package oracle.security.crypto.cms;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Vector;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import oracle.security.crypto.asn1.ASN1ConstructedInputStream;
import oracle.security.crypto.asn1.ASN1Integer;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.asn1.ASN1SetInputStream;
import oracle.security.crypto.cert.AttributeSet;
import oracle.security.crypto.cert.IssuerAndSerialNo;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.core.AlgID;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.util.InvalidInputException;
import oracle.security.crypto.util.Utils;
import oracle.security.crypto.util.VersionException;

/* loaded from: input_file:oracle/security/crypto/cms/CMSAuthenticatedDataInputStream.class */
public class CMSAuthenticatedDataInputStream extends CMSInputStream {
    private final boolean readingFromConnector;
    private PrivateKey recipientPrivateKey;
    private SecretKey keyEncryptionKey;
    private IssuerAndSerialNo recipientIASN;
    private ASN1ObjectID enclosedContentType;
    private OriginatorInfo origInfo;
    private AttributeSet authenticatedAttribs;
    private AttributeSet unauthenticatedAttribs;
    private ASN1Integer version;
    private byte[] recipientSPKI64;
    private byte[] recipientSPKI160;
    private MessageDigest md;
    private ByteArrayOutputStream bos;
    private byte[] bosData;
    private AlgorithmIdentifier macAlgorithm;
    private AlgorithmIdentifier digestAlgID;
    private byte[] macCode;
    private byte[] dig;
    private boolean readInitial;
    private boolean terminated;
    private ASN1ConstructedInputStream ci_in;
    private ASN1ConstructedInputStream cic_in;
    private ASN1ConstructedInputStream ed_in;
    private CIInputStream content_in;
    private byte[] contentAuthenticationKey;
    private String contentAuthenticationKeyAlgo;

    public CMSAuthenticatedDataInputStream(InputStream inputStream, PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateEncodingException, IOException, NoSuchAlgorithmException {
        super(inputStream);
        this.enclosedContentType = CMS.id_data;
        this.readInitial = false;
        this.terminated = false;
        this.contentAuthenticationKey = null;
        this.contentAuthenticationKeyAlgo = null;
        this.recipientPrivateKey = privateKey;
        this.recipientIASN = new IssuerAndSerialNo(new X509(x509Certificate.getEncoded()));
        this.recipientSPKI64 = CMSUtils.generateSPKI64(x509Certificate);
        this.recipientSPKI160 = CMSUtils.generateSPKI160(x509Certificate);
        this.readingFromConnector = false;
    }

    public CMSAuthenticatedDataInputStream(CMSInputConnector cMSInputConnector, PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateEncodingException, NoSuchAlgorithmException, IOException {
        super(cMSInputConnector.getInputStream());
        this.enclosedContentType = CMS.id_data;
        this.readInitial = false;
        this.terminated = false;
        this.contentAuthenticationKey = null;
        this.contentAuthenticationKeyAlgo = null;
        this.recipientPrivateKey = privateKey;
        this.recipientIASN = new IssuerAndSerialNo(new X509(x509Certificate.getEncoded()));
        this.recipientSPKI64 = CMSUtils.generateSPKI64(x509Certificate);
        this.recipientSPKI160 = CMSUtils.generateSPKI160(x509Certificate);
        this.readingFromConnector = true;
    }

    public CMSAuthenticatedDataInputStream(InputStream inputStream, SecretKey secretKey) {
        super(inputStream);
        this.enclosedContentType = CMS.id_data;
        this.readInitial = false;
        this.terminated = false;
        this.contentAuthenticationKey = null;
        this.contentAuthenticationKeyAlgo = null;
        this.keyEncryptionKey = secretKey;
        this.readingFromConnector = false;
    }

    public CMSAuthenticatedDataInputStream(CMSInputConnector cMSInputConnector, SecretKey secretKey) {
        super(cMSInputConnector.getInputStream());
        this.enclosedContentType = CMS.id_data;
        this.readInitial = false;
        this.terminated = false;
        this.contentAuthenticationKey = null;
        this.contentAuthenticationKeyAlgo = null;
        this.keyEncryptionKey = secretKey;
        this.readingFromConnector = true;
    }

    private void ensureReadInitial() throws IOException {
        if (this.readInitial) {
            return;
        }
        if (this.readingFromConnector) {
            this.ed_in = new ASN1SequenceInputStream(this.in);
        } else {
            this.ci_in = new ASN1SequenceInputStream(this.in);
            if (!CMS.id_ct_authData.equals(new ASN1ObjectID(this.ci_in))) {
                throw new InvalidInputException("Content-type 'authenticatedData' expected.");
            }
            this.cic_in = new ASN1ConstructedInputStream(this.ci_in, 0);
            this.ed_in = new ASN1SequenceInputStream(this.cic_in);
        }
        this.version = new ASN1Integer(this.ed_in);
        if (!this.version.equals(0) && !this.version.equals(2)) {
            throw new VersionException("Expected Version 0 or 2 but Got " + this.version.getValue());
        }
        if (this.ed_in.getCurrentTag() == 0) {
            this.ed_in.setCurrentTag(16);
            this.origInfo = new OriginatorInfo(this.ed_in);
        }
        try {
            boolean z = false;
            ASN1SetInputStream aSN1SetInputStream = new ASN1SetInputStream(this.ed_in);
            while (aSN1SetInputStream.hasMoreData()) {
                CMSRecipientInfo inputInstance = CMSRecipientInfo.inputInstance(aSN1SetInputStream);
                if (inputInstance instanceof CMSKeyTransRecipientInfo) {
                    CMSKeyTransRecipientInfo cMSKeyTransRecipientInfo = (CMSKeyTransRecipientInfo) inputInstance;
                    if (cMSKeyTransRecipientInfo.getSPKI() == null) {
                        if (cMSKeyTransRecipientInfo.getIASN().equals(this.recipientIASN) && this.recipientPrivateKey != null) {
                            this.contentAuthenticationKey = cMSKeyTransRecipientInfo.getContentAuthenticationKey(this.recipientPrivateKey);
                            this.contentAuthenticationKeyAlgo = cMSKeyTransRecipientInfo.getKeyAlgo();
                            z = true;
                        }
                    } else if (Utils.toHexString(cMSKeyTransRecipientInfo.getSPKI()).equals(Utils.toHexString(this.recipientSPKI64))) {
                        if (this.recipientPrivateKey != null) {
                            this.contentAuthenticationKey = cMSKeyTransRecipientInfo.getContentAuthenticationKey(this.recipientPrivateKey);
                            this.contentAuthenticationKeyAlgo = cMSKeyTransRecipientInfo.getKeyAlgo();
                            z = true;
                        }
                    } else if (Utils.toHexString(cMSKeyTransRecipientInfo.getSPKI()).equals(Utils.toHexString(this.recipientSPKI160)) && this.recipientPrivateKey != null) {
                        this.contentAuthenticationKey = cMSKeyTransRecipientInfo.getContentAuthenticationKey(this.recipientPrivateKey);
                        this.contentAuthenticationKeyAlgo = cMSKeyTransRecipientInfo.getKeyAlgo();
                        z = true;
                    }
                } else if (inputInstance instanceof CMSKEKRecipientInfo) {
                    CMSKEKRecipientInfo cMSKEKRecipientInfo = (CMSKEKRecipientInfo) inputInstance;
                    if (this.keyEncryptionKey != null) {
                        this.contentAuthenticationKey = cMSKEKRecipientInfo.getContentAuthenticationKey(this.keyEncryptionKey);
                        this.contentAuthenticationKeyAlgo = this.keyEncryptionKey.getAlgorithm();
                        z = true;
                    }
                }
                if (z) {
                    aSN1SetInputStream.terminate(true);
                    this.macAlgorithm = new AlgorithmIdentifier(this.ed_in);
                    if (this.ed_in.getCurrentTag() == 1) {
                        this.ed_in.setCurrentTag(16);
                        this.digestAlgID = new AlgorithmIdentifier(this.ed_in);
                    }
                    this.content_in = new CIInputStream(this.ed_in);
                    this.enclosedContentType = this.content_in.getContentType();
                    if (this.digestAlgID != null) {
                        try {
                            this.md = MessageDigest.getInstance(CMSUtils.getAlgoName(this.digestAlgID));
                        } catch (NoSuchAlgorithmException e) {
                            throw new IOException("Message Digest Algorithm not Supported " + e.toString());
                        }
                    }
                    this.bos = new ByteArrayOutputStream();
                    this.readInitial = true;
                    return;
                }
            }
            throw new InvalidInputException("Recipient not found.");
        } catch (InvalidAlgorithmParameterException e2) {
            throw new InvalidInputException(e2);
        } catch (InvalidKeyException e3) {
            throw new InvalidInputException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new InvalidInputException(e4);
        } catch (InvalidKeySpecException e5) {
            throw new InvalidInputException(e5);
        } catch (BadPaddingException e6) {
            throw new InvalidInputException(e6);
        } catch (IllegalBlockSizeException e7) {
            throw new InvalidInputException(e7);
        } catch (NoSuchPaddingException e8) {
            throw new InvalidInputException(e8);
        }
    }

    private void ensureTerminated() throws IOException {
        if (this.terminated) {
            return;
        }
        if (this.ed_in.getCurrentTag() == 2) {
            this.ed_in.setCurrentTag(17);
            this.authenticatedAttribs = new AttributeSet(this.ed_in);
        }
        this.macCode = new ASN1OctetString(this.ed_in).getValue();
        if (this.ed_in.hasMoreData()) {
            if (this.ed_in.getCurrentTag() != 3) {
                throw new InvalidInputException("Expected Unauthenticated Attributes");
            }
            this.ed_in.setCurrentTag(17);
            this.unauthenticatedAttribs = new AttributeSet(this.ed_in);
        }
        this.ed_in.terminate();
        if (!this.readingFromConnector) {
            this.cic_in.terminate();
            this.ci_in.terminate();
        }
        if (this.md != null) {
            this.dig = this.md.digest();
        }
        this.bosData = this.bos.toByteArray();
        this.bos.close();
        if (!this.enclosedContentType.equals(CMS.id_data) && this.authenticatedAttribs == null) {
            throw new IOException("AuthenticatedAttributes MUST be present if the  Encapsulated Content-Type is not CMS.id_data ");
        }
        if ((this.digestAlgID == null && this.authenticatedAttribs != null) || (this.digestAlgID != null && this.authenticatedAttribs == null)) {
            throw new InvalidInputException("Digest Algorithm and AuthenticatedAttributes  MUST Both be present or Not at all");
        }
        this.terminated = true;
    }

    @Override // oracle.security.crypto.cms.CMSInputStream
    public ASN1ObjectID getEnclosedContentType() throws IOException {
        ensureReadInitial();
        return this.enclosedContentType;
    }

    public void verifyMAC() throws AuthenticationException {
        if (!this.readInitial) {
            throw new AuthenticationException("No input read");
        }
        try {
            ensureTerminated();
            byte[] bArr = this.bosData;
            if (this.md != null) {
                byte[] bArr2 = this.dig;
                try {
                    Vector attributeValues = this.authenticatedAttribs.getAttributeValues(CMS.id_contentType);
                    if (attributeValues == null) {
                        throw new AuthenticationException("The 'contentType' attribute is missing");
                    }
                    if (attributeValues.size() != 1) {
                        throw new AuthenticationException("The 'contentType' attribute is not single valued");
                    }
                    if (!((ASN1ObjectID) attributeValues.elementAt(0)).equals(this.enclosedContentType)) {
                        throw new AuthenticationException("The value of the 'contentType' attribute is incorrect");
                    }
                    try {
                        Vector attributeValues2 = this.authenticatedAttribs.getAttributeValues(CMS.id_messageDigest);
                        if (attributeValues2 == null) {
                            throw new AuthenticationException("The 'messageDigest' attribute is missing");
                        }
                        if (attributeValues2.size() != 1) {
                            throw new AuthenticationException("The 'messageDigest' attribute is not single valued");
                        }
                        if (!Utils.areEqual(bArr2, ((ASN1OctetString) attributeValues2.elementAt(0)).getValue())) {
                            throw new AuthenticationException("The value of the 'messageDigest' attribute is incorrect");
                        }
                        try {
                            bArr = MessageDigest.getInstance(CMSUtils.getAlgoName(this.digestAlgID)).digest(Utils.toBytes(this.authenticatedAttribs));
                        } catch (NoSuchAlgorithmException e) {
                            throw new AuthenticationException(e.toString());
                        }
                    } catch (ClassCastException e2) {
                        throw new AuthenticationException("The value of the 'messageDigest' attribute has the wrong type");
                    }
                } catch (ClassCastException e3) {
                    throw new AuthenticationException("The value of the 'contentType' attribute has the wrong type");
                }
            }
            try {
                AlgorithmIdentifier algorithmIdentifier = null;
                if (this.macAlgorithm.equals(CMS.hmac_SHA_1)) {
                    algorithmIdentifier = AlgID.sha_1;
                } else {
                    new AuthenticationException("unsupported HMAC Algorithm: " + this.macAlgorithm);
                }
                String algoName = CMSUtils.getAlgoName(algorithmIdentifier);
                this.contentAuthenticationKeyAlgo = CMSUtils.getAlgoName(this.macAlgorithm);
                Mac mac = Mac.getInstance("Hmac" + algoName);
                mac.init(new SecretKeySpec(this.contentAuthenticationKey, this.contentAuthenticationKeyAlgo));
                if (bArr == null) {
                    bArr = new byte[0];
                }
                if (Utils.areEqual(this.macCode, mac.doFinal(bArr))) {
                } else {
                    throw new AuthenticationException(" MAC is invalid");
                }
            } catch (InvalidKeyException e4) {
                throw new AuthenticationException(e4.toString());
            } catch (NoSuchAlgorithmException e5) {
                throw new AuthenticationException(e5.toString());
            }
        } catch (IOException e6) {
            throw new AuthenticationException("Not at end of stream");
        }
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public int read() throws IOException {
        ensureReadInitial();
        int read = this.content_in.read();
        if (read == -1) {
            ensureTerminated();
        } else {
            if (this.md != null) {
                this.md.update((byte) read);
            }
            this.bos.write((byte) read);
        }
        return read;
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public int read(byte[] bArr, int i, int i2) throws IOException {
        ensureReadInitial();
        int read = this.content_in.read(bArr, i, i2);
        if (read == -1) {
            ensureTerminated();
        } else {
            if (this.md != null) {
                this.md.update(bArr, i, read);
            }
            this.bos.write(bArr, i, read);
        }
        return read;
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public int available() throws IOException {
        ensureReadInitial();
        return this.content_in.available();
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public long skip(long j) throws IOException {
        throw new IOException("Skip not implemented.");
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public boolean markSupported() {
        return false;
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public void mark(int i) {
    }

    @Override // java.io.FilterInputStream, java.io.InputStream
    public void reset() throws IOException {
        throw new IOException("mark/reset not supported");
    }

    @Override // oracle.security.crypto.cms.CMSInputStream
    public void terminate() throws IOException {
        if (this.terminated) {
            return;
        }
        this.content_in.ensureTerminated();
        ensureTerminated();
    }

    public OriginatorInfo getOriginatorInfo() throws IOException {
        ensureReadInitial();
        return this.origInfo;
    }

    public AttributeSet getAuthenticatedAttributes() throws IOException {
        terminate();
        return this.authenticatedAttribs;
    }

    public AttributeSet getUnauthenticatedAttributes() throws IOException {
        terminate();
        return this.unauthenticatedAttribs;
    }

    public BigInteger getVersionNumber() throws IOException {
        ensureReadInitial();
        return this.version.getValue();
    }

    public ASN1Integer getVersion() throws IOException {
        ensureReadInitial();
        return this.version;
    }

    public AlgorithmIdentifier getMACAlgID() throws IOException {
        ensureReadInitial();
        return this.macAlgorithm;
    }

    public AlgorithmIdentifier getDigestAlgID() throws IOException {
        ensureReadInitial();
        return this.digestAlgID;
    }

    public byte[] getMAC() throws IOException {
        terminate();
        return this.macCode;
    }
}
