package org.bouncycastle.cms;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import javax.crypto.Cipher;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public class ch {
    private ce a;
    private org.bouncycastle.asn1.c.an b;
    private org.bouncycastle.asn1.ab.b c;
    private org.bouncycastle.asn1.ab.b d;
    private final org.bouncycastle.asn1.t e;
    private final org.bouncycastle.asn1.t f;
    private af g;
    private byte[] h;
    private org.bouncycastle.asn1.m i;
    private ay j;
    private byte[] k;
    private org.bouncycastle.operator.u l;
    private org.bouncycastle.asn1.c.b m;
    private org.bouncycastle.asn1.c.b n;
    private boolean o;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ch(org.bouncycastle.asn1.c.an anVar, org.bouncycastle.asn1.m mVar, af afVar, ay ayVar, org.bouncycastle.operator.u uVar) {
        this.b = anVar;
        this.i = mVar;
        this.l = uVar;
        this.o = mVar == null;
        org.bouncycastle.asn1.c.am f = anVar.f();
        if (f.e()) {
            this.a = new ce(org.bouncycastle.asn1.n.a(f.f()).g());
        } else {
            org.bouncycastle.asn1.c.t a = org.bouncycastle.asn1.c.t.a(f.f());
            this.a = new ce(a.e(), a.f().e());
        }
        this.c = anVar.h();
        this.e = anVar.g();
        this.f = anVar.k();
        this.d = anVar.j();
        this.h = anVar.i().g();
        this.g = afVar;
        this.j = ayVar;
    }

    private org.bouncycastle.asn1.ab.s a(byte[] bArr) throws IOException, CMSException {
        if (bArr[0] != 48) {
            throw new IOException("not a digest info object");
        }
        org.bouncycastle.asn1.ab.s sVar = new org.bouncycastle.asn1.ab.s((org.bouncycastle.asn1.q) new org.bouncycastle.asn1.i(bArr).c());
        if (sVar.a().length != bArr.length) {
            throw new CMSException("malformed RSA signature");
        }
        return sVar;
    }

    private org.bouncycastle.asn1.bj a(org.bouncycastle.asn1.bk bkVar, String str) throws CMSException {
        org.bouncycastle.asn1.c.b l = l();
        if (l != null && l.b(bkVar).a() > 0) {
            throw new CMSException("The " + str + " attribute MUST NOT be an unsigned attribute");
        }
        org.bouncycastle.asn1.c.b k = k();
        if (k == null) {
            return null;
        }
        org.bouncycastle.asn1.e b = k.b(bkVar);
        switch (b.a()) {
            case 0:
                return null;
            case 1:
                org.bouncycastle.asn1.t f = ((org.bouncycastle.asn1.c.a) b.a(0)).f();
                if (f.f() != 1) {
                    throw new CMSException("A " + str + " attribute MUST have a single attribute value");
                }
                return f.a(0).c();
            default:
                throw new CMSException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + str + " attribute");
        }
    }

    public static ch a(ch chVar, org.bouncycastle.asn1.c.b bVar) {
        org.bouncycastle.asn1.c.an anVar = chVar.b;
        return new ch(new org.bouncycastle.asn1.c.an(anVar.f(), anVar.h(), anVar.g(), anVar.j(), anVar.i(), bVar != null ? new org.bouncycastle.asn1.bs(bVar.c()) : null), chVar.i, chVar.g, null, new org.bouncycastle.operator.g());
    }

    public static ch a(ch chVar, ci ciVar) {
        org.bouncycastle.asn1.c.an anVar = chVar.b;
        org.bouncycastle.asn1.c.b l = chVar.l();
        org.bouncycastle.asn1.e c = l != null ? l.c() : new org.bouncycastle.asn1.e();
        org.bouncycastle.asn1.e eVar = new org.bouncycastle.asn1.e();
        Iterator it = ciVar.b().iterator();
        while (it.hasNext()) {
            eVar.a(((ch) it.next()).p());
        }
        c.a(new org.bouncycastle.asn1.c.a(org.bouncycastle.asn1.c.h.d, new org.bouncycastle.asn1.bs(eVar)));
        return new ch(new org.bouncycastle.asn1.c.an(anVar.f(), anVar.h(), anVar.g(), anVar.j(), anVar.i(), new org.bouncycastle.asn1.bs(c)), chVar.i, chVar.g, null, new org.bouncycastle.operator.g());
    }

    private boolean a(byte[] bArr, PublicKey publicKey, byte[] bArr2, Provider provider) throws NoSuchAlgorithmException, CMSException {
        String c = aq.a.c(i());
        try {
            if (!c.equals("RSA")) {
                if (!c.equals("DSA")) {
                    throw new CMSException("algorithm: " + c + " not supported in base signatures.");
                }
                Signature b = aq.a.b("NONEwithDSA", provider);
                b.initVerify(publicKey);
                b.update(bArr);
                return b.verify(bArr2);
            }
            Cipher a = ab.a.a("RSA/ECB/PKCS1Padding", provider);
            a.init(2, publicKey);
            org.bouncycastle.asn1.ab.s a2 = a(a.doFinal(bArr2));
            if (a2.e().h_().equals(this.c.h_()) && b(a2.e().i())) {
                return org.bouncycastle.util.b.b(bArr, a2.f());
            }
            return false;
        } catch (IOException e) {
            throw new CMSException("Exception decoding signature: " + e, e);
        } catch (GeneralSecurityException e2) {
            throw new CMSException("Exception processing signature: " + e2, e2);
        }
    }

    private byte[] a(org.bouncycastle.asn1.aw awVar) throws IOException {
        if (awVar != null) {
            return awVar.c().a();
        }
        return null;
    }

    private boolean b(PublicKey publicKey, Provider provider) throws CMSException, NoSuchAlgorithmException {
        String a = aq.a.a(f());
        Signature b = aq.a.b(a + "with" + aq.a.c(i()), provider);
        MessageDigest a2 = aq.a.a(a, provider);
        try {
            if (this.j != null) {
                this.k = this.j.a();
            } else {
                if (this.g != null) {
                    this.g.a(new ax(a2));
                } else if (this.e == null) {
                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
                }
                this.k = a2.digest();
            }
            org.bouncycastle.asn1.bj a3 = a(org.bouncycastle.asn1.c.h.a, "content-type");
            if (a3 == null) {
                if (!this.o && this.e != null) {
                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a3 instanceof org.bouncycastle.asn1.bk)) {
                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((org.bouncycastle.asn1.bk) a3).equals(this.i)) {
                    throw new CMSException("content-type attribute value does not match eContentType");
                }
            }
            org.bouncycastle.asn1.bj a4 = a(org.bouncycastle.asn1.c.h.b, "message-digest");
            if (a4 == null) {
                if (this.e != null) {
                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a4 instanceof org.bouncycastle.asn1.n)) {
                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!org.bouncycastle.util.b.b(this.k, ((org.bouncycastle.asn1.n) a4).g())) {
                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
                }
            }
            org.bouncycastle.asn1.c.b k = k();
            if (k != null && k.b(org.bouncycastle.asn1.c.h.d).a() > 0) {
                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
            }
            org.bouncycastle.asn1.c.b l = l();
            if (l != null) {
                org.bouncycastle.asn1.e b2 = l.b(org.bouncycastle.asn1.c.h.d);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < b2.a()) {
                        if (((org.bouncycastle.asn1.c.a) b2.a(i2)).f().f() < 1) {
                            throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                b.initVerify(publicKey);
                if (this.e != null) {
                    b.update(o());
                } else {
                    if (this.j != null) {
                        return a(this.k, publicKey, m(), provider);
                    }
                    if (this.g != null) {
                        this.g.a(new cd(b));
                    }
                }
                return b.verify(m());
            } catch (IOException e) {
                throw new CMSException("can't process mime object to create signature.", e);
            } catch (InvalidKeyException e2) {
                throw new CMSException("key not appropriate to signature in message.", e2);
            } catch (SignatureException e3) {
                throw new CMSException("invalid signature format in message: " + e3.getMessage(), e3);
            }
        } catch (IOException e4) {
            throw new CMSException("can't process mime object to create signature.", e4);
        }
    }

    private boolean b(org.bouncycastle.asn1.aw awVar) {
        return (awVar instanceof org.bouncycastle.asn1.k) || awVar == null;
    }

    private boolean b(cj cjVar) throws CMSException {
        String a = aq.a.a(f());
        String c = aq.a.c(i());
        String str = a + "with" + c;
        try {
            if (this.j != null) {
                this.k = this.j.a();
            } else {
                org.bouncycastle.operator.i b = cjVar.b(e());
                if (this.g != null) {
                    OutputStream b2 = b.b();
                    this.g.a(b2);
                    b2.close();
                } else if (this.e == null) {
                    throw new CMSException("data not encapsulated in signature - use detached constructor.");
                }
                this.k = b.c();
            }
            org.bouncycastle.asn1.bj a2 = a(org.bouncycastle.asn1.c.h.a, "content-type");
            if (a2 == null) {
                if (!this.o && this.e != null) {
                    throw new CMSException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new CMSException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a2 instanceof org.bouncycastle.asn1.bk)) {
                    throw new CMSException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((org.bouncycastle.asn1.bk) a2).equals(this.i)) {
                    throw new CMSException("content-type attribute value does not match eContentType");
                }
            }
            org.bouncycastle.asn1.bj a3 = a(org.bouncycastle.asn1.c.h.b, "message-digest");
            if (a3 == null) {
                if (this.e != null) {
                    throw new CMSException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a3 instanceof org.bouncycastle.asn1.n)) {
                    throw new CMSException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!org.bouncycastle.util.b.b(this.k, ((org.bouncycastle.asn1.n) a3).g())) {
                    throw new CMSSignerDigestMismatchException("message-digest attribute value does not match calculated value");
                }
            }
            org.bouncycastle.asn1.c.b k = k();
            if (k != null && k.b(org.bouncycastle.asn1.c.h.d).a() > 0) {
                throw new CMSException("A countersignature attribute MUST NOT be a signed attribute");
            }
            org.bouncycastle.asn1.c.b l = l();
            if (l != null) {
                org.bouncycastle.asn1.e b3 = l.b(org.bouncycastle.asn1.c.h.d);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < b3.a()) {
                        if (((org.bouncycastle.asn1.c.a) b3.a(i2)).f().f() < 1) {
                            throw new CMSException("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                org.bouncycastle.operator.d a4 = cjVar.a(this.l.a(str));
                OutputStream b4 = a4.b();
                if (this.e != null) {
                    b4.write(o());
                } else {
                    if (this.j != null) {
                        if (!(a4 instanceof org.bouncycastle.operator.t)) {
                            throw new CMSException("verifier unable to process raw signature");
                        }
                        org.bouncycastle.operator.t tVar = (org.bouncycastle.operator.t) a4;
                        return c.equals("RSA") ? tVar.a(new org.bouncycastle.asn1.ab.s(this.c, this.k).b(), m()) : tVar.a(this.k, m());
                    }
                    if (this.g != null) {
                        this.g.a(b4);
                    }
                }
                b4.close();
                return a4.a(m());
            } catch (IOException e) {
                throw new CMSException("can't process mime object to create signature.", e);
            } catch (OperatorCreationException e2) {
                throw new CMSException("can't create content verifier: " + e2.getMessage(), e2);
            }
        } catch (IOException e3) {
            throw new CMSException("can't process mime object to create signature.", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new CMSException("can't find algorithm: " + e4.getMessage(), e4);
        } catch (OperatorCreationException e5) {
            throw new CMSException("can't create digest calculator: " + e5.getMessage(), e5);
        }
    }

    private org.bouncycastle.asn1.c.ao r() throws CMSException {
        org.bouncycastle.asn1.bj a = a(org.bouncycastle.asn1.c.h.c, "signing-time");
        if (a == null) {
            return null;
        }
        try {
            return org.bouncycastle.asn1.c.ao.a(a);
        } catch (IllegalArgumentException e) {
            throw new CMSException("signing-time attribute value not a valid 'Time' structure");
        }
    }

    public boolean a() {
        return this.o;
    }

    public boolean a(PublicKey publicKey, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        return a(publicKey, at.a(str));
    }

    public boolean a(PublicKey publicKey, Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException {
        r();
        return b(publicKey, provider);
    }

    public boolean a(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CMSException {
        return a(x509Certificate, at.a(str));
    }

    public boolean a(X509Certificate x509Certificate, Provider provider) throws NoSuchAlgorithmException, CertificateExpiredException, CertificateNotYetValidException, CMSException {
        org.bouncycastle.asn1.c.ao r = r();
        if (r != null) {
            x509Certificate.checkValidity(r.f());
        }
        return b(x509Certificate.getPublicKey(), provider);
    }

    public boolean a(cj cjVar) throws CMSException {
        org.bouncycastle.asn1.c.ao r = r();
        if (!cjVar.a() || r == null || cjVar.b().a(r.f())) {
            return b(cjVar);
        }
        throw new CMSVerifierCertificateNotValidException("verifier not valid at signingTime");
    }

    public org.bouncycastle.asn1.m b() {
        return this.i;
    }

    public ce c() {
        return this.a;
    }

    public int d() {
        return this.b.e().e().intValue();
    }

    public org.bouncycastle.asn1.ab.b e() {
        return this.c;
    }

    public String f() {
        return this.c.h_().e();
    }

    public byte[] g() {
        try {
            return a(this.c.i());
        } catch (Exception e) {
            throw new RuntimeException("exception getting digest parameters " + e);
        }
    }

    public byte[] h() {
        if (this.k == null) {
            throw new IllegalStateException("method can only be called after verify.");
        }
        return (byte[]) this.k.clone();
    }

    public String i() {
        return this.d.h_().e();
    }

    public byte[] j() {
        try {
            return a(this.d.i());
        } catch (Exception e) {
            throw new RuntimeException("exception getting encryption parameters " + e);
        }
    }

    public org.bouncycastle.asn1.c.b k() {
        if (this.e != null && this.m == null) {
            this.m = new org.bouncycastle.asn1.c.b(this.e);
        }
        return this.m;
    }

    public org.bouncycastle.asn1.c.b l() {
        if (this.f != null && this.n == null) {
            this.n = new org.bouncycastle.asn1.c.b(this.f);
        }
        return this.n;
    }

    public byte[] m() {
        return (byte[]) this.h.clone();
    }

    public ci n() {
        int i = 0;
        org.bouncycastle.asn1.c.b l = l();
        if (l == null) {
            return new ci(new ArrayList(0));
        }
        ArrayList arrayList = new ArrayList();
        org.bouncycastle.asn1.e b = l.b(org.bouncycastle.asn1.c.h.d);
        while (true) {
            int i2 = i;
            if (i2 >= b.a()) {
                return new ci(arrayList);
            }
            org.bouncycastle.asn1.t f = ((org.bouncycastle.asn1.c.a) b.a(i2)).f();
            if (f.f() < 1) {
            }
            Enumeration e = f.e();
            while (e.hasMoreElements()) {
                org.bouncycastle.asn1.c.an a = org.bouncycastle.asn1.c.an.a(e.nextElement());
                arrayList.add(new ch(a, null, null, new au(aq.a.a(a.h().h_().e()), null, m()), new org.bouncycastle.operator.g()));
            }
            i = i2 + 1;
        }
    }

    public byte[] o() throws IOException {
        if (this.e != null) {
            return this.e.a("DER");
        }
        return null;
    }

    public org.bouncycastle.asn1.c.an p() {
        return this.b;
    }

    public org.bouncycastle.asn1.c.an q() {
        return this.b;
    }
}
