package oracle.security.crypto.cms;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import oracle.security.crypto.asn1.ASN1FormatException;
import oracle.security.crypto.asn1.ASN1GenericConstructed;
import oracle.security.crypto.asn1.ASN1Integer;
import oracle.security.crypto.asn1.ASN1Object;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.asn1.ASN1Sequence;
import oracle.security.crypto.asn1.ASN1SequenceInputStream;
import oracle.security.crypto.asn1.ASN1Utils;
import oracle.security.crypto.cert.Attribute;
import oracle.security.crypto.cert.AttributeSet;
import oracle.security.crypto.cert.IssuerAndSerialNo;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.core.AlgorithmIdentifier;
import oracle.security.crypto.core.AuthenticationException;
import oracle.security.crypto.util.StreamableOutputException;
import oracle.security.crypto.util.UnsyncByteArrayOutputStream;
import oracle.security.crypto.util.Utils;
import oracle.security.crypto.util.VersionException;

/* loaded from: input_file:oracle/security/crypto/cms/CMSSignerInfo.class */
public final class CMSSignerInfo implements ASN1Object {
    private IssuerAndSerialNo signerIASN;
    private AlgorithmIdentifier digestAlgID;
    private AlgorithmIdentifier digestEncryptionAlgID;
    private AttributeSet authenticatedAttributes;
    private AttributeSet unauthenticatedAttributes;
    private byte[] encryptedDigest;
    private ASN1Integer version;
    private byte[] signerSPKI;
    private ASN1Sequence contents;

    public CMSSignerInfo(CMSContentInfo cMSContentInfo, AttributeSet attributeSet, PrivateKey privateKey, X509Certificate x509Certificate, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet2) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException, CertificateEncodingException, IOException {
        this.contents = null;
        this.version = new ASN1Integer(1L);
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Null Signer Certificate");
        }
        this.signerIASN = new IssuerAndSerialNo(new X509(x509Certificate.getEncoded()));
        this.digestAlgID = algorithmIdentifier;
        this.digestEncryptionAlgID = algorithmIdentifier2;
        if (attributeSet != null) {
            this.authenticatedAttributes = (AttributeSet) attributeSet.clone();
        }
        if (attributeSet2 != null) {
            this.unauthenticatedAttributes = (AttributeSet) attributeSet2.clone();
        }
        MessageDigest messageDigest = MessageDigest.getInstance(CMSUtils.getAlgoName(algorithmIdentifier));
        if (cMSContentInfo == null) {
            throw new IllegalArgumentException("Null Content Info");
        }
        if (cMSContentInfo.getExposedContent() == null && !cMSContentInfo.getContentType().equals(CMS.id_data)) {
            throw new SignatureException("Content type is not id-data and content is NULL");
        }
        byte[] exposedContent = cMSContentInfo.getExposedContent();
        exposedContent = exposedContent == null ? new byte[0] : exposedContent;
        byte[] digest = messageDigest.digest(exposedContent);
        byte[] bArr = exposedContent;
        if (!cMSContentInfo.getContentType().equals(CMS.id_data) || attributeSet != null) {
            if (attributeSet == null) {
                this.authenticatedAttributes = new AttributeSet();
            }
            this.authenticatedAttributes.addAttribute(CMS.id_contentType, cMSContentInfo.getContentType());
            this.authenticatedAttributes.addAttribute(CMS.id_messageDigest, new ASN1OctetString(digest));
            MessageDigest.getInstance(CMSUtils.getAlgoName(algorithmIdentifier)).digest(Utils.toBytes(this.authenticatedAttributes));
            bArr = Utils.toBytes(this.authenticatedAttributes);
        }
        Signature signature = Signature.getInstance(CMSUtils.getSigAlgName(privateKey.getAlgorithm(), CMSUtils.getAlgoName(algorithmIdentifier)));
        signature.initSign(privateKey);
        signature.update(bArr);
        this.encryptedDigest = signature.sign();
    }

    public CMSSignerInfo(X500Name x500Name, BigInteger bigInteger, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet, AttributeSet attributeSet2, byte[] bArr) {
        this(new IssuerAndSerialNo(x500Name, bigInteger), algorithmIdentifier, algorithmIdentifier2, attributeSet, attributeSet2, bArr);
    }

    public CMSSignerInfo(X509Certificate x509Certificate, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet, AttributeSet attributeSet2, byte[] bArr) throws CertificateEncodingException, IOException {
        this(new IssuerAndSerialNo(new X509(x509Certificate.getEncoded())), algorithmIdentifier, algorithmIdentifier2, attributeSet, attributeSet2, bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CMSSignerInfo(IssuerAndSerialNo issuerAndSerialNo, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet, AttributeSet attributeSet2, byte[] bArr) {
        this.contents = null;
        this.version = new ASN1Integer(1L);
        this.signerIASN = issuerAndSerialNo;
        this.digestAlgID = algorithmIdentifier;
        this.digestEncryptionAlgID = algorithmIdentifier2;
        if (attributeSet != null) {
            this.authenticatedAttributes = (AttributeSet) attributeSet.clone();
        }
        if (attributeSet2 != null) {
            this.unauthenticatedAttributes = (AttributeSet) attributeSet2.clone();
        }
        this.encryptedDigest = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CMSSignerInfo(byte[] bArr, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet, AttributeSet attributeSet2, byte[] bArr2) {
        this.contents = null;
        this.version = new ASN1Integer(3L);
        this.signerSPKI = bArr;
        this.digestAlgID = algorithmIdentifier;
        this.digestEncryptionAlgID = algorithmIdentifier2;
        if (attributeSet != null) {
            this.authenticatedAttributes = (AttributeSet) attributeSet.clone();
        }
        if (attributeSet2 != null) {
            this.unauthenticatedAttributes = (AttributeSet) attributeSet2.clone();
        }
        this.encryptedDigest = bArr2;
    }

    public CMSSignerInfo(InputStream inputStream) throws IOException {
        this.contents = null;
        input(inputStream);
    }

    public CMSSignerInfo(CMSContentInfo cMSContentInfo, AttributeSet attributeSet, PrivateKey privateKey, X509Certificate x509Certificate, AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2, AttributeSet attributeSet2, boolean z) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException {
        this.contents = null;
        if (z) {
            this.signerSPKI = CMSUtils.generateSPKI64(x509Certificate);
        } else {
            this.signerSPKI = CMSUtils.generateSPKI160(x509Certificate);
        }
        this.digestAlgID = algorithmIdentifier;
        this.digestEncryptionAlgID = algorithmIdentifier2;
        if (attributeSet != null) {
            this.authenticatedAttributes = (AttributeSet) attributeSet.clone();
        }
        if (attributeSet2 != null) {
            this.unauthenticatedAttributes = (AttributeSet) attributeSet2.clone();
        }
        MessageDigest messageDigest = MessageDigest.getInstance(CMSUtils.getAlgoName(algorithmIdentifier));
        if (cMSContentInfo == null) {
            throw new IllegalArgumentException("Null Content Info");
        }
        byte[] exposedContent = cMSContentInfo.getExposedContent();
        exposedContent = exposedContent == null ? new byte[0] : exposedContent;
        byte[] digest = messageDigest.digest(exposedContent);
        byte[] bArr = exposedContent;
        if (!cMSContentInfo.getContentType().equals(CMS.id_data) || attributeSet != null) {
            if (attributeSet == null) {
                this.authenticatedAttributes = new AttributeSet();
            }
            this.authenticatedAttributes.addAttribute(CMS.id_contentType, cMSContentInfo.getContentType());
            this.authenticatedAttributes.addAttribute(CMS.id_messageDigest, new ASN1OctetString(digest));
            MessageDigest.getInstance(CMSUtils.getAlgoName(algorithmIdentifier)).digest(Utils.toBytes(this.authenticatedAttributes));
            bArr = Utils.toBytes(this.authenticatedAttributes);
        }
        Signature signature = Signature.getInstance(CMSUtils.getSigAlgName(privateKey.getAlgorithm(), CMSUtils.getAlgoName(algorithmIdentifier)));
        signature.initSign(privateKey);
        signature.update(bArr);
        this.encryptedDigest = signature.sign();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IssuerAndSerialNo getIASN() {
        return this.signerIASN;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSPKI() {
        return this.signerSPKI;
    }

    public X500Name getIssuer() {
        if (this.signerIASN != null) {
            return this.signerIASN.getIssuer();
        }
        return null;
    }

    public BigInteger getSerialNo() {
        if (this.signerIASN != null) {
            return this.signerIASN.getSerialNo();
        }
        return null;
    }

    public AttributeSet getSignedAttributes() {
        return this.authenticatedAttributes;
    }

    public AttributeSet getUnsignedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public AttributeSet getAuthenticatedAttributes() {
        return this.authenticatedAttributes;
    }

    public AttributeSet getUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public void addUnsignedAttribute(Attribute attribute) {
        if (attribute != null) {
            if (this.unauthenticatedAttributes == null) {
                this.unauthenticatedAttributes = new AttributeSet();
            }
            this.unauthenticatedAttributes.addAttribute(attribute);
        }
    }

    public AlgorithmIdentifier getDigestAlgID() {
        return this.digestAlgID;
    }

    public AlgorithmIdentifier getDigestEncryptionAlgID() {
        return this.digestEncryptionAlgID;
    }

    public byte[] getEncryptedDigest() {
        return this.encryptedDigest;
    }

    public boolean isSPKI() {
        return this.signerSPKI != null;
    }

    public BigInteger getVersionNumber() {
        return this.version.getValue();
    }

    public ASN1Integer getVersion() {
        return this.version;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("issuer = \"");
        stringBuffer.append(getIssuer());
        stringBuffer.append("\", serial number = ");
        stringBuffer.append(getSerialNo());
        stringBuffer.append("spki = \"");
        stringBuffer.append(Utils.toHexString(getSPKI()) + "\"");
        if (this.authenticatedAttributes != null) {
            stringBuffer.append(", " + Utils.plural(this.authenticatedAttributes.size(), "authenticated attribute"));
        }
        if (this.unauthenticatedAttributes != null) {
            stringBuffer.append(", " + Utils.plural(this.unauthenticatedAttributes.size(), "unauthenticated attribute"));
        }
        stringBuffer.append(", digest alg OID = " + this.digestAlgID.getOID());
        stringBuffer.append(", digest encryption alg OID = " + this.digestEncryptionAlgID.getOID());
        stringBuffer.append(", encrypted digest = " + Utils.toHexString(this.encryptedDigest));
        return stringBuffer.toString();
    }

    public int hashCode() {
        try {
            UnsyncByteArrayOutputStream unsyncByteArrayOutputStream = new UnsyncByteArrayOutputStream();
            output(unsyncByteArrayOutputStream);
            return new String(unsyncByteArrayOutputStream.toByteArray()).hashCode();
        } catch (IOException e) {
            throw new StreamableOutputException(e.toString());
        }
    }

    public boolean equals(Object obj) {
        return (obj instanceof CMSSignerInfo) && hashCode() == ((CMSSignerInfo) obj).hashCode();
    }

    public void verifySignature(CMSContentInfo cMSContentInfo, PublicKey publicKey) throws AuthenticationException, SignatureException {
        if (cMSContentInfo == null) {
            throw new IllegalArgumentException("Null Content Info");
        }
        byte[] exposedContent = cMSContentInfo.getExposedContent();
        if (exposedContent == null && !cMSContentInfo.getContentType().equals(CMS.id_data)) {
            throw new AuthenticationException("Content missing.");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CMSUtils.getAlgoName(this.digestAlgID));
            if (exposedContent == null) {
                messageDigest.digest(new byte[0]);
            } else {
                messageDigest.digest(exposedContent);
            }
            verifySignature(exposedContent, cMSContentInfo.getContentType(), publicKey);
        } catch (NoSuchAlgorithmException e) {
            throw new AuthenticationException(e.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySignature(byte[] bArr, ASN1ObjectID aSN1ObjectID, PublicKey publicKey) throws AuthenticationException, SignatureException {
        if (bArr == null) {
            bArr = new byte[0];
        }
        try {
            if (this.authenticatedAttributes != null) {
                try {
                    Vector attributeValues = this.authenticatedAttributes.getAttributeValues(CMS.id_contentType);
                    if (attributeValues == null) {
                        throw new AuthenticationException("The 'contentType' attribute is missing");
                    }
                    if (attributeValues.size() != 1) {
                        throw new AuthenticationException("The 'contentType' attribute is not single valued");
                    }
                    if (!((ASN1ObjectID) attributeValues.elementAt(0)).equals(aSN1ObjectID)) {
                        throw new AuthenticationException("The value of the 'contentType' attribute is incorrect");
                    }
                    try {
                        Vector attributeValues2 = this.authenticatedAttributes.getAttributeValues(CMS.id_messageDigest);
                        if (attributeValues2 == null) {
                            throw new AuthenticationException("The 'messageDigest' attribute is missing");
                        }
                        if (attributeValues2.size() != 1) {
                            throw new AuthenticationException("The 'messageDigest' attribute is not single valued");
                        }
                        if (!Utils.areEqual(MessageDigest.getInstance(CMSUtils.getAlgoName(this.digestAlgID)).digest(bArr), ((ASN1OctetString) attributeValues2.elementAt(0)).getValue())) {
                            throw new AuthenticationException("The value of the 'messageDigest' attribute is incorrect");
                        }
                        MessageDigest.getInstance(CMSUtils.getAlgoName(this.digestAlgID)).digest(Utils.toBytes(this.authenticatedAttributes));
                        bArr = Utils.toBytes(this.authenticatedAttributes);
                    } catch (ClassCastException e) {
                        throw new AuthenticationException("The value of the 'messageDigest' attribute has the wrong type");
                    }
                } catch (ClassCastException e2) {
                    throw new AuthenticationException("The value of the 'contentType' attribute has the wrong type");
                }
            } else if (!aSN1ObjectID.equals(CMS.id_data)) {
                throw new AuthenticationException("Content type is not 'data', but authenticated attributes are missing.");
            }
            Signature signature = Signature.getInstance(CMSUtils.getSigAlgName(publicKey.getAlgorithm(), CMSUtils.getAlgoName(this.digestAlgID)));
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (!signature.verify(this.encryptedDigest)) {
                throw new AuthenticationException("Signature is invalid");
            }
        } catch (InvalidKeyException e3) {
            throw new AuthenticationException(e3.toString());
        } catch (NoSuchAlgorithmException e4) {
            throw new AuthenticationException(e4.toString());
        }
    }

    void verifySignature(byte[] bArr, PublicKey publicKey, SecretKey secretKey, AlgorithmIdentifier algorithmIdentifier) throws AuthenticationException, SignatureException {
        try {
            Cipher cipher = Cipher.getInstance(CMSUtils.addPadding(CMSUtils.getAlgoName(algorithmIdentifier)));
            cipher.init(2, secretKey);
            byte[] update = cipher.update(this.encryptedDigest);
            Signature signature = Signature.getInstance(CMSUtils.getSigAlgName(publicKey.getAlgorithm(), CMSUtils.getAlgoName(this.digestAlgID)));
            signature.initVerify(publicKey);
            signature.update(bArr);
            if (signature.verify(update)) {
            } else {
                throw new AuthenticationException("Signature is invalid");
            }
        } catch (InvalidKeyException e) {
            throw new AuthenticationException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new AuthenticationException(e2.toString());
        } catch (NoSuchPaddingException e3) {
            throw new AuthenticationException(e3.toString());
        }
    }

    public void input(InputStream inputStream) throws IOException {
        ASN1SequenceInputStream aSN1SequenceInputStream = new ASN1SequenceInputStream(inputStream);
        this.version = new ASN1Integer(aSN1SequenceInputStream);
        if (!this.version.equals(1) && !this.version.equals(3)) {
            throw new VersionException(this.version.getValue(), 1);
        }
        if (!this.version.equals(3)) {
            this.signerIASN = new IssuerAndSerialNo(aSN1SequenceInputStream);
        } else {
            if (aSN1SequenceInputStream.getCurrentTag() != 0) {
                throw new IOException("Version 3 SignerInfo Expected Tag [0]");
            }
            aSN1SequenceInputStream.setCurrentTag(4);
            this.signerSPKI = new ASN1OctetString(aSN1SequenceInputStream).getValue();
        }
        this.digestAlgID = new AlgorithmIdentifier(aSN1SequenceInputStream);
        if (aSN1SequenceInputStream.getCurrentTag() == 0) {
            aSN1SequenceInputStream.setCurrentTag(17);
            this.authenticatedAttributes = new AttributeSet(aSN1SequenceInputStream);
        } else {
            this.authenticatedAttributes = null;
        }
        this.digestEncryptionAlgID = new AlgorithmIdentifier(aSN1SequenceInputStream);
        this.encryptedDigest = new ASN1OctetString(aSN1SequenceInputStream).getValue();
        if (!aSN1SequenceInputStream.hasMoreData()) {
            this.unauthenticatedAttributes = null;
        } else {
            if (aSN1SequenceInputStream.getCurrentTag() != 1) {
                throw new ASN1FormatException("unauthenticatedAttributes with Tag [1] expected");
            }
            aSN1SequenceInputStream.setCurrentTag(17);
            this.unauthenticatedAttributes = new AttributeSet(aSN1SequenceInputStream);
        }
        aSN1SequenceInputStream.terminate();
        update();
    }

    public void output(OutputStream outputStream) throws IOException {
        toASN1Sequence().output(outputStream);
    }

    public int length() {
        return toASN1Sequence().length();
    }

    private void update() {
        this.contents = null;
    }

    private ASN1Sequence toASN1Sequence() {
        if (this.contents == null) {
            ASN1Sequence aSN1Sequence = new ASN1Sequence();
            if (this.signerSPKI != null) {
                aSN1Sequence.addElement(new ASN1Integer(3L));
                aSN1Sequence.addElement(ASN1Utils.addImplicitTag(new ASN1OctetString(this.signerSPKI), 0));
            } else {
                aSN1Sequence.addElement(new ASN1Integer(1L));
                aSN1Sequence.addElement(this.signerIASN);
            }
            aSN1Sequence.addElement(this.digestAlgID);
            if (this.authenticatedAttributes != null) {
                ASN1GenericConstructed aSN1GenericConstructed = new ASN1GenericConstructed(this.authenticatedAttributes.toASN1Set().elements(), 0);
                aSN1GenericConstructed.setEncodingType(2);
                aSN1Sequence.addElement(aSN1GenericConstructed);
            }
            aSN1Sequence.addElement(this.digestEncryptionAlgID);
            aSN1Sequence.addElement(new ASN1OctetString(this.encryptedDigest));
            if (this.unauthenticatedAttributes != null) {
                aSN1Sequence.addElement(new ASN1GenericConstructed(this.unauthenticatedAttributes.toASN1Set().elements(), 1));
            }
            this.contents = aSN1Sequence;
        }
        return this.contents;
    }
}
