package net.netca.pki.impl.jce;

import java.util.Arrays;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.OctetStringType;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.cms.SignerInfo;
import net.netca.pki.global.IHash;
import net.netca.pki.global.IVerify;

/* loaded from: classes3.dex */
public class VerifyHandle {
    public IHash hashObj;
    public IVerify verifyObj;

    public VerifyHandle(JCEPki jCEPki, SignerInfo signerInfo, JCEX509Certificate jCEX509Certificate) throws PkiException {
        if (signerInfo.getSignedAttrs() == null) {
            IVerify newVerifyObject = jCEX509Certificate.newVerifyObject(signerInfo.getTrueSignatureAlgorithm(), true);
            this.verifyObj = newVerifyObject;
            if (newVerifyObject == null) {
                throw new PkiException("create verify object fail");
            }
            return;
        }
        IHash hashObject = jCEPki.getHashObject(signerInfo.getDigestAlgorithm().getOid());
        this.hashObj = hashObject;
        if (hashObject == null) {
            throw new PkiException("create hash object fail");
        }
    }

    private boolean matchContentType(Attributes attributes, String str) throws PkiException {
        if (str == null) {
            return true;
        }
        Attribute attribute = attributes.get(Attribute.CONTENT_TYPE);
        if (attribute == null) {
            throw new PkiException("no ContentType Attribute");
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad ContentType Attribute");
        }
        ASN1Object aSN1Object = value.get(0).to(ObjectIdentifierType.getInstance());
        if (aSN1Object != null) {
            return str.equals(((ObjectIdentifier) aSN1Object).getString());
        }
        throw new PkiException("bad ContentType Attribute");
    }

    private boolean matchMessageDigest(Attributes attributes, byte[] bArr) throws PkiException {
        Attribute attribute = attributes.get(Attribute.MESSAGE_DIGEST);
        if (attribute == null) {
            throw new PkiException("no MessageDigest Attribute");
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad MessageDigest Attribute");
        }
        ASN1Object aSN1Object = value.get(0).to(OctetStringType.getInstance());
        if (aSN1Object != null) {
            return Arrays.equals(bArr, ((OctetString) aSN1Object).getValue());
        }
        throw new PkiException("bad MessageDigest Attribute");
    }

    public void update(byte[] bArr, int i2, int i3) throws PkiException {
        IHash iHash = this.hashObj;
        if (iHash != null) {
            iHash.update(bArr, i2, i3);
        } else {
            this.verifyObj.verifyUpdate(bArr, i2, i3);
        }
    }

    public void verify(SignerInfo signerInfo, JCEX509Certificate jCEX509Certificate, String str) throws PkiException {
        Attributes signedAttrs = signerInfo.getSignedAttrs();
        if (signedAttrs == null) {
            if (!this.verifyObj.verifyFinal(signerInfo.getSignature())) {
                throw new PkiException("verify signature fail");
            }
            return;
        }
        byte[] doFinal = this.hashObj.doFinal();
        if (!matchContentType(signedAttrs, str)) {
            throw new PkiException("ContentType mismatch");
        }
        if (!matchMessageDigest(signedAttrs, doFinal)) {
            throw new PkiException("MessageDigest mismatch");
        }
        byte[] encode = signedAttrs.getASN1Object().encode();
        IVerify newVerifyObject = jCEX509Certificate.newVerifyObject(signerInfo.getTrueSignatureAlgorithm(), true);
        this.verifyObj = newVerifyObject;
        if (newVerifyObject == null) {
            throw new PkiException("create verify object fail");
        }
        newVerifyObject.verifyUpdate(encode, 0, encode.length);
        if (!this.verifyObj.verifyFinal(signerInfo.getSignature())) {
            throw new PkiException("verify signature fail");
        }
    }
}
