package cn.topca.sp.security.pkcs;

import cn.topca.sp.jce.TopCAProvider;
import cn.topca.sp.security.x509.X509CertificateObject;
import java.math.BigInteger;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.asn1.pkcs.SignerInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.ocsp.CertificateID;

/* loaded from: classes.dex */
public class PKCS7SignedData {
    private byte[] originalData;
    private Collection certs = new ArrayList();
    private Collection crls = new ArrayList();
    private Collection signers = new ArrayList();
    private Collection digestAlg = new ArrayList();

    static {
        if (Security.getProvider(TopCAProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new TopCAProvider());
        }
    }

    public PKCS7SignedData(byte[] bArr) {
        this.originalData = null;
        try {
            ContentInfo contentInfo = ContentInfo.getInstance(new ASN1InputStream(bArr).readObject());
            if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
                throw new SecurityException("not a PKCS7 Signed Data");
            }
            SignedData signedData = SignedData.getInstance(contentInfo.getContent());
            ASN1Set digestAlgorithms = signedData.getDigestAlgorithms();
            for (int i = 0; digestAlgorithms != null && i < digestAlgorithms.size(); i++) {
                this.digestAlg.add(AlgorithmIdentifier.getInstance(digestAlgorithms.getObjectAt(i)));
            }
            ASN1Set certificates = signedData.getCertificates();
            for (int i2 = 0; certificates != null && i2 < certificates.size(); i2++) {
                this.certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(certificates.getObjectAt(i2))));
            }
            ASN1Set cRLs = signedData.getCRLs();
            for (int i3 = 0; cRLs != null && i3 < cRLs.size(); i3++) {
                this.crls.add(TBSCertList.getInstance(cRLs.getObjectAt(i3)));
            }
            ASN1Set signerInfos = signedData.getSignerInfos();
            for (int i4 = 0; signerInfos != null && i4 < signerInfos.size(); i4++) {
                this.signers.add(SignerInfo.getInstance(signerInfos.getObjectAt(i4)));
            }
            DEREncodable content = signedData.getContentInfo().getContent();
            if (content != null) {
                this.originalData = ((DEROctetString) content).getOctets();
            }
        } catch (Exception unused) {
            throw new SecurityException("can't decode PKCS7 Signed Data object");
        }
    }

    private String getSignAlgorithm(String str, String str2) {
        if (str.equals("1.2.840.113549.2.5")) {
            str = "MD5";
        } else if (str.equals("1.2.840.113549.2.2")) {
            str = "MD2";
        } else if (str.equals(CertificateID.HASH_SHA1)) {
            str = "SHA1";
        } else if (str.equals("1.2.156.10197.1.401")) {
            str = "SM3";
        } else if (str.equals("1.2.156.10197.1.401.1")) {
            str = "SM3";
        } else if (str.equals("1.2.156.10197.1.401.2")) {
            str = "SM3";
        }
        if (str2.equals("1.2.840.113549.1.1.1")) {
            str2 = "RSA";
        } else if (str2.equals("1.2.840.10040.4.1")) {
            str2 = "DSA";
        } else if (str2.equals("1.2.156.10197.1.301")) {
            str2 = "SM2";
        }
        return str + "with" + str2;
    }

    public byte[] getContent() {
        if (this.originalData == null) {
            return null;
        }
        return (byte[]) this.originalData.clone();
    }

    public X509Certificate getSignCert(int i) {
        r1 = null;
        int i2 = 0;
        for (X509Certificate x509Certificate : this.certs) {
            if (i2 == i) {
                break;
            }
            i2++;
        }
        return x509Certificate;
    }

    public X509Certificate getSignCert(SignerInfo signerInfo) {
        IssuerAndSerialNumber issuerAndSerialNumber = signerInfo.getIssuerAndSerialNumber();
        BigInteger value = issuerAndSerialNumber.getCertificateSerialNumber().getValue();
        X509Principal x509Principal = new X509Principal(issuerAndSerialNumber.getName());
        for (X509Certificate x509Certificate : this.certs) {
            if (x509Certificate.getSerialNumber().equals(value) && x509Certificate.getIssuerDN().equals(x509Principal)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public int getSignCertSize() {
        return this.certs.size();
    }

    public int getSignInfoSize() {
        return this.signers.size();
    }

    public SignerInfo getSignerInfo(int i) {
        r1 = null;
        int i2 = 0;
        for (SignerInfo signerInfo : this.signers) {
            if (i2 == i) {
                break;
            }
            i2++;
        }
        return signerInfo;
    }

    public boolean isDetached() {
        return this.originalData == null;
    }

    public X509Certificate verify() {
        return verify(null, null);
    }

    public X509Certificate verify(String str) {
        return verify(null, str);
    }

    public X509Certificate verify(byte[] bArr) {
        return verify(bArr, null);
    }

    public X509Certificate verify(byte[] bArr, String str) {
        X509Certificate x509Certificate = null;
        for (SignerInfo signerInfo : this.signers) {
            X509Certificate signCert = getSignCert(signerInfo);
            if (signCert == null) {
                throw new SecurityException("Can't find signing certificate!");
            }
            String signAlgorithm = getSignAlgorithm(signerInfo.getDigestAlgorithm().getAlgorithm().getId(), signerInfo.getDigestEncryptionAlgorithm().getAlgorithm().getId());
            byte[] octets = signerInfo.getEncryptedDigest().getOctets();
            Signature signature = str != null ? Signature.getInstance(signAlgorithm, str) : Signature.getInstance(signAlgorithm);
            signature.initVerify(signCert.getPublicKey());
            if (this.originalData != null) {
                signature.update(this.originalData);
            } else {
                if (bArr == null) {
                    throw new SecurityException("No original data found!");
                }
                signature.update(bArr);
            }
            if (!signature.verify(octets)) {
                return null;
            }
            x509Certificate = signCert;
        }
        return x509Certificate;
    }
}
