package net.netca.pki.impl.jce;

import java.util.ArrayList;
import java.util.Date;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.CertificateSet;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;
import net.netca.pki.encoding.asn1.pki.cms.SignerInfo;
import net.netca.pki.global.ISignedDataDetachedVerify;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class JCESignedDataDetachedVerify implements ISignedDataDetachedVerify {
    private boolean first;
    private SignedDataVerifyInfo info;
    private JCEPki pki;
    private SignedData signedData;
    private JCEX509Certificate[] signerCerts;
    private ArrayList<SignerInfo> signerInfos;
    private VerifyHandle[] verifyHandles;
    private ArrayList<X509Certificate> certs = new ArrayList<>();
    private Date tsaTime = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCESignedDataDetachedVerify(JCEPki jCEPki, SignedDataVerifyInfo signedDataVerifyInfo) {
        this.info = signedDataVerifyInfo;
        this.pki = jCEPki;
    }

    private void checkValidity(Date date, JCEX509Certificate[] jCEX509CertificateArr) {
        Date date2 = new Date();
        if (date == null) {
            date = date2;
        }
        if (!jCEX509CertificateArr[0].isInValidity(date)) {
            throw new u("sign cert not in validity");
        }
        for (int i = 1; i < jCEX509CertificateArr.length; i++) {
            if (!jCEX509CertificateArr[0].isInValidity(date2)) {
                throw new u("sign cert not in validity");
            }
        }
    }

    private JCEX509Certificate[] getSignCerts() {
        int size = this.signerInfos.size();
        JCEX509Certificate[] jCEX509CertificateArr = new JCEX509Certificate[size];
        JCEHasher jCEHasher = new JCEHasher();
        CertificateSet certificates = this.signedData.getCertificates();
        for (int i = 0; i < size; i++) {
            X509Certificate signCert = this.signerInfos.get(i).getSignCert(jCEHasher, certificates, this.certs.iterator());
            if (signCert == null) {
                throw new u("sign cert #" + i + " not found");
            }
            jCEX509CertificateArr[i] = new JCEX509Certificate(this.pki, signCert.derEncode());
        }
        return jCEX509CertificateArr;
    }

    private VerifyHandle[] getVerifyHandles() {
        int size = this.signerInfos.size();
        VerifyHandle[] verifyHandleArr = new VerifyHandle[size];
        for (int i = 0; i < size; i++) {
            verifyHandleArr[i] = new VerifyHandle(this.pki, this.signerInfos.get(i), this.signerCerts[i]);
        }
        return verifyHandleArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Date verifySignatureTimeStamp(JCEPki jCEPki, SignerInfo signerInfo) {
        Attribute attribute;
        Attributes unsignedAttrs = signerInfo.getUnsignedAttrs();
        if (unsignedAttrs == null || (attribute = unsignedAttrs.get(Attribute.SIGNATURE_TIMESTAMP)) == null) {
            return null;
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            return null;
        }
        return jCEPki.verifyTimeStamp(signerInfo.getSignature(), value.get(0).encode());
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public void addCert(net.netca.pki.global.X509Certificate x509Certificate) {
        this.certs.add(new X509Certificate(x509Certificate.derEncode()));
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public byte[] attachSignatureTimeStamp() {
        if (this.signedData == null) {
            throw new u("must verify first");
        }
        this.tsaTime = JCESignedDataDetachedSign.attachSignatureTimeStamp(this.pki, this.signedData);
        return this.signedData.encode(this.signedData.isContentInfo());
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public void detachedVerifyFinal() {
        if (this.signedData == null) {
            throw new u("not call detachedVerifyInit first");
        }
        if (this.verifyHandles == null) {
            throw new u("not call detachedVerifyUpdate first");
        }
        String contentType = this.signedData.getEncapContentInfo().getContentType();
        for (int i = 0; i < this.verifyHandles.length; i++) {
            this.verifyHandles[i].verify(this.signerInfos.get(i), this.signerCerts[i], contentType);
        }
        for (int i2 = 0; i2 < this.signerInfos.size(); i2++) {
            JCESignedDataVerify.matchSignerInfo(this.signerInfos.get(i2), this.info);
        }
        this.tsaTime = verifySignatureTimeStamp(this.pki, this.signedData.getSignerInfos().get(0));
        checkValidity(this.tsaTime, this.signerCerts);
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public void detachedVerifyInit(byte[] bArr, int i, int i2) {
        this.first = true;
        this.signedData = new SignedData(bArr, i, i2);
        if (!this.signedData.isDetached()) {
            throw new u("signeddata is not detached");
        }
        if (this.signedData.getSignerInfoCount() == 0) {
            throw new u("no signerinfo");
        }
        if (this.info.isContentInfo != null) {
            if (this.signedData.isContentInfo()) {
                if (!this.info.isContentInfo.booleanValue()) {
                    throw new u("signeddata break contentinfo constraint");
                }
            } else if (this.info.isContentInfo.booleanValue()) {
                throw new u("signeddata break contentinfo constraint");
            }
        }
        this.signerInfos = this.signedData.getSignerInfos();
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public void detachedVerifyUpdate(byte[] bArr, int i, int i2) {
        if (this.signedData == null) {
            throw new u("not call detachedVerifyInit first");
        }
        if (this.first) {
            this.signerCerts = getSignCerts();
            this.verifyHandles = getVerifyHandles();
            this.first = false;
        }
        for (int i3 = 0; i3 < this.verifyHandles.length; i3++) {
            this.verifyHandles[i3].update(bArr, i, i2);
        }
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public net.netca.pki.global.X509Certificate getSignCert() {
        if (this.signerCerts != null && this.signerCerts.length >= 1) {
            return this.signerCerts[0];
        }
        return null;
    }

    @Override // net.netca.pki.global.ISignedDataDetachedVerify
    public Date getSignatureTimeStampTime() {
        return this.tsaTime;
    }
}
