package cn.unitid.easypki.cms;

import cn.unitid.a.a.a.a.bc;
import cn.unitid.a.a.a.a.bl;
import cn.unitid.a.a.a.a.d.ae;
import cn.unitid.a.a.a.a.d.af;
import cn.unitid.a.a.a.a.d.ag;
import cn.unitid.a.a.a.a.d.b;
import cn.unitid.a.a.a.a.d.d;
import cn.unitid.a.a.a.a.f;
import cn.unitid.a.a.a.a.g;
import cn.unitid.a.a.a.a.q;
import cn.unitid.a.a.a.a.r;
import cn.unitid.a.a.a.a.w.a;
import cn.unitid.a.a.a.a.w.j;
import cn.unitid.a.a.a.a.y;
import cn.unitid.a.a.a.c.be;
import cn.unitid.a.a.a.c.bh;
import cn.unitid.a.a.a.c.bi;
import cn.unitid.a.a.a.c.bj;
import cn.unitid.a.a.a.c.l;
import cn.unitid.a.a.a.c.m;
import cn.unitid.a.a.a.c.n;
import cn.unitid.a.a.a.c.z;
import cn.unitid.a.a.a.h.e;
import cn.unitid.a.a.a.h.k;
import cn.unitid.a.a.a.h.s;
import cn.unitid.a.a.a.h.v;
import cn.unitid.a.a.a.l.b.c;
import cn.unitid.easypki.provider.identifier.EPAlgorithmIdentifier;
import com.google.android.exoplayer2.source.rtsp.RtspHeaders;
import java.io.IOException;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;

/* loaded from: classes3.dex */
public class SignerInformation {
    private m content;
    private q contentType;
    private a digestAlgorithm;
    private a encryptionAlgorithm;
    private af info;
    private boolean isCounterSignature;
    private byte[] resultDigest;
    private be sid;
    private byte[] signature;
    private final y signedAttributeSet;
    private b signedAttributeValues;
    private final y unsignedAttributeSet;
    private b unsignedAttributeValues;

    SignerInformation(af afVar, q qVar, m mVar, byte[] bArr) {
        this.info = afVar;
        this.contentType = qVar;
        this.isCounterSignature = qVar == null;
        ae b = afVar.b();
        if (b.a()) {
            this.sid = new be(r.a((Object) b.b()).e());
        } else {
            cn.unitid.a.a.a.a.d.m a = cn.unitid.a.a.a.a.d.m.a(b.b());
            this.sid = new be(a.a(), a.b().d());
        }
        this.digestAlgorithm = transferDigestAlgorithm(afVar.d());
        this.signedAttributeSet = afVar.c();
        this.unsignedAttributeSet = afVar.g();
        this.encryptionAlgorithm = afVar.f();
        this.signature = afVar.e().e();
        this.content = mVar;
        this.resultDigest = bArr;
    }

    public static SignerInformation addCounterSigners(SignerInformation signerInformation, bi biVar) {
        af afVar = signerInformation.info;
        b unsignedAttributes = signerInformation.getUnsignedAttributes();
        g a = unsignedAttributes != null ? unsignedAttributes.a() : new g();
        g gVar = new g();
        Iterator<bh> it = biVar.a().iterator();
        while (it.hasNext()) {
            gVar.a(((SignerInformation) it.next()).toASN1Structure());
        }
        a.a(new cn.unitid.a.a.a.a.d.a(d.d, new bl(gVar)));
        return new SignerInformation(new af(afVar.b(), afVar.d(), afVar.c(), afVar.f(), afVar.e(), new bl(a)), signerInformation.contentType, signerInformation.content, (byte[]) null);
    }

    private boolean doVerify(bj bjVar) throws l {
        String encryptionAlgName = CMSSignedHelper.INSTANCE.getEncryptionAlgName(getEncryptionAlgOID());
        try {
            e a = bjVar.a(this.encryptionAlgorithm, this.info.d());
            try {
                OutputStream a2 = a.a();
                if (this.resultDigest == null) {
                    k a3 = bjVar.a(getDigestAlgorithmID());
                    if (this.content != null) {
                        OutputStream outputStream = a3.getOutputStream();
                        if (this.signedAttributeSet != null) {
                            this.content.a(outputStream);
                            a2.write(getEncodedSignedAttributes());
                        } else if (a instanceof v) {
                            this.content.a(outputStream);
                        } else {
                            c cVar = new c(outputStream, a2);
                            this.content.a(cVar);
                            cVar.close();
                        }
                        outputStream.close();
                    } else {
                        if (this.signedAttributeSet == null) {
                            throw new l("data not encapsulated in signature - use detached constructor.");
                        }
                        a2.write(getEncodedSignedAttributes());
                    }
                    this.resultDigest = a3.getDigest();
                } else if (this.signedAttributeSet == null) {
                    m mVar = this.content;
                    if (mVar != null) {
                        mVar.a(a2);
                    }
                } else {
                    a2.write(getEncodedSignedAttributes());
                }
                a2.close();
                cn.unitid.a.a.a.a.v singleValuedSignedAttribute = getSingleValuedSignedAttribute(d.a, RtspHeaders.CONTENT_TYPE);
                if (singleValuedSignedAttribute != null) {
                    if (this.isCounterSignature) {
                        throw new l("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                    }
                    if (!(singleValuedSignedAttribute instanceof q)) {
                        throw new l("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                    }
                    if (!((q) singleValuedSignedAttribute).b(this.contentType)) {
                        throw new l("content-type attribute value does not match eContentType");
                    }
                } else if (!this.isCounterSignature && this.signedAttributeSet != null) {
                    throw new l("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
                cn.unitid.a.a.a.a.v singleValuedSignedAttribute2 = getSingleValuedSignedAttribute(d.b, "message-digest");
                if (singleValuedSignedAttribute2 != null) {
                    if (!(singleValuedSignedAttribute2 instanceof r)) {
                        throw new l("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                    }
                    if (!cn.unitid.a.a.a.l.a.b(this.resultDigest, ((r) singleValuedSignedAttribute2).e())) {
                        throw new z("message-digest attribute value does not match calculated value");
                    }
                } else if (this.signedAttributeSet != null) {
                    throw new l("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
                b signedAttributes = getSignedAttributes();
                if (signedAttributes != null && signedAttributes.b(d.d).a() > 0) {
                    throw new l("A countersignature attribute MUST NOT be a signed attribute");
                }
                b unsignedAttributes = getUnsignedAttributes();
                if (unsignedAttributes != null) {
                    g b = unsignedAttributes.b(d.d);
                    for (int i = 0; i < b.a(); i++) {
                        if (((cn.unitid.a.a.a.a.d.a) b.a(i)).b().d() < 1) {
                            throw new l("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                    }
                }
                try {
                    if (this.signedAttributeSet != null || this.resultDigest == null || !(a instanceof v)) {
                        return a.a(getSignature());
                    }
                    v vVar = (v) a;
                    return encryptionAlgName.equals("RSA") ? vVar.a(new j(new a(this.digestAlgorithm.a(), bc.a), this.resultDigest).getEncoded("DER"), getSignature()) : vVar.a(this.resultDigest, getSignature());
                } catch (IOException e) {
                    throw new l("can't process mime object to create signature.", e);
                }
            } catch (s e2) {
                throw new l("can't create digest calculator: " + e2.getMessage(), e2);
            } catch (IOException e3) {
                throw new l("can't process mime object to create signature.", e3);
            }
        } catch (s e4) {
            throw new l("can't create content verifier: " + e4.getMessage(), e4);
        }
    }

    private byte[] encodeObj(f fVar) throws IOException {
        if (fVar != null) {
            return fVar.toASN1Primitive().getEncoded();
        }
        return null;
    }

    public static SignerInformation getInstance(bh bhVar, m mVar) {
        return new SignerInformation(bhVar.d(), bhVar.a(), mVar, null);
    }

    private ag getSigningTime() throws l {
        cn.unitid.a.a.a.a.v singleValuedSignedAttribute = getSingleValuedSignedAttribute(d.c, "signing-time");
        if (singleValuedSignedAttribute == null) {
            return null;
        }
        try {
            return ag.a(singleValuedSignedAttribute);
        } catch (IllegalArgumentException unused) {
            throw new l("signing-time attribute value not a valid 'Time' structure");
        }
    }

    private cn.unitid.a.a.a.a.v getSingleValuedSignedAttribute(q qVar, String str) throws l {
        g b;
        int a;
        b unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes != null && unsignedAttributes.b(qVar).a() > 0) {
            throw new l("The " + str + " attribute MUST NOT be an unsigned attribute");
        }
        b signedAttributes = getSignedAttributes();
        if (signedAttributes == null || (a = (b = signedAttributes.b(qVar)).a()) == 0) {
            return null;
        }
        if (a != 1) {
            throw new l("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + str + " attribute");
        }
        y b2 = ((cn.unitid.a.a.a.a.d.a) b.a(0)).b();
        if (b2.d() == 1) {
            return b2.a(0).toASN1Primitive();
        }
        throw new l("A " + str + " attribute MUST have a single attribute value");
    }

    public static SignerInformation replaceUnsignedAttributes(SignerInformation signerInformation, b bVar) {
        af afVar = signerInformation.info;
        return new SignerInformation(new af(afVar.b(), afVar.d(), afVar.c(), afVar.f(), afVar.e(), bVar != null ? new bl(bVar.a()) : null), signerInformation.contentType, signerInformation.content, (byte[]) null);
    }

    private a transferDigestAlgorithm(a aVar) {
        return EPAlgorithmIdentifier.SHA1_WITH_RSA_ENCRYPTION_ALGORITHM_OID.equals(aVar.a().b()) ? new a(new q("1.3.14.3.2.26")) : EPAlgorithmIdentifier.MD5_WITH_RSA_ENCRYPTION_ALGORITHM_OID.equals(aVar.a().b()) ? new a(new q(EPAlgorithmIdentifier.MD5_ALGORITHM_OID)) : aVar;
    }

    public byte[] getContentDigest() {
        byte[] bArr = this.resultDigest;
        if (bArr != null) {
            return cn.unitid.a.a.a.l.a.b(bArr);
        }
        throw new IllegalStateException("method can only be called after verify.");
    }

    public q getContentType() {
        return this.contentType;
    }

    public bi getCounterSignatures() {
        b unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes == null) {
            return new bi(new ArrayList(0));
        }
        ArrayList arrayList = new ArrayList();
        g b = unsignedAttributes.b(d.d);
        for (int i = 0; i < b.a(); i++) {
            y b2 = ((cn.unitid.a.a.a.a.d.a) b.a(i)).b();
            b2.d();
            Enumeration b3 = b2.b();
            while (b3.hasMoreElements()) {
                arrayList.add(new SignerInformation(af.a(b3.nextElement()), (q) null, new n(getSignature()), (byte[]) null));
            }
        }
        return new bi(arrayList);
    }

    public String getDigestAlgOID() {
        return this.digestAlgorithm.a().b();
    }

    public byte[] getDigestAlgParams() {
        try {
            return encodeObj(this.digestAlgorithm.b());
        } catch (Exception e) {
            throw new RuntimeException("exception getting digest parameters " + e);
        }
    }

    public a getDigestAlgorithmID() {
        return this.digestAlgorithm;
    }

    public byte[] getEncodedSignedAttributes() throws IOException {
        y yVar = this.signedAttributeSet;
        if (yVar != null) {
            return yVar.getEncoded();
        }
        return null;
    }

    public String getEncryptionAlgOID() {
        return this.encryptionAlgorithm.a().b();
    }

    public byte[] getEncryptionAlgParams() {
        try {
            return encodeObj(this.encryptionAlgorithm.b());
        } catch (Exception e) {
            throw new RuntimeException("exception getting encryption parameters " + e);
        }
    }

    public af getInfo() {
        return this.info;
    }

    public be getSID() {
        return this.sid;
    }

    public byte[] getSignature() {
        return cn.unitid.a.a.a.l.a.b(this.signature);
    }

    public b getSignedAttributes() {
        y yVar = this.signedAttributeSet;
        if (yVar != null && this.signedAttributeValues == null) {
            this.signedAttributeValues = new b(yVar);
        }
        return this.signedAttributeValues;
    }

    public b getUnsignedAttributes() {
        y yVar = this.unsignedAttributeSet;
        if (yVar != null && this.unsignedAttributeValues == null) {
            this.unsignedAttributeValues = new b(yVar);
        }
        return this.unsignedAttributeValues;
    }

    public int getVersion() {
        return this.info.a().d().intValue();
    }

    public boolean isCounterSignature() {
        return this.isCounterSignature;
    }

    public af toASN1Structure() {
        return this.info;
    }

    public boolean verify(bj bjVar) throws l {
        ag signingTime = getSigningTime();
        if (!bjVar.a() || signingTime == null || bjVar.b().a(signingTime.a())) {
            return doVerify(bjVar);
        }
        throw new cn.unitid.a.a.a.c.ae("verifier not valid at signingTime");
    }
}
