package org.symbouncycastle.b;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import org.symbouncycastle.a.af;
import org.symbouncycastle.a.az;
import org.symbouncycastle.a.bb;
import org.symbouncycastle.a.bn;
import org.symbouncycastle.a.bo;
import org.symbouncycastle.a.bp;
import org.symbouncycastle.a.bv;
import org.symbouncycastle.a.bw;
import org.symbouncycastle.a.c.am;
import org.symbouncycastle.a.w;

/* loaded from: classes.dex */
public final class f {
    private m a;
    private org.symbouncycastle.a.a.c b;
    private org.symbouncycastle.a.c.e c;
    private org.symbouncycastle.a.c.e d;
    private final w e;
    private final w f;
    private j g;
    private byte[] h;
    private af i;
    private u j;
    private byte[] k;
    private org.symbouncycastle.f.b l;
    private org.symbouncycastle.a.a.f m;
    private org.symbouncycastle.a.a.f n;
    private boolean o;

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(org.symbouncycastle.a.a.c cVar, af afVar, j jVar, u uVar, org.symbouncycastle.f.b bVar) {
        org.symbouncycastle.a.a.e eVar;
        this.b = cVar;
        this.i = afVar;
        this.l = bVar;
        this.o = afVar == null;
        org.symbouncycastle.a.a.a a = cVar.a();
        if (a.a_()) {
            this.a = new m(bb.a(a.b_()).c_());
        } else {
            bw b_ = a.b_();
            if (b_ instanceof org.symbouncycastle.a.a.e) {
                eVar = (org.symbouncycastle.a.a.e) b_;
            } else {
                if (!(b_ instanceof az)) {
                    throw new IllegalArgumentException("Illegal object in IssuerAndSerialNumber: " + b_.getClass().getName());
                }
                eVar = new org.symbouncycastle.a.a.e((az) b_);
            }
            this.a = new m(eVar.d(), eVar.e().d());
        }
        this.c = cVar.e();
        this.e = cVar.d();
        this.f = cVar.h();
        this.d = cVar.g();
        this.h = cVar.f().c_();
        this.g = jVar;
        this.j = uVar;
    }

    private bp a(bo boVar, String str) {
        org.symbouncycastle.a.a.f c = c();
        if (c != null && c.a(boVar).a() > 0) {
            throw new q("The " + str + " attribute MUST NOT be an unsigned attribute");
        }
        org.symbouncycastle.a.a.f b = b();
        if (b == null) {
            return null;
        }
        org.symbouncycastle.a.m a = b.a(boVar);
        switch (a.a()) {
            case 0:
                return null;
            case 1:
                w e = ((org.symbouncycastle.a.a.h) a.a(0)).e();
                if (e.d() != 1) {
                    throw new q("A " + str + " attribute MUST have a single attribute value");
                }
                return e.a(0).p_();
            default:
                throw new q("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the " + str + " attribute");
        }
    }

    private boolean a(byte[] bArr, PublicKey publicKey, byte[] bArr2, Provider provider) {
        String b = h.b(d());
        try {
            if (!b.equals("RSA")) {
                if (!b.equals("DSA")) {
                    throw new q("algorithm: " + b + " not supported in base signatures.");
                }
                Signature b2 = h.b("NONEwithDSA", provider);
                b2.initVerify(publicKey);
                b2.update(bArr);
                return b2.verify(bArr2);
            }
            Cipher a = i.a("RSA/ECB/PKCS1Padding", provider);
            a.init(2, publicKey);
            byte[] doFinal = a.doFinal(bArr2);
            if (doFinal[0] != 48) {
                throw new IOException("not a digest info object");
            }
            am amVar = new am((az) new bv(doFinal).a());
            if (amVar.o_().length != doFinal.length) {
                throw new q("malformed RSA signature");
            }
            if (!amVar.d().n_().equals(this.c.n_())) {
                return false;
            }
            bw d = amVar.d().d();
            if ((d instanceof bn) || d == null) {
                return org.symbouncycastle.e.b.b(bArr, amVar.e());
            }
            return false;
        } catch (IOException e) {
            throw new q("Exception decoding signature: " + e, e);
        } catch (GeneralSecurityException e2) {
            throw new q("Exception processing signature: " + e2, e2);
        }
    }

    private boolean b(PublicKey publicKey, Provider provider) {
        String a = h.a(this.c.n_().d());
        Signature b = h.b(a + "with" + h.b(d()), provider);
        MessageDigest a2 = h.a.a(a, provider);
        try {
            if (this.j != null) {
                this.k = this.j.a();
            } else {
                if (this.g != null) {
                    this.g.a(new c(a2));
                } else if (this.e == null) {
                    throw new q("data not encapsulated in signature - use detached constructor.");
                }
                this.k = a2.digest();
            }
            bp a3 = a(org.symbouncycastle.a.a.g.a, "content-type");
            if (a3 == null) {
                if (!this.o && this.e != null) {
                    throw new q("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                }
            } else {
                if (this.o) {
                    throw new q("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                }
                if (!(a3 instanceof bo)) {
                    throw new q("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                }
                if (!((bo) a3).equals(this.i)) {
                    throw new q("content-type attribute value does not match eContentType");
                }
            }
            bp a4 = a(org.symbouncycastle.a.a.g.b, "message-digest");
            if (a4 == null) {
                if (this.e != null) {
                    throw new q("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                }
            } else {
                if (!(a4 instanceof bb)) {
                    throw new q("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                }
                if (!org.symbouncycastle.e.b.b(this.k, ((bb) a4).c_())) {
                    throw new g("message-digest attribute value does not match calculated value");
                }
            }
            org.symbouncycastle.a.a.f b2 = b();
            if (b2 != null && b2.a(org.symbouncycastle.a.a.g.d).a() > 0) {
                throw new q("A countersignature attribute MUST NOT be a signed attribute");
            }
            org.symbouncycastle.a.a.f c = c();
            if (c != null) {
                org.symbouncycastle.a.m a5 = c.a(org.symbouncycastle.a.a.g.d);
                int i = 0;
                while (true) {
                    int i2 = i;
                    if (i2 < a5.a()) {
                        if (((org.symbouncycastle.a.a.h) a5.a(i2)).e().d() <= 0) {
                            throw new q("A countersignature attribute MUST contain at least one AttributeValue");
                        }
                        i = i2 + 1;
                    }
                }
            }
            try {
                b.initVerify(publicKey);
                if (this.e != null) {
                    b.update(this.e != null ? this.e.b("DER") : null);
                } else {
                    if (this.j != null) {
                        return a(this.k, publicKey, e(), provider);
                    }
                    if (this.g != null) {
                        this.g.a(new k(b));
                    }
                }
                return b.verify(e());
            } catch (IOException e) {
                throw new q("can't process mime object to create signature.", e);
            } catch (InvalidKeyException e2) {
                throw new q("key not appropriate to signature in message.", e2);
            } catch (SignatureException e3) {
                throw new q("invalid signature format in message: " + e3.getMessage(), e3);
            }
        } catch (IOException e4) {
            throw new q("can't process mime object to create signature.", e4);
        }
    }

    private String d() {
        return this.d.n_().d();
    }

    private byte[] e() {
        return (byte[]) this.h.clone();
    }

    private org.symbouncycastle.a.a.b f() {
        bp a = a(org.symbouncycastle.a.a.g.c, "signing-time");
        if (a == null) {
            return null;
        }
        try {
            return org.symbouncycastle.a.a.b.a(a);
        } catch (IllegalArgumentException e) {
            throw new q("signing-time attribute value not a valid 'Time' structure");
        }
    }

    public final m a() {
        return this.a;
    }

    public final boolean a(PublicKey publicKey, Provider provider) {
        f();
        return b(publicKey, provider);
    }

    public final org.symbouncycastle.a.a.f b() {
        if (this.e != null && this.m == null) {
            this.m = new org.symbouncycastle.a.a.f(this.e);
        }
        return this.m;
    }

    public final org.symbouncycastle.a.a.f c() {
        if (this.f != null && this.n == null) {
            this.n = new org.symbouncycastle.a.a.f(this.f);
        }
        return this.n;
    }
}
