package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.SignedDataDecoder;
import com.rsa.jsafe.cms.SignerInfo;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PSSParameterSpec;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public final class ju extends SignedDataDecoder {
    private static final String k = "RSAPSS";
    private static final String l = "RSA";
    private String m;

    public ju(InputStream inputStream, InputStream inputStream2, ch chVar) {
        super(inputStream, inputStream2, chVar);
        b();
    }

    private CertStore a(List<X509Certificate> list, List<X509CRL> list2) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(list);
        arrayList.addAll(list2);
        try {
            return CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(arrayList), new JsafeJCE());
        } catch (InvalidAlgorithmParameterException e) {
            throw new CMSException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new CMSException(e2.getMessage());
        }
    }

    private X509Certificate a(jx jxVar, List<X509Certificate> list) {
        in b2 = jxVar.b();
        for (X509Certificate x509Certificate : list) {
            if (b2.a(x509Certificate)) {
                return x509Certificate;
            }
        }
        throw new CMSException("Unable to find certificate to verify signature.");
    }

    private void a(int i, in inVar) {
        if ((inVar.a() && i != 3) || (!inVar.a() && i != 1)) {
            throw new CMSException(b.a.a.a.a.b("Unable to decode: Illegal SignerInfo version ", i));
        }
    }

    private void a(String str, boolean z) {
        if (this.f2942d.a() != z) {
            throw new CMSException(b.a.a.a.a.a("Unable to decode: Expected tag ", str));
        }
    }

    private void a(List<String> list) {
        iu iuVar;
        InputStream inputStream = this.f;
        if (inputStream != null) {
            iuVar = new iu(inputStream, list, d(), this.e);
        } else if (!this.f2942d.a()) {
            this.h = new jm(d());
            return;
        } else {
            if (!a(0)) {
                throw new IOException("Unable to decode: Expected explicit tag value 0 for tag eContent.");
            }
            a("eContent", true);
            iuVar = new iu(new jp(this.f2942d, d()), list, (Closeable) null, this.e);
        }
        this.h = iuVar;
    }

    private void a(boolean z) {
        byte[] bArr;
        byte[] bArr2;
        v vVar;
        if (z) {
            a("SignerInfos", true);
        }
        d a2 = a.a(ar.f1702a.b("SignerInfos"), this.f2942d);
        int c2 = a2.c();
        if ((this.h instanceof jm) && c2 > 0) {
            throw new IOException("Unable to decode: SignerInfo found with empty eContent.");
        }
        for (int i = 0; i < c2; i++) {
            d a3 = a2.a(i);
            int i2 = ((v) a3.a("version")).i();
            in b2 = b(a3);
            a(i2, b2);
            ow owVar = new ow(a3.a("digestAlgorithm"));
            Attribute[] a4 = a(a3, "signedAttrs");
            PSSParameterSpec pSSParameterSpec = null;
            if (a4.length > 0) {
                d a5 = a3.a("signedAttrs");
                byte[] c3 = a.c(a5.d(17));
                bArr2 = a(a5);
                bArr = c3;
            } else {
                if (!this.g.equals(im.f2070b)) {
                    throw new CMSException("Signed attributes expected for contentTypes other than DATA. No signed attributes were present");
                }
                bArr = null;
                bArr2 = null;
            }
            ow owVar2 = new ow(a3.a("signatureAlgorithm"));
            byte[] b3 = owVar2.b();
            if (b3 != null && pi.a(owVar2.d(), b3).endsWith("RSAPSS") && (vVar = (v) a.a("RSASSA-PSS-params", b3, 0).a("saltLength")) != null) {
                pSSParameterSpec = new PSSParameterSpec(vVar.i());
            }
            this.f2956a.add(new jx(i2, b2, owVar, a4, bArr, ((ad) a3.a("signature")).h(), owVar2, pSSParameterSpec, a(a3, "unsignedAttrs"), bArr2));
        }
    }

    private boolean a(int i) {
        return this.f2942d.e() == a.c(i);
    }

    private boolean a(jx jxVar, CertStore certStore, CertStore certStore2, boolean z) {
        List<X509Certificate> arrayList;
        List<X509CRL> arrayList2;
        String a2;
        String a3;
        AlgorithmParameterSpec k2;
        if (this.h.a()) {
            this.m = "The content stream has not been closed.";
            throw new CMSException(this.m);
        }
        if (this.h instanceof jm) {
            return true;
        }
        if (jxVar == null) {
            this.m = "Signer info cannot be null.";
            throw new IllegalArgumentException(this.m);
        }
        if (certStore2 != null) {
            try {
                Collection<? extends Certificate> certificates = certStore2.getCertificates(new X509CertSelector());
                Collection<? extends CRL> cRLs = certStore2.getCRLs(new X509CRLSelector());
                arrayList = new ArrayList<>((Collection<? extends X509Certificate>) certificates);
                arrayList.addAll(this.f2957b);
                arrayList2 = new ArrayList<>((Collection<? extends X509CRL>) cRLs);
                arrayList2.addAll(this.j);
            } catch (CertStoreException e) {
                this.m = e.getMessage();
                throw new CMSException(this.m);
            }
        } else {
            arrayList = this.f2957b;
            arrayList2 = this.j;
        }
        byte[] i = jxVar.i();
        CertStore a4 = a(arrayList, arrayList2);
        String e2 = jxVar.e();
        byte[] a5 = ((iu) this.h).a(jxVar.e());
        if (a5 == null) {
            this.m = b.a.a.a.a.a("Could not verify signer, digest algorithm ", e2, " is not supported");
            throw new CMSException(this.m);
        }
        String str = "RSAPSS";
        boolean endsWith = jxVar.g().endsWith("RSAPSS");
        if (endsWith) {
            a2 = b.a.a.a.a.a("with", e2);
        } else {
            str = jxVar.f();
            a2 = "";
        }
        if (jxVar.getSignedAttributes().length <= 0) {
            if (jxVar.f().equals("RSA") && !endsWith) {
                try {
                    mm b2 = kj.b(e2, this.e, kf.f2171a);
                    byte[] bArr = new byte[b2.a()];
                    b2.a(a5, 0, bArr, 0);
                    a5 = bArr;
                } catch (NoSuchAlgorithmException unused) {
                }
            }
            a3 = b.a.a.a.a.a("NONEwith", str, a2);
        } else {
            if (!Arrays.equals(a5, jxVar.j())) {
                throw new CMSException("Signer verification failed: signed message digest attribute did not match computed message digest.");
            }
            a5 = jxVar.h();
            a3 = b.a.a.a.a.a(e2, "with", str);
        }
        os osVar = null;
        try {
            try {
                os c2 = kj.c(a3, this.e, kf.f2171a);
                X509Certificate a6 = a(jxVar, arrayList);
                c2.engineInitVerify(a6.getPublicKey());
                if (endsWith && (k2 = jxVar.k()) != null) {
                    c2.setParameter(k2);
                }
                c2.engineUpdate(a5, 0, a5.length);
                if (c2.engineVerify(i)) {
                    boolean a7 = a(a6, certStore, a4, z);
                    c2.c();
                    return a7;
                }
                this.m = "Signature on CMS Message did not verify.";
                c2.c();
                return false;
            } catch (Throwable th) {
                if (0 != 0) {
                    osVar.c();
                }
                throw th;
            }
        } catch (Exception e3) {
            this.m = "Signer verification failed: " + e3;
            throw new CMSException(this.m);
        }
    }

    private boolean a(X509Certificate x509Certificate, CertStore certStore, CertStore certStore2, boolean z) {
        if (certStore == null) {
            return true;
        }
        HashSet hashSet = new HashSet();
        try {
            Iterator<? extends Certificate> it = certStore.getCertificates(new X509CertSelector()).iterator();
            while (it.hasNext()) {
                hashSet.add(new TrustAnchor((X509Certificate) it.next(), null));
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore2);
            pKIXBuilderParameters.setRevocationEnabled(z);
            try {
                new qp(this.e, kf.f2171a).engineBuild(pKIXBuilderParameters);
                return true;
            } catch (Exception e) {
                this.m = e.getMessage();
                return false;
            }
        } catch (Exception e2) {
            this.m = e2.getMessage();
            throw new CMSException(this.m);
        }
    }

    private byte[] a(d dVar) {
        for (int i = 0; i < dVar.c(); i++) {
            d a2 = dVar.a(i);
            if (a2.a(0).toString().equals(im.i)) {
                return ((ad) a.a((c) ac.f1676a, ((f) a2.a(1).a(0)).i())).g();
            }
        }
        return null;
    }

    private Attribute[] a(d dVar, String str) {
        d a2 = dVar.a(str);
        return a2 == null ? new Attribute[0] : iq.b(a2);
    }

    private in b(d dVar) {
        d a2 = dVar.a("sid");
        if (a.f(a2.b().e()) == 0) {
            return new in(((ad) a2).g());
        }
        return new in(new X500Principal(a.a(a2.a("issuer"))), ((v) a2.a("serialNumber")).g());
    }

    private void b() {
        try {
            if (!h()) {
                throw new CMSException("Unable to decode: Expected next sequence tag SignedData");
            }
            a("CMSVersion", true);
            v vVar = (v) a.a((c) u.f2667a, this.f2942d);
            if (vVar.i() > 5) {
                throw new CMSException("Unable to decode: Unsupported SignedData version " + vVar.i());
            }
            List<String> c2 = c();
            b("EncapsulatedContentInfo");
            a("EncapsulatedContent", true);
            this.g = (aa) a.a((c) z.f2674a, this.f2942d);
            a(c2);
        } catch (b e) {
            throw new CMSException(b.a.a.a.a.a(e, b.a.a.a.a.b("Could not decode data, invalid encoding encountered.")));
        }
    }

    private void b(String str) {
        a(str, true);
        if (!h()) {
            throw new CMSException(b.a.a.a.a.a("Unable to decode: Expected sequence tag ", str));
        }
    }

    private List<String> c() {
        c("DigestAlgorithmIdentifiers");
        ArrayList arrayList = new ArrayList();
        d a2 = a.a("DigestAlgorithmIdentifiers", this.f2942d);
        int c2 = a2.c();
        for (int i = 0; i < c2; i++) {
            arrayList.add(new ow(a2.a(i)).c());
        }
        return arrayList;
    }

    private void c(String str) {
        a(str, true);
        if (!i()) {
            throw new CMSException(b.a.a.a.a.a("Unable to decode: Expected set tag ", str));
        }
    }

    private Closeable d() {
        return new Closeable() { // from class: com.rsa.cryptoj.o.ju.1
            @Override // java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                ju.this.e();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void e() {
        try {
            if (this.f == null && !(this.h instanceof jm)) {
                a("End eContent explicit 0", false);
            }
            if (!(this.h instanceof jm)) {
                a("End EncapsulatedContentInfo", false);
            }
            a("CertificateSet", true);
            if (f()) {
                a("RevocationInfoChoices", true);
            }
            a(g());
            a("End SignedData", false);
            if (this.f2941c.read() != -1) {
                throw new CMSException("Unexpected value.");
            }
            this.f2941c.close();
        } catch (b e) {
            throw new CMSException(b.a.a.a.a.a(e, b.a.a.a.a.b("Could not decode data, invalid encoding encountered.")));
        }
    }

    private boolean f() {
        if (!a(0)) {
            return false;
        }
        d a2 = a.a(ar.f1702a.b("CertificateSet").c(a.c(0)), this.f2942d);
        int c2 = a2.c();
        for (int i = 0; i < c2; i++) {
            d a3 = a2.a(i);
            if (a3.b().a() == 16) {
                try {
                    this.f2957b.add(qa.a(this.e, kf.f2171a, ByteBuffer.wrap(((f) a3).i())));
                } catch (CertificateException e) {
                    throw new CMSException(e);
                }
            }
        }
        return true;
    }

    private boolean g() {
        if (!a(1)) {
            return false;
        }
        d a2 = a.a(ar.f1702a.b("RevocationInfoChoices").c(a.c(1)), this.f2942d);
        int c2 = a2.c();
        for (int i = 0; i < c2; i++) {
            d a3 = a2.a(i);
            if (a3.b().a() != a.c(1)) {
                try {
                    this.j.add(rm.a(this.e, kf.f2171a, ByteBuffer.wrap(((f) a3).i())));
                } catch (CRLException e) {
                    throw new CMSException(e);
                }
            }
        }
        return true;
    }

    private boolean h() {
        return this.f2942d.e() == 16;
    }

    private boolean i() {
        return this.f2942d.e() == 17;
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public String getReason() {
        return this.m;
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public boolean verify(SignerInfo signerInfo, CertStore certStore) {
        this.m = null;
        return a((jx) signerInfo, (CertStore) null, certStore, false);
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public boolean verify(SignerInfo signerInfo, CertStore certStore, CertStore certStore2, boolean z) {
        this.m = null;
        if (certStore != null) {
            return a((jx) signerInfo, certStore, certStore2, z);
        }
        this.m = "Trust store cannot be null.";
        throw new IllegalArgumentException("Trust store cannot be null.");
    }
}
