package net.netca.pki.crypto.android.interfaces.impl;

import android.content.Context;
import android.text.TextUtils;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import net.netca.pki.Certificate;
import net.netca.pki.GeneralDevice;
import net.netca.pki.PkiException;
import net.netca.pki.SignedData;
import net.netca.pki.Util;
import net.netca.pki.crypto.android.core.DeviceItem;
import net.netca.pki.crypto.android.core.DeviceManager;
import net.netca.pki.crypto.android.core.KeyxVerifyPwd;
import net.netca.pki.crypto.android.err.InnerDeviceError;
import net.netca.pki.crypto.android.exceptions.DeviceNotFoundException;
import net.netca.pki.crypto.android.exceptions.PinErrorException;
import net.netca.pki.crypto.android.exceptions.UserCancelException;
import net.netca.pki.crypto.android.global.PKISetting;
import net.netca.pki.crypto.android.http.OkHttpManager;
import net.netca.pki.crypto.android.interfaces.SignedDataSignInterface;
import net.netca.pki.crypto.android.utils.CertUtil;
import net.netca.pki.crypto.android.utils.DeviceUtils;
import net.netca.pki.crypto.android.utils.PasswordInputUtil;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.tsp.HttpGetTimeStamp;

/* loaded from: classes3.dex */
public class SignedDataSignImpl implements SignedDataSignInterface {
    private HashMap<Integer, Integer> m_signAlgos = new HashMap<>();
    private Certificate m_signCert = null;
    private int mDeviceType = 0;
    private SignedData m_sign = null;
    private boolean m_detach = false;
    private int m_includeCertOption = 4;
    private ArrayList<byte[]> adobeCrlList = new ArrayList<>();
    private ArrayList<byte[]> adobeOCSPList = new ArrayList<>();
    private ArrayList<byte[]> signedDataCrlList = new ArrayList<>();
    private ArrayList<byte[]> signedDataOCSPList = new ArrayList<>();
    private OkHttpManager manager = new OkHttpManager();

    private boolean signPrepare(GeneralDevice generalDevice, Certificate certificate, String str) throws PkiException {
        int i;
        if (certificate == null) {
            throw new PkiException("没有设置签名证书");
        }
        if (generalDevice == null) {
            throw new DeviceNotFoundException("没有找到设备");
        }
        if (DeviceUtils.isNeedPasswordUI(generalDevice)) {
            if (TextUtils.isEmpty(str)) {
                Context activity = PKISetting.getInstance().getActivity();
                if (activity == null) {
                    activity = PKISetting.getInstance().getApplicationContext();
                }
                str = new PasswordInputUtil(activity, certificate, generalDevice).getPassword();
            }
            if (TextUtils.isEmpty(str)) {
                throw new UserCancelException("取消输入");
            }
        }
        this.m_sign.setDetached(this.m_detach);
        this.m_sign.setIncludeCertOption(this.m_includeCertOption);
        generalDevice.setVerifyPwdUIObject(new KeyxVerifyPwd(str));
        if (DeviceUtils.isNeedPasswordVerify(generalDevice) && !generalDevice.verifyPwd(1, str)) {
            try {
                i = generalDevice.getPwdRetryNumber(1);
            } catch (Exception unused) {
                i = 0;
            }
            throw new PinErrorException(i > 0 ? "PIN码错误,剩余次数" + i : "PIN码错误");
        }
        DeviceUtils.prepareDevice(generalDevice);
        this.m_sign.setDevice(generalDevice);
        this.m_sign.setSignCertificate(certificate);
        if (this.m_signAlgos.size() == 0) {
            throw new PkiException("没有设置签名算法");
        }
        for (Integer num : this.m_signAlgos.keySet()) {
            this.m_sign.setSignAlgorithm(num.intValue(), this.m_signAlgos.get(num).intValue());
        }
        this.m_signAlgos.clear();
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public void addAdbeRevocationInfoArchivalCRL(byte[] bArr) throws PkiException {
        if (bArr == null) {
            return;
        }
        this.adobeCrlList.add(bArr);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public void addAdbeRevocationInfoArchivalOCSP(byte[] bArr) throws PkiException {
        if (bArr == null) {
            return;
        }
        this.adobeOCSPList.add(bArr);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public void addCRL(byte[] bArr) throws PkiException {
        if (bArr == null) {
            return;
        }
        this.signedDataCrlList.add(bArr);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public void addOCSP(byte[] bArr) throws PkiException {
        if (bArr == null) {
            return;
        }
        this.signedDataOCSPList.add(bArr);
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public byte[] addTimeStamp(String str) throws PkiException {
        if (this.m_sign == null) {
            throw new PkiException("call init first");
        }
        int signerCount = this.m_sign.getSignerCount() - 1;
        String stringAttribute = this.m_sign.getStringAttribute(22, signerCount);
        HttpGetTimeStamp httpGetTimeStamp = new HttpGetTimeStamp();
        httpGetTimeStamp.setHttpImplement(new OkHttpManager());
        httpGetTimeStamp.setHashAlgorithm(AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA256_OID));
        httpGetTimeStamp.setData(Util.HexDecode(stringAttribute));
        httpGetTimeStamp.getTimeStamp(str);
        this.m_sign.addUnsignedAttribute(signerCount, Attribute.SIGNATURE_TIMESTAMP, Util.encodeSetOf(httpGetTimeStamp.getTimeStampToken()));
        return this.m_sign.encode();
    }

    public void initSignedData(String str) throws PkiException {
        if (this.m_sign != null) {
            this.m_sign.free();
        }
        this.m_sign = new SignedData(true);
        this.m_sign.keepTbs(true);
        if (this.m_signCert == null) {
            throw new PkiException("没有设置签名证书");
        }
        CertUtil.verifyCertValid(this.m_signCert);
        DeviceItem deviceItemByCert = DeviceManager.getInstance().getDeviceItemByCert(this.m_signCert);
        if (deviceItemByCert == null || deviceItemByCert.getDevice() == null) {
            throw new DeviceNotFoundException("找不到相关设备");
        }
        this.mDeviceType = DeviceUtils.getDeviceType(deviceItemByCert.getDevice());
        InnerDeviceError.clear(this.mDeviceType);
        signPrepare(deviceItemByCert.getDevice(), this.m_signCert, str);
        this.mDeviceType = DeviceUtils.getDeviceType(deviceItemByCert.getDevice());
        InnerDeviceError.clear(this.mDeviceType);
        if (!this.adobeCrlList.isEmpty() || !this.adobeOCSPList.isEmpty()) {
            this.m_sign.setAdbeRevocationInfoArchival(0, (byte[][]) this.adobeCrlList.toArray(new byte[this.adobeCrlList.size()]), (byte[][]) this.adobeOCSPList.toArray(new byte[this.adobeOCSPList.size()]));
        }
        Iterator<byte[]> it = this.signedDataCrlList.iterator();
        while (it.hasNext()) {
            this.m_sign.addCRL(it.next());
        }
        Iterator<byte[]> it2 = this.signedDataOCSPList.iterator();
        while (it2.hasNext()) {
            this.m_sign.addOCSP(it2.next());
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public boolean setDetached(boolean z) throws PkiException {
        this.m_detach = z;
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public boolean setIncludeCertOption(int i) throws PkiException {
        this.m_includeCertOption = i;
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public boolean setSignAlgorithm(int i, int i2) throws PkiException {
        this.m_signAlgos.put(new Integer(i), new Integer(i2));
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public boolean setSignCertificate(Certificate certificate) throws PkiException {
        this.m_signCert = certificate;
        return true;
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public byte[] sign(String str, byte[] bArr, int i, int i2) throws PkiException {
        try {
            initSignedData(str);
            return this.m_sign.sign(bArr, i, i2);
        } catch (Exception e) {
            throw new PkiException(e.getMessage() + " " + InnerDeviceError.getErrorMsg(this.mDeviceType));
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public byte[] signFinal() throws PkiException {
        try {
            try {
                return this.m_sign.signFinal();
            } catch (Exception e) {
                throw new PkiException(e.getMessage() + " " + InnerDeviceError.getErrorMsg(this.mDeviceType));
            }
        } finally {
            this.adobeCrlList.clear();
            this.adobeOCSPList.clear();
            this.signedDataCrlList.clear();
            this.signedDataOCSPList.clear();
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public byte[] signInit(String str) throws PkiException {
        initSignedData(str);
        return this.m_sign.signInit();
    }

    @Override // net.netca.pki.crypto.android.interfaces.SignedDataSignInterface
    public byte[] signUpdate(byte[] bArr, int i, int i2) throws PkiException {
        return this.m_sign.signUpdate(bArr, i, i2);
    }
}
