package org.bouncycastle.cert.cmp;

import com.mifi.apm.trace.core.a;
import java.io.IOException;
import java.io.OutputStream;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cmp.CMPCertificate;
import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers;
import org.bouncycastle.asn1.cmp.PBMParameter;
import org.bouncycastle.asn1.cmp.PKIBody;
import org.bouncycastle.asn1.cmp.PKIHeader;
import org.bouncycastle.asn1.cmp.PKIMessage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.crmf.PKMACBuilder;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.MacCalculator;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class ProtectedPKIMessage {
    private PKIMessage pkiMessage;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtectedPKIMessage(PKIMessage pKIMessage) {
        a.y(3446);
        if (pKIMessage.getHeader().getProtectionAlg() != null) {
            this.pkiMessage = pKIMessage;
            a.C(3446);
        } else {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("PKIMessage not protected");
            a.C(3446);
            throw illegalArgumentException;
        }
    }

    public ProtectedPKIMessage(GeneralPKIMessage generalPKIMessage) {
        a.y(3444);
        if (generalPKIMessage.hasProtection()) {
            this.pkiMessage = generalPKIMessage.toASN1Structure();
            a.C(3444);
        } else {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("PKIMessage not protected");
            a.C(3444);
            throw illegalArgumentException;
        }
    }

    private boolean verifySignature(byte[] bArr, ContentVerifier contentVerifier) throws IOException {
        a.y(3462);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.pkiMessage.getHeader());
        aSN1EncodableVector.add(this.pkiMessage.getBody());
        OutputStream outputStream = contentVerifier.getOutputStream();
        outputStream.write(new DERSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
        outputStream.close();
        boolean verify = contentVerifier.verify(bArr);
        a.C(3462);
        return verify;
    }

    public PKIBody getBody() {
        a.y(3451);
        PKIBody body = this.pkiMessage.getBody();
        a.C(3451);
        return body;
    }

    public X509CertificateHolder[] getCertificates() {
        a.y(3455);
        CMPCertificate[] extraCerts = this.pkiMessage.getExtraCerts();
        if (extraCerts == null) {
            X509CertificateHolder[] x509CertificateHolderArr = new X509CertificateHolder[0];
            a.C(3455);
            return x509CertificateHolderArr;
        }
        X509CertificateHolder[] x509CertificateHolderArr2 = new X509CertificateHolder[extraCerts.length];
        for (int i8 = 0; i8 != extraCerts.length; i8++) {
            x509CertificateHolderArr2[i8] = new X509CertificateHolder(extraCerts[i8].getX509v3PKCert());
        }
        a.C(3455);
        return x509CertificateHolderArr2;
    }

    public PKIHeader getHeader() {
        a.y(3448);
        PKIHeader header = this.pkiMessage.getHeader();
        a.C(3448);
        return header;
    }

    public boolean hasPasswordBasedMacProtection() {
        a.y(3453);
        boolean equals = this.pkiMessage.getHeader().getProtectionAlg().getAlgorithm().equals((ASN1Primitive) CMPObjectIdentifiers.passwordBasedMac);
        a.C(3453);
        return equals;
    }

    public PKIMessage toASN1Structure() {
        return this.pkiMessage;
    }

    public boolean verify(PKMACBuilder pKMACBuilder, char[] cArr) throws CMPException {
        a.y(3460);
        if (!CMPObjectIdentifiers.passwordBasedMac.equals((ASN1Primitive) this.pkiMessage.getHeader().getProtectionAlg().getAlgorithm())) {
            CMPException cMPException = new CMPException("protection algorithm not mac based");
            a.C(3460);
            throw cMPException;
        }
        try {
            pKMACBuilder.setParameters(PBMParameter.getInstance(this.pkiMessage.getHeader().getProtectionAlg().getParameters()));
            MacCalculator build = pKMACBuilder.build(cArr);
            OutputStream outputStream = build.getOutputStream();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(this.pkiMessage.getHeader());
            aSN1EncodableVector.add(this.pkiMessage.getBody());
            outputStream.write(new DERSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
            outputStream.close();
            boolean areEqual = Arrays.areEqual(build.getMac(), this.pkiMessage.getProtection().getBytes());
            a.C(3460);
            return areEqual;
        } catch (Exception e8) {
            CMPException cMPException2 = new CMPException("unable to verify MAC: " + e8.getMessage(), e8);
            a.C(3460);
            throw cMPException2;
        }
    }

    public boolean verify(ContentVerifierProvider contentVerifierProvider) throws CMPException {
        a.y(3457);
        try {
            boolean verifySignature = verifySignature(this.pkiMessage.getProtection().getBytes(), contentVerifierProvider.get(this.pkiMessage.getHeader().getProtectionAlg()));
            a.C(3457);
            return verifySignature;
        } catch (Exception e8) {
            CMPException cMPException = new CMPException("unable to verify signature: " + e8.getMessage(), e8);
            a.C(3457);
            throw cMPException;
        }
    }
}
