package pl.unizeto.cmp;

import iaik.asn1.ASN;
import iaik.asn1.ASN1;
import iaik.asn1.ASN1Object;
import iaik.asn1.ASN1Type;
import iaik.asn1.BIT_STRING;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.SEQUENCE;
import iaik.security.cipher.SecretKey;
import iaik.utils.CryptoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import javax.crypto.Mac;
import org.apache.commons.io.IOUtils;
import pl.unizeto.pki.cryptomanager.CryptoManagerException;
import pl.unizeto.pki.cryptomanager.SecretSymmetricalKey;
import pl.unizeto.pki.util.OIDs;

/* loaded from: classes.dex */
public class PKIMessage implements ASN1Type {
    private PKIBody body;
    private SEQUENCE extraCerts;
    private PKIHeader header;
    private BIT_STRING protection;

    public PKIMessage() {
    }

    public PKIMessage(ASN1Object aSN1Object) throws CodingException {
        decode(aSN1Object);
    }

    public PKIMessage(InputStream inputStream) throws IOException, CodingException {
        decode(new ASN1(inputStream).toASN1Object());
    }

    public PKIMessage(PKIHeader pKIHeader, PKIBody pKIBody) {
        this.header = pKIHeader;
        this.body = pKIBody;
    }

    public PKIMessage(byte[] bArr) throws CodingException {
        if (bArr == null) {
            throw new NullPointerException("Cannot parse PKIMessage from a null byte[]!");
        }
        decode(new ASN1(bArr).toASN1Object());
    }

    private BIT_STRING createProtection(byte[] bArr) throws CodingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        try {
            PBMParameter pBMParameter = new PBMParameter(this.header.getProtectionAlg().getParameter());
            SecretKey secretSymmetricalKey = new SecretSymmetricalKey(bArr, pBMParameter).getSecretSymmetricalKey();
            Mac mac = pBMParameter.getMac().getAlgorithm().getID().equals(OIDs.getOID("HMAC-SHA1")) ? Mac.getInstance("HMAC/SHA") : null;
            if (mac == null) {
                throw new InvalidAlgorithmParameterException("No such mac algorithm.");
            }
            mac.init(secretSymmetricalKey);
            return new BIT_STRING(mac.doFinal(getProtectionPart()));
        } catch (IOException e) {
            throw new CodingException(e.getMessage());
        } catch (InvalidKeyException e2) {
            throw new CodingException(e2.getMessage());
        } catch (CryptoManagerException e3) {
            throw new CodingException(e3.getMessage());
        }
    }

    @Override // iaik.asn1.ASN1Type
    public void decode(ASN1Object aSN1Object) throws CodingException {
        int i = 2;
        int countComponents = aSN1Object.countComponents();
        this.header = new PKIHeader(aSN1Object.getComponentAt(0));
        this.body = new PKIBody(aSN1Object.getComponentAt(1));
        if (2 < countComponents && (aSN1Object.getComponentAt(2) instanceof CON_SPEC)) {
            CON_SPEC con_spec = (CON_SPEC) aSN1Object.getComponentAt(2);
            if (con_spec.getAsnType().getTag() == 0) {
                this.protection = (BIT_STRING) con_spec.getValue();
                i = 2 + 1;
            }
        }
        if (i >= countComponents || !(aSN1Object.getComponentAt(i) instanceof CON_SPEC)) {
            return;
        }
        CON_SPEC con_spec2 = (CON_SPEC) aSN1Object.getComponentAt(i);
        if (con_spec2.getAsnType().getTag() == 1) {
            this.extraCerts = (SEQUENCE) con_spec2.getValue();
            int i2 = i + 1;
        }
    }

    public PKIBody getBody() {
        return this.body;
    }

    public byte[] getEncoded() throws CodingException {
        return DerCoder.encode(toASN1Object());
    }

    public CMPCertificate[] getExtraCerts() throws CodingException {
        if (this.extraCerts == null) {
            return null;
        }
        ASN1Type[] parseSequenceOf = ASN.parseSequenceOf(this.extraCerts, CMPCertificate.class);
        CMPCertificate[] cMPCertificateArr = new CMPCertificate[parseSequenceOf.length];
        for (int i = 0; i < parseSequenceOf.length; i++) {
            cMPCertificateArr[i] = (CMPCertificate) parseSequenceOf[i];
        }
        return cMPCertificateArr;
    }

    public PKIHeader getHeader() {
        return this.header;
    }

    public BIT_STRING getProtection() {
        return this.protection;
    }

    public byte[] getProtectionPart() throws CodingException {
        if (this.header == null || this.body == null) {
            throw new CodingException();
        }
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(this.header.toASN1Object());
        sequence.addComponent(this.body.toASN1Object());
        return DerCoder.encode(sequence);
    }

    public void setExtraCerts(CMPCertificate[] cMPCertificateArr) throws CodingException {
        this.extraCerts = (SEQUENCE) ASN.createSequenceOf(cMPCertificateArr);
    }

    public void setProtection(BIT_STRING bit_string) {
        this.protection = bit_string;
    }

    public void setProtection(byte[] bArr) throws CodingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        this.protection = createProtection(bArr);
    }

    @Override // iaik.asn1.ASN1Type
    public ASN1Object toASN1Object() throws CodingException {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(this.header.toASN1Object());
        sequence.addComponent(this.body.toASN1Object());
        if (this.protection != null) {
            sequence.addComponent(new CON_SPEC(0, this.protection));
        }
        if (this.extraCerts != null) {
            sequence.addComponent(new CON_SPEC(1, this.extraCerts));
        }
        return sequence;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("\nheader: ");
        stringBuffer.append(this.header.toString());
        StringBuffer stringBuffer2 = new StringBuffer("\nbody: ");
        stringBuffer2.append(this.body.toString());
        StringBuffer stringBuffer3 = new StringBuffer("\nprotection: ");
        if (this.protection != null) {
            stringBuffer3.append(this.protection.getValue().toString());
        }
        StringBuffer stringBuffer4 = new StringBuffer("\nextraCerts: ");
        if (this.extraCerts != null) {
            try {
                for (CMPCertificate cMPCertificate : getExtraCerts()) {
                    stringBuffer4.append(IOUtils.LINE_SEPARATOR_UNIX + cMPCertificate.toString());
                }
            } catch (CodingException e) {
                throw new RuntimeException("iaik.asn1.CodingException");
            }
        }
        return stringBuffer.toString() + stringBuffer2.toString() + stringBuffer3.toString() + stringBuffer4.toString();
    }

    public void verify(PublicKey publicKey) throws CodingException, ProtectionException, NoSuchAlgorithmException {
        if (this.protection == null) {
            throw new ProtectionException("Cannot verify this PKIMessage. First it has to be protected.");
        }
        if (getHeader().getProtectionAlg() == null) {
            throw new NoSuchAlgorithmException("Cannot verify PKIMessage. Protection algorithm is not set.");
        }
        try {
            Signature signature = Signature.getInstance(OIDs.getOIDName(getHeader().getProtectionAlg().getAlgorithm().getID()));
            byte[] bArr = (byte[]) this.protection.getValue();
            byte[] protectionPart = getProtectionPart();
            signature.initVerify(publicKey);
            signature.update(protectionPart);
            signature.verify(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw e;
        } catch (Exception e2) {
            throw new ProtectionException(e2.getMessage());
        }
    }

    public void verify(byte[] bArr) throws CodingException, ProtectionException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        if (this.protection == null) {
            throw new ProtectionException("Cannot verify this PKIMessage. First it has to be protected.");
        }
        if (getHeader().getProtectionAlg() == null) {
            throw new NoSuchAlgorithmException("Cannot verify PKIMessage. Protection algorithm is not set.");
        }
        if (!CryptoUtils.equalsBlock((byte[]) this.protection.getValue(), (byte[]) createProtection(bArr).getValue())) {
            throw new ProtectionException("Protection is corrupted.");
        }
    }

    public void write(OutputStream outputStream) throws IOException, CodingException {
        new ASN1(toASN1Object()).writeTo(outputStream);
    }
}
