package net.netca.pki.encoding.asn1.pki.cms;

import com.huawei.hms.support.hianalytics.HiAnalyticsConstant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.InstanceOfType;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.SymEncrypter;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;

/* loaded from: classes3.dex */
public class SignedAndEnvelopedData {
    public static final String OID = "1.2.840.113549.1.7.4";
    private static final String SM2_OID = "1.2.156.10197.6.1.4.2.4";
    private ArrayList<X509Certificate> addSignCertList;
    private X509CertificateAndPrivateKey certAndPrivKey;
    private Iterator<X509CertificateAndPrivateKey> certAndPrivKeys;
    private X509Certificate encCert;
    private boolean isContentInfo;
    private boolean isQ7;
    private ArrayList<X509Certificate> signCertList;
    private ASN1Data signedAndEnvelopedData;
    private ArrayList<SignerInfo> signerInfos;
    private SymEncrypter symDecrypter;
    private Verifible verifier;
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("SignedAndEnvelopedData");
    private static final InstanceOfType contentInfoType = (InstanceOfType) ASN1TypeManager.getInstance().get("ContentInfo");

    public SignedAndEnvelopedData(int i2, RecipientInfos recipientInfos, AlgorithmIdentifiers algorithmIdentifiers, EncryptedContentInfo encryptedContentInfo, CertificateSet certificateSet, RevocationInfoChoices revocationInfoChoices, SignerInfos signerInfos) throws PkiException {
        this(i2, recipientInfos, algorithmIdentifiers, encryptedContentInfo, certificateSet, revocationInfoChoices, signerInfos, false);
    }

    public SignedAndEnvelopedData(int i2, RecipientInfos recipientInfos, AlgorithmIdentifiers algorithmIdentifiers, EncryptedContentInfo encryptedContentInfo, CertificateSet certificateSet, RevocationInfoChoices revocationInfoChoices, SignerInfos signerInfos, boolean z) throws PkiException {
        this.isQ7 = false;
        this.signerInfos = new ArrayList<>();
        this.addSignCertList = new ArrayList<>();
        this.signCertList = new ArrayList<>();
        if (recipientInfos == null) {
            throw new PkiException("no recipientInfos");
        }
        if (algorithmIdentifiers == null) {
            throw new PkiException("no digestAlgorithms");
        }
        if (encryptedContentInfo == null) {
            throw new PkiException("no encryptedContentInfo");
        }
        if (signerInfos == null) {
            throw new PkiException("no signerInfos");
        }
        Sequence sequence = new Sequence(type);
        sequence.add(new Integer(i2));
        sequence.add(recipientInfos.getASN1Object());
        sequence.add(algorithmIdentifiers.getASN1Object());
        sequence.add(encryptedContentInfo.getASN1Object());
        if (certificateSet != null) {
            sequence.add(new TaggedValue(128, 0, true, certificateSet.getASN1Object()));
        }
        if (revocationInfoChoices != null) {
            sequence.add(new TaggedValue(128, 1, true, revocationInfoChoices.getASN1Object()));
        }
        sequence.add(signerInfos.getASN1Object());
        this.isContentInfo = false;
        this.isQ7 = z;
        this.signedAndEnvelopedData = new ASN1Data("SignedAndEnvelopedData", sequence);
        initSignerInfos();
        checkSignedAndEnvelopedData();
    }

    public SignedAndEnvelopedData(Sequence sequence) throws PkiException {
        this.isQ7 = false;
        this.signerInfos = new ArrayList<>();
        this.addSignCertList = new ArrayList<>();
        this.signCertList = new ArrayList<>();
        if (contentInfoType.match(sequence)) {
            String string = ((ObjectIdentifier) sequence.get(0)).getString();
            if (string.equals("1.2.840.113549.1.7.4")) {
                this.isQ7 = false;
            } else {
                if (!string.equals(SM2_OID)) {
                    throw new PkiException("not SignedAndEnvelopedData");
                }
                this.isQ7 = true;
            }
            sequence = (Sequence) sequence.get("value");
            this.isContentInfo = true;
        } else {
            if (!type.match(sequence)) {
                throw new PkiException("bad SignedData");
            }
            this.isContentInfo = false;
        }
        this.signedAndEnvelopedData = new ASN1Data("SignedAndEnvelopedData", sequence);
        initSignerInfos();
        checkSignedAndEnvelopedData();
    }

    public SignedAndEnvelopedData(byte[] bArr) throws PkiException {
        this.isQ7 = false;
        this.signerInfos = new ArrayList<>();
        this.addSignCertList = new ArrayList<>();
        this.signCertList = new ArrayList<>();
        init(bArr, 0, bArr.length);
    }

    public SignedAndEnvelopedData(byte[] bArr, int i2, int i3) throws PkiException {
        this.isQ7 = false;
        this.signerInfos = new ArrayList<>();
        this.addSignCertList = new ArrayList<>();
        this.signCertList = new ArrayList<>();
        init(bArr, i2, i3);
    }

    private void checkSignedAndEnvelopedData() throws PkiException {
        Iterator<SignerInfo> it = this.signerInfos.iterator();
        while (it.hasNext()) {
            SignerInfo next = it.next();
            if (next.getSignedAttrs() != null) {
                throw new PkiException("SignedAndEnvelopedData has authenticatedAttributes");
            }
            if (next.getUnsignedAttrs() != null) {
                throw new PkiException("SignedAndEnvelopedData has unauthenticatedAttributes");
            }
        }
    }

    public static SignedAndEnvelopedData decode(byte[] bArr) throws PkiException {
        return new SignedAndEnvelopedData(bArr);
    }

    private Sequence decodeContentInfo(byte[] bArr, int i2, int i3) {
        try {
            return (Sequence) ASN1Object.decode(bArr, i2, i3, contentInfoType);
        } catch (PkiException unused) {
            return null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0022, code lost:
    
        if (r4.certAndPrivKeys.hasNext() == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0024, code lost:
    
        r1 = r4.certAndPrivKeys.next();
        r3 = r0.decrypt(r1, null, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0030, code lost:
    
        if (r3 == null) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0032, code lost:
    
        r4.encCert = r1.getCert();
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0038, code lost:
    
        return r3;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0040, code lost:
    
        throw new net.netca.pki.PkiException("no match cert");
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x001a, code lost:
    
        if (r4.certAndPrivKeys != null) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] decryptSymKey() throws net.netca.pki.PkiException {
        /*
            r4 = this;
            net.netca.pki.encoding.asn1.pki.cms.RecipientInfos r0 = r4.getRecipientInfos()
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r1 = r4.certAndPrivKey
            r2 = 0
            if (r1 == 0) goto L18
            byte[] r1 = r0.decrypt(r1, r2, r2)
            if (r1 == 0) goto L18
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r0 = r4.certAndPrivKey
            net.netca.pki.encoding.asn1.pki.X509Certificate r0 = r0.getCert()
            r4.encCert = r0
            return r1
        L18:
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            if (r1 == 0) goto L39
        L1c:
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            boolean r1 = r1.hasNext()
            if (r1 == 0) goto L39
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            java.lang.Object r1 = r1.next()
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r1 = (net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey) r1
            byte[] r3 = r0.decrypt(r1, r2, r2)
            if (r3 == 0) goto L1c
            net.netca.pki.encoding.asn1.pki.X509Certificate r0 = r1.getCert()
            r4.encCert = r0
            return r3
        L39:
            net.netca.pki.PkiException r0 = new net.netca.pki.PkiException
            java.lang.String r1 = "no match cert"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.encoding.asn1.pki.cms.SignedAndEnvelopedData.decryptSymKey():byte[]");
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private X509Certificate getSignCert(int i2, SignerInfo signerInfo) throws PkiException {
        CertificateSet certificates = getCertificates();
        if (certificates != null) {
            Iterator<X509Certificate> it = certificates.getX509PublicKeyCerts().iterator();
            while (it.hasNext()) {
                X509Certificate next = it.next();
                if (signerInfo.match(next, null)) {
                    return next;
                }
            }
        }
        Iterator<X509Certificate> it2 = this.addSignCertList.iterator();
        while (it2.hasNext()) {
            X509Certificate next2 = it2.next();
            if (signerInfo.match(next2, null)) {
                return next2;
            }
        }
        throw new PkiException("no match cert in signerinfo:" + i2);
    }

    private void init(byte[] bArr, int i2, int i3) throws PkiException {
        if (bArr == null || i2 < 0 || i3 <= 0) {
            throw new PkiException("bad input param");
        }
        if (i2 + i3 > bArr.length) {
            throw new PkiException("bad input param");
        }
        Sequence decodeContentInfo = decodeContentInfo(bArr, i2, i3);
        if (decodeContentInfo != null) {
            String string = ((ObjectIdentifier) decodeContentInfo.get(0)).getString();
            if (string.equals("1.2.840.113549.1.7.4")) {
                this.isQ7 = false;
            } else {
                if (!string.equals(SM2_OID)) {
                    throw new PkiException("not SignedData");
                }
                this.isQ7 = true;
            }
            this.signedAndEnvelopedData = new ASN1Data("SignedAndEnvelopedData", (Sequence) decodeContentInfo.get("value"));
            this.isContentInfo = true;
        } else {
            ASN1Object decode = ASN1Object.decode(bArr, i2, i3, type);
            if (decode == null) {
                throw new PkiException("bad  SignedData encode");
            }
            this.signedAndEnvelopedData = new ASN1Data("SignedAndEnvelopedData", (Sequence) decode);
            this.isContentInfo = false;
        }
        initSignerInfos();
        checkSignedAndEnvelopedData();
    }

    private void initSignerInfos() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("signerInfos");
        if (value == null) {
            throw new PkiException("get signerInfos fail");
        }
        SignerInfos signerInfos = new SignerInfos((SetOf) value);
        int size = signerInfos.size();
        for (int i2 = 0; i2 < size; i2++) {
            this.signerInfos.add(signerInfos.get(i2));
        }
    }

    public void addSignCert(X509Certificate x509Certificate) throws PkiException {
        this.addSignCertList.add(x509Certificate);
    }

    public byte[] decryptAndVerify() throws PkiException {
        if (this.symDecrypter == null) {
            throw new PkiException("symDecrypter is null");
        }
        if (this.certAndPrivKey == null && this.certAndPrivKeys == null) {
            throw new PkiException("certAndPrivKey and certAndPrivKeys are both null");
        }
        if (this.verifier == null) {
            throw new PkiException("verifier is null");
        }
        EncryptedContentInfo encryptedContentInfo = getEncryptedContentInfo();
        if (!encryptedContentInfo.hasEncryptedContent()) {
            throw new PkiException("no EncryptedContent");
        }
        byte[] decryptSymKey = decryptSymKey();
        try {
            try {
                byte[] decrypt = encryptedContentInfo.decrypt(decryptSymKey, this.symDecrypter);
                AlgorithmIdentifier contentEncryptionAlgorithm = getEncryptedContentInfo().getContentEncryptionAlgorithm();
                int size = this.signerInfos.size();
                int i2 = 0;
                while (i2 < size) {
                    SignerInfo signerInfo = this.signerInfos.get(i2);
                    AlgorithmIdentifier trueSignatureAlgorithm = signerInfo.getTrueSignatureAlgorithm();
                    byte[] signature = signerInfo.getSignature();
                    byte[] cipher = this.symDecrypter.cipher(false, decryptSymKey, contentEncryptionAlgorithm, signature, 0, signature.length);
                    X509Certificate signCert = getSignCert(i2, signerInfo);
                    int i3 = i2;
                    int i4 = size;
                    if (!this.verifier.verify(signCert.getSubjectPublicKeyInfo().getPublicKey(), trueSignatureAlgorithm, decrypt, 0, decrypt.length, cipher)) {
                        throw new PkiException("verify signerinfo: " + i3 + " fail");
                    }
                    this.signCertList.add(signCert);
                    i2 = i3 + 1;
                    size = i4;
                }
                return decrypt;
            } catch (PkiException e2) {
                this.signCertList.clear();
                this.encCert = null;
                throw e2;
            }
        } finally {
            Arrays.fill(decryptSymKey, (byte) 0);
        }
    }

    public byte[] encode(boolean z) throws PkiException {
        return !z ? this.signedAndEnvelopedData.encode() : getContentInfo().encode();
    }

    public CertificateSet getCertificates() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("certificates.value");
        if (value == null) {
            return null;
        }
        return new CertificateSet((SetOf) value);
    }

    public Sequence getContentInfo() throws PkiException {
        Sequence sequence = new Sequence(contentInfoType);
        sequence.add(this.isQ7 ? new ObjectIdentifier(SM2_OID) : new ObjectIdentifier("1.2.840.113549.1.7.4"));
        sequence.add(new TaggedValue(128, 0, false, this.signedAndEnvelopedData.getValue()));
        return sequence;
    }

    public RevocationInfoChoices getCrls() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("crls.value");
        if (value == null) {
            return null;
        }
        return new RevocationInfoChoices((SetOf) value);
    }

    public X509Certificate getDecryptCert() {
        return this.encCert;
    }

    public AlgorithmIdentifiers getDigestAlgorithms() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("digestAlgorithms");
        if (value != null) {
            return new AlgorithmIdentifiers((SetOf) value);
        }
        throw new PkiException("get digestAlgorithms fail");
    }

    public EncryptedContentInfo getEncryptedContentInfo() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("encryptedContentInfo");
        if (value != null) {
            return new EncryptedContentInfo((Sequence) value);
        }
        throw new PkiException("get encryptedContentInfo fail");
    }

    public RecipientInfos getRecipientInfos() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue("recipientInfos");
        if (value != null) {
            return new RecipientInfos((SetOf) value);
        }
        throw new PkiException("get recipientInfos fail");
    }

    public X509Certificate getSignCert(int i2) {
        if (i2 < 0 || i2 >= this.signCertList.size()) {
            return null;
        }
        return this.signCertList.get(i2);
    }

    public int getSignerInfoCount() throws PkiException {
        return this.signerInfos.size();
    }

    public ArrayList<SignerInfo> getSignerInfos() throws PkiException {
        return this.signerInfos;
    }

    public int getVersion() throws PkiException {
        ASN1Object value = this.signedAndEnvelopedData.getValue(HiAnalyticsConstant.HaKey.BI_KEY_VERSION);
        if (value != null) {
            return ((Integer) value).getIntegerValue();
        }
        throw new PkiException("get version fail");
    }

    public boolean isContentInfo() {
        return this.isContentInfo;
    }

    public boolean isQ7() {
        return this.isQ7;
    }

    public void setCertAndPrivKey(X509CertificateAndPrivateKey x509CertificateAndPrivateKey) throws PkiException {
        if (x509CertificateAndPrivateKey.getPrivateKeyDecrypter() == null) {
            throw new PkiException("no PrivateKeyDecrypter");
        }
        this.certAndPrivKey = x509CertificateAndPrivateKey;
    }

    public void setCertAndPrivKeys(Iterator<X509CertificateAndPrivateKey> it) throws PkiException {
        this.certAndPrivKeys = it;
    }

    public void setSymEncrypter(SymEncrypter symEncrypter) throws PkiException {
        this.symDecrypter = symEncrypter;
    }

    public void setVerifyImplement(Verifible verifible) {
        this.verifier = verifible;
    }
}
