package com.rsa.cryptoj.o;

import com.rsa.crypto.ParamNames;
import com.rsa.jsafe.cert.Attribute;
import com.rsa.jsafe.cms.CMSException;
import com.rsa.jsafe.cms.SignedDataDecoder;
import com.rsa.jsafe.cms.SignerInfo;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PSSParameterSpec;
import com.samsung.android.knox.accounts.Account;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
public final class ju extends SignedDataDecoder {

    /* renamed from: k, reason: collision with root package name */
    private static final String f21237k = "RSAPSS";

    /* renamed from: l, reason: collision with root package name */
    private static final String f21238l = "RSA";

    /* renamed from: m, reason: collision with root package name */
    private String f21239m;

    public ju(InputStream inputStream, InputStream inputStream2, ch chVar) throws IOException {
        super(inputStream, inputStream2, chVar);
        b();
    }

    private CertStore a(List<X509Certificate> list, List<X509CRL> list2) throws CMSException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(list);
        arrayList.addAll(list2);
        try {
            return CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(arrayList), new JsafeJCE());
        } catch (InvalidAlgorithmParameterException e10) {
            throw new CMSException(e10.getMessage());
        } catch (NoSuchAlgorithmException e11) {
            throw new CMSException(e11.getMessage());
        }
    }

    private X509Certificate a(jx jxVar, List<X509Certificate> list) throws CMSException {
        in b10 = jxVar.b();
        for (X509Certificate x509Certificate : list) {
            if (b10.a(x509Certificate)) {
                return x509Certificate;
            }
        }
        throw new CMSException("Unable to find certificate to verify signature.");
    }

    private void a(int i10, in inVar) throws CMSException {
        if ((!inVar.a() || i10 == 3) && (inVar.a() || i10 == 1)) {
            return;
        }
        throw new CMSException("Unable to decode: Illegal SignerInfo version " + i10);
    }

    private void a(String str, boolean z10) throws IOException {
        if (this.f22887d.a() == z10) {
            return;
        }
        throw new CMSException("Unable to decode: Expected tag " + str);
    }

    private void a(List<String> list) throws IOException {
        if (this.f22889f != null) {
            this.f22891h = new iu(this.f22889f, list, d(), this.f22888e);
            return;
        }
        if (!this.f22887d.a()) {
            this.f22891h = new jm(d());
        } else {
            if (!a(0)) {
                throw new IOException("Unable to decode: Expected explicit tag value 0 for tag eContent.");
            }
            a("eContent", true);
            this.f22891h = new iu(new jp(this.f22887d, d()), list, (Closeable) null, this.f22888e);
        }
    }

    private void a(boolean z10) throws IOException {
        byte[] bArr;
        byte[] bArr2;
        v vVar;
        if (z10) {
            a("SignerInfos", true);
        }
        d a10 = a.a(ar.f20021a.b("SignerInfos"), this.f22887d);
        int c10 = a10.c();
        if ((this.f22891h instanceof jm) && c10 > 0) {
            throw new IOException("Unable to decode: SignerInfo found with empty eContent.");
        }
        for (int i10 = 0; i10 < c10; i10++) {
            d a11 = a10.a(i10);
            int i11 = ((v) a11.a(ParamNames.VERSION)).i();
            in b10 = b(a11);
            a(i11, b10);
            ow owVar = new ow(a11.a("digestAlgorithm"));
            Attribute[] a12 = a(a11, "signedAttrs");
            PSSParameterSpec pSSParameterSpec = null;
            if (a12.length > 0) {
                d a13 = a11.a("signedAttrs");
                byte[] c11 = a.c(a13.d(17));
                bArr2 = a(a13);
                bArr = c11;
            } else {
                if (!this.f22890g.equals(im.f21026b)) {
                    throw new CMSException("Signed attributes expected for contentTypes other than DATA. No signed attributes were present");
                }
                bArr = null;
                bArr2 = null;
            }
            ow owVar2 = new ow(a11.a("signatureAlgorithm"));
            byte[] b11 = owVar2.b();
            if (b11 != null && pi.a(owVar2.d(), b11).endsWith("RSAPSS") && (vVar = (v) a.a("RSASSA-PSS-params", b11, 0).a("saltLength")) != null) {
                pSSParameterSpec = new PSSParameterSpec(vVar.i());
            }
            this.f22909a.add(new jx(i11, b10, owVar, a12, bArr, ((ad) a11.a(Account.SIGNATURE)).h(), owVar2, pSSParameterSpec, a(a11, "unsignedAttrs"), bArr2));
        }
    }

    private boolean a(int i10) {
        return this.f22887d.e() == a.c(i10);
    }

    private boolean a(jx jxVar, CertStore certStore, CertStore certStore2, boolean z10) throws CMSException {
        List<X509Certificate> arrayList;
        List<X509CRL> arrayList2;
        String str;
        String str2;
        AlgorithmParameterSpec k10;
        if (this.f22891h.a()) {
            this.f21239m = "The content stream has not been closed.";
            throw new CMSException(this.f21239m);
        }
        if (this.f22891h instanceof jm) {
            return true;
        }
        if (jxVar == null) {
            this.f21239m = "Signer info cannot be null.";
            throw new IllegalArgumentException(this.f21239m);
        }
        if (certStore2 != null) {
            try {
                Collection<? extends Certificate> certificates = certStore2.getCertificates(new X509CertSelector());
                Collection<? extends CRL> cRLs = certStore2.getCRLs(new X509CRLSelector());
                arrayList = new ArrayList<>((Collection<? extends X509Certificate>) certificates);
                arrayList.addAll(this.f22910b);
                arrayList2 = new ArrayList<>((Collection<? extends X509CRL>) cRLs);
                arrayList2.addAll(this.f22911j);
            } catch (CertStoreException e10) {
                this.f21239m = e10.getMessage();
                throw new CMSException(this.f21239m);
            }
        } else {
            arrayList = this.f22910b;
            arrayList2 = this.f22911j;
        }
        byte[] i10 = jxVar.i();
        CertStore a10 = a(arrayList, arrayList2);
        String e11 = jxVar.e();
        byte[] a11 = ((iu) this.f22891h).a(jxVar.e());
        if (a11 == null) {
            this.f21239m = "Could not verify signer, digest algorithm " + e11 + " is not supported";
            throw new CMSException(this.f21239m);
        }
        String str3 = "RSAPSS";
        boolean endsWith = jxVar.g().endsWith("RSAPSS");
        if (endsWith) {
            str = "with" + e11;
        } else {
            str3 = jxVar.f();
            str = "";
        }
        if (jxVar.getSignedAttributes().length <= 0) {
            if (jxVar.f().equals("RSA") && !endsWith) {
                try {
                    mm b10 = kj.b(e11, this.f22888e, kf.f21323a);
                    byte[] bArr = new byte[b10.a()];
                    b10.a(a11, 0, bArr, 0);
                    a11 = bArr;
                } catch (NoSuchAlgorithmException unused) {
                }
            }
            str2 = "NONEwith" + str3 + str;
        } else {
            if (!Arrays.equals(a11, jxVar.j())) {
                throw new CMSException("Signer verification failed: signed message digest attribute did not match computed message digest.");
            }
            a11 = jxVar.h();
            str2 = e11 + "with" + str3;
        }
        os osVar = null;
        try {
            try {
                os c10 = kj.c(str2, this.f22888e, kf.f21323a);
                X509Certificate a12 = a(jxVar, arrayList);
                c10.engineInitVerify(a12.getPublicKey());
                if (endsWith && (k10 = jxVar.k()) != null) {
                    c10.setParameter(k10);
                }
                c10.engineUpdate(a11, 0, a11.length);
                if (c10.engineVerify(i10)) {
                    boolean a13 = a(a12, certStore, a10, z10);
                    c10.c();
                    return a13;
                }
                this.f21239m = "Signature on CMS Message did not verify.";
                c10.c();
                return false;
            } catch (Exception e12) {
                this.f21239m = "Signer verification failed: " + e12;
                throw new CMSException(this.f21239m);
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                osVar.c();
            }
            throw th2;
        }
    }

    private boolean a(X509Certificate x509Certificate, CertStore certStore, CertStore certStore2, boolean z10) throws CMSException {
        if (certStore == null) {
            return true;
        }
        HashSet hashSet = new HashSet();
        try {
            Iterator<? extends Certificate> it = certStore.getCertificates(new X509CertSelector()).iterator();
            while (it.hasNext()) {
                hashSet.add(new TrustAnchor((X509Certificate) it.next(), null));
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore2);
            pKIXBuilderParameters.setRevocationEnabled(z10);
            try {
                new qp(this.f22888e, kf.f21323a).engineBuild(pKIXBuilderParameters);
                return true;
            } catch (Exception e10) {
                this.f21239m = e10.getMessage();
                return false;
            }
        } catch (Exception e11) {
            this.f21239m = e11.getMessage();
            throw new CMSException(this.f21239m);
        }
    }

    private byte[] a(d dVar) throws CMSException {
        for (int i10 = 0; i10 < dVar.c(); i10++) {
            d a10 = dVar.a(i10);
            if (a10.a(0).toString().equals(im.f21033i)) {
                return ((ad) a.a((c) ac.f19980a, ((f) a10.a(1).a(0)).i())).g();
            }
        }
        return null;
    }

    private Attribute[] a(d dVar, String str) throws CMSException {
        d a10 = dVar.a(str);
        return a10 == null ? new Attribute[0] : iq.b(a10);
    }

    private in b(d dVar) {
        d a10 = dVar.a("sid");
        if (a.f(a10.b().e()) == 0) {
            return new in(((ad) a10).g());
        }
        return new in(new X500Principal(a.a(a10.a("issuer"))), ((v) a10.a("serialNumber")).g());
    }

    private void b() throws IOException {
        try {
            if (!h()) {
                throw new CMSException("Unable to decode: Expected next sequence tag SignedData");
            }
            a("CMSVersion", true);
            v vVar = (v) a.a((c) u.f22376a, this.f22887d);
            if (vVar.i() > 5) {
                throw new CMSException("Unable to decode: Unsupported SignedData version " + vVar.i());
            }
            List<String> c10 = c();
            b("EncapsulatedContentInfo");
            a("EncapsulatedContent", true);
            this.f22890g = (aa) a.a((c) z.f22384a, this.f22887d);
            a(c10);
        } catch (b e10) {
            throw new CMSException("Could not decode data, invalid encoding encountered." + e10.getMessage());
        }
    }

    private void b(String str) throws IOException {
        a(str, true);
        if (h()) {
            return;
        }
        throw new CMSException("Unable to decode: Expected sequence tag " + str);
    }

    private List<String> c() throws IOException {
        c("DigestAlgorithmIdentifiers");
        ArrayList arrayList = new ArrayList();
        d a10 = a.a("DigestAlgorithmIdentifiers", this.f22887d);
        int c10 = a10.c();
        for (int i10 = 0; i10 < c10; i10++) {
            arrayList.add(new ow(a10.a(i10)).c());
        }
        return arrayList;
    }

    private void c(String str) throws IOException {
        a(str, true);
        if (i()) {
            return;
        }
        throw new CMSException("Unable to decode: Expected set tag " + str);
    }

    private Closeable d() {
        return new Closeable() { // from class: com.rsa.cryptoj.o.ju.1
            @Override // java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                ju.this.e();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void e() throws IOException {
        try {
            if (this.f22889f == null && !(this.f22891h instanceof jm)) {
                a("End eContent explicit 0", false);
            }
            if (!(this.f22891h instanceof jm)) {
                a("End EncapsulatedContentInfo", false);
            }
            a("CertificateSet", true);
            if (f()) {
                a("RevocationInfoChoices", true);
            }
            a(g());
            a("End SignedData", false);
            if (this.f22886c.read() != -1) {
                throw new CMSException("Unexpected value.");
            }
            this.f22886c.close();
        } catch (b e10) {
            throw new CMSException("Could not decode data, invalid encoding encountered." + e10.getMessage());
        }
    }

    private boolean f() throws IOException {
        if (!a(0)) {
            return false;
        }
        d a10 = a.a(ar.f20021a.b("CertificateSet").c(a.c(0)), this.f22887d);
        int c10 = a10.c();
        for (int i10 = 0; i10 < c10; i10++) {
            d a11 = a10.a(i10);
            if (a11.b().a() == 16) {
                try {
                    this.f22910b.add(qa.a(this.f22888e, kf.f21323a, ByteBuffer.wrap(((f) a11).i())));
                } catch (CertificateException e10) {
                    throw new CMSException(e10);
                }
            }
        }
        return true;
    }

    private boolean g() throws IOException {
        if (!a(1)) {
            return false;
        }
        d a10 = a.a(ar.f20021a.b("RevocationInfoChoices").c(a.c(1)), this.f22887d);
        int c10 = a10.c();
        for (int i10 = 0; i10 < c10; i10++) {
            d a11 = a10.a(i10);
            if (a11.b().a() != a.c(1)) {
                try {
                    this.f22911j.add(rm.a(this.f22888e, kf.f21323a, ByteBuffer.wrap(((f) a11).i())));
                } catch (CRLException e10) {
                    throw new CMSException(e10);
                }
            }
        }
        return true;
    }

    private boolean h() {
        return this.f22887d.e() == 16;
    }

    private boolean i() {
        return this.f22887d.e() == 17;
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public String getReason() {
        return this.f21239m;
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public boolean verify(SignerInfo signerInfo, CertStore certStore) throws CMSException {
        this.f21239m = null;
        return a((jx) signerInfo, (CertStore) null, certStore, false);
    }

    @Override // com.rsa.jsafe.cms.SignedDataDecoder
    public boolean verify(SignerInfo signerInfo, CertStore certStore, CertStore certStore2, boolean z10) throws CMSException {
        this.f21239m = null;
        if (certStore != null) {
            return a((jx) signerInfo, certStore, certStore2, z10);
        }
        this.f21239m = "Trust store cannot be null.";
        throw new IllegalArgumentException("Trust store cannot be null.");
    }
}
