package com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl;

import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidDocumentException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFUnableToCompleteOperationException;
import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.EncodedContainer;
import com.rsa.asn1.EndContainer;
import com.rsa.asn1.OIDContainer;
import com.rsa.asn1.OIDList;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.asn1.SequenceContainer;
import com.rsa.asn1.SetContainer;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder;
import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
import org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/cryptoprovider/impl/RSAVerifyUtils.class */
public final class RSAVerifyUtils {
    private static final boolean debug = false;

    public static boolean verify(byte[] bArr, InputStream inputStream) throws PDFSignatureException {
        return verify(bArr, 0, bArr.length, inputStream);
    }

    public static byte[] getSignatureBytes(byte[] bArr) throws PDFInvalidDocumentException, PDFUnableToCompleteOperationException {
        try {
            ASN1Container octetStringContainer = new OctetStringContainer(0);
            ASN1.berDecode(bArr, 0, new ASN1Container[]{octetStringContainer});
            if (!((OctetStringContainer) octetStringContainer).dataPresent) {
                throw new PDFInvalidDocumentException("Signature did not contain valid a PKCS#1 packet.");
            }
            byte[] bArr2 = new byte[((OctetStringContainer) octetStringContainer).dataLen];
            System.arraycopy(((OctetStringContainer) octetStringContainer).data, ((OctetStringContainer) octetStringContainer).dataOffset, bArr2, 0, ((OctetStringContainer) octetStringContainer).dataLen);
            return bArr2;
        } catch (ASN_Exception e) {
            throw new PDFUnableToCompleteOperationException("Could not decode the pkcs#1 object.", e);
        }
    }

    private static boolean verify(byte[] bArr, int i, int i2, InputStream inputStream) throws PDFSignatureException {
        boolean z = false;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                try {
                    byteArrayInputStream = new ByteArrayInputStream(bArr, 0, bArr.length);
                    CMSSignedData cMSSignedData = new CMSSignedData(byteArrayInputStream);
                    byte[] bArr2 = cMSSignedData.getSignedContent() != null ? (byte[]) cMSSignedData.getSignedContent().getContent() : null;
                    boolean z2 = true;
                    if (bArr2 != null) {
                        if (inputStream == null) {
                            inputStream = new ByteArrayInputStream(bArr2);
                        } else {
                            byte[] bArr3 = new byte[1024];
                            int i3 = 0;
                            while (true) {
                                int read = inputStream.read(bArr3);
                                if (read == -1) {
                                    break;
                                }
                                int i4 = 0;
                                while (true) {
                                    if (i4 >= read || i4 >= bArr2.length - i3) {
                                        break;
                                    }
                                    if (bArr3[i4] != bArr2[i3 + i4]) {
                                        z2 = false;
                                        break;
                                    }
                                    i4++;
                                }
                                if (!z2) {
                                    break;
                                }
                                i3 += read;
                            }
                            boolean z3 = z2 & (i3 == bArr2.length);
                            if (inputStream.markSupported()) {
                                inputStream.reset();
                            }
                        }
                    }
                    JcaCertStoreBuilder jcaCertStoreBuilder = new JcaCertStoreBuilder();
                    jcaCertStoreBuilder.addCertificates(cMSSignedData.getCertificates());
                    jcaCertStoreBuilder.addCRLs(cMSSignedData.getCRLs());
                    CertStore build = jcaCertStoreBuilder.build();
                    for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                        SignerId sid = signerInformation.getSID();
                        z = verify(signerInformation, inputStream, cMSSignedData, ((X509Certificate) build.getCertificates(new JcaX509CertSelectorConverter().getCertSelector(new X509CertificateHolderSelector(sid.getIssuer(), sid.getSerialNumber()))).iterator().next()).getPublicKey());
                        if (z) {
                            break;
                        }
                    }
                    int length = cMSSignedData.getEncoded().length;
                    if (length > bArr.length) {
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        return false;
                    }
                    if (hasPaddingBeenTampered(bArr, length)) {
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (IOException e2) {
                            }
                        }
                        return false;
                    }
                    boolean z4 = z;
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    return z4;
                } catch (Throwable th) {
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e4) {
                        }
                    }
                    throw th;
                }
            } catch (GSSException e5) {
                throw new PDFSignatureException("Error verifying the signature Bytes.", e5);
            } catch (ASN_Exception e6) {
                throw new PDFSignatureException("Error verifying the signature Bytes.", e6);
            }
        } catch (IOException e7) {
            throw new PDFSignatureException("Error verifying the signature Bytes.", e7);
        } catch (GeneralSecurityException e8) {
            throw new PDFSignatureException("Error verifying the signature Bytes.", e8);
        } catch (CMSException e9) {
            throw new PDFSignatureException("Error verifying the signature Bytes.", e9);
        }
    }

    private static boolean verify(SignerInformation signerInformation, InputStream inputStream, CMSSignedData cMSSignedData, PublicKey publicKey) throws ASN_Exception, GeneralSecurityException, IOException, GSSException {
        byte[] oIDBytesFromString = getOIDBytesFromString(signerInformation.getDigestAlgOID());
        String trans = OIDList.getTrans(oIDBytesFromString, 0, oIDBytesFromString.length, 11);
        if (trans == null) {
            trans = OIDList.getTrans(oIDBytesFromString, 0, oIDBytesFromString.length, 1);
        }
        if (trans != null) {
            trans = trans.split("/")[0];
        }
        if (trans == null) {
            return false;
        }
        getOIDBytesFromString(signerInformation.getEncryptionAlgOID());
        Map<String, byte[]> attributes = getAttributes(signerInformation.getSignedAttributes());
        String algorithm = publicKey.getAlgorithm();
        if (algorithm.equalsIgnoreCase("EC")) {
            algorithm = "ECDSA";
        }
        Signature signature = Signature.getInstance(trans + "with" + algorithm, BCUtilities.provider);
        signature.initVerify(publicKey);
        byte[] bArr = new byte[32768];
        if (attributes == null) {
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                signature.update(bArr, 0, read);
            }
        } else {
            MessageDigest messageDigest = MessageDigest.getInstance(trans, BCUtilities.provider);
            while (true) {
                int read2 = inputStream.read(bArr);
                if (read2 == -1) {
                    break;
                }
                messageDigest.update(bArr, 0, read2);
            }
            byte[] digest = messageDigest.digest();
            ASN1Container octetStringContainer = new OctetStringContainer(0);
            ASN1.berDecode(attributes.get(CMSAttributes.messageDigest.getId()), 0, new ASN1Container[]{new SetContainer(0), octetStringContainer, new EndContainer()});
            byte[] bArr2 = new byte[((OctetStringContainer) octetStringContainer).dataLen];
            System.arraycopy(((OctetStringContainer) octetStringContainer).data, ((OctetStringContainer) octetStringContainer).dataOffset, bArr2, 0, ((OctetStringContainer) octetStringContainer).dataLen);
            if (!Arrays.equals(digest, bArr2)) {
                return false;
            }
            ASN1Container encodedContainer = new EncodedContainer(1536);
            ASN1.berDecode(attributes.get(CMSAttributes.contentType.getId()), 0, new ASN1Container[]{new SetContainer(0), encodedContainer, new EndContainer()});
            byte[] bArr3 = new byte[((EncodedContainer) encodedContainer).dataLen];
            System.arraycopy(((EncodedContainer) encodedContainer).data, ((EncodedContainer) encodedContainer).dataOffset, bArr3, 0, bArr3.length);
            if (!new Oid(bArr3).toString().equalsIgnoreCase(cMSSignedData.getSignedContentTypeOID())) {
                return false;
            }
            signature.update(signerInformation.getEncodedSignedAttributes());
        }
        byte[] signature2 = signerInformation.getSignature();
        boolean verify = signature.verify(signerInformation.getSignature());
        if (verify) {
            verify = checkHashPadding(publicKey, signature2);
        }
        return verify;
    }

    private static byte[] getOIDBytesFromString(String str) {
        try {
            Oid oid = new Oid(str);
            if (oid == null) {
                return null;
            }
            ASN1Container oIDContainer = new OIDContainer(0);
            ASN1.berDecode(oid.getDER(), 0, new ASN1Container[]{oIDContainer});
            byte[] bArr = new byte[((OIDContainer) oIDContainer).dataLen];
            System.arraycopy(((OIDContainer) oIDContainer).data, ((OIDContainer) oIDContainer).dataOffset, bArr, 0, ((OIDContainer) oIDContainer).dataLen);
            return bArr;
        } catch (GSSException e) {
            return null;
        } catch (ASN_Exception e2) {
            return null;
        }
    }

    private static Map<String, byte[]> getAttributes(AttributeTable attributeTable) {
        Hashtable hashtable;
        if (attributeTable == null || (hashtable = attributeTable.toHashtable()) == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        Enumeration keys = hashtable.keys();
        while (keys.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) keys.nextElement();
            try {
                Object obj = hashtable.get(aSN1ObjectIdentifier);
                if (obj instanceof Attribute) {
                    hashMap.put(aSN1ObjectIdentifier.getId(), ((Attribute) obj).getAttrValues().toASN1Primitive().getEncoded("DER"));
                } else if (obj instanceof Vector) {
                    Vector vector = (Vector) obj;
                    if (vector.size() > 0 && (vector.get(0) instanceof Attribute)) {
                        hashMap.put(aSN1ObjectIdentifier.getId(), ((Attribute) vector.get(0)).getAttrValues().toASN1Primitive().getEncoded("DER"));
                    }
                }
            } catch (IOException e) {
            }
        }
        return hashMap;
    }

    private static boolean checkHashPadding(PublicKey publicKey, byte[] bArr) {
        if (!publicKey.getAlgorithm().equalsIgnoreCase("RSA")) {
            return true;
        }
        try {
            PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
            pKCS1Encoding.init(false, new RSAKeyParameters(false, ((RSAPublicKey) publicKey).getModulus(), ((RSAPublicKey) publicKey).getPublicExponent()));
            byte[] processBlock = pKCS1Encoding.processBlock(bArr, 0, bArr.length);
            ASN1Container octetStringContainer = new OctetStringContainer(0);
            ASN1.berDecode(processBlock, 0, new ASN1Container[]{new SequenceContainer(0), new EncodedContainer(12288), octetStringContainer, new EndContainer()});
            for (int i = ((OctetStringContainer) octetStringContainer).dataOffset + ((OctetStringContainer) octetStringContainer).dataLen; i < processBlock.length; i++) {
                if (processBlock[i] != 0) {
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private static Map<String, String> parseSignatureAlgo(String str) {
        String[] split = str.split("/");
        int indexOf = str.indexOf("with");
        HashMap hashMap = new HashMap();
        if (split.length >= 2) {
            hashMap.put("digest", split[0]);
            hashMap.put("encrypt", split[1]);
            if (split.length >= 3) {
                hashMap.put("pad", split[2]);
            }
        }
        if (indexOf > 0) {
            hashMap.put("digest", str.substring(0, indexOf));
            hashMap.put("encrypt", str.substring(indexOf + 4));
        }
        return hashMap;
    }

    private static boolean hasPaddingBeenTampered(byte[] bArr, int i) {
        if (bArr.length <= i) {
            return false;
        }
        for (int i2 = i; i2 < bArr.length; i2++) {
            if (bArr[i2] != 0) {
                return true;
            }
        }
        return false;
    }
}
