package com.logica.security.pkcs_7;

import com.logica.asn1.ASN1OctetString;
import com.logica.asn1.ASN1Sequence;
import com.logica.asn1.BERInputStream;
import com.logica.asn1.DEREncodable;
import com.logica.asn1.DERObject;
import com.logica.asn1.DEROutputStream;
import com.logica.asn1.nist.NISTObjectIdentifiers;
import com.logica.asn1.pkcs.PKCSObjectIdentifiers;
import com.logica.asn1.x509.X509ObjectIdentifiers;
import com.logica.common.logging.LLogger;
import com.logica.common.logging.LLoggerFactory;
import com.logica.security.device.CryptoDevice;
import com.logica.security.pkcs_7.asn1.CertificateSet;
import com.logica.security.pkcs_7.asn1.ContentInfo;
import com.logica.security.pkcs_7.asn1.DigestedData;
import com.logica.security.pkcs_7.asn1.EncryptedContentInfo;
import com.logica.security.pkcs_7.asn1.EnvelopedData;
import com.logica.security.pkcs_7.asn1.IssuerAndSerialNumber;
import com.logica.security.pkcs_7.asn1.RecipientInfo;
import com.logica.security.pkcs_7.asn1.SignedAndEnvelopedData;
import com.logica.security.pkcs_7.asn1.SignedData;
import com.logica.security.pkcs_7.asn1.SignerInfo;
import com.logica.security.util.Base64Coder;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: input_file:com/logica/security/pkcs_7/PKCS7Parser.class */
public class PKCS7Parser {
    private String certFactoryProvider;
    private CryptoDevice cryptoDevice;
    private static final LLogger logger;
    static Class class$com$logica$security$pkcs_7$PKCS7Parser;

    public PKCS7Parser(CryptoDevice cryptoDevice) {
        this.cryptoDevice = cryptoDevice;
        this.certFactoryProvider = "BC";
    }

    public PKCS7Parser(CryptoDevice cryptoDevice, String str) {
        this.cryptoDevice = cryptoDevice;
        this.certFactoryProvider = str;
    }

    public PKCS7VerifRetStruct getVerifiedMessage(byte[] bArr, boolean z) throws Exception {
        X509Certificate findSigningCert;
        boolean verifyData;
        boolean z2;
        if (bArr == null) {
            throw new NullPointerException("message cannot be null");
        }
        PKCS7VerifRetStruct pKCS7VerifRetStruct = null;
        InputStream messageInputStream = getMessageInputStream(bArr, z);
        BERInputStream bERInputStream = new BERInputStream(messageInputStream);
        try {
            try {
                ContentInfo contentInfo = new ContentInfo((ASN1Sequence) bERInputStream.readObject());
                if (contentInfo.getContentType().getId().compareTo(PKCSObjectIdentifiers.signedData.getId()) != 0) {
                    throw new Exception("not a PKCS#7 signed data message");
                }
                SignedData signedData = new SignedData((ASN1Sequence) contentInfo.getContent());
                if (!signedData.getVersion().getValue().equals(BigInteger.valueOf(1L))) {
                    throw new Exception(new StringBuffer().append("Expecting version 1, found version - ").append(signedData.getVersion().getValue().intValue()).toString());
                }
                ContentInfo contentInfo2 = signedData.getContentInfo();
                CertificateSet certificates = signedData.getCertificates();
                if (contentInfo2.getContent() == null) {
                    if (certificates != null) {
                        return new PKCS7VerifRetStruct(certificates);
                    }
                    throw new Exception("no message content, no certificates");
                }
                SignerInfo signerInfo = signedData.getSignerInfo(0);
                byte[] octets = ((ASN1OctetString) contentInfo2.getContent()).getOctets();
                IssuerAndSerialNumber issuer = signerInfo.getIssuer();
                if (certificates == null || (findSigningCert = findSigningCert(issuer, certificates.getDERCertificates(), this.certFactoryProvider)) == null) {
                    throw new Exception("signer's certicate not found in message - unable to verify");
                }
                byte[] signature = signerInfo.getSignature();
                DERObject signedAttrs = signerInfo.getSignedAttrs();
                DERObject unsignedAttrs = signerInfo.getUnsignedAttrs();
                String translateMDAlg = translateMDAlg(signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId(), signerInfo.getDigestAlgorithm().getObjectId().getId());
                if (signedAttrs != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                    try {
                        dEROutputStream.writeObject(signedAttrs);
                        if (this.cryptoDevice.verifyData(byteArrayOutputStream.toByteArray(), findSigningCert.getPublicKey(), signature, translateMDAlg)) {
                            if (advancedDigestTest(signedAttrs, this.cryptoDevice, signerInfo.getDigestAlgorithm().getObjectId().getId(), octets)) {
                                z2 = true;
                                verifyData = z2;
                            }
                        }
                        z2 = false;
                        verifyData = z2;
                    } finally {
                        dEROutputStream.close();
                        byteArrayOutputStream.close();
                    }
                } else {
                    verifyData = this.cryptoDevice.verifyData(octets, findSigningCert.getPublicKey(), signature, translateMDAlg);
                }
                if (verifyData) {
                    pKCS7VerifRetStruct = new PKCS7VerifRetStruct(findSigningCert, octets, signedAttrs, unsignedAttrs, certificates, translateMDAlg);
                }
                if (verifyData) {
                    logger.logApp(2, "SIGNED message verified", null);
                    return pKCS7VerifRetStruct;
                }
                logger.logApp(2, "SIGNED message NOT verified", null);
                throw new Exception("SIGNED message NOT verified");
            } finally {
                messageInputStream.close();
                bERInputStream.close();
            }
        } catch (Exception e) {
            logger.logApp(3, "Failed to verify SIGNED message", e);
            throw e;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:49:0x01de A[Catch: Exception -> 0x01fb, all -> 0x020d, TryCatch #1 {Exception -> 0x01fb, blocks: (B:13:0x0035, B:15:0x005c, B:16:0x0065, B:17:0x0066, B:19:0x0089, B:20:0x00ad, B:21:0x00ae, B:23:0x00bd, B:24:0x00e7, B:25:0x00e8, B:27:0x00f4, B:28:0x00fd, B:29:0x00fe, B:31:0x0112, B:33:0x0131, B:35:0x0144, B:36:0x014d, B:37:0x014e, B:39:0x017e, B:41:0x019d, B:45:0x01cb, B:49:0x01de, B:62:0x01cb, B:64:0x01ca, B:65:0x0127, B:66:0x0130), top: B:12:0x0035, outer: #2 }] */
    /* JADX WARN: Removed duplicated region for block: B:54:0x022a  */
    /* JADX WARN: Removed duplicated region for block: B:57:0x0239  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.logica.security.pkcs_7.PKCS7VerifRetStruct getVerifiedDetachedMessage(byte[] r10, byte[] r11, boolean r12) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 598
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.logica.security.pkcs_7.PKCS7Parser.getVerifiedDetachedMessage(byte[], byte[], boolean):com.logica.security.pkcs_7.PKCS7VerifRetStruct");
    }

    public PKCS7VerifRetStruct getEnvelopedData(byte[] bArr, boolean z) throws Exception {
        if (bArr == null) {
            throw new NullPointerException("message cannot be null");
        }
        PKCS7VerifRetStruct pKCS7VerifRetStruct = null;
        InputStream messageInputStream = getMessageInputStream(bArr, z);
        BERInputStream bERInputStream = new BERInputStream(messageInputStream);
        boolean z2 = false;
        try {
            try {
                ContentInfo contentInfo = new ContentInfo((ASN1Sequence) bERInputStream.readObject());
                if (!contentInfo.getContentType().getId().equals(PKCSObjectIdentifiers.envelopedData.getId())) {
                    throw new Exception("not a PKCS#7 enveloped data message");
                }
                EnvelopedData envelopedData = new EnvelopedData((ASN1Sequence) contentInfo.getContent());
                RecipientInfo findRecipient = DERUtils.findRecipient(envelopedData.getRecipientInfos(), this.cryptoDevice.getCert());
                if (findRecipient == null) {
                    throw new Exception("certificate not found among recipients.");
                }
                String id = findRecipient.getKeyEncryptionAlgID().getObjectId().getId();
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                String id2 = encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId().getId();
                byte[] decryptData = this.cryptoDevice.decryptData(this.cryptoDevice.unwrapKey(findRecipient.getEncryptedKey(), id), encryptedContentInfo.getContentEncryptionAlgorithm().getParameters(), encryptedContentInfo.getEncryptedContent().getOctets(), id2);
                if (decryptData != null) {
                    pKCS7VerifRetStruct = new PKCS7VerifRetStruct(decryptData, id2);
                    z2 = true;
                }
                if (z2) {
                    logger.logApp(2, "ENVELOPED message verified", null);
                    return pKCS7VerifRetStruct;
                }
                logger.logApp(2, "ENVELOPED message NOT verified", null);
                throw new Exception("ENVELOPED message NOT verified");
            } catch (Exception e) {
                logger.logApp(3, "Failed to verify ENVELOPED message", e);
                throw e;
            }
        } finally {
            messageInputStream.close();
            bERInputStream.close();
        }
    }

    public PKCS7VerifRetStruct getSignedAndEnvelopedData(byte[] bArr, boolean z) throws Exception {
        X509Certificate findSigningCert;
        boolean verifyData;
        boolean z2;
        if (bArr == null) {
            throw new NullPointerException("message cannot be null");
        }
        PKCS7VerifRetStruct pKCS7VerifRetStruct = null;
        InputStream messageInputStream = getMessageInputStream(bArr, z);
        BERInputStream bERInputStream = new BERInputStream(messageInputStream);
        try {
            try {
                ContentInfo contentInfo = new ContentInfo((ASN1Sequence) bERInputStream.readObject());
                if (!contentInfo.getContentType().getId().equals(PKCSObjectIdentifiers.signedAndEnvelopedData.getId())) {
                    throw new Exception("not a PKCS#7 signed-and-enveloped data message");
                }
                SignedAndEnvelopedData signedAndEnvelopedData = new SignedAndEnvelopedData((ASN1Sequence) contentInfo.getContent());
                RecipientInfo findRecipient = DERUtils.findRecipient(signedAndEnvelopedData.getRecipientInfos(), this.cryptoDevice.getCert());
                if (findRecipient == null) {
                    throw new Exception(new StringBuffer().append("certificate not found among recipients - ").append(this.cryptoDevice.getCert().getSerialNumber()).toString());
                }
                String id = findRecipient.getKeyEncryptionAlgID().getObjectId().getId();
                EncryptedContentInfo encryptedContentInfo = signedAndEnvelopedData.getEncryptedContentInfo();
                String id2 = encryptedContentInfo.getContentEncryptionAlgorithm().getObjectId().getId();
                DEREncodable parameters = encryptedContentInfo.getContentEncryptionAlgorithm().getParameters();
                byte[] unwrapKey = this.cryptoDevice.unwrapKey(findRecipient.getEncryptedKey(), id);
                byte[] decryptData = this.cryptoDevice.decryptData(unwrapKey, parameters, encryptedContentInfo.getEncryptedContent().getOctets(), id2);
                SignerInfo signerInfo = signedAndEnvelopedData.getSignerInfo(0);
                IssuerAndSerialNumber issuer = signerInfo.getIssuer();
                CertificateSet certificates = signedAndEnvelopedData.getCertificates();
                if (certificates == null || (findSigningCert = findSigningCert(issuer, certificates.getDERCertificates(), this.certFactoryProvider)) == null) {
                    throw new Exception("signer's certicate not found in message - unable to verify");
                }
                byte[] decryptData2 = this.cryptoDevice.decryptData(unwrapKey, parameters, signerInfo.getSignature(), id2);
                String translateMDAlg = translateMDAlg(signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId(), signerInfo.getDigestAlgorithm().getObjectId().getId());
                DERObject signedAttrs = signerInfo.getSignedAttrs();
                DERObject unsignedAttrs = signerInfo.getUnsignedAttrs();
                if (signedAttrs != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
                    try {
                        dEROutputStream.writeObject(signedAttrs);
                        if (this.cryptoDevice.verifyData(byteArrayOutputStream.toByteArray(), findSigningCert.getPublicKey(), decryptData2, translateMDAlg)) {
                            if (advancedDigestTest(signedAttrs, this.cryptoDevice, signerInfo.getDigestAlgorithm().getObjectId().getId(), decryptData)) {
                                z2 = true;
                                verifyData = z2;
                            }
                        }
                        z2 = false;
                        verifyData = z2;
                    } finally {
                        dEROutputStream.close();
                        byteArrayOutputStream.close();
                    }
                } else {
                    verifyData = this.cryptoDevice.verifyData(decryptData, findSigningCert.getPublicKey(), decryptData2, translateMDAlg);
                }
                if (verifyData) {
                    pKCS7VerifRetStruct = new PKCS7VerifRetStruct(findSigningCert, decryptData, signedAttrs, unsignedAttrs, certificates, translateMDAlg);
                }
                if (verifyData) {
                    logger.logApp(2, "SIGNED-AND-ENVELOPED message verified", null);
                    return pKCS7VerifRetStruct;
                }
                logger.logApp(2, "SIGNED-AND-ENVELOPED message NOT verified", null);
                throw new Exception("SIGNED-AND-ENVELOPED message NOT verified");
            } catch (Exception e) {
                logger.logApp(3, "Failed to verify SIGNED-AND-ENVELOPED message", null);
                throw e;
            }
        } finally {
            messageInputStream.close();
            bERInputStream.close();
        }
    }

    public PKCS7VerifRetStruct getDigestedData(byte[] bArr, boolean z) throws Exception {
        if (bArr == null) {
            throw new NullPointerException("message cannot be null");
        }
        PKCS7VerifRetStruct pKCS7VerifRetStruct = null;
        InputStream messageInputStream = getMessageInputStream(bArr, z);
        BERInputStream bERInputStream = new BERInputStream(messageInputStream);
        try {
            try {
                ContentInfo contentInfo = new ContentInfo((ASN1Sequence) bERInputStream.readObject());
                if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.digestedData)) {
                    throw new Exception("not a PKCS#7 digested data message");
                }
                DigestedData digestedData = new DigestedData((ASN1Sequence) contentInfo.getContent());
                ContentInfo contentInfo2 = digestedData.getContentInfo();
                if (contentInfo2.getContent() == null) {
                    throw new Exception(new StringBuffer().append("not a supported content type - ").append(contentInfo2.getContentType().getId()).toString());
                }
                byte[] octets = ((ASN1OctetString) contentInfo2.getContent()).getOctets();
                boolean isEqual = MessageDigest.isEqual(this.cryptoDevice.digestData(octets, digestedData.getDigestAlgorithm().getObjectId().getId()), digestedData.getDigest().getOctets());
                if (isEqual) {
                    pKCS7VerifRetStruct = new PKCS7VerifRetStruct(null, octets, null, null);
                }
                if (isEqual) {
                    logger.logApp(2, "DIGESTED message verified", null);
                    return pKCS7VerifRetStruct;
                }
                logger.logApp(2, "DIGESTED message NOT verified", null);
                throw new Exception("DIGESTED message NOT verified");
            } catch (Exception e) {
                logger.logApp(3, "Failed to verify DIGESTED message", e);
                throw e;
            }
        } finally {
            messageInputStream.close();
            bERInputStream.close();
        }
    }

    private InputStream getMessageInputStream(byte[] bArr, boolean z) {
        if (z) {
            try {
                bArr = Base64Coder.decode(bArr);
            } catch (Exception e) {
                throw new IllegalArgumentException(new StringBuffer().append("unable to decode message from Base64 - ").append(e).toString());
            }
        }
        return new ByteArrayInputStream(bArr);
    }

    private boolean advancedDigestTest(DERObject dERObject, CryptoDevice cryptoDevice, String str, byte[] bArr) throws Exception {
        DERObject attributeValue = DERUtils.getAttributeValue(dERObject, PKCSObjectIdentifiers.messageDigest.getId());
        if (attributeValue != null) {
            return MessageDigest.isEqual(((ASN1OctetString) attributeValue).getOctets(), cryptoDevice.digestData(bArr, str));
        }
        logger.logApp(1, "no message digest found among signed attributes of the message, returning NOT VERIFIED !", null);
        return false;
    }

    private String translateMDAlg(String str, String str2) {
        if (!PKCSObjectIdentifiers.rsaEncryption.getId().equals(str)) {
            if (X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId().equals(str)) {
                return str;
            }
            throw new IllegalArgumentException(new StringBuffer().append("can't interpret digest encryption algorithm - ").append(str).toString());
        }
        if (X509ObjectIdentifiers.id_SHA1.getId().equals(str2)) {
            return PKCSObjectIdentifiers.sha1WithRSAEncryption.getId();
        }
        if (PKCSObjectIdentifiers.md5.getId().equals(str2)) {
            return PKCSObjectIdentifiers.md5WithRSAEncryption.getId();
        }
        if (X509ObjectIdentifiers.ripemd160.getId().equals(str2)) {
            return X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId();
        }
        if (NISTObjectIdentifiers.id_sha256.getId().equals(str2)) {
            return PKCSObjectIdentifiers.sha256WithRSAEncryption.getId();
        }
        if (NISTObjectIdentifiers.id_sha384.getId().equals(str2)) {
            return PKCSObjectIdentifiers.sha384WithRSAEncryption.getId();
        }
        if (NISTObjectIdentifiers.id_sha512.getId().equals(str2)) {
            return PKCSObjectIdentifiers.sha512WithRSAEncryption.getId();
        }
        throw new IllegalArgumentException(new StringBuffer().append("unsupported digest algorithm - ").append(str2).toString());
    }

    protected X509Certificate findSigningCert(IssuerAndSerialNumber issuerAndSerialNumber, Enumeration enumeration, String str) throws Exception {
        return DERUtils.findCertificate(issuerAndSerialNumber, enumeration, str);
    }

    protected String getAppLogHeader() {
        return "CC_Crypto:PKCS7Parser";
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$logica$security$pkcs_7$PKCS7Parser == null) {
            cls = class$("com.logica.security.pkcs_7.PKCS7Parser");
            class$com$logica$security$pkcs_7$PKCS7Parser = cls;
        } else {
            cls = class$com$logica$security$pkcs_7$PKCS7Parser;
        }
        logger = LLoggerFactory.getLogger(cls);
    }
}
