package cn.org.bjca.gaia.assemb.util;

import cn.org.bjca.gaia.asn1.ASN1EncodableVector;
import cn.org.bjca.gaia.asn1.ASN1Encoding;
import cn.org.bjca.gaia.asn1.ASN1InputStream;
import cn.org.bjca.gaia.asn1.ASN1Integer;
import cn.org.bjca.gaia.asn1.ASN1Primitive;
import cn.org.bjca.gaia.asn1.ASN1Set;
import cn.org.bjca.gaia.asn1.DERSet;
import cn.org.bjca.gaia.asn1.pkcs.ContentInfo;
import cn.org.bjca.gaia.asn1.pkcs.PKCSObjectIdentifiers;
import cn.org.bjca.gaia.asn1.pkcs.SignedData;
import cn.org.bjca.gaia.asn1.x500.X500Name;
import cn.org.bjca.gaia.asn1.x509.Certificate;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.util.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class P7bUtil {
    private GaiaProvider provider;

    public P7bUtil(GaiaProvider gaiaProvider) {
        this.provider = null;
        this.provider = gaiaProvider;
    }

    public static String buildCertChainForDerEncode(String[] strArr, boolean z) {
        try {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            X500Name x500Name = null;
            for (String str : strArr) {
                Certificate certificate = Certificate.getInstance(Base64.decode(str));
                if (certificate == null) {
                    throw new PkiException(ErrorCode.P7b.PARSE_CERT_ERR, ErrorCode.P7b.PARSE_CERT_ERR_DES);
                }
                if (z && certificate.getIssuer().equals(certificate.getSubject())) {
                    x500Name = certificate.getSubject();
                    aSN1EncodableVector.add(certificate);
                }
                if (!z) {
                    aSN1EncodableVector.add(certificate);
                }
            }
            if (z) {
                if (x500Name == null) {
                    throw new PkiException(ErrorCode.P7b.BUILD_CERT_CHAIN_NOT_FOUNT_ROOT, ErrorCode.P7b.BUILD_CERT_CHAIN_NOT_FOUNT_ROOT_DES);
                }
                aSN1EncodableVector = sortCert(strArr, x500Name, aSN1EncodableVector);
                aSN1EncodableVector.reverse();
                if (aSN1EncodableVector.size() != strArr.length) {
                    throw new PkiException(ErrorCode.P7b.BUILD_CERT_CHAIN_PARAM_ERR, ErrorCode.P7b.BUILD_CERT_CHAIN_PARAM_ERR_DES);
                }
            }
            return Base64.toBase64String(new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new ASN1Integer(1L), new DERSet(false), new ContentInfo(PKCSObjectIdentifiers.data, null), new DERSet(aSN1EncodableVector, false), null, new DERSet(false))).getEncoded(ASN1Encoding.DER));
        } catch (PkiException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new PkiException(ErrorCode.P7b.BUILD_CERT_CHAIN_ERR, ErrorCode.P7b.BUILD_CERT_CHAIN_ERR_DES, e3);
        }
    }

    private static ASN1Primitive buildDer(byte[] bArr) {
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    public static Certificate[] getCertChain(byte[] bArr) {
        if (Base64Util.isBase64Encode(bArr)) {
            bArr = Base64.decode(Base64Util.convertBase64(bArr));
        }
        ContentInfo contentInfo = ContentInfo.getInstance(ASN1Util.checkAndGetASN1Object(bArr));
        if (!contentInfo.getContentType().equals(PKCSObjectIdentifiers.signedData)) {
            throw new PkiException(ErrorCode.P7b.GET_CERT_CHAIN, "获取证书链失败 Not a valid PKCS#7 signed-data object - wrong header " + contentInfo.getContentType().getId());
        }
        SignedData signedData = SignedData.getInstance(contentInfo.getContent());
        ASN1Set certificates = signedData.getCertificates();
        if (certificates == null) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[certificates.size()];
        Enumeration objects = ASN1Set.getInstance(signedData.getCertificates()).getObjects();
        int i2 = 0;
        while (objects.hasMoreElements()) {
            try {
                certificateArr[i2] = Certificate.getInstance(objects.nextElement());
                i2++;
            } catch (Exception e2) {
                throw new PkiException(ErrorCode.P7b.GET_CERT_CHAIN, "获取证书链失败 ", e2);
            }
        }
        return sortCertificates(certificateArr);
    }

    public static ArrayList getCertChainByP7(byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        Certificate[] certChain = getCertChain(bArr);
        if (certChain == null) {
            throw new PkiException(ErrorCode.P7b.GET_CERT_CHAIN, "获取证书链失败 certChain is null");
        }
        for (Certificate certificate : certChain) {
            try {
                arrayList.add(certificate.getEncoded());
            } catch (Exception e2) {
                throw new PkiException(ErrorCode.P7b.GET_CERT_CHAIN, "获取证书链失败 ", e2);
            }
        }
        return arrayList;
    }

    private static ASN1EncodableVector sortCert(String[] strArr, X500Name x500Name, ASN1EncodableVector aSN1EncodableVector) {
        for (String str : strArr) {
            Certificate certificate = Certificate.getInstance(Base64.decode(str));
            if (!certificate.getIssuer().equals(certificate.getSubject()) && certificate.getIssuer().equals(x500Name)) {
                aSN1EncodableVector.add(certificate);
                aSN1EncodableVector = sortCert(strArr, certificate.getSubject(), aSN1EncodableVector);
            }
        }
        return aSN1EncodableVector;
    }

    public static Certificate[] sortCertificates(Certificate[] certificateArr) {
        Certificate certificate;
        int length = certificateArr.length;
        Certificate[] certificateArr2 = new Certificate[length];
        int i2 = 0;
        while (true) {
            certificate = null;
            if (i2 >= length) {
                break;
            }
            Certificate certificate2 = certificateArr[i2];
            if (certificate2.getSubject().equals(certificate2.getIssuer())) {
                certificateArr[i2] = null;
                certificate = certificate2;
                break;
            }
            i2++;
        }
        int i3 = length - 1;
        certificateArr2[i3] = certificate;
        if (certificate == null) {
            throw new PkiException(ErrorCode.P7b.GET_CERT_CHAIN, "获取证书链失败 rootCert is null");
        }
        for (int i4 = 0; i4 < i3; i4++) {
            X500Name subject = certificate.getSubject();
            int i5 = 0;
            while (true) {
                if (i5 >= length) {
                    break;
                }
                if (certificateArr[i5] != null) {
                    Certificate certificate3 = certificateArr[i5];
                    if (subject.equals(certificate3.getIssuer())) {
                        certificateArr2[(length - i4) - 2] = certificate3;
                        certificate = certificate3;
                        break;
                    }
                }
                i5++;
            }
        }
        return certificateArr2;
    }

    private boolean validateCertSignature(Certificate certificate, Certificate certificate2) {
        try {
            return new CertificateUtil(this.provider).validateCert(certificate2.getEncoded(), certificate.getEncoded());
        } catch (Exception e2) {
            throw new PkiException(ErrorCode.P7b.VALIDATE_CERT_CHAIN, "验证证书链失败 ", e2);
        }
    }

    public boolean validateCertChain(Certificate[] certificateArr) {
        int length = certificateArr.length;
        if (length < 2) {
            return true;
        }
        for (int i2 = 1; i2 < length; i2++) {
            if (!validateCertSignature(certificateArr[i2], certificateArr[i2 - 1])) {
                return false;
            }
        }
        return true;
    }
}
