package com.dstc.security.cms;

import com.dstc.security.asn1.Asn1;
import com.dstc.security.asn1.Asn1Exception;
import com.dstc.security.asn1.Integer;
import com.dstc.security.asn1.OctetString;
import com.dstc.security.asn1.Sequence;
import com.dstc.security.certpath.CertPathBuilder;
import com.dstc.security.certpath.CertPathException;
import com.dstc.security.certpath.X509CertSelector;
import com.dstc.security.common.AlgorithmId;
import com.dstc.security.common.OID;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.crypto.Cipher;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/dstc/security/cms/Signer.class */
public class Signer implements SignerInfo {
    private Asn1 asn1;
    private CertPathBuilder builder;
    private Vector certs;
    private DigestsInputStream dis;
    private X509Certificate signerCert;
    private Vector signedAttributes;
    private Vector unsignedAttributes;
    private String digestAlg;
    private String sigAlg;
    private byte[] toBeSigned;
    private byte[] signature;
    private String provider;
    private byte[] digest;
    private Signature sig;
    private int version;
    private SignedAttributes signedAtts;
    private SignedAttributes unsignedAtts;
    private SignerIdentifier signerId;
    private boolean verified;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signer(Asn1 asn1, Vector vector, Vector vector2, DigestsInputStream digestsInputStream) throws CMSException, Asn1Exception, IOException, CertificateException, CertPathException {
        this.asn1 = null;
        this.builder = null;
        this.certs = null;
        this.dis = null;
        this.signerCert = null;
        this.signedAttributes = null;
        this.unsignedAttributes = null;
        this.digestAlg = "SHA";
        this.sigAlg = null;
        this.toBeSigned = null;
        this.signature = null;
        this.provider = null;
        this.digest = null;
        this.sig = null;
        this.version = 1;
        this.verified = false;
        this.certs = vector;
        this.builder = new CertPathBuilder();
        this.builder.setTrustedCerts(vector2);
        this.dis = digestsInputStream;
        decode(asn1, vector, vector2);
        verifySigner();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Signer(PrivateKey privateKey, X509Certificate x509Certificate, String str, Asn1 asn1) throws CMSException {
        this.asn1 = null;
        this.builder = null;
        this.certs = null;
        this.dis = null;
        this.signerCert = null;
        this.signedAttributes = null;
        this.unsignedAttributes = null;
        this.digestAlg = "SHA";
        this.sigAlg = null;
        this.toBeSigned = null;
        this.signature = null;
        this.provider = null;
        this.digest = null;
        this.sig = null;
        this.version = 1;
        this.verified = false;
        try {
            this.asn1 = new Sequence();
            this.asn1.add(new Integer(this.version));
            this.asn1.add(new IssuerAndSerialNumberImpl(x509Certificate).getAsn1());
            this.digestAlg = str;
            this.asn1.add(new AlgorithmId(OID.getAlgOid(str)).getAsn1());
            if (asn1 != null) {
                this.asn1.add(asn1);
            }
            String algorithm = privateKey.getAlgorithm();
            if (algorithm.equals("RSA")) {
                this.asn1.add(new AlgorithmId("1.2.840.113549.1.1.1").getAsn1());
            } else if (algorithm.equals("DSA")) {
                this.asn1.add(new AlgorithmId("1.2.840.10040.4.3").getAsn1());
            }
            if (asn1 == null) {
                this.sig = Signature.getInstance(new StringBuffer("Raw").append(algorithm).toString());
            } else if (str.equals("MD5")) {
                this.sig = Signature.getInstance(new StringBuffer("MD5with").append(algorithm).toString());
            } else {
                if (!str.startsWith("SHA")) {
                    throw new CMSException(new StringBuffer("Unsupported digest algorithm: ").append(str).append(" in CMS").toString());
                }
                this.sig = Signature.getInstance(new StringBuffer("SHA1with").append(algorithm).toString());
            }
            this.sig.initSign(privateKey);
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    private void checkDigestBytes(byte[] bArr) throws IOException, CMSException {
        if (this.signedAttributes == null) {
            return;
        }
        Iterator it = this.signedAttributes.iterator();
        while (it.hasNext()) {
            Attribute attribute = (Attribute) it.next();
            if (attribute.getOid().equals("1.2.840.113549.1.9.4")) {
                if (!Arrays.equals(bArr, attribute.getEncodedValues())) {
                    throw new CMSException("Digest mismatch");
                }
                return;
            }
        }
        throw new CMSException("Cannot find MessageDigest attribute amongst signed attributes");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void computeSignature(byte[] bArr) throws CMSException {
        try {
            SignatureInputStream signatureInputStream = new SignatureInputStream(new ByteArrayInputStream(bArr), this.sig, this.digestAlg);
            byte[] bArr2 = new byte[150];
            int i = 0;
            while (true) {
                int read = signatureInputStream.read(bArr2, i, bArr2.length - i);
                if (read == -1) {
                    this.asn1.add(new OctetString(bArr2, 0, i));
                    return;
                }
                i += read;
            }
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    private void decode(Asn1 asn1, Vector vector, Vector vector2) throws CMSException, Asn1Exception, IOException, CertificateException, CertPathException {
        Asn1 asn12;
        this.asn1 = asn1;
        Iterator components = asn1.components();
        this.version = ((Integer) components.next()).getInt();
        this.signerId = Factory.getSignerIdentifier((Asn1) components.next());
        this.digestAlg = OID.getAlgName(new AlgorithmId((Asn1) components.next()).getOid());
        Asn1 asn13 = (Asn1) components.next();
        if (asn13.getTagNumber() == 0) {
            this.signedAtts = new SignedAttributes(asn13);
            this.signedAttributes = this.signedAtts.getAttributes();
            asn13 = (Asn1) components.next();
        }
        String oid = new AlgorithmId(asn13).getOid();
        this.sigAlg = OID.getAlgName(oid);
        if (this.sigAlg.indexOf("RSA") != -1) {
            this.sigAlg = new StringBuffer(String.valueOf(this.digestAlg)).append("/RSA").toString();
        } else {
            if (this.sigAlg.indexOf("DSA") == -1) {
                throw new CMSException(new StringBuffer("Signature Algorithm OID ").append(oid).append(" not supported").toString());
            }
            this.sigAlg = "DSA";
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ((OctetString) components.next()).writeValue(byteArrayOutputStream);
        this.signature = byteArrayOutputStream.toByteArray();
        if (components.hasNext() && (asn12 = (Asn1) components.next()) != null && asn12.getTagNumber() == 1) {
            this.unsignedAtts = new SignedAttributes(asn12);
            this.unsignedAttributes = this.unsignedAtts.getAttributes();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Asn1 getAsn1() {
        return this.asn1;
    }

    public int getCMSVersion() {
        return this.version;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public String getDigestAlgorithm() {
        return this.digestAlg;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public String getSignatureAlgorithm() {
        return this.sigAlg;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public byte[] getSignatureValue() {
        return this.signature;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public Attribute[] getSignedAttributes() {
        if (this.signedAttributes == null) {
            return null;
        }
        Attribute[] attributeArr = new Attribute[this.signedAttributes.size()];
        this.signedAttributes.toArray(attributeArr);
        return attributeArr;
    }

    private X509Certificate getSignerCert(SignerIdentifier signerIdentifier) throws CertificateException, CertPathException, CMSException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        if (signerIdentifier instanceof IssuerAndSerialNumber) {
            x509CertSelector.setIssuerDN(((IssuerAndSerialNumber) signerIdentifier).getIssuer());
            x509CertSelector.setSerialNumber(((IssuerAndSerialNumber) signerIdentifier).getSerialNumber());
        } else {
            if (!(signerIdentifier instanceof SubjectKeyIdentifier)) {
                throw new CMSException(new StringBuffer("Unsupported signerIdentifier: ").append(signerIdentifier).toString());
            }
            x509CertSelector.setSubjectKeyIdentifier(((SubjectKeyIdentifier) signerIdentifier).getId());
        }
        return this.builder.build(this.certs, x509CertSelector).getPath()[0];
    }

    @Override // com.dstc.security.cms.SignerInfo
    public X509Certificate getSignerCertificate() {
        return this.signerCert;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public SignerIdentifier getSignerIdentifier() {
        return this.signerId;
    }

    @Override // com.dstc.security.cms.SignerInfo
    public Attribute[] getUnsignedAttributes() {
        if (this.unsignedAttributes == null) {
            return null;
        }
        Attribute[] attributeArr = new Attribute[this.unsignedAttributes.size()];
        this.unsignedAttributes.toArray(attributeArr);
        return attributeArr;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SignerInfo");
        if (this.verified) {
            stringBuffer.append(" [Signature Verified]");
        }
        stringBuffer.append("\n[");
        stringBuffer.append("\n  Version: ").append(this.version);
        stringBuffer.append("\n  Message Digest algo: ").append(getDigestAlgorithm());
        stringBuffer.append("\n  Signature algo: ").append(getSignatureAlgorithm());
        stringBuffer.append("\n  SignerIdentifier:");
        StringTokenizer stringTokenizer = new StringTokenizer(this.signerId.toString(), "\r\n");
        while (stringTokenizer.hasMoreTokens()) {
            stringBuffer.append("\n").append("    ").append(stringTokenizer.nextToken());
        }
        Attribute[] signedAttributes = getSignedAttributes();
        if (signedAttributes != null) {
            stringBuffer.append("\n  Signed attributes:");
            for (Attribute attribute : signedAttributes) {
                stringBuffer.append("\n    ").append(attribute);
            }
        }
        Attribute[] unsignedAttributes = getUnsignedAttributes();
        if (unsignedAttributes != null) {
            stringBuffer.append("\n  Unsigned attributes:");
            for (int i = 0; i < unsignedAttributes.length; i++) {
                String algName = OID.getAlgName(unsignedAttributes[i].getOid());
                if (algName != null) {
                    stringBuffer.append("\n    ").append(algName);
                } else {
                    stringBuffer.append("\n    ").append(unsignedAttributes[i]);
                }
            }
        }
        stringBuffer.append("\n]");
        return stringBuffer.toString();
    }

    public void verifySignature(byte[] bArr) throws CMSException {
        boolean equals;
        try {
            if (this.signedAtts != null) {
                this.sig = Signature.getInstance(this.sigAlg);
                this.sig.initVerify(this.signerCert.getPublicKey());
                this.toBeSigned = this.signedAtts.getAsn1().getEncoded();
                this.sig.update(this.toBeSigned);
                equals = this.sig.verify(this.signature);
            } else if (this.sigAlg.equals("DSA")) {
                this.sig = Signature.getInstance("RawDSA");
                this.sig.initVerify(this.signerCert.getPublicKey());
                this.sig.update(bArr);
                equals = this.sig.verify(this.signature);
            } else {
                Cipher cipher = Cipher.getInstance("RSA");
                cipher.init(2, this.signerCert.getPublicKey());
                Iterator components = Asn1.getAsn1(cipher.doFinal(this.signature)).components();
                new AlgorithmId((Asn1) components.next());
                equals = Arrays.equals(((OctetString) components.next()).getBytes(), bArr);
            }
            if (!equals) {
                throw new CMSException("Bad signature");
            }
            this.verified = true;
        } catch (Exception e) {
            throw new CMSException(e.getMessage());
        }
    }

    void verifySigner() throws CMSException, IOException, CertificateException, CertPathException {
        this.signerCert = getSignerCert(this.signerId);
        this.digest = this.dis.getDigest(this.digestAlg);
        if (this.digest == null) {
            throw new CMSException("Badly formed SignedData: Incomplete list of digest algorithms");
        }
        checkDigestBytes(this.digest);
        verifySignature(this.digest);
    }
}
