package com.rsa.cryptoj.f;

import com.rsa.cryptoj.f.InterfaceC0036bg;
import com.rsa.jsafe.cms.AuthenticatedDataDecoder;
import com.rsa.jsafe.cms.CMSException;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bO.class */
public final class bO extends AuthenticatedDataDecoder {
    private boolean c;
    private C0447ms k;
    private C0447ms l;
    private bJ m;
    private byte[] n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/bO$a.class */
    public class a implements Closeable {
        a() {
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            bO.this.d();
        }
    }

    public bO(InputStream inputStream, InputStream inputStream2, C0160fx c0160fx) throws IOException {
        super(inputStream, inputStream2, c0160fx);
        c();
    }

    @Override // com.rsa.jsafe.cms.Decoder
    public InputStream getContentInputStream() throws IOException {
        InputStream inputStream;
        if (this.i != null) {
            return this.i;
        }
        if (!this.a.i()) {
            throw new CMSException("The method decryptSecretKey for at least one recipient has to be invoked before getting the content stream.");
        }
        Closeable closeable = null;
        if (this.g == null) {
            inputStream = new eZ(this.e, e());
        } else {
            inputStream = this.g;
            closeable = e();
        }
        b();
        if (this.c) {
            this.i = new C0354jg(inputStream, this.k.c(), closeable, this.f);
        } else {
            this.i = new dT(inputStream, this.m, closeable);
        }
        return this.i;
    }

    @Override // com.rsa.jsafe.cms.AuthenticatedDataDecoder
    public boolean verify() throws CMSException {
        byte[] b;
        if (this.i == null) {
            throw new CMSException("The content stream has not been created yet. To create it call getContentInputStream().");
        }
        if (this.i.a()) {
            throw new CMSException("The content stream has not been closed and the entire encapsulated content might not have been read. Can't invoke verify method unless the entire content has been consumed and the content stream is closed");
        }
        if (!this.c) {
            b = ((dT) this.i).b();
        } else {
            if (!this.h.equals(this.a.c())) {
                throw new CMSException("The content type as part if the encapsulated content info does not match the auth attributes content type");
            }
            if (!Arrays.equals(this.a.e(), ((C0354jg) this.i).a(this.k.c()))) {
                throw new CMSException("The decoded message digest does not match the computed message digest");
            }
            b = this.a.b();
        }
        return Arrays.equals(this.n, b);
    }

    private void b() throws CMSException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.a.j(), this.l.c());
        try {
            this.m = C0067ck.f(this.l.c(), this.f);
            this.m.engineInit(secretKeySpec, null);
        } catch (Exception e) {
            throw new CMSException("Mac algorithm " + this.l.c() + "is not a valid algorithm");
        }
    }

    private void c() throws IOException {
        this.a = new P();
        try {
            if (!this.e.c() || this.e.e() != 16) {
                throw new CMSException(a("AuthenticatedData Sequence tag"));
            }
            if (!this.e.a()) {
                throw new CMSException(a("version"));
            }
            uK uKVar = (uK) C0596sf.a((wC) oF.a, this.e);
            if (uKVar.i() > 3) {
                throw new CMSException("Unable to decode: Unsupported AuthenticatedData version " + uKVar.i());
            }
            if (!this.e.a()) {
                throw new CMSException(a("OriginatorInfo or CMSRecipientInfos"));
            }
            if (this.e.e() == C0596sf.c(0)) {
                this.a.a(C0596sf.a(aB.a.b("OriginatorInfo").g(C0596sf.c(0)), this.e));
                if (!this.e.a()) {
                    throw new CMSException(a("CMSRecipientInfos"));
                }
            }
            this.a.a(C0596sf.a("CMSRecipientInfos", this.e), this.f);
            if (!this.e.a()) {
                throw new CMSException(a("Message Authentication Code Algorithm Identifier"));
            }
            this.l = new C0447ms(C0596sf.a("AlgorithmIdentifier", this.e));
            if (!this.e.a()) {
                throw new CMSException(a("DigestAlgorithmIdentifier or Encapsulated Content Info"));
            }
            if (this.e.e() == C0596sf.c(1)) {
                this.k = new C0447ms(C0596sf.a(aB.a.b("AlgorithmIdentifier").g(C0596sf.c(1)), this.e));
                this.c = true;
                if (!this.e.a()) {
                    throw new CMSException(a("Encapsulated Content Info"));
                }
            }
            if (!this.e.c() || this.e.e() != 16) {
                throw new CMSException(a("AuthenticatedData - EncapsulatedContentInfo Sequence tag"));
            }
            if (!this.e.a()) {
                throw new CMSException(a("EncapsulatedContentInfo - ContentType"));
            }
            this.h = (wP) C0596sf.a((wC) C0511pb.a, this.e);
            if (!this.h.equals(mM.b) && !this.c) {
                throw new CMSException("The digest algorithm must exist for any content type other than DATA");
            }
            if (this.g == null) {
                if (!this.e.a() || this.e.e() != C0596sf.c(0)) {
                    throw new CMSException(a("EncryptedContentInfo: encryptedContent"));
                }
                if (!this.e.a()) {
                    throw new CMSException(a("EncryptedContentInfo - contentInfo"));
                }
            }
        } catch (oU e) {
            throw new CMSException("Could not decode data, invalid encoding encountered." + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void d() throws IOException {
        try {
            try {
                if (this.g == null && this.e.a()) {
                    throw new CMSException("EncapsulatedContentInfo Explicit[0] end tag missing");
                }
                if (this.e.a()) {
                    throw new CMSException("EncapsulatedContentInfo Sequence end tag missing");
                }
                if (this.c) {
                    if (!this.e.a() || this.e.e() != C0596sf.c(2)) {
                        throw new CMSException(a("Auth attributes"));
                    }
                    vV vVVar = (vV) C0596sf.a((wC) uJ.a, this.e);
                    this.a.a(C0596sf.a(aB.a.b("AuthAttributes").g(C0596sf.c(2)), vVVar.i()), vVVar.i(), this.m);
                }
                if (!this.e.a() || this.e.e() != C0119ej.a.d()) {
                    throw new CMSException(a("Message Authentication Code "));
                }
                this.n = this.e.m();
                if (this.e.a()) {
                    this.b = AbstractC0632to.b(C0596sf.a(aB.a.b("AuthAttributes").g(C0596sf.c(3)), this.e));
                    if (this.e.a()) {
                        throw new CMSException("Authenticated Data End Sequence tag missing");
                    }
                }
                if (this.d.read() != -1) {
                    throw new CMSException("Unexpected value.");
                }
                this.d.close();
            } catch (oU e) {
                throw new CMSException("Could not decode data, invalid encoding encountered." + e.getMessage());
            }
        } finally {
            InterfaceC0036bg.a.a(this.a);
        }
    }

    private Closeable e() {
        return new a();
    }
}
