package net.netca.pki.encoding.asn1.pki.cms;

import com.huawei.hms.support.hianalytics.HiAnalyticsConstant;
import java.util.Arrays;
import java.util.Iterator;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.InstanceOfType;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.OctetStringType;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.SetOf;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.Attributes;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IKDF;
import net.netca.pki.encoding.asn1.pki.IKeyUnwrap;
import net.netca.pki.encoding.asn1.pki.IMac;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;

/* loaded from: classes3.dex */
public class AuthenticatedData {
    public static final String OID = "1.2.840.113549.1.9.16.1.2";
    private ASN1Data authData;
    private X509Certificate cert;
    private X509CertificateAndPrivateKey certAndPrivKey;
    private Iterator<X509CertificateAndPrivateKey> certAndPrivKeys;
    private Hashable hasher;
    private boolean isContentInfo;
    private IKDF kdfObj;
    private IKeyUnwrap keyunwrapObj;
    private IMac macObj;
    private static final SequenceType type = (SequenceType) ASN1TypeManager.getInstance().get("AuthenticatedData");
    private static final InstanceOfType contentInfoType = (InstanceOfType) ASN1TypeManager.getInstance().get("ContentInfo");

    public AuthenticatedData(int i2, OriginatorInfo originatorInfo, RecipientInfos recipientInfos, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, EncapsulatedContentInfo encapsulatedContentInfo, Attributes attributes, byte[] bArr, Attributes attributes2) throws PkiException {
        if (recipientInfos == null) {
            throw new PkiException("recipientInfos is null");
        }
        if (algorithmIdentifier == null) {
            throw new PkiException("macAlgorithm is null");
        }
        if (encapsulatedContentInfo == null) {
            throw new PkiException("encapContentInfo is null");
        }
        if (!encapsulatedContentInfo.isEncapsulatedContentInfo()) {
            throw new PkiException("bad encapContentInfo");
        }
        if (bArr == null) {
            throw new PkiException("encapContentInfo is null");
        }
        if (attributes != null && algorithmIdentifier2 == null) {
            throw new PkiException("has authAttrs,but digestAlgorithm is null");
        }
        Sequence sequence = new Sequence(type);
        sequence.add(new Integer(i2));
        if (originatorInfo != null) {
            sequence.add(new TaggedValue(128, 0, true, originatorInfo.getASN1Object()));
        }
        sequence.add(recipientInfos.getASN1Object());
        sequence.add(algorithmIdentifier.getASN1Object());
        if (algorithmIdentifier2 != null) {
            sequence.add(new TaggedValue(128, 1, true, algorithmIdentifier2.getASN1Object()));
        }
        sequence.add(encapsulatedContentInfo.getASN1Object());
        if (attributes != null) {
            sequence.add(new TaggedValue(128, 2, true, attributes.getASN1Object()));
        }
        sequence.add(new OctetString(bArr));
        if (attributes2 != null) {
            sequence.add(new TaggedValue(128, 3, true, attributes2.getASN1Object()));
        }
        this.isContentInfo = false;
        this.authData = new ASN1Data("AuthenticatedData", sequence);
    }

    public AuthenticatedData(Sequence sequence) throws PkiException {
        if (contentInfoType.match(sequence)) {
            if (!((ObjectIdentifier) sequence.get(0)).getString().equals(OID)) {
                throw new PkiException("not AuthenticatedData");
            }
            sequence = (Sequence) sequence.get("value");
            this.isContentInfo = true;
        } else {
            if (!type.match(sequence)) {
                throw new PkiException("bad AuthenticatedData");
            }
            this.isContentInfo = false;
        }
        this.authData = new ASN1Data("AuthenticatedData", sequence);
    }

    public AuthenticatedData(byte[] bArr) throws PkiException {
        this(bArr, 0, bArr.length);
    }

    public AuthenticatedData(byte[] bArr, int i2, int i3) throws PkiException {
        init(bArr, i2, i3);
    }

    public static AuthenticatedData decode(byte[] bArr) throws PkiException {
        return new AuthenticatedData(bArr);
    }

    private Sequence decodeContentInfo(byte[] bArr, int i2, int i3) {
        try {
            return (Sequence) ASN1Object.decode(bArr, i2, i3, contentInfoType);
        } catch (PkiException unused) {
            return null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0025, code lost:
    
        if (r4.certAndPrivKeys.hasNext() == false) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0027, code lost:
    
        r1 = r4.certAndPrivKeys.next();
        r2 = r0.decrypt(r1, r4.kdfObj, r4.keyunwrapObj);
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0037, code lost:
    
        if (r2 == null) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0039, code lost:
    
        r4.cert = r1.getCert();
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x003f, code lost:
    
        return r2;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0047, code lost:
    
        throw new net.netca.pki.PkiException("no match cert");
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x001d, code lost:
    
        if (r4.certAndPrivKeys != null) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] decryptKey() throws net.netca.pki.PkiException {
        /*
            r4 = this;
            net.netca.pki.encoding.asn1.pki.cms.RecipientInfos r0 = r4.getRecipientInfos()
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r1 = r4.certAndPrivKey
            if (r1 == 0) goto L1b
            net.netca.pki.encoding.asn1.pki.IKDF r2 = r4.kdfObj
            net.netca.pki.encoding.asn1.pki.IKeyUnwrap r3 = r4.keyunwrapObj
            byte[] r1 = r0.decrypt(r1, r2, r3)
            if (r1 == 0) goto L1b
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r0 = r4.certAndPrivKey
            net.netca.pki.encoding.asn1.pki.X509Certificate r0 = r0.getCert()
            r4.cert = r0
            return r1
        L1b:
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            if (r1 == 0) goto L40
        L1f:
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            boolean r1 = r1.hasNext()
            if (r1 == 0) goto L40
            java.util.Iterator<net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey> r1 = r4.certAndPrivKeys
            java.lang.Object r1 = r1.next()
            net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey r1 = (net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey) r1
            net.netca.pki.encoding.asn1.pki.IKDF r2 = r4.kdfObj
            net.netca.pki.encoding.asn1.pki.IKeyUnwrap r3 = r4.keyunwrapObj
            byte[] r2 = r0.decrypt(r1, r2, r3)
            if (r2 == 0) goto L1f
            net.netca.pki.encoding.asn1.pki.X509Certificate r0 = r1.getCert()
            r4.cert = r0
            return r2
        L40:
            net.netca.pki.PkiException r0 = new net.netca.pki.PkiException
            java.lang.String r1 = "no match cert"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.encoding.asn1.pki.cms.AuthenticatedData.decryptKey():byte[]");
    }

    public static SequenceType getASN1Type() {
        return type;
    }

    private void init(byte[] bArr, int i2, int i3) throws PkiException {
        Sequence sequence;
        if (bArr == null || i2 < 0 || i3 <= 0) {
            throw new PkiException("bad input param");
        }
        if (i2 + i3 > bArr.length) {
            throw new PkiException("bad input param");
        }
        Sequence decodeContentInfo = decodeContentInfo(bArr, i2, i3);
        if (decodeContentInfo == null) {
            ASN1Object decode = ASN1Object.decode(bArr, i2, i3, type);
            if (decode == null) {
                throw new PkiException("bad  AuthenticatedData encode");
            }
            sequence = (Sequence) decode;
            this.isContentInfo = false;
        } else {
            if (!((ObjectIdentifier) decodeContentInfo.get(0)).getString().equals(OID)) {
                throw new PkiException("not AuthenticatedData");
            }
            sequence = (Sequence) decodeContentInfo.get("value");
            this.isContentInfo = true;
        }
        this.authData = new ASN1Data("AuthenticatedData", sequence);
        if (!getEncapContentInfo().isEncapsulatedContentInfo()) {
            throw new PkiException("bad encapContentInfo");
        }
    }

    private boolean matchAlgorithm(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws PkiException {
        if (Arrays.equals(algorithmIdentifier.getASN1Object().encode(), algorithmIdentifier2.getASN1Object().encode())) {
            return true;
        }
        if (!algorithmIdentifier.getOid().equals(algorithmIdentifier2.getOid())) {
            return false;
        }
        boolean hasParam = algorithmIdentifier.hasParam();
        boolean hasParam2 = algorithmIdentifier2.hasParam();
        if (hasParam || (hasParam2 && !algorithmIdentifier2.hasNullParam())) {
            return !hasParam2 && (!hasParam || algorithmIdentifier.hasNullParam());
        }
        return true;
    }

    private void matchAlgorithmProtection(Attributes attributes) throws PkiException {
        Attribute attribute = attributes.get(Attribute.CMS_ALGORITHM_PROTECTION);
        if (attribute == null) {
            return;
        }
        SetOf value = attribute.getValue();
        if (value.size() != 1) {
            throw new PkiException("bad CMSAlgorithmProtection Attribute");
        }
        ASN1Object aSN1Object = value.get(0).to(CMSAlgorithmProtection.getASN1Type());
        if (aSN1Object == null) {
            throw new PkiException("bad CMSAlgorithmProtection Attribute");
        }
        CMSAlgorithmProtection cMSAlgorithmProtection = new CMSAlgorithmProtection((Sequence) aSN1Object);
        AlgorithmIdentifier digestAlgorithm = cMSAlgorithmProtection.getDigestAlgorithm();
        AlgorithmIdentifier macAlgorithm = cMSAlgorithmProtection.getMacAlgorithm();
        if (macAlgorithm == null) {
            throw new PkiException("bad CMSAlgorithmProtection Attribute,no macalgo");
        }
        if (cMSAlgorithmProtection.getSignatureAlgorithm() != null) {
            throw new PkiException("bad CMSAlgorithmProtection Attribute,has signalgo");
        }
        if (!matchAlgorithm(digestAlgorithm, getDigestAlgorithm())) {
            throw new PkiException("CMSAlgorithmProtection Attribute,hash algo mismatch");
        }
        if (!matchAlgorithm(macAlgorithm, getMacAlgorithm())) {
            throw new PkiException("CMSAlgorithmProtection Attribute,mac algo mismatch");
        }
    }

    private void verifyAuthAttrs(Attributes attributes, byte[] bArr) throws PkiException {
        Attribute attribute = attributes.get(Attribute.CONTENT_TYPE);
        if (attribute == null) {
            throw new PkiException("no content-type attribute");
        }
        verifyContentTypeAttribute(attribute);
        Attribute attribute2 = attributes.get(Attribute.MESSAGE_DIGEST);
        if (attribute2 == null) {
            throw new PkiException("no message digest attribute");
        }
        verifyMessageDigestAttribute(attribute2, bArr);
        matchAlgorithmProtection(attributes);
    }

    private void verifyContentTypeAttribute(Attribute attribute) throws PkiException {
        if (attribute.getValueCount() != 1) {
            throw new PkiException("bad content-type attribute");
        }
        if (!((ObjectIdentifier) attribute.getValue(0).to(ObjectIdentifierType.getInstance())).getString().equals(getEncapContentInfo().getContentType())) {
            throw new PkiException("content-type mismatch");
        }
    }

    private void verifyMessageDigestAttribute(Attribute attribute, byte[] bArr) throws PkiException {
        if (attribute.getValueCount() != 1) {
            throw new PkiException("bad message digest attribute");
        }
        if (!Arrays.equals(((OctetString) attribute.getValue(0).to(OctetStringType.getInstance())).getValue(), bArr)) {
            throw new PkiException("message digest mismatch");
        }
    }

    public byte[] encode(boolean z) throws PkiException {
        return !z ? this.authData.encode() : getContentInfo().encode();
    }

    public ASN1Object getASN1Object() throws PkiException {
        return this.authData.getValue();
    }

    public Attributes getAuthAttrs() throws PkiException {
        ASN1Object value = this.authData.getValue("authAttrs.value");
        if (value == null) {
            return null;
        }
        return new Attributes((SetOf) value);
    }

    public Sequence getContentInfo() throws PkiException {
        Sequence sequence = new Sequence(contentInfoType);
        sequence.add(new ObjectIdentifier(OID));
        sequence.add(new TaggedValue(128, 0, false, this.authData.getValue()));
        return sequence;
    }

    public X509Certificate getDecryptCert() {
        return this.cert;
    }

    public AlgorithmIdentifier getDigestAlgorithm() throws PkiException {
        ASN1Object value = this.authData.getValue("digestAlgorithm.value");
        if (value == null) {
            return null;
        }
        return new AlgorithmIdentifier((Sequence) value);
    }

    public EncapsulatedContentInfo getEncapContentInfo() throws PkiException {
        ASN1Object value = this.authData.getValue("encapContentInfo");
        if (value != null) {
            return new EncapsulatedContentInfo((Sequence) value);
        }
        throw new PkiException("get encapContentInfo fail");
    }

    public byte[] getMac() throws PkiException {
        ASN1Object value = this.authData.getValue("mac");
        if (value != null) {
            return ((OctetString) value).getValue();
        }
        throw new PkiException("get mac fail");
    }

    public AlgorithmIdentifier getMacAlgorithm() throws PkiException {
        ASN1Object value = this.authData.getValue("macAlgorithm");
        if (value != null) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("get macAlgorithm fail");
    }

    public OriginatorInfo getOriginatorInfo() throws PkiException {
        ASN1Object value = this.authData.getValue("originatorInfo.value");
        if (value == null) {
            return null;
        }
        return new OriginatorInfo((Sequence) value);
    }

    public RecipientInfos getRecipientInfos() throws PkiException {
        ASN1Object value = this.authData.getValue("recipientInfos");
        if (value != null) {
            return new RecipientInfos((SetOf) value);
        }
        throw new PkiException("get recipientInfos fail");
    }

    public Attributes getUnauthAttrs() throws PkiException {
        ASN1Object value = this.authData.getValue("unauthAttrs.value");
        if (value == null) {
            return null;
        }
        return new Attributes((SetOf) value);
    }

    public int getVersion() throws PkiException {
        ASN1Object value = this.authData.getValue(HiAnalyticsConstant.HaKey.BI_KEY_VERSION);
        if (value != null) {
            return ((Integer) value).getIntegerValue();
        }
        throw new PkiException("get version fail");
    }

    public boolean isContentInfo() {
        return this.isContentInfo;
    }

    public void setCertAndPrivKey(X509CertificateAndPrivateKey x509CertificateAndPrivateKey) throws PkiException {
        if (x509CertificateAndPrivateKey.getPrivateKeyDecrypter() == null) {
            throw new PkiException("no PrivateKeyDecrypter");
        }
        this.certAndPrivKey = x509CertificateAndPrivateKey;
    }

    public void setCertAndPrivKeys(Iterator<X509CertificateAndPrivateKey> it) throws PkiException {
        this.certAndPrivKeys = it;
    }

    public void setHasher(Hashable hashable) {
        this.hasher = hashable;
    }

    public void setKDFImplement(IKDF ikdf) {
        this.kdfObj = ikdf;
    }

    public void setKeyUnwrapImplement(IKeyUnwrap iKeyUnwrap) {
        this.keyunwrapObj = iKeyUnwrap;
    }

    public void setMacImplement(IMac iMac) {
        this.macObj = iMac;
    }

    public boolean verify() throws PkiException {
        byte[] mac;
        if (this.macObj == null) {
            throw new PkiException("macObj is null");
        }
        if (this.certAndPrivKey == null && this.certAndPrivKeys == null) {
            throw new PkiException("certAndPrivKey and certAndPrivKeys are both null");
        }
        EncapsulatedContentInfo encapContentInfo = getEncapContentInfo();
        if (!encapContentInfo.isEncapsulatedContentInfo()) {
            throw new PkiException("bad EncapsulatedContentInfo");
        }
        byte[] tbs = encapContentInfo.getTbs();
        AlgorithmIdentifier macAlgorithm = getMacAlgorithm();
        Attributes authAttrs = getAuthAttrs();
        byte[] decryptKey = decryptKey();
        if (authAttrs != null) {
            AlgorithmIdentifier digestAlgorithm = getDigestAlgorithm();
            if (digestAlgorithm == null) {
                Arrays.fill(decryptKey, (byte) 0);
                throw new PkiException("no digestAlgorithm");
            }
            if (this.hasher == null) {
                this.hasher = new JCEHasher();
            }
            verifyAuthAttrs(authAttrs, this.hasher.hash(digestAlgorithm, tbs, 0, tbs.length));
            byte[] encode = authAttrs.getASN1Object().encode();
            mac = this.macObj.mac(macAlgorithm, decryptKey, encode, 0, encode.length);
        } else {
            if (!encapContentInfo.getContentType().equals(ContentInfo.DATA_OID)) {
                Arrays.fill(decryptKey, (byte) 0);
                throw new PkiException("eContentInfo content-type not data,but no authAttrs");
            }
            mac = this.macObj.mac(macAlgorithm, decryptKey, tbs, 0, tbs.length);
        }
        Arrays.fill(decryptKey, (byte) 0);
        return Arrays.equals(getMac(), mac);
    }
}
