package net.netca.pki.impl.netcajni;

import java.util.Date;
import net.netca.pki.CertStore;
import net.netca.pki.Certificate;
import net.netca.pki.Freeable;
import net.netca.pki.PkiException;
import net.netca.pki.SignedData;
import net.netca.pki.global.ISignedDataMultiStepVerify;
import net.netca.pki.global.ISignedDataVerify;
import net.netca.pki.global.X509Certificate;

/* loaded from: classes3.dex */
public class NetcaSignedDataVerify implements ISignedDataVerify, Freeable, ISignedDataMultiStepVerify {
    private boolean firstUpdate = true;
    private SignedData signedData;

    public NetcaSignedDataVerify() throws PkiException {
        SignedData newSignedDataVerifyObject = SignedData.newSignedDataVerifyObject();
        this.signedData = newSignedDataVerifyObject;
        if (newSignedDataVerifyObject == null) {
            throw new PkiException("SignedData.newSignedDataVerifyObject fail");
        }
    }

    public NetcaSignedDataVerify(CertStore certStore) throws PkiException {
        SignedData newSignedDataVerifyObject = SignedData.newSignedDataVerifyObject();
        this.signedData = newSignedDataVerifyObject;
        if (newSignedDataVerifyObject == null) {
            throw new PkiException("SignedData.newSignedDataVerifyObject fail");
        }
        try {
            int certificateCount = certStore.getCertificateCount();
            for (int i2 = 0; i2 < certificateCount; i2++) {
                Certificate certificate = certStore.getCertificate(i2);
                try {
                    this.signedData.addCertificate(certificate);
                } finally {
                    if (certificate != null) {
                        certificate.free();
                    }
                }
            }
        } catch (PkiException e2) {
            this.signedData.free();
            throw e2;
        }
    }

    @Override // net.netca.pki.global.ISignedDataVerify
    public void addCert(X509Certificate x509Certificate) throws PkiException {
        if (x509Certificate instanceof NetcaX509Certificate) {
            this.signedData.addCertificate(((NetcaX509Certificate) x509Certificate).getCertificateObject());
            return;
        }
        Certificate certificate = null;
        try {
            Certificate certificate2 = new Certificate(x509Certificate.derEncode());
            try {
                this.signedData.addCertificate(certificate2);
                certificate2.free();
            } catch (Throwable th) {
                th = th;
                certificate = certificate2;
                if (certificate != null) {
                    certificate.free();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // net.netca.pki.global.ISignedDataVerify
    public byte[] attachSignatureTimeStamp() throws PkiException {
        return this.signedData.attachSignatureTimeStamp();
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        this.signedData.free();
    }

    @Override // net.netca.pki.global.ISignedDataVerify
    public X509Certificate getSignCert() throws PkiException {
        Certificate signCertificate = this.signedData.getSignCertificate(0);
        if (signCertificate == null) {
            return null;
        }
        try {
            return new NetcaX509Certificate(signCertificate);
        } finally {
            signCertificate.free();
        }
    }

    @Override // net.netca.pki.global.ISignedDataVerify
    public Date getSignatureTimeStampTime() throws PkiException {
        if (this.signedData.hasTimeStamp(0)) {
            return this.signedData.getTimeStampTime(0);
        }
        return null;
    }

    public SignedData getSignedDataObject() {
        return this.signedData;
    }

    @Override // net.netca.pki.global.ISignedDataVerify
    public byte[] verify(byte[] bArr, int i2, int i3) throws PkiException {
        this.signedData.keepTbs(true);
        byte[] verify = this.signedData.verify(bArr, i2, i3);
        this.signedData.verifyPostCheck();
        return verify;
    }

    @Override // net.netca.pki.global.ISignedDataMultiStepVerify
    public void verifyFinal() throws PkiException {
        this.signedData.verifyFinal();
        this.signedData.verifyPostCheck();
    }

    @Override // net.netca.pki.global.ISignedDataMultiStepVerify
    public byte[] verifyUpdate(byte[] bArr, int i2, int i3) throws PkiException {
        if (this.firstUpdate) {
            this.signedData.keepTbs(false);
            this.signedData.verifyInit();
            this.firstUpdate = false;
        }
        return this.signedData.verifyUpdate(bArr, i2, i3);
    }
}
