package cn.com.infosec.jce;

import cn.com.infosec.asn1.ASN1OctetString;
import cn.com.infosec.asn1.ASN1Sequence;
import cn.com.infosec.asn1.ASN1Set;
import cn.com.infosec.asn1.DERConstructedSequence;
import cn.com.infosec.asn1.DERConstructedSet;
import cn.com.infosec.asn1.DEREncodable;
import cn.com.infosec.asn1.DERInputStream;
import cn.com.infosec.asn1.DERInteger;
import cn.com.infosec.asn1.DERObject;
import cn.com.infosec.asn1.DERObjectIdentifier;
import cn.com.infosec.asn1.DEROctetString;
import cn.com.infosec.asn1.DEROutputStream;
import cn.com.infosec.asn1.DERTaggedObject;
import cn.com.infosec.asn1.pkcs.ContentInfo;
import cn.com.infosec.asn1.pkcs.IssuerAndSerialNumber;
import cn.com.infosec.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.infosec.asn1.pkcs.SignedData;
import cn.com.infosec.asn1.pkcs.SignerInfo;
import cn.com.infosec.asn1.x509.AlgorithmIdentifier;
import cn.com.infosec.asn1.x509.CertificateList;
import cn.com.infosec.asn1.x509.DigestInfo;
import cn.com.infosec.asn1.x509.X509CertificateStructure;
import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.asn1.x509.X509ObjectIdentifiers;
import cn.com.infosec.crypto.AsymmetricBlockCipher;
import cn.com.infosec.crypto.Digest;
import cn.com.infosec.crypto.digests.SHA1Digest;
import cn.com.infosec.crypto.encodings.PKCS1Encoding;
import cn.com.infosec.crypto.engines.RSAEngine;
import cn.com.infosec.crypto.params.RSAKeyParameters;
import cn.com.infosec.jce.provider.RSAUtil;
import cn.com.infosec.jce.provider.X509CRLObject;
import cn.com.infosec.jce.provider.X509CertificateObject;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import cn.com.infosec.ocsp.CertificateID;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public class PKCS7SignedDataICBC implements PKCSObjectIdentifiers {
    private final String ID_DSA;
    private final String ID_MD2;
    private final String ID_MD5;
    private final String ID_PKCS7_DATA;
    private final String ID_PKCS7_SIGNED_DATA;
    private final String ID_RSA;
    private final String ID_SHA1;
    private Collection certs;
    private byte[] contentData;
    private Collection crls;
    private byte[] digest;
    private String digestAlgorithm;
    private String digestEncryptionAlgorithm;
    private Set digestalgos;
    private transient PrivateKey privKey;
    private SignatureICBC sig;
    private X509Certificate signCert;
    private int signerversion;
    private int version;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class SignatureICBC extends Signature implements PKCSObjectIdentifiers, X509ObjectIdentifiers {
        final /* synthetic */ PKCS7SignedDataICBC a;
        private AlgorithmIdentifier algId;
        private AsymmetricBlockCipher cipher;
        private Digest digest;
        private byte[] hash;

        public SignatureICBC(PKCS7SignedDataICBC pKCS7SignedDataICBC) {
            super(IHSM.SHA1withRSA);
            this.a = pKCS7SignedDataICBC;
            this.digest = new SHA1Digest();
            this.cipher = new PKCS1Encoding(new RSAEngine());
            this.algId = new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null);
        }

        private DigestInfo derDecode(byte[] bArr) throws IOException {
            return new DigestInfo((ASN1Sequence) new DERInputStream(new ByteArrayInputStream(bArr)).readObject());
        }

        private byte[] derEncode(byte[] bArr) throws IOException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(new DigestInfo(this.algId, bArr));
            return byteArrayOutputStream.toByteArray();
        }

        protected boolean a(byte[] bArr, byte[] bArr2) throws SignatureException {
            try {
                DigestInfo derDecode = derDecode(this.cipher.processBlock(bArr2, 0, bArr2.length));
                if (!derDecode.getAlgorithmId().equals(this.algId)) {
                    return false;
                }
                byte[] digest = derDecode.getDigest();
                if (bArr.length != digest.length) {
                    return false;
                }
                for (int i = 0; i < bArr.length; i++) {
                    if (digest[i] != bArr[i]) {
                        return false;
                    }
                }
                return true;
            } catch (Exception unused) {
                return false;
            }
        }

        @Override // java.security.SignatureSpi
        protected Object engineGetParameter(String str) {
            throw new UnsupportedOperationException("engineSetParameter unsupported");
        }

        @Override // java.security.SignatureSpi
        protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance");
            }
            RSAKeyParameters generatePrivateKeyParameter = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey) privateKey);
            this.digest.reset();
            this.cipher.init(true, generatePrivateKeyParameter);
        }

        @Override // java.security.SignatureSpi
        protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
            if (!(publicKey instanceof RSAPublicKey)) {
                throw new InvalidKeyException("Supplied key is not a RSAPublicKey instance");
            }
            RSAKeyParameters generatePublicKeyParameter = RSAUtil.generatePublicKeyParameter((RSAPublicKey) publicKey);
            this.digest.reset();
            this.cipher.init(false, generatePublicKeyParameter);
        }

        @Override // java.security.SignatureSpi
        protected void engineSetParameter(String str, Object obj) {
            throw new UnsupportedOperationException("engineSetParameter unsupported");
        }

        @Override // java.security.SignatureSpi
        protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) {
            throw new UnsupportedOperationException("engineSetParameter unsupported");
        }

        @Override // java.security.SignatureSpi
        protected byte[] engineSign() throws SignatureException {
            byte[] bArr = new byte[this.digest.getDigestSize()];
            this.digest.doFinal(bArr, 0);
            try {
                byte[] derEncode = derEncode(bArr);
                return this.cipher.processBlock(derEncode, 0, derEncode.length);
            } catch (ArrayIndexOutOfBoundsException unused) {
                throw new SignatureException("key too small for signature type");
            } catch (Exception e) {
                throw new SignatureException(e.toString());
            }
        }

        @Override // java.security.SignatureSpi
        protected void engineUpdate(byte b) throws SignatureException {
            this.digest.update(b);
        }

        @Override // java.security.SignatureSpi
        protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
            this.digest.update(bArr, i, i2);
        }

        @Override // java.security.SignatureSpi
        protected boolean engineVerify(byte[] bArr) throws SignatureException {
            int digestSize = this.digest.getDigestSize();
            byte[] bArr2 = new byte[digestSize];
            this.digest.doFinal(bArr2, 0);
            try {
                DigestInfo derDecode = derDecode(this.cipher.processBlock(bArr, 0, bArr.length));
                if (!derDecode.getAlgorithmId().equals(this.algId)) {
                    return false;
                }
                byte[] digest = derDecode.getDigest();
                if (digestSize != digest.length) {
                    return false;
                }
                for (int i = 0; i < digestSize; i++) {
                    if (digest[i] != bArr2[i]) {
                        return false;
                    }
                }
                return true;
            } catch (Exception unused) {
                return false;
            }
        }
    }

    public PKCS7SignedDataICBC(PrivateKey privateKey, Certificate[] certificateArr, String str) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this(privateKey, certificateArr, str, IHSM.INFOSEC);
    }

    public PKCS7SignedDataICBC(PrivateKey privateKey, Certificate[] certificateArr, String str, String str2) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this(privateKey, certificateArr, null, str, str2);
    }

    public PKCS7SignedDataICBC(PrivateKey privateKey, Certificate[] certificateArr, CRL[] crlArr, String str, String str2) throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException {
        this.ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
        this.ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
        this.ID_MD5 = "1.2.840.113549.2.5";
        this.ID_MD2 = "1.2.840.113549.2.2";
        this.ID_SHA1 = CertificateID.HASH_SHA1;
        this.ID_RSA = "1.2.840.113549.1.1.1";
        this.ID_DSA = "1.2.840.10040.4.1";
        this.privKey = privateKey;
        if (str.equals("MD5")) {
            this.digestAlgorithm = "1.2.840.113549.2.5";
        } else if (str.equals("MD2")) {
            this.digestAlgorithm = "1.2.840.113549.2.2";
        } else if (str.equals("SHA")) {
            this.digestAlgorithm = CertificateID.HASH_SHA1;
        } else {
            if (!str.equals(IHSM.SHA1)) {
                StringBuffer stringBuffer = new StringBuffer("Unknown Hash Algorithm ");
                stringBuffer.append(str);
                throw new NoSuchAlgorithmException(stringBuffer.toString());
            }
            this.digestAlgorithm = CertificateID.HASH_SHA1;
        }
        this.signerversion = 1;
        this.version = 1;
        this.certs = new ArrayList();
        this.crls = new ArrayList();
        HashSet hashSet = new HashSet();
        this.digestalgos = hashSet;
        hashSet.add(this.digestAlgorithm);
        this.signCert = (X509Certificate) certificateArr[0];
        for (Certificate certificate : certificateArr) {
            this.certs.add(certificate);
        }
        if (crlArr != null) {
            for (CRL crl : crlArr) {
                this.crls.add(crl);
            }
        }
        String algorithm = privateKey.getAlgorithm();
        this.digestEncryptionAlgorithm = algorithm;
        if (algorithm.equals(IHSM.RSA)) {
            this.digestEncryptionAlgorithm = "1.2.840.113549.1.1.1";
        } else {
            if (!this.digestEncryptionAlgorithm.equals("DSA")) {
                StringBuffer stringBuffer2 = new StringBuffer("Unknown Key Algorithm ");
                stringBuffer2.append(this.digestEncryptionAlgorithm);
                throw new NoSuchAlgorithmException(stringBuffer2.toString());
            }
            this.digestEncryptionAlgorithm = "1.2.840.10040.4.1";
        }
        SignatureICBC signatureICBC = new SignatureICBC(this);
        this.sig = signatureICBC;
        signatureICBC.initSign(privateKey);
    }

    public PKCS7SignedDataICBC(byte[] bArr, byte[] bArr2) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException {
        this(bArr, bArr2, IHSM.INFOSEC);
    }

    public PKCS7SignedDataICBC(byte[] bArr, byte[] bArr2, String str) throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException {
        this.ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
        this.ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
        this.ID_MD5 = "1.2.840.113549.2.5";
        this.ID_MD2 = "1.2.840.113549.2.2";
        this.ID_SHA1 = CertificateID.HASH_SHA1;
        this.ID_RSA = "1.2.840.113549.1.1.1";
        this.ID_DSA = "1.2.840.10040.4.1";
        try {
            DERObject readObject = new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            if (!(readObject instanceof DERConstructedSequence)) {
                throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
            }
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
                StringBuffer stringBuffer = new StringBuffer("Not a valid PKCS#7 signed-data object - wrong header ");
                stringBuffer.append(contentInfo.getContentType().getId());
                throw new SecurityException(stringBuffer.toString());
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            this.certs = new ArrayList();
            if (signedData.getCertificates() != null) {
                Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
                while (objects.hasMoreElements()) {
                    this.certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(objects.nextElement())));
                }
            }
            this.crls = new ArrayList();
            if (signedData.getCRLs() != null) {
                Enumeration objects2 = ASN1Set.getInstance(signedData.getCRLs()).getObjects();
                while (objects2.hasMoreElements()) {
                    this.crls.add(new X509CRLObject(CertificateList.getInstance(objects2.nextElement())));
                }
            }
            this.version = signedData.getVersion().getValue().intValue();
            DEREncodable content = signedData.getContentInfo().getContent();
            if (content != null) {
                this.contentData = ((ASN1OctetString) content).getOctets();
            } else {
                this.contentData = null;
            }
            this.digestalgos = new HashSet();
            Enumeration objects3 = signedData.getDigestAlgorithms().getObjects();
            while (objects3.hasMoreElements()) {
                this.digestalgos.add(((DERObjectIdentifier) ((DERConstructedSequence) objects3.nextElement()).getObjectAt(0)).getId());
            }
            DERConstructedSet dERConstructedSet = (DERConstructedSet) signedData.getSignerInfos();
            if (dERConstructedSet.getSize() != 1) {
                throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
            }
            SignerInfo signerInfo = SignerInfo.getInstance(dERConstructedSet.getObjectAt(0));
            this.signerversion = signerInfo.getVersion().getValue().intValue();
            IssuerAndSerialNumber issuerAndSerialNumber = signerInfo.getIssuerAndSerialNumber();
            BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
            X509Principal x509Principal = new X509Principal(issuerAndSerialNumber.getName());
            Iterator it = this.certs.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate x509Certificate = (X509Certificate) it.next();
                if (value.equals(x509Certificate.getSerialNumber()) && x509Principal.equals(x509Certificate.getIssuerDN())) {
                    this.signCert = x509Certificate;
                    break;
                }
            }
            if (this.signCert == null) {
                StringBuffer stringBuffer2 = new StringBuffer("Can't find signing certificate with serial ");
                stringBuffer2.append(value.toString(16));
                throw new SecurityException(stringBuffer2.toString());
            }
            this.digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId();
            this.digest = signerInfo.getEncryptedDigest().getOctets();
            this.digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId();
            SignatureICBC signatureICBC = new SignatureICBC(this);
            this.sig = signatureICBC;
            signatureICBC.engineInitVerify(this.signCert.getPublicKey());
        } catch (IOException unused) {
            throw new SecurityException("can't decode PKCS7SignedData object");
        }
    }

    private DERObject getIssuer(byte[] bArr) {
        try {
            DERConstructedSequence dERConstructedSequence = (DERConstructedSequence) new DERInputStream(new ByteArrayInputStream(bArr)).readObject();
            return (DERObject) dERConstructedSequence.getObjectAt(dERConstructedSequence.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
        } catch (IOException e) {
            StringBuffer stringBuffer = new StringBuffer("IOException reading from ByteArray: ");
            stringBuffer.append(e);
            throw new Error(stringBuffer.toString());
        }
    }

    public Collection getCRLs() {
        return this.crls;
    }

    public Certificate[] getCertificates() {
        return (X509Certificate[]) this.certs.toArray(new X509Certificate[0]);
    }

    public byte[] getContentData() {
        return this.contentData;
    }

    public String getDigestAlgorithm() {
        String str = this.digestAlgorithm;
        String str2 = this.digestEncryptionAlgorithm;
        if (str.equals("1.2.840.113549.2.5")) {
            str = "MD5";
        } else if (this.digestAlgorithm.equals("1.2.840.113549.2.2")) {
            str = "MD2";
        } else if (this.digestAlgorithm.equals(CertificateID.HASH_SHA1)) {
            str = IHSM.SHA1;
        }
        if (this.digestEncryptionAlgorithm.equals("1.2.840.113549.1.1.1")) {
            str2 = IHSM.RSA;
        } else if (this.digestEncryptionAlgorithm.equals("1.2.840.10040.4.1")) {
            str2 = "DSA";
        }
        StringBuffer stringBuffer = new StringBuffer(String.valueOf(str));
        stringBuffer.append("with");
        stringBuffer.append(str2);
        return stringBuffer.toString();
    }

    public byte[] getEncoded() {
        return getEncoded(null);
    }

    public byte[] getEncoded(byte[] bArr) {
        try {
            if (this.digest == null) {
                this.digest = this.sig.sign();
            }
            DERConstructedSet dERConstructedSet = new DERConstructedSet();
            Iterator it = this.digestalgos.iterator();
            while (it.hasNext()) {
                dERConstructedSet.addObject(new AlgorithmIdentifier(new DERObjectIdentifier((String) it.next()), null));
            }
            DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
            dERConstructedSequence.addObject(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
            if (bArr != null) {
                dERConstructedSequence.addObject(new DERTaggedObject(0, new DEROctetString(bArr)));
            }
            DERConstructedSet dERConstructedSet2 = new DERConstructedSet();
            Iterator it2 = this.certs.iterator();
            while (it2.hasNext()) {
                dERConstructedSet2.addObject(new DERInputStream(new ByteArrayInputStream(((X509Certificate) it2.next()).getEncoded())).readObject());
            }
            DERConstructedSequence dERConstructedSequence2 = new DERConstructedSequence();
            dERConstructedSequence2.addObject(new DERInteger(this.signerversion));
            dERConstructedSequence2.addObject(new IssuerAndSerialNumber(new X509Name((DERConstructedSequence) getIssuer(this.signCert.getTBSCertificate())), new DERInteger(this.signCert.getSerialNumber())));
            dERConstructedSequence2.addObject(new AlgorithmIdentifier(new DERObjectIdentifier(this.digestAlgorithm), null));
            dERConstructedSequence2.addObject(new AlgorithmIdentifier(new DERObjectIdentifier(this.digestEncryptionAlgorithm), null));
            dERConstructedSequence2.addObject(new DEROctetString(this.digest));
            DERConstructedSequence dERConstructedSequence3 = new DERConstructedSequence();
            dERConstructedSequence3.addObject(new DERInteger(this.version));
            dERConstructedSequence3.addObject(dERConstructedSet);
            dERConstructedSequence3.addObject(dERConstructedSequence);
            dERConstructedSequence3.addObject(new DERTaggedObject(false, 0, dERConstructedSet2));
            if (this.crls.size() > 0) {
                DERConstructedSet dERConstructedSet3 = new DERConstructedSet();
                Iterator it3 = this.crls.iterator();
                while (it3.hasNext()) {
                    dERConstructedSet3.addObject(new DERInputStream(new ByteArrayInputStream(((X509CRL) it3.next()).getEncoded())).readObject());
                }
                dERConstructedSequence3.addObject(new DERTaggedObject(false, 1, dERConstructedSet3));
            }
            DERConstructedSet dERConstructedSet4 = new DERConstructedSet();
            dERConstructedSet4.addObject(dERConstructedSequence2);
            dERConstructedSequence3.addObject(dERConstructedSet4);
            DERConstructedSequence dERConstructedSequence4 = new DERConstructedSequence();
            dERConstructedSequence4.addObject(new DERObjectIdentifier("1.2.840.113549.1.7.2"));
            dERConstructedSequence4.addObject(new DERTaggedObject(0, dERConstructedSequence3));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
            dEROutputStream.writeObject(dERConstructedSequence4);
            dEROutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new RuntimeException(e.toString());
        }
    }

    public X509Certificate getSigningCertificate() {
        return this.signCert;
    }

    public int getSigningInfoVersion() {
        return this.signerversion;
    }

    public int getVersion() {
        return this.version;
    }

    public void reset() {
        try {
            PrivateKey privateKey = this.privKey;
            if (privateKey == null) {
                this.sig.initVerify(this.signCert.getPublicKey());
            } else {
                this.sig.initSign(privateKey);
            }
        } catch (Exception e) {
            throw new RuntimeException(e.toString());
        }
    }

    public void update(byte b) throws SignatureException {
        this.sig.update(b);
    }

    public void update(byte[] bArr, int i, int i2) throws SignatureException {
        this.sig.update(bArr, i, i2);
    }

    public boolean verify() throws SignatureException {
        return this.sig.verify(this.digest);
    }

    public boolean verify(byte[] bArr) throws SignatureException {
        return this.sig.a(bArr, this.digest);
    }
}
