package defpackage;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import sun.misc.HexDumpEncoder;
import sun.security.pkcs.ParsingException;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* compiled from: SignerInfo.java */
/* loaded from: classes4.dex */
public class qf2 implements wf2 {
    public BigInteger a;
    public mi2 b;
    public BigInteger c;
    public AlgorithmId d;
    public AlgorithmId e;
    public byte[] f;
    public pf2 g;
    public pf2 h;

    public qf2(mi2 mi2Var, BigInteger bigInteger, AlgorithmId algorithmId, pf2 pf2Var, AlgorithmId algorithmId2, byte[] bArr, pf2 pf2Var2) {
        this.a = BigInteger.ONE;
        this.b = mi2Var;
        this.c = bigInteger;
        this.d = algorithmId;
        this.g = pf2Var;
        this.e = algorithmId2;
        this.f = bArr;
        this.h = pf2Var2;
    }

    public qf2(mi2 mi2Var, BigInteger bigInteger, AlgorithmId algorithmId, AlgorithmId algorithmId2, byte[] bArr) {
        this.a = BigInteger.ONE;
        this.b = mi2Var;
        this.c = bigInteger;
        this.d = algorithmId;
        this.e = algorithmId2;
        this.f = bArr;
    }

    public qf2(zf2 zf2Var) throws IOException, ParsingException {
        this(zf2Var, false);
    }

    public qf2(zf2 zf2Var, boolean z) throws IOException, ParsingException {
        this.a = zf2Var.getBigInteger();
        bg2[] sequence = zf2Var.getSequence(2);
        this.b = new mi2(new bg2((byte) 48, sequence[0].toByteArray()));
        this.c = sequence[1].getBigInteger();
        this.d = AlgorithmId.parse(zf2Var.getDerValue());
        if (z) {
            zf2Var.getSet(0);
        } else if (((byte) zf2Var.peekByte()) == -96) {
            this.g = new pf2(zf2Var);
        }
        this.e = AlgorithmId.parse(zf2Var.getDerValue());
        this.f = zf2Var.getOctetString();
        if (z) {
            zf2Var.getSet(0);
        } else if (zf2Var.available() != 0 && ((byte) zf2Var.peekByte()) == -95) {
            this.h = new pf2(zf2Var, true);
        }
        if (zf2Var.available() != 0) {
            throw new ParsingException("extra data at the end");
        }
    }

    public qf2 a(nf2 nf2Var, byte[] bArr) throws NoSuchAlgorithmException, SignatureException {
        byte[] bArr2;
        try {
            try {
                lf2 contentInfo = nf2Var.getContentInfo();
                if (bArr == null) {
                    bArr = contentInfo.getContentBytes();
                }
                String name = getDigestAlgorithmId().getName();
                if (name.equalsIgnoreCase("SHA")) {
                    name = "SHA1";
                }
                if (this.g != null) {
                    ObjectIdentifier objectIdentifier = (ObjectIdentifier) this.g.getAttributeValue(of2.f);
                    if (objectIdentifier == null || !objectIdentifier.equals(contentInfo.a) || (bArr2 = (byte[]) this.g.getAttributeValue(of2.g)) == null) {
                        return null;
                    }
                    byte[] digest = MessageDigest.getInstance(name).digest(bArr);
                    if (bArr2.length != digest.length) {
                        return null;
                    }
                    for (int i = 0; i < bArr2.length; i++) {
                        if (bArr2[i] != digest[i]) {
                            return null;
                        }
                    }
                    bArr = this.g.getDerEncoding();
                }
                String name2 = getDigestEncryptionAlgorithmId().getName();
                if (name2.equalsIgnoreCase("SHA1withDSA")) {
                    name2 = "DSA";
                }
                Signature signature = Signature.getInstance(name + "with" + name2);
                X509Certificate certificate = getCertificate(nf2Var);
                if (certificate == null) {
                    return null;
                }
                if (certificate.hasUnsupportedCriticalExtension()) {
                    throw new SignatureException("Certificate has unsupported critical extension(s)");
                }
                boolean[] keyUsage = certificate.getKeyUsage();
                if (keyUsage != null) {
                    try {
                        sh2 sh2Var = new sh2(keyUsage);
                        boolean booleanValue = ((Boolean) sh2Var.get("digital_signature")).booleanValue();
                        boolean booleanValue2 = ((Boolean) sh2Var.get("non_repudiation")).booleanValue();
                        if (!booleanValue && !booleanValue2) {
                            throw new SignatureException("Key usage restricted: cannot be used for digital signatures");
                        }
                    } catch (IOException unused) {
                        throw new SignatureException("Failed to parse keyUsage extension");
                    }
                }
                signature.initVerify(certificate.getPublicKey());
                signature.update(bArr);
                if (signature.verify(this.f)) {
                    return this;
                }
                return null;
            } catch (InvalidKeyException e) {
                throw new SignatureException("InvalidKey: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new SignatureException("IO error verifying signature:\n" + e2.getMessage());
        }
    }

    @Override // defpackage.wf2
    public void derEncode(OutputStream outputStream) throws IOException {
        ag2 ag2Var = new ag2();
        ag2Var.putInteger(this.a);
        ag2 ag2Var2 = new ag2();
        this.b.encode(ag2Var2);
        ag2Var2.putInteger(this.c);
        ag2Var.write((byte) 48, ag2Var2);
        this.d.encode(ag2Var);
        pf2 pf2Var = this.g;
        if (pf2Var != null) {
            pf2Var.encode((byte) -96, ag2Var);
        }
        this.e.encode(ag2Var);
        ag2Var.putOctetString(this.f);
        pf2 pf2Var2 = this.h;
        if (pf2Var2 != null) {
            pf2Var2.encode((byte) -95, ag2Var);
        }
        ag2 ag2Var3 = new ag2();
        ag2Var3.write((byte) 48, ag2Var);
        outputStream.write(ag2Var3.toByteArray());
    }

    public void encode(ag2 ag2Var) throws IOException {
        derEncode(ag2Var);
    }

    public pf2 getAuthenticatedAttributes() {
        return this.g;
    }

    public X509Certificate getCertificate(nf2 nf2Var) throws IOException {
        return nf2Var.getCertificate(this.c, this.b);
    }

    public ArrayList<X509Certificate> getCertificateChain(nf2 nf2Var) throws IOException {
        boolean z;
        X509Certificate certificate = nf2Var.getCertificate(this.c, this.b);
        if (certificate == null) {
            return null;
        }
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        arrayList.add(certificate);
        X509Certificate[] certificates = nf2Var.getCertificates();
        if (certificates != null && !certificate.getSubjectDN().equals(certificate.getIssuerDN())) {
            Principal issuerDN = certificate.getIssuerDN();
            int i = 0;
            do {
                int i2 = i;
                while (true) {
                    if (i2 >= certificates.length) {
                        z = false;
                        break;
                    }
                    if (issuerDN.equals(certificates[i2].getSubjectDN())) {
                        arrayList.add(certificates[i2]);
                        if (certificates[i2].getSubjectDN().equals(certificates[i2].getIssuerDN())) {
                            i = certificates.length;
                        } else {
                            issuerDN = certificates[i2].getIssuerDN();
                            X509Certificate x509Certificate = certificates[i];
                            certificates[i] = certificates[i2];
                            certificates[i2] = x509Certificate;
                            i++;
                        }
                        z = true;
                    } else {
                        i2++;
                    }
                }
            } while (z);
        }
        return arrayList;
    }

    public BigInteger getCertificateSerialNumber() {
        return this.c;
    }

    public AlgorithmId getDigestAlgorithmId() {
        return this.d;
    }

    public AlgorithmId getDigestEncryptionAlgorithmId() {
        return this.e;
    }

    public byte[] getEncryptedDigest() {
        return this.f;
    }

    public mi2 getIssuerName() {
        return this.b;
    }

    public pf2 getUnauthenticatedAttributes() {
        return this.h;
    }

    public BigInteger getVersion() {
        return this.a;
    }

    public String toString() {
        HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
        String str = ((("Signer Info for (issuer): " + this.b + "\n") + "\tversion: " + vf2.toHexString(this.a) + "\n") + "\tcertificateSerialNumber: " + vf2.toHexString(this.c) + "\n") + "\tdigestAlgorithmId: " + this.d + "\n";
        if (this.g != null) {
            str = str + "\tauthenticatedAttributes: " + this.g + "\n";
        }
        String str2 = (str + "\tdigestEncryptionAlgorithmId: " + this.e + "\n") + "\tencryptedDigest: \n" + hexDumpEncoder.encodeBuffer(this.f) + "\n";
        if (this.h == null) {
            return str2;
        }
        return str2 + "\tunauthenticatedAttributes: " + this.h + "\n";
    }
}
