package pl.unizeto.android.cryptoapi.etsi;

import iaik.asn1.ASN1Object;
import iaik.asn1.CodingException;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.cms.CMSException;
import iaik.cms.CMSParsingException;
import iaik.cms.CertificateIdentifier;
import iaik.cms.ContentInfoStream;
import iaik.cms.SignedDataStream;
import iaik.cms.SignerInfo;
import iaik.cms.SubjectKeyID;
import iaik.cms.attributes.CounterSignature;
import iaik.utils.ASN1InputStream;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.SubjectKeyIdentifier;
import iaik.x509.ocsp.BasicOCSPResponse;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.DigestOutputStream;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.cryptoapi.ObjectID;
import pl.unizeto.android.cryptoapi.certificatestoremanager.UniCertificateStoreManagerException;
import pl.unizeto.android.cryptoapi.certificatestoremanager.UniCertificateStoreManagerFactory;
import pl.unizeto.android.cryptoapi.exception.PKIErrorCode;
import pl.unizeto.android.cryptoapi.exception.PKIException;
import pl.unizeto.android.cryptoapi.util.HexUtil;
import unizeto.x509.attr.CompleteCertificateRefs;
import unizeto.x509.attr.CompleteRevocationRefs;
import unizeto.x509.attr.RevocationValues;

/* loaded from: classes.dex */
public class UniETSIUtils {
    private static final Logger log = LoggerFactory.getLogger(UniETSIUtils.class.getSimpleName());
    private static int signatureIndex = -1;

    public static void checkContentDigest(InputStream inputStream, InputStream inputStream2) throws PKIException, IOException, NoSuchAlgorithmException {
        byte[] digest;
        try {
            SignedDataStream signedDataStream = new SignedDataStream(new ASN1InputStream(inputStream));
            AlgorithmID algorithmID = signedDataStream.getDigestAlgorithms()[0];
            if (2 != signedDataStream.getMode()) {
                DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), MessageDigest.getInstance(algorithmID.getName()));
                IOUtils.copy(inputStream2, digestOutputStream);
                digest = digestOutputStream.getMessageDigest().digest();
            } else {
                if (inputStream2 == null) {
                    throw new IllegalArgumentException("document can't be null in explicit signature");
                }
                signedDataStream.setInputStream(inputStream2);
                DigestOutputStream digestOutputStream2 = new DigestOutputStream(new NullOutputStream(), MessageDigest.getInstance(algorithmID.getName()));
                IOUtils.copy(signedDataStream.getInputStream(), digestOutputStream2);
                digest = digestOutputStream2.getMessageDigest().digest();
            }
            signedDataStream.setBlockSize(2048);
            try {
                new ContentInfoStream(signedDataStream).writeTo(new NullOutputStream());
                byte[] signedDigest = signedDataStream.getSignedDigest(0);
                if (Arrays.equals(digest, signedDigest)) {
                    return;
                }
                log.error("Skrót (" + algorithmID.getName() + ") obliczony z danych i skrót w strukturze są różne");
                log.error("Skrót obliczony z danych: " + HexUtil.bytesToHex(digest));
                log.error("Skrót w strukturze:       " + HexUtil.bytesToHex(signedDigest));
                throw new UniETSIException(PKIErrorCode.SIGNED_DATA_DIFFERENT_THAN_INPUT_DATA, new String[0]);
            } catch (Exception e) {
                log.error("Błąd podczas sprawdzania skrótu z dokumentu i znajdującego się w podpisie", (Throwable) e);
                if (!(e instanceof PKIException)) {
                    throw new PKIException(e, PKIErrorCode.UNEXPECTED_EXCEPTION, e.getClass().getSimpleName(), e.getMessage());
                }
                throw ((PKIException) e);
            }
        } catch (CMSParsingException e2) {
            throw new UniETSIException(e2, PKIErrorCode.UNI_ETSI_SIGNATURE_NOT_SIGNED, new String[0]);
        }
    }

    public static void checkSignerInfoDigests(SignedDataStream signedDataStream) throws CMSException, UniETSIException {
        SignerInfo[] signerInfos = signedDataStream.getSignerInfos();
        byte[] signedDigest = signerInfos[0].getSignedDigest();
        AlgorithmID digestAlgorithm = signerInfos[0].getDigestAlgorithm();
        log.debug("Hash[0]: " + HexUtil.bytesToHex(signedDigest));
        for (int i = 1; i < signerInfos.length; i++) {
            SignerInfo signerInfo = signerInfos[i];
            byte[] signedDigest2 = signerInfo.getSignedDigest();
            log.debug("Hash[" + i + "]: " + HexUtil.bytesToHex(signedDigest2));
            if (!signerInfo.getDigestAlgorithm().equals(digestAlgorithm)) {
                log.error("Algorytmy skrótów są różne");
                throw new UniETSIException(PKIErrorCode.INVALID_HASH_VALUE, new String[0]);
            }
            if (!Arrays.equals(signedDigest, signedDigest2)) {
                log.error("Skróty w podpisach są różne");
                throw new UniETSIException(PKIErrorCode.INVALID_HASH_VALUE, new String[0]);
            }
        }
    }

    public static List<X509CRL> getCRLVals(Object obj) throws CodingException {
        Attribute unsignedAttribute;
        if (obj instanceof SignerInfo) {
            unsignedAttribute = ((SignerInfo) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationValues);
        } else {
            if (!(obj instanceof CounterSignature)) {
                throw new IllegalArgumentException("Signer must be SignerInfo or CounterSignature");
            }
            unsignedAttribute = ((CounterSignature) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationValues);
        }
        RevocationValues revocationValues = new RevocationValues();
        revocationValues.decode(unsignedAttribute.getAttributeValue().toASN1Object());
        return revocationValues.getCRLs();
    }

    public static X509Certificate getCertificate(SignedDataStream signedDataStream, CertificateIdentifier certificateIdentifier) throws CertificateException, KeyStoreException, UniCertificateStoreManagerException, IOException, PKIException {
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : signedDataStream.getX509Certificates()) {
            if (certificateIdentifier.identifiesCert(x509Certificate2)) {
                return x509Certificate2;
            }
            if (certificateIdentifier instanceof SubjectKeyID) {
                SubjectKeyID subjectKeyID = (SubjectKeyID) certificateIdentifier;
                try {
                    SubjectKeyIdentifier subjectKeyIdentifier = (SubjectKeyIdentifier) x509Certificate2.getExtension(SubjectKeyIdentifier.oid);
                    if (subjectKeyIdentifier != null) {
                        byte[] keyIdentifier = subjectKeyID.getKeyIdentifier();
                        if (Arrays.equals(ArrayUtils.subarray(keyIdentifier, 4, keyIdentifier.length), subjectKeyIdentifier.get())) {
                            return x509Certificate2;
                        }
                    } else {
                        continue;
                    }
                } catch (X509ExtensionInitException e) {
                    log.error("Błąd podczas pobierania SubjectKeyIdentifier z certyfikatu", (Throwable) e);
                }
            }
        }
        if (0 == 0 && log.isDebugEnabled()) {
            log.debug("Nie znaleziono certyfikatu w SignedData (" + certificateIdentifier.toString() + ")");
        }
        java.security.cert.X509Certificate certificate = UniCertificateStoreManagerFactory.getInstance().getCertificate(certificateIdentifier);
        if (certificate != null) {
            x509Certificate = new X509Certificate(certificate.getEncoded());
        } else if (log.isDebugEnabled()) {
            log.debug("Nie znaleziono certyfikatu w magazynie certyfikatów (" + certificateIdentifier.toString() + ")");
        }
        return x509Certificate;
    }

    public static CompleteCertificateRefs getCompleteCertificateRefs(Object obj) throws CodingException {
        Attribute attribute = null;
        if (obj instanceof SignerInfo) {
            attribute = ((SignerInfo) obj).getUnsignedAttribute(ObjectID.id_aa_ets_certificaterefs);
        } else if (obj instanceof CounterSignature) {
            attribute = ((CounterSignature) obj).getUnsignedAttribute(ObjectID.id_aa_ets_certificaterefs);
        }
        if (attribute == null) {
            return null;
        }
        return new CompleteCertificateRefs(attribute.getAttributeValue().toASN1Object());
    }

    public static CompleteRevocationRefs getCompleteRevocationRefs(Object obj) throws CodingException {
        Attribute attribute = null;
        if (obj instanceof SignerInfo) {
            attribute = ((SignerInfo) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationRefs);
        } else if (obj instanceof CounterSignature) {
            attribute = ((CounterSignature) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationRefs);
        }
        if (attribute == null) {
            return null;
        }
        return new CompleteRevocationRefs(attribute.getAttributeValue().toASN1Object());
    }

    public static List<BasicOCSPResponse> getOCSPVals(Object obj) throws CodingException {
        Attribute unsignedAttribute;
        if (obj instanceof SignerInfo) {
            unsignedAttribute = ((SignerInfo) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationValues);
        } else {
            if (!(obj instanceof CounterSignature)) {
                throw new IllegalArgumentException("Signer must be SignerInfo or CounterSignature");
            }
            unsignedAttribute = ((CounterSignature) obj).getUnsignedAttribute(ObjectID.id_aa_ets_revocationValues);
        }
        RevocationValues revocationValues = new RevocationValues();
        revocationValues.decode(unsignedAttribute.getAttributeValue().toASN1Object());
        return revocationValues.getOCSPs();
    }

    public static String getSignedFileName(Attribute attribute) throws CodingException, UnsupportedEncodingException {
        if (!attribute.getType().equals(ObjectID.signedFilename)) {
            throw new IllegalArgumentException("Illegal attribute type. Expected type: " + ObjectID.signedFilename.getNameAndID());
        }
        ASN1Object aSN1Object = attribute.getAttributeValue().toASN1Object();
        if (aSN1Object instanceof OCTET_STRING) {
            return new String((byte[]) ((OCTET_STRING) aSN1Object).getValue(), "windows-1250");
        }
        throw new CodingException("Cannot decode signedFilename attribute. Expected OCTET_STRING!");
    }

    public static SignedDataStream inputStream2SignedDataStream(InputStream inputStream, InputStream inputStream2) throws UniETSIException, IOException {
        if (inputStream == null) {
            throw new IllegalArgumentException("'signatureStream' mustn't be null");
        }
        try {
            SignedDataStream signedDataStream = new SignedDataStream(new ASN1InputStream(inputStream));
            try {
                if (2 == signedDataStream.getMode()) {
                    if (inputStream2 == null) {
                        inputStream2 = new ByteArrayInputStream(new byte[0]);
                    }
                    signedDataStream.setInputStream(inputStream2);
                }
                IOUtils.copy(signedDataStream.getInputStream(), new NullOutputStream());
                return signedDataStream;
            } catch (CMSParsingException e) {
                e = e;
                log.warn("Bład podczas wczytywania podpisu CAdES", (Throwable) e);
                throw new UniETSIException(e, PKIErrorCode.UNI_ETSI_SIGNATURE_NOT_SIGNED, new String[0]);
            }
        } catch (CMSParsingException e2) {
            e = e2;
        }
    }

    public static Object searchForSignById(SignedDataStream signedDataStream, int i) {
        Object[] searchForSignnerAndParentById = searchForSignnerAndParentById(signedDataStream, i);
        if (searchForSignnerAndParentById == null) {
            return null;
        }
        return searchForSignnerAndParentById[0];
    }

    private static Object[] searchForSignById(int i, Object[] objArr, CounterSignature counterSignature) {
        Attribute[] unsignedAttributes = counterSignature.getUnsignedAttributes();
        if (unsignedAttributes != null) {
            for (int i2 = 0; i2 < unsignedAttributes.length; i2++) {
                if (unsignedAttributes[i2].getType().equals(ObjectID.countersignature)) {
                    try {
                        CounterSignature counterSignature2 = (CounterSignature) unsignedAttributes[i2].getAttributeValue();
                        signatureIndex++;
                        if (signatureIndex == i) {
                            objArr[1] = counterSignature;
                            objArr[0] = counterSignature2;
                            return objArr;
                        }
                        Object[] searchForSignById = searchForSignById(i, objArr, counterSignature2);
                        if (searchForSignById != null) {
                            return searchForSignById;
                        }
                    } catch (CodingException e) {
                        log.error("Błąd wyszukiwania podpisu o id = " + i, (Throwable) e);
                        throw new RuntimeException(e);
                    }
                }
            }
        }
        return null;
    }

    public static Object searchForSignParentById(SignedDataStream signedDataStream, int i) {
        Object[] searchForSignnerAndParentById = searchForSignnerAndParentById(signedDataStream, i);
        if (searchForSignnerAndParentById == null) {
            return null;
        }
        return searchForSignnerAndParentById[1];
    }

    public static synchronized Object[] searchForSignnerAndParentById(SignedDataStream signedDataStream, int i) {
        Object[] objArr;
        synchronized (UniETSIUtils.class) {
            signatureIndex = -1;
            objArr = new Object[2];
            SignerInfo[] signerInfos = signedDataStream.getSignerInfos();
            int i2 = 0;
            loop0: while (true) {
                if (i2 >= signerInfos.length) {
                    objArr = null;
                    break;
                }
                SignerInfo signerInfo = signerInfos[i2];
                signatureIndex++;
                if (i == signatureIndex) {
                    objArr[1] = null;
                    objArr[0] = signerInfo;
                    break;
                }
                Attribute[] unsignedAttributes = signerInfo.getUnsignedAttributes(ObjectID.countersignature);
                if (unsignedAttributes != null) {
                    for (Attribute attribute : unsignedAttributes) {
                        try {
                            CounterSignature counterSignature = (CounterSignature) attribute.getAttributeValue();
                            signatureIndex++;
                            if (i == signatureIndex) {
                                objArr[1] = signerInfo;
                                objArr[0] = counterSignature;
                                break loop0;
                            }
                            Object[] searchForSignById = searchForSignById(i, objArr, counterSignature);
                            if (searchForSignById != null) {
                                objArr = searchForSignById;
                                break loop0;
                            }
                        } catch (CodingException e) {
                            log.error("Błąd wyszukiwania podpisu o id = " + i, (Throwable) e);
                            throw new RuntimeException(e);
                        }
                    }
                }
                i2++;
            }
        }
        return objArr;
    }
}
