package net.netca.pki.encoding.asn1.pki.seseal;

import java.util.ArrayList;
import java.util.Date;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.GeneralizedTime;
import net.netca.pki.encoding.asn1.IA5String;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.TaggedValue;
import net.netca.pki.encoding.asn1.UTCTime;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.Signable;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class SealBuilder {
    private String propertyInfo;
    private final int sealType;
    private Stamp stamp;
    private Date time;
    private byte[] timeInfo;
    private int version = -1;
    private ArrayList<ExtData> exts = new ArrayList<>();

    public SealBuilder(int i) {
        if (i != 2 && i != 1) {
            throw new u("bad sealType");
        }
        this.sealType = i;
    }

    private void check() {
        if (this.version < 0) {
            throw new u("bad version");
        }
        if (this.stamp == null) {
            throw new u("no stamp");
        }
        if (this.timeInfo == null && this.time == null) {
            throw new u("no timeInfo");
        }
        if (this.sealType == 1 && this.timeInfo == null) {
            this.timeInfo = new UTCTime(this.time).encode();
        }
        if (this.propertyInfo == null) {
            throw new u("no propertyInfo");
        }
    }

    private void checkCert(X509Certificate x509Certificate) {
        if (!x509Certificate.isInValidity()) {
            throw new u("sign cert is not in validty");
        }
        Stamp.checkKeyUsage(x509Certificate);
    }

    private ExtensionDatas getExtensionDatas() {
        if (this.exts.size() <= 0) {
            return null;
        }
        ExtensionDatas extensionDatas = new ExtensionDatas();
        for (int i = 0; i < this.exts.size(); i++) {
            extensionDatas.add(this.exts.get(i));
        }
        return extensionDatas;
    }

    private static int getHashLengthFromSignAlgo(String str) {
        if (str.equals(AlgorithmIdentifier.SHA256WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) || str.equals(AlgorithmIdentifier.DSAWithSHA256_OID) || str.equals(AlgorithmIdentifier.SM3WithSM2_OID) || str.equals(AlgorithmIdentifier.SM3WithRSA_OID)) {
            return 32;
        }
        if (str.equals(AlgorithmIdentifier.SHA1WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID) || str.equals(AlgorithmIdentifier.DSAWithSHA1_OID)) {
            return 20;
        }
        if (str.equals(AlgorithmIdentifier.SHA224WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID) || str.equals(AlgorithmIdentifier.DSAWithSHA224_OID)) {
            return 28;
        }
        if (str.equals(AlgorithmIdentifier.SHA384WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID)) {
            return 48;
        }
        if (str.equals(AlgorithmIdentifier.SHA512WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID)) {
            return 64;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID)) {
            return 28;
        }
        if (str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID)) {
            return 32;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID)) {
            return 28;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID)) {
            return 32;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID)) {
            return 48;
        }
        if (str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) || str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID)) {
            return 64;
        }
        throw new u("unsupport sign algo:" + str);
    }

    public static SealBuilder getInstance(int i) {
        return new SealBuilder(i);
    }

    private byte[] getTbs(byte[] bArr, X509Certificate x509Certificate, String str, ExtensionDatas extensionDatas) {
        if (this.sealType == 1) {
            Sequence sequence = new Sequence(Seal.tbsType);
            sequence.add(new Integer(this.version));
            sequence.add(this.stamp.getASN1Object());
            sequence.add(new BitString(0, this.timeInfo));
            sequence.add(new BitString(0, bArr));
            sequence.add(new IA5String(this.propertyInfo));
            sequence.add(new OctetString(x509Certificate.derEncode()));
            sequence.add(new ObjectIdentifier(str));
            return sequence.encode();
        }
        Sequence sequence2 = new Sequence(Seal.gbTbsType);
        sequence2.add(new Integer(this.version));
        sequence2.add(this.stamp.getASN1Object());
        sequence2.add(new GeneralizedTime(this.time));
        sequence2.add(new BitString(0, bArr));
        sequence2.add(new IA5String(this.propertyInfo));
        if (extensionDatas != null) {
            sequence2.add(new TaggedValue(128, 0, false, extensionDatas.getASN1Object()));
        }
        return sequence2.encode();
    }

    public SealBuilder addExtension(ExtData extData) {
        if (this.sealType != 2) {
            throw new u("GM/T 0031 no extension");
        }
        this.exts.add(extData);
        return this;
    }

    public SealBuilder setPropertyInfo(String str) {
        new IA5String(str);
        this.propertyInfo = str;
        return this;
    }

    public SealBuilder setStamp(Stamp stamp) {
        if (!stamp.isSEStamp()) {
            throw new u("not SEStamp");
        }
        int stampType = stamp.getStampType();
        if (this.sealType == 2) {
            if (stampType != 2) {
                throw new u("not GB/T 38540 SEStamp");
            }
            this.version = stamp.getEstampInfo().getHeader().getVersion();
        } else if (this.sealType == 1 && stampType != 1) {
            throw new u("not GM/T 0031 SEStamp");
        }
        this.stamp = stamp;
        return this;
    }

    public SealBuilder setTime(Date date) {
        if (this.sealType == 2) {
            new GeneralizedTime(date);
        } else {
            new UTCTime(date);
        }
        this.time = date;
        return this;
    }

    public SealBuilder setTimeInfo(byte[] bArr) {
        if (this.sealType == 2) {
            throw new u("GB/T 38540 unsupport setTimeInfo(byte[] timeInfo),use setTime(Date time)");
        }
        this.timeInfo = bArr;
        return this;
    }

    public SealBuilder setVersion(int i) {
        if (this.sealType == 2 && this.stamp != null && i != this.stamp.getEstampInfo().getHeader().getVersion()) {
            throw new u("GB/T 38540 SESeal version must be SEStamp version");
        }
        this.version = i;
        return this;
    }

    public Seal sign(byte[] bArr, int i, int i2, X509Certificate x509Certificate, Signable signable, Hashable hashable, String str) {
        check();
        checkCert(x509Certificate);
        if (!this.stamp.hasCert(x509Certificate, hashable)) {
            throw new u("sign cert not in stamp");
        }
        byte[] hash = hashable.hash(Seal.getHashAlgoFromSignAlgo(str), bArr, i, i2);
        ExtensionDatas extensionDatas = getExtensionDatas();
        byte[] tbs = getTbs(hash, x509Certificate, str, extensionDatas);
        byte[] sign = signable.sign(AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(str), tbs, 0, tbs.length);
        return this.sealType == 1 ? this.time != null ? new Seal(this.version, this.stamp, this.time, hash, this.propertyInfo, x509Certificate, str, sign, null) : new Seal(this.version, this.stamp, this.timeInfo, hash, this.propertyInfo, x509Certificate, str, sign) : new Seal(this.version, this.stamp, this.time, hash, this.propertyInfo, x509Certificate, str, sign, extensionDatas);
    }

    public Seal sign(byte[] bArr, X509Certificate x509Certificate, Signable signable, Hashable hashable, String str) {
        return sign(bArr, 0, bArr.length, x509Certificate, signable, hashable, str);
    }

    public Seal signHash(byte[] bArr, X509Certificate x509Certificate, Signable signable, String str, Hashable hashable) {
        check();
        checkCert(x509Certificate);
        if (!this.stamp.hasCert(x509Certificate, hashable)) {
            throw new u("sign cert not in stamp");
        }
        if (getHashLengthFromSignAlgo(str) != bArr.length) {
            throw new u("bad hash length");
        }
        ExtensionDatas extensionDatas = getExtensionDatas();
        byte[] tbs = getTbs(bArr, x509Certificate, str, extensionDatas);
        byte[] sign = signable.sign(AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(str), tbs, 0, tbs.length);
        return this.sealType == 1 ? new Seal(this.version, this.stamp, this.timeInfo, bArr, this.propertyInfo, x509Certificate, str, sign) : new Seal(this.version, this.stamp, this.time, bArr, this.propertyInfo, x509Certificate, str, sign, extensionDatas);
    }
}
