package net.netca.pki.encoding.asn1.pki.seseal;

import java.util.Arrays;
import java.util.Date;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class Stamp {
    public static final int GBT_38540 = 2;
    public static final int GMT_0031 = 1;
    private Sequence seq;
    private final int stampType;
    private static final ASN1TypeManager manager = ASN1TypeManager.getInstance();
    private static final SequenceType type = (SequenceType) manager.get("SESeal");
    private static final SequenceType tbsType = (SequenceType) manager.get("SESeal_TBS");
    private static final SequenceType gbType = (SequenceType) manager.get("GBSESeal");
    private static final SequenceType signInfoType = (SequenceType) manager.get("SES_SignInfo");

    public Stamp(Sequence sequence) {
        int i;
        if (gbType.match(sequence)) {
            i = 2;
        } else {
            if (!type.match(sequence)) {
                throw new u("not SESeal");
            }
            i = 1;
        }
        this.stampType = i;
        this.seq = sequence;
    }

    public Stamp(StampInfo stampInfo, X509Certificate x509Certificate, String str, byte[] bArr) {
        if (!stampInfo.isSEStamp()) {
            throw new u("not SEStamp");
        }
        this.stampType = stampInfo.getStampType();
        if (this.stampType != 1) {
            this.seq = new Sequence(gbType);
            this.seq.add(stampInfo.getASN1Object());
            this.seq.add(new OctetString(x509Certificate.derEncode()));
            this.seq.add(new ObjectIdentifier(str));
            this.seq.add(new BitString(0, bArr));
            return;
        }
        this.seq = new Sequence(type);
        this.seq.add(stampInfo.getASN1Object());
        Sequence sequence = new Sequence(signInfoType);
        sequence.add(new OctetString(x509Certificate.derEncode()));
        sequence.add(new ObjectIdentifier(str));
        sequence.add(new BitString(0, bArr));
        this.seq.add(sequence);
    }

    private Stamp(byte[] bArr) {
        boolean z;
        try {
            this.seq = (Sequence) ASN1Object.decode(bArr, gbType);
            z = true;
        } catch (u unused) {
            this.seq = (Sequence) ASN1Object.decode(bArr, type);
            z = false;
        }
        if (z) {
            this.stampType = 2;
        } else {
            this.stampType = 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkKeyUsage(X509Certificate x509Certificate) {
        Extension extension;
        Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
            return;
        }
        NamedBitStringExtension namedBitStringExtension = (NamedBitStringExtension) extension.getExtensionObject();
        if (!namedBitStringExtension.isSet(0) && !namedBitStringExtension.isSet(1)) {
            throw new u("not sign cert");
        }
    }

    public static Stamp decode(byte[] bArr) {
        return new Stamp(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getTbs(int i, StampInfo stampInfo, X509Certificate x509Certificate, String str) {
        Sequence aSN1Object;
        if (i == 1) {
            aSN1Object = new Sequence(tbsType);
            aSN1Object.add(stampInfo.getASN1Object());
            aSN1Object.add(new OctetString(x509Certificate.derEncode()));
            aSN1Object.add(new ObjectIdentifier(str));
        } else {
            aSN1Object = stampInfo.getASN1Object();
        }
        return aSN1Object.encode();
    }

    public Sequence getASN1Object() {
        return this.seq;
    }

    public SequenceType getASN1Type() {
        return this.stampType == 1 ? type : gbType;
    }

    public X509Certificate getCert() {
        return this.stampType == 1 ? new X509Certificate(((OctetString) ((Sequence) this.seq.get(1)).get(0)).getValue()) : new X509Certificate(((OctetString) this.seq.get(1)).getValue());
    }

    public StampInfo getEstampInfo() {
        return new StampInfo((Sequence) this.seq.get(0));
    }

    public String getSignatureAlgorithm() {
        Sequence sequence;
        int i = 1;
        if (this.stampType == 1) {
            sequence = (Sequence) this.seq.get(1);
        } else {
            sequence = this.seq;
            i = 2;
        }
        return ((ObjectIdentifier) sequence.get(i)).getString();
    }

    public byte[] getSignedValue() {
        Sequence sequence;
        int i;
        if (this.stampType == 1) {
            sequence = (Sequence) this.seq.get(1);
            i = 2;
        } else {
            sequence = this.seq;
            i = 3;
        }
        BitString bitString = (BitString) sequence.get(i);
        if (bitString.getUnusedBits() == 0) {
            return bitString.getValue();
        }
        throw new u("signedValue unusedBits is not zeor:" + bitString.getUnusedBits());
    }

    public int getStampType() {
        return this.stampType;
    }

    public boolean hasCert(X509Certificate x509Certificate, Hashable hashable) {
        try {
            ESPropertyInfo property = getEstampInfo().getProperty();
            if (property.getCertListType() != 1) {
                CertDigestList certDigestList = property.getCertDigestList();
                for (int i = 0; i < certDigestList.size(); i++) {
                    if (certDigestList.get(i).match(hashable, x509Certificate)) {
                        return true;
                    }
                }
                return false;
            }
            X509Certificate[] certList = property.getCertList();
            byte[] derEncode = x509Certificate.derEncode();
            for (X509Certificate x509Certificate2 : certList) {
                if (Arrays.equals(x509Certificate2.derEncode(), derEncode)) {
                    return true;
                }
            }
            return false;
        } catch (u unused) {
            return false;
        }
    }

    public boolean isSEStamp() {
        try {
            return getEstampInfo().isSEStamp();
        } catch (u unused) {
            return false;
        }
    }

    public boolean verify(Date date, Verifible verifible) {
        if (!isSEStamp()) {
            throw new u("not SEStamp");
        }
        StampInfo estampInfo = getEstampInfo();
        ESPropertyInfo property = estampInfo.getProperty();
        if (property.getCertListType() == 1) {
            if (property.getCertList().length == 0) {
                throw new u("no seal signer cert");
            }
        } else if (property.getCertDigestList().size() == 0) {
            throw new u("no seal signer cert");
        }
        if (date.before(property.getValidStart())) {
            throw new u("stamp is not reached validity period");
        }
        if (date.after(property.getValidEnd())) {
            throw new u("stamp is expired");
        }
        ESPictureInfo picture = estampInfo.getPicture();
        if (picture.getHeight() < 0) {
            throw new u("the height of picture is less than zero");
        }
        if (picture.getWidth() < 0) {
            throw new u("the width of picture is less than zero");
        }
        X509Certificate cert = getCert();
        if (!cert.isInValidity(date)) {
            throw new u("cert is not in validity");
        }
        checkKeyUsage(cert);
        return verifySignature(verifible);
    }

    public boolean verifySignature(Verifible verifible) {
        X509Certificate cert = getCert();
        String signatureAlgorithm = getSignatureAlgorithm();
        byte[] signedValue = getSignedValue();
        byte[] tbs = getTbs(this.stampType, getEstampInfo(), cert, signatureAlgorithm);
        return verifible.verify(cert.getSubjectPublicKeyInfo().getPublicKey(), AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(signatureAlgorithm), tbs, 0, tbs.length, signedValue);
    }
}
