package net.netca.pki.encoding.asn1.pki.scvp;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.IHttp;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.JCESecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.JCEVerifier;
import net.netca.pki.encoding.asn1.pki.SecureRandomGenerator;
import net.netca.pki.encoding.asn1.pki.Signable;
import net.netca.pki.encoding.asn1.pki.SimpleHttp;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.cms.AuthenticatedData;
import net.netca.pki.encoding.asn1.pki.cms.ContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.EncapsulatedContentInfo;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;
import net.netca.pki.encoding.asn1.pki.cms.SignedDataBuilder;
import net.netca.pki.encoding.asn1.pki.cms.Signer;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class HttpSCVPVerifyCert {
    private X509Certificate cert;
    private CertReply certReply;
    private String hashAlgorithm;
    private byte[] nonce;
    private ValidationPolicy respValidationPolicy;
    private X509Certificate scvpServerCert;
    private AlgorithmIdentifier signAlgorithm;
    private int status;
    private ValidationPolicy validationPolicy;
    private Date validationTime;
    private SecureRandomGenerator randGenerator = JCESecureRandomGenerator.getInstance();
    private IHttp http = new SimpleHttp();
    private boolean verifyRevoke = true;
    private boolean onlyGetStatus = true;
    private Hashable hasher = new JCEHasher();
    private boolean fullRequestInResponse = false;
    private boolean responseValidationPolByRef = true;
    private boolean protectResponse = true;
    private boolean cachedResponse = true;
    private Verifible verifier = new JCEVerifier();

    private void addRevocationInfo(ArrayList<RevocationInfo> arrayList, RevocationInfos revocationInfos) {
        int size = revocationInfos.size();
        for (int i = 0; i < size; i++) {
            arrayList.add(revocationInfos.get(i));
        }
    }

    private void checkNonce(CVRequest cVRequest, CVResponse cVResponse) {
        byte[] requestNonce = cVRequest.getRequestNonce();
        byte[] respNonce = cVResponse.getRespNonce();
        if (requestNonce == null) {
            if (respNonce != null) {
                throw new u("request has not nonce,but response has");
            }
        } else if (respNonce != null && !Arrays.equals(requestNonce, respNonce)) {
            throw new u("nonce mismatch");
        }
    }

    private void checkRequestRef(CVRequest cVRequest, CVResponse cVResponse) {
        RequestReference requestRef = cVResponse.getRequestRef();
        if (requestRef != null && !requestRef.match(cVRequest, this.hasher)) {
            throw new u("RequestRef mismatch");
        }
    }

    private void checkRequestorText(CVRequest cVRequest, CVResponse cVResponse) {
        String requestorText = cVRequest.getRequestorText();
        String requestorText2 = cVResponse.getRequestorText();
        if (requestorText == null) {
            if (requestorText2 != null) {
                throw new u("request has not requestorText,but response has");
            }
        } else if (requestorText2 != null && !requestorText.equals(requestorText2)) {
            throw new u("requestorText mismatch");
        }
    }

    private byte[] getHttpResp(String str, byte[] bArr) {
        byte[] postData = this.http.postData(str, "application/scvp-cv-request", bArr, 0, bArr.length);
        if ("application/scvp-cv-response".equals(this.http.getRespContentType())) {
            return postData;
        }
        throw new u("bad resp content type:" + this.http.getRespContentType());
    }

    private byte[] getSCVPReqEncode(CVRequest cVRequest) {
        return new ContentInfo(CVRequest.OID, cVRequest.getASN1Object()).getASN1Object().encode();
    }

    private CVResponse getSCVPResp(String str, byte[] bArr) {
        byte[] httpResp = getHttpResp(str, bArr);
        ContentInfo decode = ContentInfo.decode(httpResp);
        if (!decode.getContentType().equals("1.2.840.113549.1.7.2")) {
            if (decode.getContentType().equals(AuthenticatedData.OID)) {
                throw new u("unsupport AuthenticatedData");
            }
            throw new u("not protected CVResponse");
        }
        if (this.scvpServerCert == null) {
            throw new u("no scvpServerCert,please setSCVPServerCert first");
        }
        SignedData signedData = new SignedData(httpResp);
        if (signedData.isDetached()) {
            throw new u("detached signeddata");
        }
        if (signedData.getSignerInfoCount() != 1) {
            throw new u("to much signerinfo");
        }
        if (!signedData.verify(0, this.verifier, this.hasher, this.scvpServerCert)) {
            throw new u("verify signeddata fail");
        }
        if (!signedData.getSignCert(0).equals(this.scvpServerCert)) {
            throw new u("sign cert is not scvpServerCert");
        }
        if (!signedData.hasSigningCertificateAttribute(0) && !signedData.hasSigningCertificateV2Attribute(0)) {
            throw new u("no SigningCertificateAttribute or SigningCertificateV2Attribute");
        }
        EncapsulatedContentInfo encapContentInfo = signedData.getEncapContentInfo();
        if (encapContentInfo.getContentType().equals(CVResponse.OID)) {
            return CVResponse.decode(encapContentInfo.getTbs());
        }
        throw new u("tbs not CVResponse");
    }

    private int getStatus(CVRequest cVRequest, CVResponse cVResponse) {
        ResponseStatus responseStatus = cVResponse.getResponseStatus();
        int statusCode = responseStatus.getStatusCode();
        if (statusCode != 0 && statusCode != 1) {
            String str = "response fail,return statusCode:" + HttpSCVPGetCertPath.getResponseStatusString(statusCode);
            String errorMessage = responseStatus.getErrorMessage();
            if (errorMessage != null) {
                str = String.valueOf(str) + " errorMessage:" + errorMessage;
            }
            throw new u(str);
        }
        checkNonce(cVRequest, cVResponse);
        checkRequestorText(cVRequest, cVResponse);
        checkRequestRef(cVRequest, cVResponse);
        ReplyObjects replyObjects = cVResponse.getReplyObjects();
        if (replyObjects == null) {
            throw new u("no replyObjects");
        }
        int size = replyObjects.size();
        if (size != 1) {
            throw new u("bad replyObject count:" + size);
        }
        CertReply certReply = replyObjects.get(0);
        if (!certReply.getCert().match(this.cert, this.hasher)) {
            throw new u("no match cert");
        }
        this.certReply = certReply;
        this.status = certReply.getReplyStatus();
        this.respValidationPolicy = cVResponse.getRespValidationPolicy();
        return this.status;
    }

    private CVRequest getUnprotectedSCVPReq() {
        QueryBuilder queryBuilder = QueryBuilder.getInstance();
        queryBuilder.setPkcDPV(this.verifyRevoke ? this.onlyGetStatus ? 3 : 4 : this.onlyGetStatus ? 2 : 5);
        if (this.validationPolicy != null) {
            queryBuilder.setValidationPolicy(this.validationPolicy);
        }
        queryBuilder.addQueriedCert(this.cert);
        if (this.fullRequestInResponse || !this.responseValidationPolByRef || !this.protectResponse || !this.cachedResponse) {
            queryBuilder.setResponseFlags(this.fullRequestInResponse, this.responseValidationPolByRef, this.protectResponse, this.cachedResponse);
        }
        if (this.validationTime != null) {
            queryBuilder.setValidationTime(this.validationTime);
        }
        CVRequestBuilder query = CVRequestBuilder.getInstance().setQuery(queryBuilder.build());
        if (this.nonce != null) {
            query.setRequestNonce(this.nonce);
        }
        if (this.hashAlgorithm != null) {
            query.setHashAlg(this.hashAlgorithm);
        }
        if (this.signAlgorithm != null) {
            query.setSignatureAlg(this.signAlgorithm);
        }
        return query.build();
    }

    private byte[] signReq(AlgorithmIdentifier algorithmIdentifier, X509Certificate x509Certificate, Signable signable, byte[] bArr) {
        SignedDataBuilder signedDataBuilder = new SignedDataBuilder();
        signedDataBuilder.setContentType(CVRequest.OID);
        signedDataBuilder.setContent(bArr);
        Signer signer = new Signer(x509Certificate, signable);
        signer.setSignatureAlgorithm(algorithmIdentifier);
        signedDataBuilder.addSigner(signer);
        signedDataBuilder.setHasher(this.hasher);
        return signedDataBuilder.sign().encode(true);
    }

    public ArrayList<X509Certificate[]> getCertPath() {
        if (this.status != 0) {
            throw new u("verify fail");
        }
        if (this.onlyGetStatus) {
            throw new u("not get cert path");
        }
        ReplyWantBacks replyWantBacks = this.certReply.getReplyWantBacks();
        int size = replyWantBacks.size();
        if (size == 0) {
            throw new u("no replyWantBacks");
        }
        ArrayList<X509Certificate[]> arrayList = new ArrayList<>();
        boolean z = false;
        for (int i = 0; i < size; i++) {
            ReplyWantBack replyWantBack = replyWantBacks.get(i);
            String wb = replyWantBack.getWb();
            byte[] value = replyWantBack.getValue();
            if (wb.equals(WantBack.PKC_BEST_CERT_PATH)) {
                CertBundle decode = CertBundle.decode(value);
                if (decode.size() == 0) {
                    throw new u("id-swb-pkc-best-cert-path:cert path is empty");
                }
                arrayList.add(HttpSCVPGetCertPath.certBundle2CertPath(decode));
                z = true;
            }
        }
        if (z) {
            return arrayList;
        }
        throw new u("no replyWantBacks match");
    }

    public ArrayList<RevocationInfo> getRevInfo() {
        if (this.status != 0) {
            throw new u("verify fail");
        }
        if (this.onlyGetStatus) {
            throw new u("not get revoke info");
        }
        if (!this.verifyRevoke) {
            throw new u("not get revoke info");
        }
        ReplyWantBacks replyWantBacks = this.certReply.getReplyWantBacks();
        int size = replyWantBacks.size();
        ArrayList<RevocationInfo> arrayList = new ArrayList<>();
        if (size == 0) {
            return arrayList;
        }
        for (int i = 0; i < size; i++) {
            ReplyWantBack replyWantBack = replyWantBacks.get(i);
            String wb = replyWantBack.getWb();
            byte[] value = replyWantBack.getValue();
            if (wb.equals(WantBack.PKC_REVOCATION_INFO)) {
                RevocationInfos revocationInfo = RevInfoWantBack.decode(value).getRevocationInfo();
                if (revocationInfo.size() == 0) {
                    throw new u("id-swb-pkc-revocation-info:revocationInfos is empty");
                }
                addRevocationInfo(arrayList, revocationInfo);
            }
        }
        return arrayList;
    }

    public int getStatus(String str) {
        CVRequest unprotectedSCVPReq = getUnprotectedSCVPReq();
        return getStatus(unprotectedSCVPReq, getSCVPResp(str, getSCVPReqEncode(unprotectedSCVPReq)));
    }

    public int getStatus(String str, AlgorithmIdentifier algorithmIdentifier, X509Certificate x509Certificate, Signable signable) {
        CVRequest unprotectedSCVPReq = getUnprotectedSCVPReq();
        return getStatus(unprotectedSCVPReq, getSCVPResp(str, signReq(algorithmIdentifier, x509Certificate, signable, getSCVPReqEncode(unprotectedSCVPReq))));
    }

    public ValidationPolicy getValidationPolicy() {
        return this.respValidationPolicy;
    }

    public HttpSCVPVerifyCert setCachedResponse(boolean z) {
        this.cachedResponse = z;
        return this;
    }

    public HttpSCVPVerifyCert setCert(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
        return this;
    }

    public HttpSCVPVerifyCert setFullRequestInResponse(boolean z) {
        this.fullRequestInResponse = z;
        return this;
    }

    public HttpSCVPVerifyCert setHashAlgorithm(String str) {
        this.hashAlgorithm = str;
        return this;
    }

    public HttpSCVPVerifyCert setHashAlgorithm(AlgorithmIdentifier algorithmIdentifier) {
        this.signAlgorithm = algorithmIdentifier;
        return this;
    }

    public HttpSCVPVerifyCert setHashImplement(Hashable hashable) {
        this.hasher = hashable;
        return this;
    }

    public HttpSCVPVerifyCert setNonceLength(int i) {
        if (i > 0) {
            this.nonce = this.randGenerator.generate(i);
            return this;
        }
        throw new u("bad nonce length:" + i);
    }

    public HttpSCVPVerifyCert setOnlyGetStatus(boolean z) {
        this.onlyGetStatus = z;
        return this;
    }

    public HttpSCVPVerifyCert setResponseValidationPolByRef(boolean z) {
        this.responseValidationPolByRef = z;
        return this;
    }

    public HttpSCVPVerifyCert setSCVPServerCert(X509Certificate x509Certificate) {
        this.scvpServerCert = x509Certificate;
        return this;
    }

    public HttpSCVPVerifyCert setSecureRandomGenerator(SecureRandomGenerator secureRandomGenerator) {
        this.randGenerator = secureRandomGenerator;
        return this;
    }

    public HttpSCVPVerifyCert setValidationPolicy(ValidationPolicy validationPolicy) {
        this.validationPolicy = validationPolicy;
        return this;
    }

    public HttpSCVPVerifyCert setValidationTime(Date date) {
        this.validationTime = date;
        return this;
    }

    public HttpSCVPVerifyCert setVerifyImplement(Verifible verifible) {
        this.verifier = verifible;
        return this;
    }

    public HttpSCVPVerifyCert setVerifyRevoke(boolean z) {
        this.verifyRevoke = z;
        return this;
    }
}
