package com.dreamsecurity.jcaos.cms;

import com.dreamsecurity.crypto.AlgorithmException;
import com.dreamsecurity.java.util.ArrayList;
import com.dreamsecurity.jcaos.asn1.ASN1InputStream;
import com.dreamsecurity.jcaos.asn1.ASN1OctetString;
import com.dreamsecurity.jcaos.asn1.ASN1Sequence;
import com.dreamsecurity.jcaos.asn1.DERInteger;
import com.dreamsecurity.jcaos.asn1.DERObject;
import com.dreamsecurity.jcaos.asn1.DERObjectIdentifier;
import com.dreamsecurity.jcaos.asn1.DEROctetString;
import com.dreamsecurity.jcaos.asn1.cms.Attribute;
import com.dreamsecurity.jcaos.asn1.cms.ContentInfo;
import com.dreamsecurity.jcaos.asn1.cms.IssuerAndSerialNumber;
import com.dreamsecurity.jcaos.asn1.cms.SignedAttributes;
import com.dreamsecurity.jcaos.asn1.x509.Certificate;
import com.dreamsecurity.jcaos.asn1.x509.Extension;
import com.dreamsecurity.jcaos.asn1.x509.Extensions;
import com.dreamsecurity.jcaos.asn1.x509.SubjectKeyIdentifier;
import com.dreamsecurity.jcaos.crypto.MessageDigest;
import com.dreamsecurity.jcaos.crypto.Signature;
import com.dreamsecurity.jcaos.exception.NoSuchAlgorithmException;
import com.dreamsecurity.jcaos.exception.NotExistSignerCertException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.oid.OIDCms;
import com.dreamsecurity.jcaos.resources.Resource;
import com.dreamsecurity.jcaos.util.LogUtil;
import com.dreamsecurity.jcaos.util.encoders.Hex;
import com.dreamsecurity.jcaos.x509.X500Principal;
import com.dreamsecurity.jcaos.x509.X509Certificate;
import com.google.android.material.motion.MotionUtils;
import java.io.IOException;
import java.io.InputStream;

/* loaded from: classes3.dex */
public class SignedData {
    public byte[] _encodedSignedData;
    public com.dreamsecurity.jcaos.asn1.cms.SignedData _signedData;
    public String _signedDataType;
    public boolean _wrapContentInfo;

    public SignedData(ContentInfo contentInfo) throws IOException {
        this._signedData = null;
        this._encodedSignedData = null;
        this._signedDataType = "";
        if (!contentInfo.getContentType().getId().equals(OIDCms.id_signedData)) {
            throw new IllegalArgumentException(Resource.getErrMsg_InvalidFormat("SignedData"));
        }
        this._wrapContentInfo = true;
        this._signedData = com.dreamsecurity.jcaos.asn1.cms.SignedData.getInstance(contentInfo.getContent());
        setSignedDataType();
    }

    public SignedData(com.dreamsecurity.jcaos.asn1.cms.SignedData signedData) {
        this._encodedSignedData = null;
        this._signedDataType = "";
        this._wrapContentInfo = false;
        this._signedData = signedData;
        setSignedDataType();
    }

    public SignedData(byte[] bArr) throws IOException {
        this._signedData = null;
        this._encodedSignedData = null;
        this._signedDataType = "";
        DERObject readObject = new ASN1InputStream(bArr).readObject();
        if (!(readObject instanceof ASN1Sequence)) {
            throw new IllegalArgumentException(Resource.getErrMsg_InvalidFormat("SignedData"));
        }
        if (((ASN1Sequence) readObject).size() == 2) {
            ContentInfo contentInfo = ContentInfo.getInstance(readObject);
            if (!contentInfo.getContentType().getId().equals(OIDCms.id_signedData)) {
                throw new IllegalArgumentException(Resource.getErrMsg_InvalidFormat("SignedData"));
            }
            this._wrapContentInfo = true;
            this._signedData = com.dreamsecurity.jcaos.asn1.cms.SignedData.getInstance(contentInfo.getContent());
        } else {
            this._wrapContentInfo = false;
            this._signedData = com.dreamsecurity.jcaos.asn1.cms.SignedData.getInstance(readObject);
        }
        setSignedDataType();
    }

    private X509Certificate findSignerCert(com.dreamsecurity.jcaos.asn1.cms.SignerIdentifier signerIdentifier) throws IOException, ParsingException, NotExistSignerCertException {
        ASN1OctetString subjectKeyIdentifier;
        DERInteger dERInteger;
        int i;
        X500Principal x500Principal = null;
        if (signerIdentifier.getSignerId() instanceof IssuerAndSerialNumber) {
            IssuerAndSerialNumber issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(signerIdentifier.getSignerId());
            X500Principal x500Principal2 = X500Principal.getInstance(issuerAndSerialNumber.getIssuer());
            dERInteger = issuerAndSerialNumber.getSerialNumber();
            subjectKeyIdentifier = null;
            x500Principal = x500Principal2;
        } else {
            subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(signerIdentifier.getSignerId());
            dERInteger = null;
        }
        if (this._signedData.getCertificates() == null) {
            throw new NotExistSignerCertException(Resource.getErrMsg(Resource.ERR_SIGNER_CERT_NOT_EXIST));
        }
        while (i < this._signedData.getCertificates().size()) {
            Certificate certificate = Certificate.getInstance(this._signedData.getCertificates().get(i).getCert());
            if (x500Principal == null) {
                Extension extension = certificate.getTbsCertificate().getExtensions().get(Extensions.SubjectkeyIdentifier);
                i = (extension == null || SubjectKeyIdentifier.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject()).equals(subjectKeyIdentifier)) ? 0 : i + 1;
                return X509Certificate.getInstance(certificate.getDEREncoded());
            }
            if ((X500Principal.getInstance(certificate.getTbsCertificate().getIssuer()).equals(x500Principal) || X500Principal.getInstance(certificate.getTbsCertificate().getSubject()).getName().equals(x500Principal.getName())) && dERInteger.equals(certificate.getTbsCertificate().getSerialNumber())) {
                return X509Certificate.getInstance(certificate.getDEREncoded());
            }
        }
        throw new NotExistSignerCertException(Resource.getErrMsg(Resource.ERR_SIGNER_CERT_NOT_EXIST));
    }

    public static SignedData getInstance(Object obj) throws IOException {
        if (obj instanceof byte[]) {
            return new SignedData((byte[]) obj);
        }
        if (obj instanceof com.dreamsecurity.jcaos.asn1.cms.SignedData) {
            return new SignedData((com.dreamsecurity.jcaos.asn1.cms.SignedData) obj);
        }
        if (obj instanceof ContentInfo) {
            return new SignedData((ContentInfo) obj);
        }
        if (!(obj instanceof InputStream)) {
            throw new IllegalArgumentException(Resource.getErrMsg(Resource.ERR_UNKNOWN_OBJECT));
        }
        InputStream inputStream = (InputStream) obj;
        byte[] bArr = new byte[inputStream.available()];
        inputStream.read(bArr);
        return new SignedData(bArr);
    }

    private byte[] getTBHData(String str, byte[] bArr) throws IOException {
        if (!this._signedDataType.equals("PKCS7") || str.equals(OIDCms.id_data)) {
            return bArr;
        }
        bArr[0] = 4;
        return DEROctetString.getInstance(new ASN1InputStream(bArr).readObject()).getOctets();
    }

    public ArrayList getCertificates() throws IOException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this._signedData.getCertificates().size(); i++) {
            arrayList.add(X509Certificate.getInstance(this._signedData.getCertificates().get(i).getCert().getDERObject().getEncoded()));
        }
        return arrayList;
    }

    public byte[] getContent() {
        if (this._signedData.getEncapContentInfo() != null) {
            if (this._signedData.getEncapContentInfo().getEContent() == null) {
                return null;
            }
            return this._signedData.getEncapContentInfo().getEContent().getOctets();
        }
        if (this._signedData.getContentInfo().getContent() == null) {
            return null;
        }
        return this._signedData.getContentInfo().getContentType().getId().equals(OIDCms.id_data) ? DEROctetString.getInstance(this._signedData.getContentInfo().getContent()).getOctets() : this._signedData.getContentInfo().getContent().getDERObject().getDEREncoded();
    }

    public String getContentType() {
        return this._signedData.getEncapContentInfo() != null ? this._signedData.getEncapContentInfo().getEContentType().getId() : this._signedData.getContentInfo().getContentType().getId();
    }

    public ArrayList getDigestAlgorithms() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this._signedData.getDigestAlgorithms().size(); i++) {
            arrayList.add(this._signedData.getDigestAlgorithms().get(i).getString());
        }
        return arrayList;
    }

    public byte[] getEncoded() throws IOException {
        return this._wrapContentInfo ? new ContentInfo(OIDCms.id_signedData, this._signedData).getEncoded() : this._signedData.getEncoded();
    }

    public X509Certificate getSignerCert(SignerIdentifier signerIdentifier) throws NotExistSignerCertException, ParsingException, IOException {
        return findSignerCert(com.dreamsecurity.jcaos.asn1.cms.SignerIdentifier.getInstance(new ASN1InputStream(signerIdentifier.getEncoded()).readObject()));
    }

    public ArrayList getSignerInfos() throws IOException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this._signedData.getSignerInfos().size(); i++) {
            arrayList.add(new SignerInfo(this._signedData.getSignerInfos().get(i).getDEREncoded()));
        }
        return arrayList;
    }

    public String getType() {
        return this._signedDataType;
    }

    public int getVersion() {
        return this._signedData.getVersion().getValue().intValue();
    }

    public void setSignedDataType() {
        if (this._signedData.getEncapContentInfo() != null) {
            this._signedDataType = "CMS";
        } else {
            this._signedDataType = "PKCS7";
        }
    }

    public void verify() throws ParsingException, NoSuchAlgorithmException, NotExistSignerCertException, AlgorithmException, IOException {
        byte[] content = getContent();
        if (content == null) {
            throw new ParsingException(Resource.getErrMsg(Resource.ERR_EMPTY_CONTENT_USE_OTHER));
        }
        verify(content);
    }

    public void verify(byte[] bArr) throws ParsingException, NoSuchAlgorithmException, NotExistSignerCertException, AlgorithmException, IOException {
        byte[] bArr2;
        DERObjectIdentifier eContentType = this._signedData.getEncapContentInfo() != null ? this._signedData.getEncapContentInfo().getEContentType() : this._signedData.getContentInfo().getContentType();
        byte[] tBHData = getTBHData(eContentType.getId(), bArr);
        for (int i = 0; i < this._signedData.getSignerInfos().size(); i++) {
            LogUtil.append(new StringBuffer(" +- ").append(i).append(" 번째 서명자  정보 ").toString());
            com.dreamsecurity.jcaos.asn1.cms.SignerInfo signerInfo = this._signedData.getSignerInfos().get(i);
            if (signerInfo.getSignedAttrs() != null) {
                LogUtil.append("  +- 서명 속성 검증 ");
                Attribute attribute = signerInfo.getSignedAttrs().get(SignedAttributes.ContentType);
                if (attribute != null) {
                    DERObjectIdentifier dERObjectIdentifier = DERObjectIdentifier.getInstance(attribute.getAttrValues().get(0));
                    LogUtil.append(new StringBuffer("   +- contentType : ").append(dERObjectIdentifier.getId()).toString());
                    if (!dERObjectIdentifier.equals(eContentType)) {
                        throw new ParsingException(Resource.getErrMsg_VeifySignAttr(i, "contentType"));
                    }
                }
                Attribute attribute2 = signerInfo.getSignedAttrs().get(SignedAttributes.MessageDigest);
                if (attribute2 != null) {
                    byte[] octets = DEROctetString.getInstance(attribute2.getAttrValues().get(0)).getOctets();
                    byte[] digest = MessageDigest.getInstance(signerInfo.getDigestAlgorithm().getString()).digest(tBHData);
                    LogUtil.append("   +- messageDigest : ".concat(new String(Hex.encode(octets))));
                    if (!MessageDigest.isEqual(octets, digest)) {
                        throw new ParsingException(Resource.getErrMsg_VeifySignAttr(i, "messageDigest"));
                    }
                }
                bArr2 = signerInfo.getSignedAttrs().getDEREncoded();
            } else {
                bArr2 = tBHData;
            }
            X509Certificate findSignerCert = findSignerCert(signerInfo.getSid());
            String string = signerInfo.getSignatureAlgorithm().getString();
            if (string.indexOf("with") == -1) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(signerInfo.getDigestAlgorithm().getString());
                stringBuffer.append("with");
                stringBuffer.append(string);
                string = stringBuffer.toString();
            }
            try {
                LogUtil.append("  +- 서명값 검증");
                LogUtil.append(new StringBuffer().append("    +- 서명 알고리즘 : ").append(string).toString());
                LogUtil.append(new StringBuffer().append("    +- 원본 (길이 : ").append(bArr2.length).append(MotionUtils.EASING_TYPE_FORMAT_END).toString());
                LogUtil.append("       ", bArr2);
                LogUtil.append(new StringBuffer().append("    +- 서명값 (길이 : ").append(signerInfo.getSignature().getOctets().length).append(MotionUtils.EASING_TYPE_FORMAT_END).toString());
                LogUtil.append("       ", signerInfo.getSignature().getOctets());
                Signature signature = Signature.getInstance(string);
                signature.initVerify(findSignerCert.getPublicKey());
                signature.verify(bArr2, signerInfo.getSignature().getOctets());
            } catch (Exception e) {
                throw new AlgorithmException(Resource.getErrMsg_VeifySignWithDN(findSignerCert.getSubjectDN().getName(), e.getMessage()));
            }
        }
    }
}
