package org.mozilla.jss.pkcs7;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ANY;
import org.mozilla.jss.asn1.ASN1Template;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.ASN1Value;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.asn1.Tag;
import org.mozilla.jss.crypto.DigestAlgorithm;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
import org.mozilla.jss.pkix.primitive.Attribute;
import org.mozilla.jss.util.Assert;

/* JADX WARN: Classes with same name are omitted:
  input_file:116411-11/SUNWpsgw/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo.class
  input_file:116411-11/SUNWpsnlp/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo.class
 */
/* loaded from: input_file:116411-11/SUNWpsrwp/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo.class */
public class SignerInfo implements ASN1Value {
    private INTEGER version;
    private IssuerAndSerialNumber issuerAndSerialNumber;
    private AlgorithmIdentifier digestAlgorithm;
    private SET authenticatedAttributes;
    private AlgorithmIdentifier digestEncryptionAlgorithm;
    private OCTET_STRING encryptedDigest;
    private SET unauthenticatedAttributes;
    private static final OBJECT_IDENTIFIER CONTENT_TYPE = OBJECT_IDENTIFIER.PKCS.subBranch(9).subBranch(3);
    private static final OBJECT_IDENTIFIER MESSAGE_DIGEST = OBJECT_IDENTIFIER.PKCS.subBranch(9).subBranch(4);
    private static final INTEGER VERSION = new INTEGER(1);
    private static final Tag TAG = SEQUENCE.TAG;
    private static Template templateInstance = new Template();

    /* JADX WARN: Classes with same name are omitted:
      input_file:116411-11/SUNWpsgw/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo$Template.class
      input_file:116411-11/SUNWpsnlp/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo$Template.class
     */
    /* loaded from: input_file:116411-11/SUNWpsrwp/reloc/SUNWps/lib/jss3.jar:org/mozilla/jss/pkcs7/SignerInfo$Template.class */
    public static class Template implements ASN1Template {
        SEQUENCE.Template seqt = new SEQUENCE.Template();

        public Template() {
            this.seqt.addElement(INTEGER.getTemplate());
            this.seqt.addElement(IssuerAndSerialNumber.getTemplate());
            this.seqt.addElement(AlgorithmIdentifier.getTemplate());
            this.seqt.addOptionalElement(new Tag(0L), new SET.OF_Template(Attribute.getTemplate()));
            this.seqt.addElement(AlgorithmIdentifier.getTemplate());
            this.seqt.addElement(OCTET_STRING.getTemplate());
            this.seqt.addOptionalElement(new Tag(1L), new SET.OF_Template(Attribute.getTemplate()));
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public boolean tagMatch(Tag tag) {
            return SignerInfo.TAG.equals(tag);
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public ASN1Value decode(InputStream inputStream) throws IOException, InvalidBERException {
            return decode(SignerInfo.TAG, inputStream);
        }

        @Override // org.mozilla.jss.asn1.ASN1Template
        public ASN1Value decode(Tag tag, InputStream inputStream) throws IOException, InvalidBERException {
            SEQUENCE sequence = (SEQUENCE) this.seqt.decode(tag, inputStream);
            Assert._assert(sequence.size() == 7);
            return new SignerInfo((INTEGER) sequence.elementAt(0), (IssuerAndSerialNumber) sequence.elementAt(1), (AlgorithmIdentifier) sequence.elementAt(2), (SET) sequence.elementAt(3), (AlgorithmIdentifier) sequence.elementAt(4), ((OCTET_STRING) sequence.elementAt(5)).toByteArray(), (SET) sequence.elementAt(6));
        }
    }

    public INTEGER getVersion() {
        return this.version;
    }

    public IssuerAndSerialNumber getIssuerAndSerialNumber() {
        return this.issuerAndSerialNumber;
    }

    public DigestAlgorithm getDigestAlgorithm() throws NoSuchAlgorithmException {
        return DigestAlgorithm.fromOID(this.digestAlgorithm.getOID());
    }

    public AlgorithmIdentifier getDigestAlgorithmIdentifer() {
        return this.digestAlgorithm;
    }

    public SET getAuthenticatedAttributes() {
        return this.authenticatedAttributes;
    }

    public boolean hasAuthenticatedAttributes() {
        return this.authenticatedAttributes != null;
    }

    public SignatureAlgorithm getDigestEncryptionAlgorithm() throws NoSuchAlgorithmException {
        return SignatureAlgorithm.fromOID(this.digestEncryptionAlgorithm.getOID());
    }

    public AlgorithmIdentifier getDigestEncryptionAlgorithmIdentifier() {
        return this.digestEncryptionAlgorithm;
    }

    public byte[] getEncryptedDigest() {
        return this.encryptedDigest.toByteArray();
    }

    public SET getUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes;
    }

    public boolean hasUnauthenticatedAttributes() {
        return this.unauthenticatedAttributes != null;
    }

    public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber, SET set, SET set2, OBJECT_IDENTIFIER object_identifier, byte[] bArr, SignatureAlgorithm signatureAlgorithm, PrivateKey privateKey) throws InvalidKeyException, NoSuchAlgorithmException, CryptoManager.NotInitializedException, SignatureException, TokenException {
        byte[] bArr2;
        this.version = VERSION;
        this.issuerAndSerialNumber = issuerAndSerialNumber;
        this.digestAlgorithm = new AlgorithmIdentifier(signatureAlgorithm.getDigestAlg().toOID(), null);
        if (!object_identifier.equals(ContentInfo.DATA)) {
            set = set == null ? new SET() : set;
            set.addElement(new Attribute(CONTENT_TYPE, ContentInfo.DATA));
            set.addElement(new Attribute(MESSAGE_DIGEST, new OCTET_STRING(bArr)));
        }
        this.digestEncryptionAlgorithm = new AlgorithmIdentifier(signatureAlgorithm.getRawAlg().toOID(), null);
        if (set != null) {
            Assert._assert(set.size() >= 2);
            this.authenticatedAttributes = set;
        }
        DigestAlgorithm digestAlg = signatureAlgorithm.getDigestAlg();
        byte[] digest = set == null ? bArr : MessageDigest.getInstance(digestAlg.toString()).digest(ASN1Util.encode(set));
        if (signatureAlgorithm.getRawAlg() == SignatureAlgorithm.RSASignature) {
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(new AlgorithmIdentifier(digestAlg.toOID(), null));
            sequence.addElement(new OCTET_STRING(digest));
            bArr2 = ASN1Util.encode(sequence);
        } else {
            bArr2 = digest;
        }
        Signature signatureContext = privateKey.getOwningToken().getSignatureContext(signatureAlgorithm.getRawAlg());
        signatureContext.initSign(privateKey);
        signatureContext.update(bArr2);
        this.encryptedDigest = new OCTET_STRING(signatureContext.sign());
        if (set2 != null) {
            this.unauthenticatedAttributes = set2;
        }
    }

    SignerInfo(INTEGER integer, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier algorithmIdentifier, SET set, AlgorithmIdentifier algorithmIdentifier2, byte[] bArr, SET set2) {
        this.version = integer;
        this.issuerAndSerialNumber = issuerAndSerialNumber;
        this.digestAlgorithm = algorithmIdentifier;
        this.authenticatedAttributes = set;
        this.digestEncryptionAlgorithm = algorithmIdentifier2;
        this.encryptedDigest = new OCTET_STRING(bArr);
        this.unauthenticatedAttributes = set2;
    }

    public void verify(byte[] bArr, OBJECT_IDENTIFIER object_identifier) throws CryptoManager.NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException, ObjectNotFoundException {
        verify(bArr, object_identifier, CryptoManager.getInstance().findCertByIssuerAndSerialNumber(ASN1Util.encode(this.issuerAndSerialNumber.getIssuer()), this.issuerAndSerialNumber.getSerialNumber()).getPublicKey());
    }

    public void verify(byte[] bArr, OBJECT_IDENTIFIER object_identifier, PublicKey publicKey) throws CryptoManager.NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
        if (this.authenticatedAttributes == null) {
            verifyWithoutAuthenticatedAttributes(bArr, object_identifier, publicKey);
        } else {
            verifyWithAuthenticatedAttributes(bArr, object_identifier, publicKey);
        }
    }

    private void verifyWithoutAuthenticatedAttributes(byte[] bArr, OBJECT_IDENTIFIER object_identifier, PublicKey publicKey) throws CryptoManager.NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
        byte[] bArr2;
        if (!object_identifier.equals(ContentInfo.DATA)) {
            throw new SignatureException("Content-Type is not DATA, but there are no authenticated attributes");
        }
        SignatureAlgorithm fromOID = SignatureAlgorithm.fromOID(this.digestEncryptionAlgorithm.getOID());
        if (fromOID.getRawAlg() == SignatureAlgorithm.RSASignature) {
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(this.digestAlgorithm.getOID());
            sequence.addElement(new OCTET_STRING(bArr));
            bArr2 = ASN1Util.encode(sequence);
        } else {
            bArr2 = bArr;
        }
        Signature signatureContext = CryptoManager.getInstance().getInternalCryptoToken().getSignatureContext(fromOID);
        signatureContext.initVerify(publicKey);
        signatureContext.update(bArr2);
        if (!signatureContext.verify(this.encryptedDigest.toByteArray())) {
            throw new SignatureException("Encrypted message digest parameter does not match encrypted digest in SignerInfo");
        }
    }

    private void verifyWithAuthenticatedAttributes(byte[] bArr, OBJECT_IDENTIFIER object_identifier, PublicKey publicKey) throws CryptoManager.NotInitializedException, NoSuchAlgorithmException, InvalidKeyException, TokenException, SignatureException {
        byte[] bArr2;
        byte[] bArr3;
        byte[] byteArray;
        OBJECT_IDENTIFIER object_identifier2;
        int size = this.authenticatedAttributes.size();
        if (size < 2) {
            throw new SignatureException("At least two authenticated attributes must be present: content-type and message-digest");
        }
        boolean z = false;
        boolean z2 = false;
        for (int i = 0; i < size; i++) {
            if (!(this.authenticatedAttributes.elementAt(i) instanceof Attribute)) {
                throw new SignatureException("Element of authenticatedAttributes is not an Attribute");
            }
            Attribute attribute = (Attribute) this.authenticatedAttributes.elementAt(i);
            if (attribute.getType().equals(CONTENT_TYPE)) {
                SET values = attribute.getValues();
                if (values.size() != 1) {
                    throw new SignatureException("Content-Type attribute  does not have exactly one value");
                }
                ASN1Value elementAt = values.elementAt(0);
                try {
                    if (elementAt instanceof OBJECT_IDENTIFIER) {
                        object_identifier2 = (OBJECT_IDENTIFIER) elementAt;
                    } else {
                        if (!(elementAt instanceof ANY)) {
                            throw new InvalidBERException("Content-Type authenticated attribute has unexpected content type");
                        }
                        object_identifier2 = (OBJECT_IDENTIFIER) ((ANY) elementAt).decodeWith(OBJECT_IDENTIFIER.getTemplate());
                    }
                    if (!object_identifier2.equals(object_identifier)) {
                        throw new SignatureException("Content-type in authenticated attributes does not match content-type being verified");
                    }
                    z = true;
                } catch (InvalidBERException e) {
                    throw new SignatureException("Content-Type authenticated attribute does not have OBJECT IDENTIFIER value");
                }
            } else if (attribute.getType().equals(MESSAGE_DIGEST)) {
                SET values2 = attribute.getValues();
                if (values2.size() != 1) {
                    throw new SignatureException("Message-digest attribute does not have exactly one value");
                }
                ASN1Value elementAt2 = values2.elementAt(0);
                try {
                    if (elementAt2 instanceof OCTET_STRING) {
                        byteArray = ((OCTET_STRING) elementAt2).toByteArray();
                    } else {
                        if (!(elementAt2 instanceof ANY)) {
                            throw new InvalidBERException("Content-Type authenticated attribute has unexpected content type");
                        }
                        byteArray = ((OCTET_STRING) ((ANY) elementAt2).decodeWith(OCTET_STRING.getTemplate())).toByteArray();
                    }
                    if (!byteArraysAreSame(byteArray, bArr)) {
                        throw new SignatureException("Message-digest attribute does not match message digest being verified");
                    }
                    z2 = true;
                } catch (InvalidBERException e2) {
                    throw new SignatureException("Message-digest attribute does not have OCTET STRING value");
                }
            } else {
                continue;
            }
        }
        if (!z) {
            throw new SignatureException("Authenticated attributes does not contain PKCS #9 content-type attribute");
        }
        if (!z2) {
            throw new SignatureException("Authenticate attributes does not contain PKCS #9 message-digest attribute");
        }
        SignatureAlgorithm fromOID = SignatureAlgorithm.fromOID(this.digestEncryptionAlgorithm.getOID());
        Signature signatureContext = CryptoManager.getInstance().getInternalCryptoToken().getSignatureContext(fromOID);
        signatureContext.initVerify(publicKey);
        try {
            bArr2 = ((ANY) ASN1Util.decode(ANY.getTemplate(), ASN1Util.encode(this.authenticatedAttributes))).getContents();
        } catch (InvalidBERException e3) {
            Assert.notReached("Unable to decode authenticated attributes");
            bArr2 = null;
        }
        byte[] digest = MessageDigest.getInstance(DigestAlgorithm.fromOID(this.digestAlgorithm.getOID()).toString()).digest(bArr2);
        if (fromOID.getRawAlg() == SignatureAlgorithm.RSASignature) {
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(this.digestAlgorithm.getOID());
            sequence.addElement(new OCTET_STRING(digest));
            bArr3 = ASN1Util.encode(sequence);
        } else {
            bArr3 = digest;
        }
        signatureContext.update(bArr3);
        if (!signatureContext.verify(this.encryptedDigest.toByteArray())) {
            throw new SignatureException("encryptedDigest was not the correct signature of the contents octets of the DER-encoded authenticated attributes");
        }
    }

    private static boolean byteArraysAreSame(byte[] bArr, byte[] bArr2) {
        Assert._assert((bArr == null || bArr2 == null) ? false : true);
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public Tag getTag() {
        return TAG;
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public void encode(OutputStream outputStream) throws IOException {
        encode(getTag(), outputStream);
    }

    @Override // org.mozilla.jss.asn1.ASN1Value
    public void encode(Tag tag, OutputStream outputStream) throws IOException {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addElement(this.version);
        sequence.addElement(this.issuerAndSerialNumber);
        sequence.addElement(this.digestAlgorithm);
        if (this.authenticatedAttributes != null) {
            sequence.addElement(new Tag(0L), this.authenticatedAttributes);
        }
        sequence.addElement(this.digestEncryptionAlgorithm);
        sequence.addElement(this.encryptedDigest);
        if (this.unauthenticatedAttributes != null) {
            sequence.addElement(new Tag(1L), this.unauthenticatedAttributes);
        }
        sequence.encode(tag, outputStream);
    }

    public static Template getTemplate() {
        return templateInstance;
    }
}
