package android.sun.security.pkcs;

import android.sun.security.util.k;
import android.sun.security.util.l;
import android.sun.security.util.m;
import android.sun.security.util.t;
import android.sun.security.x509.o1;
import android.sun.security.x509.t0;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: classes.dex */
public final class h implements android.sun.security.util.h {
    f authenticatedAttributes;
    BigInteger certificateSerialNumber;
    android.sun.security.x509.e digestAlgorithmId;
    android.sun.security.x509.e digestEncryptionAlgorithmId;
    byte[] encryptedDigest;
    o1 issuerName;
    f unauthenticatedAttributes;
    BigInteger version;

    public h(k kVar) {
        this(kVar, false);
    }

    public h(k kVar, boolean z) {
        this.version = kVar.getBigInteger();
        m[] sequence = kVar.getSequence(2);
        this.issuerName = new o1(new m((byte) 48, sequence[0].toByteArray()));
        this.certificateSerialNumber = sequence[1].getBigInteger();
        this.digestAlgorithmId = android.sun.security.x509.e.parse(kVar.getDerValue());
        if (z) {
            kVar.getSet(0);
        } else if (((byte) kVar.peekByte()) == -96) {
            this.authenticatedAttributes = new f(kVar);
        }
        this.digestEncryptionAlgorithmId = android.sun.security.x509.e.parse(kVar.getDerValue());
        this.encryptedDigest = kVar.getOctetString();
        if (z) {
            kVar.getSet(0);
        } else if (kVar.available() != 0 && ((byte) kVar.peekByte()) == -95) {
            this.unauthenticatedAttributes = new f(kVar, true);
        }
        if (kVar.available() != 0) {
            throw new g("extra data at the end");
        }
    }

    public h(o1 o1Var, BigInteger bigInteger, android.sun.security.x509.e eVar, f fVar, android.sun.security.x509.e eVar2, byte[] bArr, f fVar2) {
        this.version = BigInteger.ONE;
        this.issuerName = o1Var;
        this.certificateSerialNumber = bigInteger;
        this.digestAlgorithmId = eVar;
        this.authenticatedAttributes = fVar;
        this.digestEncryptionAlgorithmId = eVar2;
        this.encryptedDigest = bArr;
        this.unauthenticatedAttributes = fVar2;
    }

    public h(o1 o1Var, BigInteger bigInteger, android.sun.security.x509.e eVar, android.sun.security.x509.e eVar2, byte[] bArr) {
        this.version = BigInteger.ONE;
        this.issuerName = o1Var;
        this.certificateSerialNumber = bigInteger;
        this.digestAlgorithmId = eVar;
        this.digestEncryptionAlgorithmId = eVar2;
        this.encryptedDigest = bArr;
    }

    @Override // android.sun.security.util.h
    public void derEncode(OutputStream outputStream) {
        l lVar = new l();
        lVar.putInteger(this.version);
        l lVar2 = new l();
        this.issuerName.encode(lVar2);
        lVar2.putInteger(this.certificateSerialNumber);
        lVar.write((byte) 48, lVar2);
        this.digestAlgorithmId.encode(lVar);
        f fVar = this.authenticatedAttributes;
        if (fVar != null) {
            fVar.encode((byte) -96, lVar);
        }
        this.digestEncryptionAlgorithmId.encode(lVar);
        lVar.putOctetString(this.encryptedDigest);
        f fVar2 = this.unauthenticatedAttributes;
        if (fVar2 != null) {
            fVar2.encode((byte) -95, lVar);
        }
        l lVar3 = new l();
        lVar3.write((byte) 48, lVar);
        outputStream.write(lVar3.toByteArray());
    }

    public void encode(l lVar) {
        derEncode(lVar);
    }

    public f getAuthenticatedAttributes() {
        return this.authenticatedAttributes;
    }

    public X509Certificate getCertificate(c cVar) {
        return cVar.getCertificate(this.certificateSerialNumber, this.issuerName);
    }

    public ArrayList<X509Certificate> getCertificateChain(c cVar) {
        boolean z;
        X509Certificate certificate = cVar.getCertificate(this.certificateSerialNumber, this.issuerName);
        if (certificate == null) {
            return null;
        }
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        arrayList.add(certificate);
        X509Certificate[] certificates = cVar.getCertificates();
        if (certificates != null && !certificate.getSubjectDN().equals(certificate.getIssuerDN())) {
            Principal issuerDN = certificate.getIssuerDN();
            int i = 0;
            do {
                int i9 = i;
                while (true) {
                    if (i9 >= certificates.length) {
                        z = false;
                        break;
                    }
                    if (issuerDN.equals(certificates[i9].getSubjectDN())) {
                        arrayList.add(certificates[i9]);
                        if (certificates[i9].getSubjectDN().equals(certificates[i9].getIssuerDN())) {
                            i = certificates.length;
                        } else {
                            issuerDN = certificates[i9].getIssuerDN();
                            X509Certificate x509Certificate = certificates[i];
                            certificates[i] = certificates[i9];
                            certificates[i9] = x509Certificate;
                            i++;
                        }
                        z = true;
                    } else {
                        i9++;
                    }
                }
            } while (z);
        }
        return arrayList;
    }

    public BigInteger getCertificateSerialNumber() {
        return this.certificateSerialNumber;
    }

    public android.sun.security.x509.e getDigestAlgorithmId() {
        return this.digestAlgorithmId;
    }

    public android.sun.security.x509.e getDigestEncryptionAlgorithmId() {
        return this.digestEncryptionAlgorithmId;
    }

    public byte[] getEncryptedDigest() {
        return this.encryptedDigest;
    }

    public o1 getIssuerName() {
        return this.issuerName;
    }

    public f getUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public BigInteger getVersion() {
        return this.version;
    }

    public String toString() {
        android.sun.misc.g gVar = new android.sun.misc.g();
        StringBuilder x9 = android.sun.security.ec.d.x("Signer Info for (issuer): " + this.issuerName + "\n", "\tversion: ");
        x9.append(android.sun.security.util.g.toHexString(this.version));
        x9.append("\n");
        StringBuilder x10 = android.sun.security.ec.d.x(x9.toString(), "\tcertificateSerialNumber: ");
        x10.append(android.sun.security.util.g.toHexString(this.certificateSerialNumber));
        x10.append("\n");
        StringBuilder x11 = android.sun.security.ec.d.x(x10.toString(), "\tdigestAlgorithmId: ");
        x11.append(this.digestAlgorithmId);
        x11.append("\n");
        String sb = x11.toString();
        if (this.authenticatedAttributes != null) {
            StringBuilder x12 = android.sun.security.ec.d.x(sb, "\tauthenticatedAttributes: ");
            x12.append(this.authenticatedAttributes);
            x12.append("\n");
            sb = x12.toString();
        }
        StringBuilder x13 = android.sun.security.ec.d.x(sb, "\tdigestEncryptionAlgorithmId: ");
        x13.append(this.digestEncryptionAlgorithmId);
        x13.append("\n");
        StringBuilder x14 = android.sun.security.ec.d.x(x13.toString(), "\tencryptedDigest: \n");
        x14.append(gVar.encodeBuffer(this.encryptedDigest));
        x14.append("\n");
        String sb2 = x14.toString();
        if (this.unauthenticatedAttributes == null) {
            return sb2;
        }
        StringBuilder x15 = android.sun.security.ec.d.x(sb2, "\tunauthenticatedAttributes: ");
        x15.append(this.unauthenticatedAttributes);
        x15.append("\n");
        return x15.toString();
    }

    public h verify(c cVar) {
        return verify(cVar, null);
    }

    public h verify(c cVar, byte[] bArr) {
        byte[] bArr2;
        try {
            try {
                a contentInfo = cVar.getContentInfo();
                if (bArr == null) {
                    bArr = contentInfo.getContentBytes();
                }
                String name = getDigestAlgorithmId().getName();
                f fVar = this.authenticatedAttributes;
                if (fVar != null) {
                    t tVar = (t) fVar.getAttributeValue(e.CONTENT_TYPE_OID);
                    if (tVar == null || !tVar.equals(contentInfo.contentType) || (bArr2 = (byte[]) this.authenticatedAttributes.getAttributeValue(e.MESSAGE_DIGEST_OID)) == null) {
                        return null;
                    }
                    byte[] digest = MessageDigest.getInstance(name).digest(bArr);
                    if (bArr2.length != digest.length) {
                        return null;
                    }
                    for (int i = 0; i < bArr2.length; i++) {
                        if (bArr2[i] != digest[i]) {
                            return null;
                        }
                    }
                    bArr = this.authenticatedAttributes.getDerEncoding();
                }
                String name2 = getDigestEncryptionAlgorithmId().getName();
                String encAlgFromSigAlg = android.sun.security.x509.e.getEncAlgFromSigAlg(name2);
                if (encAlgFromSigAlg != null) {
                    name2 = encAlgFromSigAlg;
                }
                Signature signature = Signature.getInstance(android.sun.security.x509.e.makeSigAlg(name, name2));
                X509Certificate certificate = getCertificate(cVar);
                if (certificate == null) {
                    return null;
                }
                if (certificate.hasUnsupportedCriticalExtension()) {
                    throw new SignatureException("Certificate has unsupported critical extension(s)");
                }
                boolean[] keyUsage = certificate.getKeyUsage();
                if (keyUsage != null) {
                    try {
                        t0 t0Var = new t0(keyUsage);
                        boolean booleanValue = ((Boolean) t0Var.get(t0.DIGITAL_SIGNATURE)).booleanValue();
                        boolean booleanValue2 = ((Boolean) t0Var.get(t0.NON_REPUDIATION)).booleanValue();
                        if (!booleanValue && !booleanValue2) {
                            throw new SignatureException("Key usage restricted: cannot be used for digital signatures");
                        }
                    } catch (IOException unused) {
                        throw new SignatureException("Failed to parse keyUsage extension");
                    }
                }
                signature.initVerify(certificate.getPublicKey());
                signature.update(bArr);
                if (signature.verify(this.encryptedDigest)) {
                    return this;
                }
                return null;
            } catch (IOException e) {
                throw new SignatureException(android.sun.security.ec.d.e(e, new StringBuilder("IO error verifying signature:\n")));
            }
        } catch (InvalidKeyException e9) {
            throw new SignatureException("InvalidKey: " + e9.getMessage());
        }
    }
}
