package com.dstc.security.cms;

import com.dstc.security.asn1.Asn1;
import com.dstc.security.asn1.Asn1Exception;
import com.dstc.security.asn1.Explicit;
import com.dstc.security.asn1.Integer;
import com.dstc.security.asn1.Oid;
import com.dstc.security.asn1.Sequence;
import com.dstc.security.asn1.Set;
import com.dstc.security.certpath.CertPathException;
import com.dstc.security.common.AlgorithmId;
import com.dstc.security.common.OID;
import com.dstc.security.x509.X509ExtensionUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/dstc/security/cms/SignedDataImpl.class */
public class SignedDataImpl implements SignedData {
    private Asn1 outer;
    private int version;
    private Vector digestAlgorithms;
    private byte[][] digests;
    private EncapContentInfo eContentInfo;
    private X509Certificate[] certs;
    private Vector crls;
    private Vector signerInfos;
    private ByteArrayOutputStream os;
    private boolean useSignedAtts;
    private int contentType;
    private Iterator it;
    private Vector trusted;
    private Vector totalCerts;
    private DigestsInputStream dis;
    private TwoInputStream verStream;
    private boolean isVerified;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignedDataImpl(InputStream inputStream, Vector vector, Vector vector2, InputStream inputStream2) throws Asn1Exception, IOException, CMSException {
        this.outer = null;
        this.version = 1;
        this.digestAlgorithms = null;
        this.eContentInfo = null;
        this.certs = null;
        this.crls = null;
        this.signerInfos = null;
        this.os = null;
        this.useSignedAtts = true;
        this.contentType = 0;
        this.it = null;
        this.trusted = null;
        this.totalCerts = null;
        this.dis = null;
        this.verStream = null;
        this.isVerified = false;
        decode(Asn1.getAsn1(inputStream), vector, vector2, inputStream2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignedDataImpl(PrivateKey privateKey, X509Certificate[] x509CertificateArr, String str, boolean z, CMSTypedDataInputStream cMSTypedDataInputStream) throws CMSException {
        this.outer = null;
        this.version = 1;
        this.digestAlgorithms = null;
        this.eContentInfo = null;
        this.certs = null;
        this.crls = null;
        this.signerInfos = null;
        this.os = null;
        this.useSignedAtts = true;
        this.contentType = 0;
        this.it = null;
        this.trusted = null;
        this.totalCerts = null;
        this.dis = null;
        this.verStream = null;
        this.isVerified = false;
        try {
            String property = System.getProperty("jcsi.cms.nosignedatts");
            if (property != null && property.equals("true")) {
                this.useSignedAtts = false;
            }
            if (!X509ExtensionUtil.isKeyUsageSigning(x509CertificateArr[0])) {
                throw new CMSException("Certificate key usage does not include signing");
            }
            int cMSDataType = cMSTypedDataInputStream.getCMSDataType();
            this.outer = new Sequence();
            this.outer.add(new Oid("1.2.840.113549.1.7.2"));
            Sequence sequence = new Sequence();
            if (cMSDataType != 0) {
                this.version = 3;
                this.useSignedAtts = true;
            }
            sequence.add(new Integer(this.version));
            Set set = new Set();
            set.add(new AlgorithmId(OID.getAlgOid(str)).getAsn1());
            sequence.add(set);
            Asn1 asn1 = null;
            if (this.useSignedAtts) {
                asn1 = new Set();
                asn1.add(new ContentTypeImpl(cMSTypedDataInputStream.getContentType()).getAsn1());
            }
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            Signer signer = new Signer(privateKey, x509CertificateArr[0], str, asn1);
            DigestInputStream digestInputStream = new DigestInputStream(cMSTypedDataInputStream, messageDigest, asn1, signer);
            sequence.add(new EncapContentInfo(cMSTypedDataInputStream.getContentType(), z ? digestInputStream : null).getAsn1());
            Asn1 asn12 = new CertificateSet(x509CertificateArr).getAsn1();
            asn12.setTagClass(128);
            asn12.setTagNumber(0);
            sequence.add(asn12);
            Set set2 = new Set();
            set2.add(signer.getAsn1());
            sequence.add(set2);
            Explicit explicit = new Explicit(128, 0);
            explicit.add(sequence);
            this.outer.add(explicit);
            if (z) {
                return;
            }
            do {
            } while (digestInputStream.read(new byte[256]) != -1);
        } catch (CMSException e) {
            throw e;
        } catch (Exception e2) {
            throw new CMSException(new StringBuffer("signing error: nested message is ").append(e2.toString()).toString());
        }
    }

    private void decode(Asn1 asn1, Vector vector, Vector vector2, InputStream inputStream) throws Asn1Exception, IOException, CMSException {
        Asn1 asn12;
        if (vector2 == null) {
            throw new CMSException("No trusted certs set");
        }
        this.trusted = vector2;
        this.outer = asn1;
        Iterator components = asn1.components();
        if (components == null || !components.hasNext()) {
            throw new CMSException("Bad SignedData encoding");
        }
        if (!((Oid) components.next()).getOid().equals("1.2.840.113549.1.7.2")) {
            throw new CMSException("Not a SignedData encoding");
        }
        this.it = ((Asn1) ((Asn1) components.next()).components().next()).components();
        this.version = ((Integer) this.it.next()).getInt();
        this.digestAlgorithms = new Vector();
        Iterator components2 = ((Set) this.it.next()).components();
        while (components2.hasNext() && (asn12 = (Asn1) components2.next()) != null) {
            this.digestAlgorithms.add(OID.getAlgName(new AlgorithmId(asn12).getOid()));
        }
        String[] strArr = new String[this.digestAlgorithms.size()];
        this.digestAlgorithms.toArray(strArr);
        this.eContentInfo = new EncapContentInfo((Asn1) this.it.next());
        if (this.eContentInfo.getContentType().equals("1.2.840.113549.1.7.1")) {
            this.contentType = 0;
        } else if (this.eContentInfo.getContentType().equals("1.2.840.113549.1.7.2")) {
            this.contentType = 1;
        } else {
            if (!this.eContentInfo.getContentType().equals("1.2.840.113549.1.7.3")) {
                throw new CMSException(new StringBuffer("Content type ").append(this.eContentInfo.getContentType()).append(" unsupported for CMS signing").toString());
            }
            this.contentType = 2;
        }
        if (this.eContentInfo.hasContent()) {
            this.dis = new DigestsInputStream(this, this.eContentInfo.getContent(), strArr);
        } else {
            if (inputStream == null) {
                throw new CMSException("Cannot verify SignedData : No data encapsulated & no message provided");
            }
            this.dis = new DigestsInputStream(this, inputStream, strArr);
        }
        if (vector != null) {
            this.totalCerts = vector;
        } else {
            this.totalCerts = new Vector();
        }
        this.verStream = new TwoInputStream(this.dis, null);
    }

    public int getCMSVersion() {
        return this.version;
    }

    @Override // com.dstc.security.cms.SignedData
    public X509CRL[] getCRLs() {
        if (this.crls == null) {
            return null;
        }
        X509CRL[] x509crlArr = new X509CRL[this.crls.size()];
        this.crls.toArray(x509crlArr);
        return x509crlArr;
    }

    @Override // com.dstc.security.cms.SignedData
    public X509Certificate[] getCertificates() {
        return this.certs;
    }

    public String[] getDigestAlgorithms() {
        String[] strArr = new String[this.digestAlgorithms.size()];
        this.digestAlgorithms.toArray(strArr);
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getEncapsulatedContentType() {
        return this.contentType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CMSTypedDataInputStream getSigned() {
        return new CMSTypedDataInputStream(1, new BEREncodedInputStream(this.outer));
    }

    @Override // com.dstc.security.cms.SignedData
    public SignerInfo[] getSignerInfos() {
        if (this.signerInfos == null) {
            return null;
        }
        SignerInfo[] signerInfoArr = new SignerInfo[this.signerInfos.size()];
        this.signerInfos.toArray(signerInfoArr);
        return signerInfoArr;
    }

    public TwoInputStream getVerified() {
        return this.verStream;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isVerified() {
        return this.isVerified;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SignedData");
        stringBuffer.append("\n[");
        stringBuffer.append(new StringBuffer("\n  version: ").append(this.version).toString());
        stringBuffer.append(new StringBuffer("\n  Digest algos: ").append(this.digestAlgorithms).toString());
        stringBuffer.append("\n  SignerInfos ");
        if (this.signerInfos == null) {
            return stringBuffer.toString();
        }
        stringBuffer.append("{no of signers = ");
        stringBuffer.append(String.valueOf(this.signerInfos.size()));
        stringBuffer.append("}");
        stringBuffer.append("\n  [");
        for (int i = 0; i < this.signerInfos.size(); i++) {
            StringTokenizer stringTokenizer = new StringTokenizer(((SignerInfo) this.signerInfos.elementAt(i)).toString(), "\r\n");
            while (stringTokenizer.hasMoreTokens()) {
                stringBuffer.append("\n     ").append(stringTokenizer.nextToken());
            }
            stringBuffer.append("\n");
        }
        stringBuffer.append("  ]");
        stringBuffer.append("\n]");
        return stringBuffer.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyAllSigners() throws Asn1Exception, IOException, CRLException, CertificateException, CMSException, CertPathException {
        Asn1 asn1;
        Asn1 asn12 = (Asn1) this.it.next();
        if (asn12.getTagNumber() == 0) {
            this.certs = new CertificateSet(asn12).getCerts();
            asn12 = (Asn1) this.it.next();
        }
        if (asn12.getTagNumber() == 1) {
            this.crls = new CRLSet(asn12).getCRLs();
            asn12 = (Asn1) this.it.next();
        }
        if (this.certs != null) {
            for (int i = 0; i < this.certs.length; i++) {
                this.totalCerts.add(this.certs[i]);
            }
        }
        this.signerInfos = new Vector();
        Iterator components = ((Set) asn12).components();
        while (components.hasNext() && (asn1 = (Asn1) components.next()) != null) {
            this.signerInfos.add(new Signer(asn1, this.totalCerts, this.trusted, this.dis));
        }
        this.isVerified = true;
    }
}
