package sun.security.pkcs;

import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import sun.misc.HexDumpEncoder;
import sun.security.util.BigInt;
import sun.security.util.DerEncoder;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.X500Name;

/* loaded from: input_file:efixes/PK37419_Windows_i386/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/pkcs/SignerInfo.class */
public class SignerInfo implements DerEncoder {
    BigInt version;
    X500Name issuerName;
    BigInt certificateSerialNumber;
    AlgorithmId digestAlgorithmId;
    AlgorithmId digestEncryptionAlgorithmId;
    byte[] encryptedDigest;
    PKCS9Attributes authenticatedAttributes;
    PKCS9Attributes unauthenticatedAttributes;

    public SignerInfo(X500Name x500Name, BigInt bigInt, AlgorithmId algorithmId, AlgorithmId algorithmId2, byte[] bArr) {
        this.version = new BigInt(1);
        this.issuerName = x500Name;
        this.certificateSerialNumber = bigInt;
        this.digestAlgorithmId = algorithmId;
        this.digestEncryptionAlgorithmId = algorithmId2;
        this.encryptedDigest = bArr;
    }

    public SignerInfo(X500Name x500Name, BigInt bigInt, AlgorithmId algorithmId, PKCS9Attributes pKCS9Attributes, AlgorithmId algorithmId2, byte[] bArr, PKCS9Attributes pKCS9Attributes2) {
        this.version = new BigInt(1);
        this.issuerName = x500Name;
        this.certificateSerialNumber = bigInt;
        this.digestAlgorithmId = algorithmId;
        this.authenticatedAttributes = pKCS9Attributes;
        this.digestEncryptionAlgorithmId = algorithmId2;
        this.encryptedDigest = bArr;
        this.unauthenticatedAttributes = pKCS9Attributes2;
    }

    public SignerInfo(DerInputStream derInputStream) throws IOException, ParsingException {
        this(derInputStream, false);
    }

    public SignerInfo(DerInputStream derInputStream, boolean z) throws IOException, ParsingException {
        this.version = derInputStream.getInteger();
        DerValue[] sequence = derInputStream.getSequence(2);
        this.issuerName = new X500Name(new DerValue((byte) 48, sequence[0].toByteArray()));
        this.certificateSerialNumber = sequence[1].getInteger();
        this.digestAlgorithmId = AlgorithmId.parse(derInputStream.getDerValue());
        if (z) {
            derInputStream.getSet(0);
        } else if (((byte) derInputStream.peekByte()) == -96) {
            this.authenticatedAttributes = new PKCS9Attributes(derInputStream);
        }
        this.digestEncryptionAlgorithmId = AlgorithmId.parse(derInputStream.getDerValue());
        this.encryptedDigest = derInputStream.getOctetString();
        if (z) {
            derInputStream.getSet(0);
        } else if (derInputStream.available() != 0 && ((byte) derInputStream.peekByte()) == -95) {
            this.unauthenticatedAttributes = new PKCS9Attributes(derInputStream);
        }
        if (derInputStream.available() != 0) {
            throw new ParsingException("extra data at the end");
        }
    }

    public void encode(DerOutputStream derOutputStream) throws IOException {
        derEncode(derOutputStream);
    }

    @Override // sun.security.util.DerEncoder
    public void derEncode(OutputStream outputStream) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        derOutputStream.putInteger(this.version);
        DerOutputStream derOutputStream2 = new DerOutputStream();
        this.issuerName.encode(derOutputStream2);
        derOutputStream2.putInteger(this.certificateSerialNumber);
        derOutputStream.write((byte) 48, derOutputStream2);
        this.digestAlgorithmId.encode(derOutputStream);
        if (this.authenticatedAttributes != null) {
            this.authenticatedAttributes.encode((byte) -96, derOutputStream);
        }
        this.digestEncryptionAlgorithmId.encode(derOutputStream);
        derOutputStream.putOctetString(this.encryptedDigest);
        if (this.unauthenticatedAttributes != null) {
            this.unauthenticatedAttributes.encode((byte) -95, derOutputStream);
        }
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.write((byte) 48, derOutputStream);
        outputStream.write(derOutputStream3.toByteArray());
    }

    public X509Certificate getCertificate(PKCS7 pkcs7) throws IOException {
        return pkcs7.getCertificate(this.certificateSerialNumber, this.issuerName);
    }

    public ArrayList getCertificateChain(PKCS7 pkcs7) throws IOException {
        boolean z;
        X509Certificate certificate = pkcs7.getCertificate(this.certificateSerialNumber, this.issuerName);
        if (certificate == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(certificate);
        X509Certificate[] certificates = pkcs7.getCertificates();
        if (certificates == null || certificate.getSubjectDN().equals(certificate.getIssuerDN())) {
            return arrayList;
        }
        Principal issuerDN = certificate.getIssuerDN();
        int i = 0;
        do {
            z = false;
            int i2 = i;
            while (true) {
                if (i2 >= certificates.length) {
                    break;
                }
                if (issuerDN.equals(certificates[i2].getSubjectDN())) {
                    arrayList.add(certificates[i2]);
                    if (certificates[i2].getSubjectDN().equals(certificates[i2].getIssuerDN())) {
                        i = certificates.length;
                    } else {
                        issuerDN = certificates[i2].getIssuerDN();
                        X509Certificate x509Certificate = certificates[i];
                        certificates[i] = certificates[i2];
                        certificates[i2] = x509Certificate;
                        i++;
                    }
                    z = true;
                } else {
                    i2++;
                }
            }
        } while (z);
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignerInfo verify(PKCS7 pkcs7, byte[] bArr) throws NoSuchAlgorithmException, SignatureException {
        byte[] bArr2;
        byte[] derEncoding;
        try {
            ContentInfo contentInfo = pkcs7.getContentInfo();
            if (bArr == null) {
                bArr = contentInfo.getContentBytes();
            }
            String name = getDigestAlgorithmId().getName();
            if (name.equalsIgnoreCase("SHA")) {
                name = "SHA1";
            }
            if (this.authenticatedAttributes == null) {
                derEncoding = bArr;
            } else {
                ObjectIdentifier objectIdentifier = (ObjectIdentifier) this.authenticatedAttributes.getAttributeValue(PKCS9Attribute.CONTENT_TYPE_OID);
                if (objectIdentifier == null || !objectIdentifier.equals(contentInfo.contentType) || (bArr2 = (byte[]) this.authenticatedAttributes.getAttributeValue(PKCS9Attribute.MESSAGE_DIGEST_OID)) == null) {
                    return null;
                }
                byte[] digest = MessageDigest.getInstance(name).digest(bArr);
                if (bArr2.length != digest.length) {
                    return null;
                }
                for (int i = 0; i < bArr2.length; i++) {
                    if (bArr2[i] != digest[i]) {
                        return null;
                    }
                }
                derEncoding = this.authenticatedAttributes.getDerEncoding();
            }
            String name2 = getDigestEncryptionAlgorithmId().getName();
            if (name2.equalsIgnoreCase("SHA1withDSA")) {
                name2 = "DSA";
            }
            Signature signature = Signature.getInstance(new StringBuffer().append(name).append("with").append(name2).toString());
            X509Certificate certificate = getCertificate(pkcs7);
            if (certificate == null) {
                return null;
            }
            if (certificate.hasUnsupportedCriticalExtension()) {
                throw new SignatureException("Certificate has unsupported critical extension(s)");
            }
            byte[] extensionValue = certificate.getExtensionValue(PKIXExtensions.KeyUsage_Id.toString());
            if (extensionValue != null) {
                try {
                    if (!((Boolean) new KeyUsageExtension(new Boolean(true), extensionValue).get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue()) {
                        throw new SignatureException("Key usage restricted: cannot be used for digital signatures");
                    }
                } catch (IOException e) {
                    throw new SignatureException("Failed to parse keyUsage extension");
                }
            }
            signature.initVerify(certificate.getPublicKey());
            signature.update(derEncoding);
            if (signature.verify(this.encryptedDigest)) {
                return this;
            }
            return null;
        } catch (IOException e2) {
            throw new SignatureException(new StringBuffer().append("IO error verifying signature:\n").append(e2.getMessage()).toString());
        } catch (InvalidKeyException e3) {
            throw new SignatureException(new StringBuffer().append("InvalidKey: ").append(e3.getMessage()).toString());
        }
    }

    SignerInfo verify(PKCS7 pkcs7) throws NoSuchAlgorithmException, SignatureException {
        return verify(pkcs7, null);
    }

    public BigInt getVersion() {
        return this.version;
    }

    public X500Name getIssuerName() {
        return this.issuerName;
    }

    public BigInt getCertificateSerialNumber() {
        return this.certificateSerialNumber;
    }

    public AlgorithmId getDigestAlgorithmId() {
        return this.digestAlgorithmId;
    }

    public PKCS9Attributes getAuthenticatedAttributes() {
        return this.authenticatedAttributes;
    }

    public AlgorithmId getDigestEncryptionAlgorithmId() {
        return this.digestEncryptionAlgorithmId;
    }

    public byte[] getEncryptedDigest() {
        return this.encryptedDigest;
    }

    public PKCS9Attributes getUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public String toString() {
        HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
        String stringBuffer = new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("").append("Signer Info for (issuer): ").append(this.issuerName).append("\n").toString()).append("\tversion: ").append(this.version).append("\n").toString()).append("\tcertificateSerialNumber: ").append(this.certificateSerialNumber).append("\n").toString()).append("\tdigestAlgorithmId: ").append(this.digestAlgorithmId).append("\n").toString();
        if (this.authenticatedAttributes != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("\tauthenticatedAttributes: ").append(this.authenticatedAttributes).append("\n").toString();
        }
        String stringBuffer2 = new StringBuffer().append(new StringBuffer().append(stringBuffer).append("\tdigestEncryptionAlgorithmId: ").append(this.digestEncryptionAlgorithmId).append("\n").toString()).append("\tencryptedDigest: \n").append(hexDumpEncoder.encodeBuffer(this.encryptedDigest)).append("\n").toString();
        if (this.unauthenticatedAttributes != null) {
            stringBuffer2 = new StringBuffer().append(stringBuffer2).append("\tunauthenticatedAttributes: ").append(this.unauthenticatedAttributes).append("\n").toString();
        }
        return stringBuffer2;
    }
}
