package net.netca.pki.impl.jce;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Date;
import net.netca.pki.d;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.AnyType;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;
import net.netca.pki.encoding.asn1.pki.cms.Signer;
import net.netca.pki.encoding.asn1.pki.cms.SignerInfo;
import net.netca.pki.global.IGetTimeStamp;
import net.netca.pki.global.IHash;
import net.netca.pki.global.ISignedDataDetachedSign;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class JCESignedDataDetachedSign implements ISignedDataDetachedSign {
    private JCEX509Certificate cert;
    private boolean hasSignedAttr;
    private IHash hasher;
    private SignedDataSignInfo info;
    private JCEPki pki;
    private PrivateKey privateKey;
    private AlgorithmIdentifier signAlgo;
    private Signature signature;
    private SignedData signedData;
    private Date tsaTime = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCESignedDataDetachedSign(JCEPki jCEPki, JCEX509Certificate jCEX509Certificate, AlgorithmIdentifier algorithmIdentifier, SignedDataSignInfo signedDataSignInfo) {
        this.pki = jCEPki;
        this.privateKey = jCEX509Certificate.getJCEPrivateKey();
        if (this.privateKey == null) {
            throw new u("no private key");
        }
        this.cert = jCEX509Certificate;
        this.signAlgo = algorithmIdentifier;
        this.info = signedDataSignInfo;
        if (!signedDataSignInfo.hasSigningCertAttribute && !signedDataSignInfo.useSigningTime) {
            this.hasSignedAttr = false;
            this.signature = createSignatureObject();
        } else {
            this.hasSignedAttr = true;
            this.hasher = jCEPki.getHashObject(getHashAlgoFromSignatureAlgo(algorithmIdentifier));
            if (this.hasher == null) {
                throw new u("create hash object fail");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Date attachSignatureTimeStamp(JCEPki jCEPki, SignedData signedData) {
        SignerInfo signerInfo = signedData.getSignerInfos().get(0);
        TimeStampRespInfo timeStamp = getTimeStamp(jCEPki, signerInfo.getSignature());
        updateSignatureTimeStampAttribute(signerInfo, timeStamp.token);
        return timeStamp.time;
    }

    private Signature createSignatureObject() {
        try {
            Signature signature = Signature.getInstance(this.signAlgo.getOid());
            signature.initSign(this.privateKey);
            return signature;
        } catch (InvalidKeyException e) {
            throw new u("bad private key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new u("bad sign algo", e2);
        }
    }

    private Signer createSigner(X509Certificate x509Certificate, Date date, X509Certificate[] x509CertificateArr) {
        Signer signer = new Signer(x509Certificate, null);
        signer.setSignatureAlgorithm(this.signAlgo);
        signer.setSignerIdType(this.info.useSubjectKeyId ? 2 : 1);
        if (this.info.useSigningTime) {
            JCESignedDataSign.addSigningTimeAttribute(signer, date);
        }
        if (this.info.hasSigningCertAttribute) {
            JCESignedDataSign.addSigningCertHashAttribute(signer, this.info.signingCertHashAlgo, x509CertificateArr);
        }
        return signer;
    }

    private String getHashAlgoFromSignatureAlgo(AlgorithmIdentifier algorithmIdentifier) {
        String oid = algorithmIdentifier.getOid();
        if (oid.equals(AlgorithmIdentifier.SHA1WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID)) {
            return AlgorithmIdentifier.SHA1_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA224WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID)) {
            return AlgorithmIdentifier.SHA224_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA256WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID)) {
            return AlgorithmIdentifier.SHA256_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA384WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return AlgorithmIdentifier.SHA384_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return AlgorithmIdentifier.SHA512_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return AlgorithmIdentifier.SHA512_224_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return AlgorithmIdentifier.SHA512_256_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return AlgorithmIdentifier.SHA3_384_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) || oid.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID)) {
            return AlgorithmIdentifier.SHA3_512_OID;
        }
        if (oid.equals(AlgorithmIdentifier.SM3WithSM2_OID)) {
            return AlgorithmIdentifier.SM3_OID;
        }
        return null;
    }

    private static TimeStampRespInfo getTimeStamp(JCEPki jCEPki, byte[] bArr) {
        IGetTimeStamp iGetTimeStamp;
        TimeStampRespInfo timeStampRespInfo = new TimeStampRespInfo();
        try {
            iGetTimeStamp = jCEPki.getGetTimeStampObject();
            try {
                timeStampRespInfo.token = iGetTimeStamp.getToken(bArr, 0, bArr.length);
                timeStampRespInfo.time = iGetTimeStamp.getTime();
                if (iGetTimeStamp instanceof d) {
                    ((d) iGetTimeStamp).free();
                }
                return timeStampRespInfo;
            } catch (Throwable th) {
                th = th;
                if (iGetTimeStamp instanceof d) {
                    ((d) iGetTimeStamp).free();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            iGetTimeStamp = null;
        }
    }

    private static Attribute newSignatureTimeStampAttribute(byte[] bArr) {
        return new Attribute(Attribute.SIGNATURE_TIMESTAMP, ASN1Object.decode(bArr, AnyType.getInstance()));
    }

    private static Attributes newUnsignedAttributes(Attributes attributes, Attribute attribute) {
        Attributes attributes2 = new Attributes();
        if (attributes != null) {
            int size = attributes.size();
            for (int i = 0; i < size; i++) {
                Attribute attribute2 = attributes.get(i);
                if (!attribute2.getType().equals(Attribute.SIGNATURE_TIMESTAMP)) {
                    attributes2.add(attribute2);
                }
            }
        }
        attributes2.add(attribute);
        return attributes2;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x008b  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0094  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x00be  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x00c3  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00ad A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private net.netca.pki.encoding.asn1.pki.cms.SignedData sign(byte[] r10) {
        /*
            r9 = this;
            net.netca.pki.encoding.asn1.pki.cms.SignedDataBuilder r0 = new net.netca.pki.encoding.asn1.pki.cms.SignedDataBuilder
            r0.<init>()
            net.netca.pki.encoding.asn1.pki.X509Certificate r1 = new net.netca.pki.encoding.asn1.pki.X509Certificate
            net.netca.pki.impl.jce.JCEX509Certificate r2 = r9.cert
            byte[] r2 = r2.derEncode()
            r1.<init>(r2)
            java.util.Date r2 = new java.util.Date
            r2.<init>()
            net.netca.pki.impl.jce.SignedDataSignInfo r3 = r9.info
            boolean r3 = r3.hasSigningCertAttribute
            if (r3 == 0) goto L22
            net.netca.pki.impl.jce.JCEPki r3 = r9.pki
            net.netca.pki.encoding.asn1.pki.X509Certificate[] r3 = net.netca.pki.impl.jce.JCESignedDataSign.builderCertPath(r3, r1)
            goto L23
        L22:
            r3 = 0
        L23:
            net.netca.pki.encoding.asn1.pki.cms.Signer r4 = r9.createSigner(r1, r2, r3)
            r5 = 1
            r0.setDetached(r5)
            net.netca.pki.impl.jce.SignedDataSignInfo r6 = r9.info
            int r6 = r6.includeCertOption
            r7 = 0
            if (r6 != r5) goto L36
            r0.setIncludeSignCert(r7)
            goto L82
        L36:
            net.netca.pki.impl.jce.SignedDataSignInfo r6 = r9.info
            int r6 = r6.includeCertOption
            r8 = 4
            if (r6 != r8) goto L55
            if (r3 == 0) goto L45
            net.netca.pki.impl.jce.JCEPki r3 = r9.pki
            net.netca.pki.encoding.asn1.pki.X509Certificate[] r3 = net.netca.pki.impl.jce.JCESignedDataSign.builderCertPath(r3, r1)
        L45:
            r6 = r3
            r0.setIncludeSignCert(r7)
        L49:
            int r3 = r6.length
            if (r7 < r3) goto L4d
            goto L83
        L4d:
            r3 = r6[r7]
            r0.addX509PublicKeyCertificate(r3)
            int r7 = r7 + 1
            goto L49
        L55:
            net.netca.pki.impl.jce.SignedDataSignInfo r6 = r9.info
            int r6 = r6.includeCertOption
            r8 = 3
            if (r6 != r8) goto L7c
            if (r3 == 0) goto L64
            net.netca.pki.impl.jce.JCEPki r3 = r9.pki
            net.netca.pki.encoding.asn1.pki.X509Certificate[] r3 = net.netca.pki.impl.jce.JCESignedDataSign.builderCertPath(r3, r1)
        L64:
            r6 = r3
            int r3 = r6.length
            if (r3 != r5) goto L6c
            r0.setIncludeSignCert(r5)
            goto L83
        L6c:
            r0.setIncludeSignCert(r7)
        L6f:
            int r3 = r6.length
            int r3 = r3 - r5
            if (r7 < r3) goto L74
            goto L83
        L74:
            r3 = r6[r7]
            r0.addX509PublicKeyCertificate(r3)
            int r7 = r7 + 1
            goto L6f
        L7c:
            r0.setIncludeSignCert(r7)
            r0.addX509PublicKeyCertificate(r1)
        L82:
            r6 = r3
        L83:
            java.lang.String r3 = "1.2.840.113549.1.7.1"
            net.netca.pki.impl.jce.SignedDataSignInfo r7 = r9.info
            boolean r7 = r7.isQ7
            if (r7 == 0) goto L90
            r0.setSM2Q7(r5)
            java.lang.String r3 = "1.2.156.10197.6.1.4.2.1"
        L90:
            boolean r5 = r9.hasSignedAttr
            if (r5 == 0) goto Lad
            byte[] r3 = r4.getSignedAttributesEncode(r3, r10)
            java.security.Signature r4 = r9.createSignatureObject()
            r4.update(r3)     // Catch: java.lang.Exception -> La4
            byte[] r3 = r4.sign()     // Catch: java.lang.Exception -> La4
            goto Lb3
        La4:
            r10 = move-exception
            net.netca.pki.u r0 = new net.netca.pki.u
            java.lang.String r1 = "sign fail"
            r0.<init>(r1, r10)
            throw r0
        Lad:
            java.security.Signature r3 = r9.signature     // Catch: java.security.SignatureException -> Lc8
            byte[] r3 = r3.sign()     // Catch: java.security.SignatureException -> Lc8
        Lb3:
            net.netca.pki.encoding.asn1.pki.cms.Signer r1 = r9.createSigner(r1, r2, r6)
            r0.addSigner(r1)
            boolean r1 = r9.hasSignedAttr
            if (r1 == 0) goto Lc3
            net.netca.pki.encoding.asn1.pki.cms.SignedData r10 = r0.setSignatureValue(r10, r3)
            return r10
        Lc3:
            net.netca.pki.encoding.asn1.pki.cms.SignedData r10 = r0.setSignatureValue(r3)
            return r10
        Lc8:
            r10 = move-exception
            net.netca.pki.u r0 = new net.netca.pki.u
            java.lang.String r1 = "sign fail"
            r0.<init>(r1, r10)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.impl.jce.JCESignedDataDetachedSign.sign(byte[]):net.netca.pki.encoding.asn1.pki.cms.SignedData");
    }

    private static void updateSignatureTimeStampAttribute(SignerInfo signerInfo, byte[] bArr) {
        signerInfo.updateUnsignedAttrs(newUnsignedAttributes(signerInfo.getUnsignedAttrs(), newSignatureTimeStampAttribute(bArr)));
    }

    @Override // net.netca.pki.global.ISignedDataDetachedSign
    public byte[] attachSignatureTimeStamp() {
        if (this.signedData == null) {
            throw new u("must sign first");
        }
        this.tsaTime = attachSignatureTimeStamp(this.pki, this.signedData);
        return this.signedData.encode(this.info.isContentInfo);
    }

    @Override // net.netca.pki.global.ISignedDataDetachedSign
    public byte[] detachedSignFinal() {
        this.signedData = sign(this.hasSignedAttr ? this.hasher.doFinal() : null);
        return this.signedData.encode(this.info.isContentInfo);
    }

    @Override // net.netca.pki.global.ISignedDataDetachedSign
    public void detachedSignUpdate(byte[] bArr, int i, int i2) {
        if (this.hasSignedAttr) {
            this.hasher.update(bArr, i, i2);
            return;
        }
        try {
            this.signature.update(bArr, i, i2);
        } catch (SignatureException e) {
            throw new u("sign update fail", e);
        }
    }

    @Override // net.netca.pki.global.ISignedDataDetachedSign
    public Date getSignatureTimeStampTime() {
        return this.tsaTime;
    }
}
