package com.sg.openews.api.pkcs7;

import com.kica.logging.Logger;
import com.kica.logging.LoggerFactory;
import com.kica.security.asn1.ASN1Object;
import com.kica.security.asn1.ASN1OctetString;
import com.kica.security.asn1.ASN1Set;
import com.kica.security.asn1.DEREncodableVector;
import com.kica.security.asn1.DERNull;
import com.kica.security.asn1.DERObjectIdentifier;
import com.kica.security.asn1.DEROctetString;
import com.kica.security.asn1.DERSet;
import com.kica.security.asn1.DERUTCTime;
import com.kica.security.asn1.cms.CMSObjectIdentifiers;
import com.kica.security.asn1.cms.IssuerAndSerialNumber;
import com.kica.security.asn1.cms.SignerIdentifier;
import com.kica.security.asn1.cms.SignerInfo;
import com.kica.security.asn1.crmf.AttributeTypeAndValue;
import com.kica.security.asn1.pkcs.PKCSObjectIdentifiers;
import com.kica.security.asn1.x509.AlgorithmIdentifier;
import com.kica.security.asn1.x509.SubjectKeyIdentifier;
import com.kica.security.asn1.x509.SubjectPublicKeyInfo;
import com.kica.security.asn1.x509.X509Name;
import com.kica.security.util.OID;
import com.sg.openews.api.crypto.SGBlockCipher;
import com.sg.openews.api.crypto.SGMessageDigest;
import com.sg.openews.api.crypto.SGSignVerifier;
import com.sg.openews.api.crypto.SGSigner;
import com.sg.openews.api.exception.SGCryptoException;
import com.sg.openews.api.exception.SGPkcs7Exception;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGCertificateFactory;
import com.sg.openews.api.key.SGPrivateKey;
import e0.e;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes3.dex */
public class SignedDataCommon extends SGPKCS7Data {
    private static Logger log = LoggerFactory.getInstance().getLogger(SignedDataCommon.class);
    protected SGCertificate[] customSignerCerts = null;

    private SGCertificate findCertificate(ASN1Set aSN1Set, IssuerAndSerialNumber issuerAndSerialNumber) throws SGCryptoException {
        String upperCase = issuerAndSerialNumber.getName().toString(true).toUpperCase();
        BigInteger value = issuerAndSerialNumber.getSerialNumber().getValue();
        if (aSN1Set != null && aSN1Set.getObjects() != null) {
            Enumeration objects = aSN1Set.getObjects();
            while (objects.hasMoreElements()) {
                SGCertificate generateCertificate = SGCertificateFactory.getInstance().generateCertificate(((ASN1Object) objects.nextElement()).getDEREncoded());
                if (generateCertificate.getIssuerDN().toUpperCase().equals(upperCase) && value.compareTo(new BigInteger(generateCertificate.getSerialNumber())) == 0) {
                    return generateCertificate;
                }
            }
        }
        if (this.customSignerCerts == null) {
            return null;
        }
        int i6 = 0;
        while (true) {
            SGCertificate[] sGCertificateArr = this.customSignerCerts;
            if (i6 >= sGCertificateArr.length) {
                return null;
            }
            SGCertificate sGCertificate = sGCertificateArr[i6];
            if (sGCertificate.getIssuerDN() != null && sGCertificate.getIssuerDN().toUpperCase().equals(upperCase) && sGCertificate.getSerialNumber() != null && value.compareTo(new BigInteger(sGCertificate.getSerialNumber())) == 0) {
                return sGCertificate;
            }
            i6++;
        }
    }

    private SGCertificate findCertificate(ASN1Set aSN1Set, SubjectKeyIdentifier subjectKeyIdentifier) throws SGCryptoException {
        byte[] keyIdentifier = subjectKeyIdentifier.getKeyIdentifier();
        if (aSN1Set != null && aSN1Set.getObjects() != null) {
            Enumeration objects = aSN1Set.getObjects();
            while (objects.hasMoreElements()) {
                SGCertificate generateCertificate = SGCertificateFactory.getInstance().generateCertificate(((ASN1Object) objects.nextElement()).getDEREncoded());
                if (Arrays.equals(keyIdentifier, generateCertificate.getExtension().getSubjectKeyIdentifier())) {
                    return generateCertificate;
                }
            }
        }
        if (this.customSignerCerts == null) {
            return null;
        }
        int i6 = 0;
        while (true) {
            SGCertificate[] sGCertificateArr = this.customSignerCerts;
            if (i6 >= sGCertificateArr.length) {
                return null;
            }
            SGCertificate sGCertificate = sGCertificateArr[i6];
            try {
                if (Arrays.equals(keyIdentifier, sGCertificate.getType().equals("RAW") ? new SGMessageDigest("SHA1").digest(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(sGCertificate.getEncoded())).getPublicKeyData().getBytes()) : sGCertificate.getExtension().getSubjectKeyIdentifier())) {
                    return sGCertificate;
                }
                i6++;
            } catch (IOException e6) {
                throw new SGCryptoException("Failed to parse the certificate", e6);
            }
        }
    }

    public byte[] copyBytes(byte[] bArr, int i6, int i7) {
        byte[] bArr2 = new byte[i7];
        System.arraycopy(bArr, i6, bArr2, 0, i7);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SGCertificate findCertificate(ASN1Set aSN1Set, SignerInfo signerInfo) throws SGCryptoException {
        return signerInfo.getSID().isTagged() ? findCertificate(aSN1Set, SubjectKeyIdentifier.getInstance(signerInfo.getSID().getId())) : findCertificate(aSN1Set, IssuerAndSerialNumber.getInstance(signerInfo.getSID().getId()));
    }

    protected SGCertificate getCertificate(ASN1Set aSN1Set, IssuerAndSerialNumber issuerAndSerialNumber) throws SGPkcs7Exception {
        Enumeration objects = aSN1Set.getObjects();
        while (objects.hasMoreElements()) {
            try {
                SGCertificate generateCertificate = SGCertificateFactory.getInstance().generateCertificate(((ASN1Object) objects.nextElement()).getDEREncoded());
                if (issuerAndSerialNumber.equals(new IssuerAndSerialNumber((X509Name) generateCertificate.getX509Certificate().getIssuerDN(), generateCertificate.getX509Certificate().getSerialNumber()))) {
                    return generateCertificate;
                }
            } catch (SGCryptoException e6) {
                throw new SGPkcs7Exception(e6);
            }
        }
        return null;
    }

    protected Map getDigestValues(Map map) {
        HashMap hashMap = new HashMap();
        for (String str : map.keySet()) {
            hashMap.put(str, ((SGMessageDigest) map.get(str)).digest());
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SignerInfo getSignerInfo(SGBlockCipher sGBlockCipher, SGCertificate sGCertificate, SGPrivateKey sGPrivateKey, String str, byte[] bArr, byte[] bArr2) throws SGPkcs7Exception {
        SignerIdentifier signerIdentifier;
        if (sGCertificate.getType().equalsIgnoreCase("RAW")) {
            try {
                signerIdentifier = new SignerIdentifier((ASN1OctetString) new DEROctetString(new SGMessageDigest("SHA1").digest(SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(sGCertificate.getEncoded())).getPublicKeyData().getBytes())));
            } catch (SGCryptoException e6) {
                throw new SGPkcs7Exception(e6);
            } catch (IOException e7) {
                throw new SGPkcs7Exception("ASN1Object Memory Error", e7);
            }
        } else {
            signerIdentifier = new SignerIdentifier(P7Utillities.getIssuerAndSerialNumber(sGCertificate));
        }
        SignerIdentifier signerIdentifier2 = signerIdentifier;
        String keyAlgorithm = sGCertificate.getKeyAlgorithm();
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(OID.getAlgOid(str)), new DERNull());
        if (bArr2 != null) {
            try {
                AlgorithmIdentifier algorithmIdentifier2 = new AlgorithmIdentifier(new DERObjectIdentifier(OID.getAlgOid(keyAlgorithm)), new DERNull());
                if (sGBlockCipher != null) {
                    bArr2 = sGBlockCipher.doFinal(bArr2);
                }
                return new SignerInfo(signerIdentifier2, algorithmIdentifier, null, algorithmIdentifier2, new DEROctetString(bArr2), null);
            } catch (SGCryptoException e8) {
                throw new SGPkcs7Exception(e8);
            }
        }
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(new AttributeTypeAndValue(PKCSObjectIdentifiers.pkcs_9_at_contentType, new DERSet(CMSObjectIdentifiers.data)));
        dEREncodableVector.add(new AttributeTypeAndValue(PKCSObjectIdentifiers.pkcs_9_at_messageDigest, new DERSet(new DEROctetString(bArr))));
        dEREncodableVector.add(new AttributeTypeAndValue(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new DERSet(new DERUTCTime(new Date()))));
        DERSet dERSet = new DERSet(dEREncodableVector);
        try {
            SGSigner sGSigner = new SGSigner(String.valueOf(str) + e.f25866y0 + keyAlgorithm);
            sGSigner.init(sGPrivateKey, sGCertificate);
            sGSigner.update(dERSet.getDEREncoded());
            byte[] sign = sGSigner.sign();
            try {
                AlgorithmIdentifier algorithmIdentifier3 = new AlgorithmIdentifier(new DERObjectIdentifier(OID.getAlgOid(keyAlgorithm)), new DERNull());
                if (sGBlockCipher != null) {
                    sign = sGBlockCipher.doFinal(sign);
                }
                return new SignerInfo(signerIdentifier2, algorithmIdentifier, dERSet, algorithmIdentifier3, new DEROctetString(sign), null);
            } catch (SGCryptoException e9) {
                throw new SGPkcs7Exception(e9);
            }
        } catch (Exception e10) {
            throw new SGPkcs7Exception("sg.pkcs7.signatureFail", new Object[]{"SGSignedData"}, e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifySign(SGBlockCipher sGBlockCipher, Map map, Map map2, ASN1Set aSN1Set, ASN1Set aSN1Set2) throws SGPkcs7Exception {
        boolean z5;
        byte[] octets;
        boolean z6;
        Map digestValues = getDigestValues(map);
        Enumeration objects = aSN1Set2.getObjects();
        while (objects.hasMoreElements()) {
            SignerInfo signerInfo = SignerInfo.getInstance(objects.nextElement());
            try {
                if (signerInfo.getAuthenticatedAttributes() == null) {
                    SGSignVerifier sGSignVerifier = (SGSignVerifier) map2.get(IssuerAndSerialNumber.getInstance(signerInfo.getSID().getId()));
                    if (sGSignVerifier != null) {
                        if (sGSignVerifier.verify(sGBlockCipher == null ? signerInfo.getEncryptedDigest().getOctets() : sGBlockCipher.doFinal(signerInfo.getEncryptedDigest().getOctets()))) {
                        }
                    }
                    throw new SGPkcs7Exception("sg.pkcs7.verifyFail");
                }
                Enumeration objects2 = signerInfo.getAuthenticatedAttributes().getObjects();
                byte[] bArr = null;
                while (true) {
                    z5 = false;
                    if (!objects2.hasMoreElements()) {
                        break;
                    }
                    AttributeTypeAndValue attributeTypeAndValue = AttributeTypeAndValue.getInstance(objects2.nextElement());
                    if (attributeTypeAndValue.getType().equals(PKCSObjectIdentifiers.pkcs_9_at_messageDigest)) {
                        bArr = ASN1OctetString.getInstance(ASN1Set.getInstance(attributeTypeAndValue.getValue()).getObjectAt(0)).getOctets();
                    }
                }
                if (!Arrays.equals((byte[]) digestValues.get(OID.getAlgName(signerInfo.getDigestAlgorithm().getObjectId().getId())), bArr)) {
                    throw new SGPkcs7Exception("sg.pkcs7.verifyFail");
                }
                String algName = OID.getAlgName(signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId());
                if (algName.toUpperCase().indexOf("WITH") < 0) {
                    algName = String.valueOf(OID.getAlgName(signerInfo.getDigestAlgorithm().getObjectId().getId())) + e.f25866y0 + algName;
                }
                SGSignVerifier sGSignVerifier2 = new SGSignVerifier(algName);
                sGSignVerifier2.init(findCertificate(aSN1Set, signerInfo));
                sGSignVerifier2.update(signerInfo.getAuthenticatedAttributes().getDEREncoded());
                if (sGBlockCipher == null) {
                    try {
                        octets = signerInfo.getEncryptedDigest().getOctets();
                    } catch (Exception unused) {
                        if (sGBlockCipher != null) {
                            z5 = sGSignVerifier2.verify(signerInfo.getEncryptedDigest().getOctets());
                            z6 = true;
                        } else {
                            z6 = false;
                        }
                    }
                } else {
                    octets = sGBlockCipher.doFinal(signerInfo.getEncryptedDigest().getOctets());
                }
                z5 = sGSignVerifier2.verify(octets);
                z6 = false;
                if (sGBlockCipher != null && !z5 && !z6) {
                    z5 = sGSignVerifier2.verify(signerInfo.getEncryptedDigest().getOctets());
                }
                if (!z5) {
                    throw new SGPkcs7Exception("sg.pkcs7.verifyFail");
                }
            } catch (SGPkcs7Exception e6) {
                throw e6;
            } catch (Exception e7) {
                throw new SGPkcs7Exception("sg.pkcs7.verifyFail", e7);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("signature verification successful!");
        }
    }
}
