignCert) {
            for (int i = 0; i < size; i++) {
                X509Certificate cert = this.signers.get(i).getCert();
                if (!hasX509PublicKeyCert(cert)) {
                    addX509PublicKeyCertificate(cert);
                }
            }
        }
        return new SignedData(version, digestAlgorithmIdentifiers, encapsulatedContentInfo, toCerts(), toCrls(), signerInfos);
    }

    public SignedData setSignatureValue(byte[] bArr, byte[] bArr2) throws PkiException {
        EncapsulatedContentInfo encapsulatedContentInfo = getEncapsulatedContentInfo();
        SignerInfos signerInfos = new SignerInfos();
        int version = getVersion();
        int size = this.signers.size();
        if (size != 1) {
            throw new PkiException("signer count must be one");
        }
        signerInfos.add(this.signers.get(0).setSignatureValue(this.isQ7, this.contentType, bArr, bArr2));
        AlgorithmIdentifiers digestAlgorithmIdentifiers = getDigestAlgorithmIdentifiers(signerInfos);
        if (this.includeSignCert) {
            for (int i = 0; i < size; i++) {
                X509Certificate cert = this.signers.get(i).getCert();
                if (!hasX509PublicKeyCert(cert)) {
                    addX509PublicKeyCertificate(cert);
                }
            }
        }
        return new SignedData(version, digestAlgorithmIdentifiers, encapsulatedContentInfo, toCerts(), toCrls(), signerInfos);
    }

    public void setUsePKCS7(boolean z) {
        this.usePKCS7 = z;
    }

    public SignedData sign() throws PkiException {
        checkCompleteness();
        this.isQ7 = this.isQ7 && isAllSm2Cert();
        EncapsulatedContentInfo encapsulatedContentInfo = getEncapsulatedContentInfo();
        SignerInfos signerInfos = new SignerInfos();
        int version = getVersion();
        int size = this.signers.size();
        if (size > 0) {
            byte[] tbs = getTbs();
            for (int i = 0; i < size; i++) {
                signerInfos.add(this.signers.get(i).sign(this.contentType, tbs, this.hasher, this.isQ7));
            }
        }
        AlgorithmIdentifiers digestAlgorithmIdentifiers = getDigestAlgorithmIdentifiers(signerInfos);
        if (this.includeSignCert) {
            for (int i2 = 0; i2 < size; i2++) {
                X509Certificate cert = this.signers.get(i2).getCert();
                if (!hasX509PublicKeyCert(cert)) {
                    addX509PublicKeyCertificate(cert);
                }
            }
        }
        return new SignedData(version, digestAlgorithmIdentifiers, encapsulatedContentInfo, toCerts(), toCrls(), signerInfos, this.isQ7);
    }
}
