package net.netca.pki.encoding.asn1.pki.cms;

import java.util.ArrayList;
import java.util.Date;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IHttp;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.Signable;
import net.netca.pki.encoding.asn1.pki.Time;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.tsp.HttpGetTimeStamp;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class Signer {
    private X509Certificate cert;
    private X509Certificate contentTimeStampCert;
    private AlgorithmIdentifier contentTimeStampHashAlgo;
    private Date contentTimeStampTime;
    private String contentTimeStampUrl;
    private AlgorithmIdentifier hashAlgo;
    private IHttp http;
    private SecureRandomGenerator randGenerator;
    private AlgorithmIdentifier signAlgo;
    private byte[] signature;
    private X509Certificate signatureTimeStampCert;
    private AlgorithmIdentifier signatureTimeStampHashAlgo;
    private Date signatureTimeStampTime;
    private String signatureTimeStampUrl;
    private ArrayList<Attribute> signedAttributes;
    private Signable signer;
    private int signerIdType;
    private AlgorithmIdentifier trueSignAlgo;
    private ArrayList<Attribute> unsignedAttributes;
    private boolean useCMSAlgorithmProtection;
    private boolean useSignedAttributes;
    private Verifible verifier;

    public Signer() {
        this.signerIdType = 1;
        this.signedAttributes = new ArrayList<>();
        this.unsignedAttributes = new ArrayList<>();
        this.useSignedAttributes = false;
        this.http = null;
        this.contentTimeStampUrl = null;
        this.contentTimeStampHashAlgo = null;
        this.contentTimeStampTime = null;
        this.contentTimeStampCert = null;
        this.signatureTimeStampUrl = null;
        this.signatureTimeStampHashAlgo = null;
        this.signatureTimeStampTime = null;
        this.signatureTimeStampCert = null;
        this.useCMSAlgorithmProtection = false;
        this.cert = null;
        this.signer = null;
    }

    public Signer(X509Certificate x509Certificate, Signable signable) {
        this.signerIdType = 1;
        this.signedAttributes = new ArrayList<>();
        this.unsignedAttributes = new ArrayList<>();
        this.useSignedAttributes = false;
        this.http = null;
        this.contentTimeStampUrl = null;
        this.contentTimeStampHashAlgo = null;
        this.contentTimeStampTime = null;
        this.contentTimeStampCert = null;
        this.signatureTimeStampUrl = null;
        this.signatureTimeStampHashAlgo = null;
        this.signatureTimeStampTime = null;
        this.signatureTimeStampCert = null;
        this.useCMSAlgorithmProtection = false;
        if (!isSignCert(x509Certificate)) {
            throw new u("not sign cert");
        }
        if (!x509Certificate.isInValidity()) {
            throw new u("cert is not in validity");
        }
        this.cert = x509Certificate;
        this.signer = signable;
    }

    private void addCMSAlgorithmProtectionAttribute() {
        addSignedAttribute(new Attribute(Attribute.CMS_ALGORITHM_PROTECTION, CMSAlgorithmProtection.newSignAlgorithmProtection(this.hashAlgo, this.signAlgo).getASN1Object()));
    }

    private void addContentTimeStampAttribute(Hashable hashable, byte[] bArr) {
        TimeStampRespInfo contentTimeStampToken = getContentTimeStampToken(bArr, hashable);
        addSignedAttribute(new Attribute(Attribute.CONTENT_TIMESTAMP, contentTimeStampToken.getTokenObject()));
        this.contentTimeStampTime = contentTimeStampToken.getTime();
    }

    private void addContentTypeAttribute(String str) {
        addSignedAttribute(new Attribute(Attribute.CONTENT_TYPE, new ObjectIdentifier(str)));
    }

    private void addMessageDigestAttribute(byte[] bArr) {
        addSignedAttribute(new Attribute(Attribute.MESSAGE_DIGEST, new OctetString(bArr)));
    }

    private void deleteSignedAttribute(String str) {
        for (int size = this.signedAttributes.size() - 1; size >= 0; size--) {
            if (this.signedAttributes.get(size).getType().equals(str)) {
                this.signedAttributes.remove(size);
            }
        }
    }

    private TimeStampRespInfo getContentTimeStampToken(byte[] bArr, Hashable hashable) {
        return getTimeStampToken(this.contentTimeStampUrl, this.contentTimeStampHashAlgo, bArr, this.http, hashable, this.verifier, this.randGenerator, null);
    }

    private TimeStampRespInfo getSignatureTimeStampToken(Hashable hashable) {
        return getTimeStampToken(this.signatureTimeStampUrl, this.signatureTimeStampHashAlgo, this.signature, this.http, hashable, this.verifier, this.randGenerator, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TimeStampRespInfo getTimeStampToken(String str, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, IHttp iHttp, Hashable hashable, Verifible verifible, SecureRandomGenerator secureRandomGenerator, Attribute attribute) {
        return getTimeStampToken(str, algorithmIdentifier, null, bArr, iHttp, hashable, verifible, secureRandomGenerator, attribute);
    }

    private static TimeStampRespInfo getTimeStampToken(String str, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, byte[] bArr2, IHttp iHttp, Hashable hashable, Verifible verifible, SecureRandomGenerator secureRandomGenerator, Attribute attribute) {
        HttpGetTimeStamp httpGetTimeStamp = new HttpGetTimeStamp();
        if (iHttp != null) {
            httpGetTimeStamp.setHttpImplement(iHttp);
        }
        if (hashable != null) {
            httpGetTimeStamp.setHashImplement(hashable);
        }
        if (verifible != null) {
            httpGetTimeStamp.setVerifyImplement(verifible);
        }
        if (secureRandomGenerator != null) {
            httpGetTimeStamp.setSecureRandomGenerator(secureRandomGenerator);
        }
        httpGetTimeStamp.setHashAlgorithm(algorithmIdentifier);
        if (bArr != null) {
            httpGetTimeStamp.setHashValue(bArr);
        } else {
            httpGetTimeStamp.setData(bArr2);
        }
        Date timeStamp = httpGetTimeStamp.getTimeStamp(str);
        if (attribute != null) {
            httpGetTimeStamp.addUnsignedAttrs(attribute);
        }
        return new TimeStampRespInfo(timeStamp, httpGetTimeStamp.getTimeStampTokenASN1Object(), httpGetTimeStamp.getTimeStampCert());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TimeStampRespInfo getTimeStampTokenByHashValue(String str, AlgorithmIdentifier algorithmIdentifier, byte[] bArr, IHttp iHttp, Hashable hashable, Verifible verifible, SecureRandomGenerator secureRandomGenerator, Attribute attribute) {
        return getTimeStampToken(str, algorithmIdentifier, bArr, null, iHttp, hashable, verifible, secureRandomGenerator, attribute);
    }

    private boolean isSignCert(X509Certificate x509Certificate) {
        Extension extension;
        try {
            Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
                return true;
            }
            NamedBitStringExtension namedBitStringExtension = (NamedBitStringExtension) extension.getExtensionObject();
            if (!namedBitStringExtension.isSet(0) && !namedBitStringExtension.isSet(1) && !namedBitStringExtension.isSet(5)) {
                if (!namedBitStringExtension.isSet(6)) {
                    return false;
                }
            }
            return true;
        } catch (u unused) {
            return false;
        }
    }

    private Attributes toAttributes(ArrayList<Attribute> arrayList, boolean z) {
        if (arrayList.size() == 0) {
            return null;
        }
        Attributes attributes = new Attributes(z);
        for (int i = 0; i < arrayList.size(); i++) {
            attributes.add(arrayList.get(i));
        }
        return attributes;
    }

    private AlgorithmIdentifier toHashAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        if (oid.equals(AlgorithmIdentifier.SHA1WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID) || oid.equals(AlgorithmIdentifier.DSAWithSHA1_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA1_OID);
        }
        if (oid.equals(AlgorithmIdentifier.MD5WithRSA_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.MD5_OID);
        }
        if (oid.equals(AlgorithmIdentifier.MD2WithRSA_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.MD2_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA224WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID) || oid.equals(AlgorithmIdentifier.DSAWithSHA224_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA224_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA256WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) || oid.equals(AlgorithmIdentifier.DSAWithSHA256_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA256_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA384WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA384_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA512WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SM3WithRSA_OID) || oid.equals(AlgorithmIdentifier.SM3WithSM2_OID) || oid.equals(AlgorithmIdentifier.SM2SIGN_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SM3_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_224_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA512_256_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_224_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_256_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_384_OID);
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID)) {
            return AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA3_512_OID);
        }
        throw new u("unknown sign algorithm");
    }

    private AlgorithmIdentifier toSignAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        return (oid.equals(AlgorithmIdentifier.SHA1WithRSA_OID) || oid.equals(AlgorithmIdentifier.MD5WithRSA_OID) || oid.equals(AlgorithmIdentifier.MD2WithRSA_OID)) ? AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.RSAEncrypt_OID) : algorithmIdentifier;
    }

    private SignerInfo toSignerInfo(boolean z, Attributes attributes, byte[] bArr, Hashable hashable) {
        SignerIdentifier signerIdentifier = new SignerIdentifier(this.signerIdType, this.cert);
        if (z) {
            this.signAlgo = AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(AlgorithmIdentifier.SM2SIGN_OID);
        }
        SignerInfo signerInfo = new SignerInfo(signerIdentifier, this.hashAlgo, attributes, this.signAlgo, bArr, toUnsignedAttributes(hashable));
        signerInfo.setSignCert(this.cert);
        return signerInfo;
    }

    private Attributes toUnsignedAttributes(Hashable hashable) {
        Attributes attributes = new Attributes(false);
        if (this.signatureTimeStampUrl != null) {
            TimeStampRespInfo signatureTimeStampToken = getSignatureTimeStampToken(hashable);
            this.unsignedAttributes.add(0, new Attribute(Attribute.SIGNATURE_TIMESTAMP, signatureTimeStampToken.getTokenObject()));
            this.signatureTimeStampTime = signatureTimeStampToken.getTime();
        }
        for (int i = 0; i < this.unsignedAttributes.size(); i++) {
            attributes.add(this.unsignedAttributes.get(i));
        }
        if (attributes.size() == 0) {
            return null;
        }
        return attributes;
    }

    public void addSignedAttribute(Attribute attribute) {
        this.signedAttributes.add(attribute);
    }

    public void addUnsignedAttribute(Attribute attribute) {
        this.unsignedAttributes.add(attribute);
    }

    public X509Certificate getCert() {
        return this.cert;
    }

    public X509Certificate getContentTimeStampCert() {
        return this.contentTimeStampCert;
    }

    public Date getContentTimeStampTime() {
        return this.contentTimeStampTime;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signable getSignable() {
        return this.signer;
    }

    public X509Certificate getSignatureTimeStampCert() {
        return this.signatureTimeStampCert;
    }

    public Date getSignatureTimeStampTime() {
        return this.signatureTimeStampTime;
    }

    public byte[] getSignedAttributesEncode(String str, byte[] bArr) {
        if (this.contentTimeStampUrl != null) {
            throw new u("unsupported content-time-stamp");
        }
        addContentTypeAttribute(str);
        addMessageDigestAttribute(bArr);
        return toAttributes(this.signedAttributes, true).getASN1Object().encode();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AlgorithmIdentifier getTrueSignAlgo() {
        return this.trueSignAlgo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getVersion() {
        return this.signerIdType == 1 ? 1 : 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasSignedAttribute(String str) {
        if (this.useSignedAttributes || this.useCMSAlgorithmProtection || this.signedAttributes.size() > 0 || str == null) {
            return true;
        }
        return ((str.equals(ContentInfo.DATA_OID) || str.equals("1.2.156.10197.6.1.4.2.1")) && this.contentTimeStampUrl == null) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasUnsignedAttributes() {
        return this.signatureTimeStampUrl != null || this.unsignedAttributes.size() > 0;
    }

    public void setAdbeRevocationInfoArchival(AdbeRevocationInfoArchival adbeRevocationInfoArchival) {
        Attribute attribute = new Attribute(Attribute.ADBE_REVOCATIONINFO_ARCHIVAL, adbeRevocationInfoArchival.getASN1Object());
        deleteSignedAttribute(Attribute.ADBE_REVOCATIONINFO_ARCHIVAL);
        addSignedAttribute(attribute);
    }

    public void setContentTimeStampInfo(String str, AlgorithmIdentifier algorithmIdentifier) {
        this.contentTimeStampUrl = str;
        this.contentTimeStampHashAlgo = algorithmIdentifier;
    }

    public void setHttpImplement(IHttp iHttp) {
        this.http = iHttp;
    }

    public void setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
    }

    public void setSignatureAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.hashAlgo = toHashAlgorithm(algorithmIdentifier);
        this.signAlgo = toSignAlgorithm(algorithmIdentifier);
        this.trueSignAlgo = algorithmIdentifier;
    }

    public void setSignatureTimeStampInfo(String str, AlgorithmIdentifier algorithmIdentifier) {
        this.signatureTimeStampUrl = str;
        this.signatureTimeStampHashAlgo = algorithmIdentifier;
    }

    public SignerInfo setSignatureValue(String str, byte[] bArr, byte[] bArr2) {
        return setSignatureValue(false, str, bArr, bArr2);
    }

    public SignerInfo setSignatureValue(boolean z, String str, byte[] bArr, byte[] bArr2) {
        if (this.trueSignAlgo == null) {
            throw new u("no sign algorithm");
        }
        if (z && str.equals(ContentInfo.DATA_OID)) {
            str = "1.2.156.10197.6.1.4.2.1";
        }
        addContentTypeAttribute(str);
        addMessageDigestAttribute(bArr);
        return toSignerInfo(z, toAttributes(this.signedAttributes, true), bArr2, null);
    }

    public SignerInfo setSignatureValue(boolean z, byte[] bArr) {
        if (this.trueSignAlgo != null) {
            return toSignerInfo(z, null, bArr, null);
        }
        throw new u("no sign algorithm");
    }

    public void setSignerIdType(int i) {
        if (i == 1 || i == 2) {
            this.signerIdType = i;
        } else {
            throw new u("bad SignerIdType: " + i);
        }
    }

    public void setSigningCertificateAttribute(X509Certificate x509Certificate, Hashable hashable, boolean z) {
        ESSCertID eSSCertID = new ESSCertID(x509Certificate, hashable, z);
        ArrayList arrayList = new ArrayList();
        arrayList.add(eSSCertID);
        setSigningCertificateAttribute(new SigningCertificate(arrayList, null));
    }

    public void setSigningCertificateAttribute(SigningCertificate signingCertificate) {
        Attribute attribute = new Attribute(Attribute.SIGNING_CERTIFICATE, signingCertificate.getASN1Object());
        deleteSignedAttribute(Attribute.SIGNING_CERTIFICATE);
        addSignedAttribute(attribute);
    }

    public void setSigningCertificateV2Attribute(AlgorithmIdentifier algorithmIdentifier, X509Certificate x509Certificate, Hashable hashable, boolean z) {
        ESSCertIDv2 eSSCertIDv2 = new ESSCertIDv2(algorithmIdentifier, x509Certificate, hashable, z);
        ArrayList arrayList = new ArrayList();
        arrayList.add(eSSCertIDv2);
        setSigningCertificateV2Attribute(new SigningCertificateV2(arrayList, null));
    }

    public void setSigningCertificateV2Attribute(SigningCertificateV2 signingCertificateV2) {
        Attribute attribute = new Attribute(Attribute.SIGNING_CERTIFICATE_V2, signingCertificateV2.getASN1Object());
        deleteSignedAttribute(Attribute.SIGNING_CERTIFICATE_V2);
        addSignedAttribute(attribute);
    }

    public void setSigningTime(Date date) {
        Attribute attribute = new Attribute(Attribute.SIGNING_TIME, new Time(date).getASN1Object());
        deleteSignedAttribute(Attribute.SIGNING_TIME);
        addSignedAttribute(attribute);
    }

    public void setUseCMSAlgorithmProtection(boolean z) {
        this.useCMSAlgorithmProtection = z;
    }

    public void setUseSignedAttributes(boolean z) {
        this.useSignedAttributes = z;
    }

    public void setVerifyImplement(Verifible verifible) {
        this.verifier = verifible;
    }

    public SignerInfo sign(String str, byte[] bArr, Hashable hashable) {
        return sign(str, bArr, hashable, false);
    }

    public SignerInfo sign(String str, byte[] bArr, Hashable hashable, boolean z) {
        Attributes attributes;
        if (this.trueSignAlgo == null) {
            throw new u("no sign algorithm");
        }
        if (hasSignedAttribute(str)) {
            if (str != null) {
                if (z && str.equals(ContentInfo.DATA_OID)) {
                    str = "1.2.156.10197.6.1.4.2.1";
                }
                addContentTypeAttribute(str);
            }
            addMessageDigestAttribute(hashable.hash(this.hashAlgo, bArr, 0, bArr.length));
            if (this.contentTimeStampUrl != null) {
                addContentTimeStampAttribute(hashable, bArr);
            }
            if (this.useCMSAlgorithmProtection) {
                addCMSAlgorithmProtectionAttribute();
            }
            attributes = toAttributes(this.signedAttributes, true);
            bArr = attributes.getASN1Object().encode();
        } else {
            attributes = null;
        }
        this.signature = this.signer.sign(this.trueSignAlgo, bArr, 0, bArr.length);
        return toSignerInfo(z, attributes, this.signature, hashable);
    }
}
