package cn.com.jit.ida.util.pki.crl;

import cn.com.jit.ida.util.pki.PKIConstant;
import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.Parser;
import cn.com.jit.ida.util.pki.asn1.DERObject;
import cn.com.jit.ida.util.pki.asn1.DERObjectIdentifier;
import cn.com.jit.ida.util.pki.asn1.DERSequence;
import cn.com.jit.ida.util.pki.asn1.pkcs.PKCSObjectIdentifiers;
import cn.com.jit.ida.util.pki.asn1.x509.Time;
import cn.com.jit.ida.util.pki.asn1.x509.X509Name;
import cn.com.jit.ida.util.pki.cipher.JHandle;
import cn.com.jit.ida.util.pki.cipher.JKey;
import cn.com.jit.ida.util.pki.cipher.Mechanism;
import cn.com.jit.ida.util.pki.cipher.Session;
import java.io.BufferedInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.util.Date;
import org.bouncycastle.asn1.eac.CertificateBody;

/* loaded from: classes.dex */
public class X509CRLStreamParser {
    private File crlFile;
    private X509CRLInfo crlInfo;
    private CRLVerify crlVerify;
    private InputStream inputStream;
    private String issuer;
    private Date nextUpdate;
    private JKey publicKey;
    private Session session;
    private DERObjectIdentifier signAlgOid;
    private byte[] signData;
    private int signDataLen;
    private int tbsCertDataLen;
    private Date thisUpdate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface CRLVerify {
        boolean verifyFinal(byte[] bArr) throws PKIException;

        void verifyUpdate(byte b) throws PKIException;

        void verifyUpdate(byte[] bArr) throws PKIException;
    }

    /* loaded from: classes.dex */
    private static class DefaultCRLVerify implements CRLVerify {
        private JHandle handle;
        private Mechanism mechanism;
        private byte[] oneBytes;
        private JKey publicKey;
        private Session session;

        private DefaultCRLVerify(Session session, JKey jKey, Mechanism mechanism) throws PKIException {
            this.oneBytes = new byte[1];
            this.session = session;
            this.publicKey = jKey;
            this.mechanism = mechanism;
            init();
        }

        /* synthetic */ DefaultCRLVerify(Session session, JKey jKey, Mechanism mechanism, DefaultCRLVerify defaultCRLVerify) throws PKIException {
            this(session, jKey, mechanism);
        }

        private void init() throws PKIException {
            this.handle = this.session.VerifyInit(this.mechanism, this.publicKey);
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public boolean verifyFinal(byte[] bArr) throws PKIException {
            return this.session.VerifyFinal(this.handle, bArr);
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public void verifyUpdate(byte b) throws PKIException {
            this.oneBytes[0] = b;
            verifyUpdate(this.oneBytes);
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public void verifyUpdate(byte[] bArr) throws PKIException {
            this.session.VerifyUpdate(this.handle, bArr);
        }
    }

    /* loaded from: classes.dex */
    public static class EmptyCRLInputStream extends CRLInputStream {
        EmptyCRLInputStream(X509CRLStreamParser x509CRLStreamParser, Length length) {
            super(x509CRLStreamParser, length);
        }

        @Override // cn.com.jit.ida.util.pki.crl.CRLInputStream
        public int read(BigInteger[] bigIntegerArr) throws IOException, PKIException {
            return 0;
        }
    }

    /* loaded from: classes.dex */
    private static class EmptyCRLVerify implements CRLVerify {
        private EmptyCRLVerify() {
        }

        /* synthetic */ EmptyCRLVerify(EmptyCRLVerify emptyCRLVerify) {
            this();
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public boolean verifyFinal(byte[] bArr) throws PKIException {
            return false;
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public void verifyUpdate(byte b) throws PKIException {
        }

        @Override // cn.com.jit.ida.util.pki.crl.X509CRLStreamParser.CRLVerify
        public void verifyUpdate(byte[] bArr) throws PKIException {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class Length {
        private int byteSize;
        private byte[] dataReaded;
        private byte[] lenData;
        private int value;

        public Length(int i, int i2) {
            this.value = i;
            this.byteSize = i2;
        }

        public int getByteSize() {
            return this.byteSize;
        }

        public byte[] getDataReaded() {
            return this.dataReaded;
        }

        public byte[] getLenData() {
            return this.lenData;
        }

        public int getValue() {
            return this.value;
        }

        public void setDataReaded(byte[] bArr) {
            this.dataReaded = bArr;
        }

        public void setLenData(byte[] bArr) {
            this.lenData = bArr;
        }
    }

    /* loaded from: classes.dex */
    private static final class RandomAccessFileInputStream extends InputStream {
        long markpos = 0;
        RandomAccessFile raFile;

        RandomAccessFileInputStream(File file) throws FileNotFoundException {
            this.raFile = new RandomAccessFile(file, "r");
        }

        @Override // java.io.InputStream
        public int available() throws IOException {
            return -1;
        }

        @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.raFile.close();
        }

        @Override // java.io.InputStream
        public synchronized void mark(int i) {
            try {
                this.markpos = this.raFile.getFilePointer();
            } catch (IOException e) {
                this.markpos = 0L;
            }
        }

        @Override // java.io.InputStream
        public boolean markSupported() {
            return true;
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            return this.raFile.read();
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr) throws IOException {
            return this.raFile.read(bArr);
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            return this.raFile.read(bArr, i, i2);
        }

        @Override // java.io.InputStream
        public synchronized void reset() throws IOException {
            this.raFile.seek(this.markpos);
        }

        @Override // java.io.InputStream
        public long skip(long j) throws IOException {
            return this.raFile.skipBytes((int) j);
        }
    }

    public X509CRLStreamParser(File file) throws PKIException, IOException {
        this(file, null, null);
    }

    public X509CRLStreamParser(File file, JKey jKey, Session session) throws PKIException, IOException {
        this.crlFile = file;
        this.publicKey = jKey;
        this.session = session;
    }

    private int SetTbscertData(int i, Length length, int i2) throws PKIException, IOException {
        this.crlVerify.verifyUpdate((byte) i);
        byte[] bArr = new byte[length.getValue()];
        this.crlVerify.verifyUpdate(length.getLenData());
        int length2 = i2 + 1 + length.getLenData().length;
        int read = this.inputStream.read(bArr);
        this.crlVerify.verifyUpdate(bArr);
        return length2 + read;
    }

    private CRLInputStream buildCRLInputStream() throws Exception {
        readTag();
        Length readLength = readLength();
        int value = readLength.getValue();
        this.tbsCertDataLen = readLength.getByteSize() + 1 + value;
        int i = 0 + 1;
        int length = readLength.getDataReaded().length + 1;
        int readTag = readTag();
        Length readLength2 = readLength();
        if (2 == readTag) {
            length = SetTbscertData(readTag, readLength2, length);
            readTag = readTag();
            readLength2 = readLength();
        }
        int SetTbscertData = SetTbscertData(readTag, readLength2, length);
        DERSequence dERSequence = (DERSequence) readDerData(readTag(), readLength());
        this.issuer = new X509Name(dERSequence).toString();
        int length2 = SetTbscertData + Parser.writeDERObj2Bytes(dERSequence).length;
        int readTag2 = readTag();
        Length readLength3 = readLength();
        Time time = new Time(readDerData(readTag2, readLength3));
        this.thisUpdate = time.getDate();
        int length3 = length2 + Parser.writeDERObj2Bytes(time).length;
        if (value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
            return new EmptyCRLInputStream(this, readLength3);
        }
        int readTag3 = readTag();
        Length readLength4 = readLength();
        if (23 == readTag3) {
            Time time2 = new Time(readDerData(readTag3, readLength4));
            this.nextUpdate = time2.getDate();
            length3 += Parser.writeDERObj2Bytes(time2).length;
            if (length3 < this.tbsCertDataLen && value - ((length3 - 1) - readLength.getDataReaded().length) != 0) {
                readTag3 = readTag();
                readLength4 = readLength();
            }
            return new EmptyCRLInputStream(this, readLength4);
        }
        if (24 == readTag3) {
            Time time3 = new Time(readDerData(readTag3, readLength4));
            this.nextUpdate = time3.getDate();
            length3 += Parser.writeDERObj2Bytes(time3).length;
            if (length3 < this.tbsCertDataLen && value - ((length3 - 1) - readLength.getDataReaded().length) != 0) {
                readTag3 = readTag();
                readLength4 = readLength();
            }
            return new EmptyCRLInputStream(this, readLength4);
        }
        int i2 = length3 + 1 + readLength4.byteSize;
        return 48 == readTag3 ? new CRLInputStream(this, readLength4) : new EmptyCRLInputStream(this, readLength4);
    }

    private Mechanism getMechanism() throws PKIException {
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.md2WithRSAEncryption)) {
            return new Mechanism("MD2withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            return new Mechanism("MD5withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) || this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption_v1)) {
            return new Mechanism("SHA1withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithECEncryption)) {
            return new Mechanism("SHA1withECDSA");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha1WithDSA)) {
            return new Mechanism("SHA1withDSA");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha224WithRSAEncryption)) {
            return new Mechanism("SHA224withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
            return new Mechanism("SHA256withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha384WithRSAEncryption)) {
            return new Mechanism("SHA384withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
            return new Mechanism("SHA512withRSAEncryption");
        }
        if (this.signAlgOid.equals(PKCSObjectIdentifiers.sm2_with_sm3)) {
            return new Mechanism("SM3withSM2Encryption");
        }
        throw new PKIException(PKIException.NONSUPPORT_SIGALG, "Unsupported signature algorithm:" + this.signAlgOid.getId());
    }

    private DERObject readDerData(int i, Length length) throws IOException, PKIException {
        byte[] bArr = new byte[length.getByteSize() + 1 + length.getValue()];
        byte[] bArr2 = new byte[length.getValue()];
        this.inputStream.read(bArr2);
        bArr[0] = (byte) i;
        System.arraycopy(length.dataReaded, 0, bArr, 1, length.dataReaded.length);
        System.arraycopy(bArr2, 0, bArr, length.getByteSize() + 1, bArr2.length);
        return Parser.writeBytes2DERObj(bArr);
    }

    private void readSignatureAlgorithm() throws IOException, PKIException {
        readTag();
        readLength();
        this.signAlgOid = (DERObjectIdentifier) readDerData(readTag(), readLength());
    }

    private void readSignatureValue() throws Exception {
        int readTag = readTag();
        this.signDataLen = readLength().getValue();
        if (3 != readTag) {
            this.inputStream.read(new byte[this.signDataLen]);
            readTag();
            this.signDataLen = readLength().getValue();
        }
        if (this.signDataLen < 1) {
            throw new PKIException(PKIException.ENCODED_CRL, "Failed to get CRL encoding:get crl signData");
        }
        byte[] bArr = new byte[this.signDataLen];
        this.signData = new byte[this.signDataLen - 1];
        this.inputStream.read(bArr);
        System.arraycopy(bArr, 1, this.signData, 0, this.signDataLen - 1);
        this.signDataLen--;
    }

    private void readTbsCertList() throws IOException, PKIException {
        int readTag = readTag();
        Length readLength = readLength();
        int value = readLength.getValue();
        this.tbsCertDataLen = readLength.getByteSize() + 1 + value;
        int i = 0 + 1;
        this.crlVerify.verifyUpdate((byte) readTag);
        this.crlVerify.verifyUpdate(readLength.getDataReaded());
        int length = readLength.getDataReaded().length + 1;
        int readTag2 = readTag();
        Length readLength2 = readLength();
        if (2 == readTag2) {
            length = SetTbscertData(readTag2, readLength2, length);
            readTag2 = readTag();
            readLength2 = readLength();
        }
        int SetTbscertData = SetTbscertData(readTag2, readLength2, length);
        DERSequence dERSequence = (DERSequence) readDerData(readTag(), readLength());
        this.issuer = new X509Name(dERSequence).toString();
        byte[] writeDERObj2Bytes = Parser.writeDERObj2Bytes(dERSequence);
        this.crlVerify.verifyUpdate(writeDERObj2Bytes);
        int length2 = SetTbscertData + writeDERObj2Bytes.length;
        Time time = new Time(readDerData(readTag(), readLength()));
        this.thisUpdate = time.getDate();
        byte[] writeDERObj2Bytes2 = Parser.writeDERObj2Bytes(time);
        this.crlVerify.verifyUpdate(writeDERObj2Bytes2);
        int length3 = length2 + writeDERObj2Bytes2.length;
        if (value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
            return;
        }
        int readTag3 = readTag();
        Length readLength3 = readLength();
        if (23 == readTag3) {
            Time time2 = new Time(readDerData(readTag3, readLength3));
            this.nextUpdate = time2.getDate();
            byte[] writeDERObj2Bytes3 = Parser.writeDERObj2Bytes(time2);
            this.crlVerify.verifyUpdate(writeDERObj2Bytes3);
            length3 += writeDERObj2Bytes3.length;
            if (length3 >= this.tbsCertDataLen || value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
                return;
            }
            readTag3 = readTag();
            readLength3 = readLength();
        } else if (24 == readTag3) {
            Time time3 = new Time(readDerData(readTag3, readLength3));
            this.nextUpdate = time3.getDate();
            byte[] writeDERObj2Bytes4 = Parser.writeDERObj2Bytes(time3);
            this.crlVerify.verifyUpdate(writeDERObj2Bytes4);
            length3 += writeDERObj2Bytes4.length;
            if (length3 >= this.tbsCertDataLen || value - ((length3 - 1) - readLength.getDataReaded().length) == 0) {
                return;
            }
            readTag3 = readTag();
            readLength3 = readLength();
        }
        this.crlVerify.verifyUpdate((byte) readTag3);
        this.crlVerify.verifyUpdate(readLength3.dataReaded);
        int i2 = length3 + 1 + readLength3.byteSize;
        if (48 == readTag3) {
            int i3 = 0;
            while (i3 < readLength3.getValue()) {
                int readTag4 = readTag();
                Length readLength4 = readLength();
                this.crlVerify.verifyUpdate((byte) readTag4);
                this.crlVerify.verifyUpdate(readLength4.getLenData());
                int length4 = i2 + 1 + readLength4.getLenData().length;
                int readTag5 = readTag();
                if (2 != readTag5) {
                    this.crlVerify.verifyUpdate((byte) readTag5);
                    byte[] bArr = new byte[((readLength3.getValue() - 1) - 1) - readLength4.getLenData().length];
                    readFully(bArr);
                    this.crlVerify.verifyUpdate(bArr);
                    int length5 = length4 + 1 + bArr.length;
                    return;
                }
                Length readLength5 = readLength();
                byte[] bArr2 = new byte[readLength5.getValue()];
                readFully(bArr2);
                this.crlVerify.verifyUpdate((byte) readTag5);
                this.crlVerify.verifyUpdate(readLength5.getLenData());
                int length6 = length4 + 1 + readLength5.getLenData().length;
                this.crlVerify.verifyUpdate(bArr2);
                i2 = length6 + bArr2.length;
                int value2 = readLength4.getValue() - (0 + ((readLength5.getByteSize() + 1) + readLength5.getValue()));
                if (value2 > 0) {
                    byte[] bArr3 = new byte[value2];
                    readFully(bArr3);
                    this.crlVerify.verifyUpdate(bArr3);
                    i2 += bArr3.length;
                }
                i3 += readLength4.getByteSize() + 1 + readLength4.getValue();
            }
        }
        int length7 = value - ((i2 - 1) - readLength.getDataReaded().length);
        if (length7 > 0) {
            byte[] bArr4 = new byte[length7];
            readFully(bArr4);
            this.crlVerify.verifyUpdate(bArr4);
            int length8 = i2 + bArr4.length;
        }
    }

    private void skipTbsCertList() throws IOException {
        readTag();
        this.inputStream.skip(readLength().getValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeInputStream() {
        if (this.inputStream != null) {
            try {
                this.inputStream.close();
            } catch (IOException e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getIssuer() {
        return this.issuer;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Date getNextUpdate() {
        return this.nextUpdate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSignature() {
        return this.signData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSignatureAlgName() {
        return !PKIConstant.oid2SigAlgName.containsKey(this.signAlgOid) ? getSignatureAlgOID() : PKIConstant.oid2SigAlgName.get(this.signAlgOid);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSignatureAlgOID() {
        return this.signAlgOid.getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Date getThisUpdate() {
        return this.thisUpdate;
    }

    public X509CRLInfo parseCRLInfo() throws PKIException {
        X509CRLInfo x509CRLInfo;
        synchronized (this) {
            try {
                try {
                    if (this.crlInfo != null) {
                        x509CRLInfo = this.crlInfo;
                    } else {
                        this.inputStream = new RandomAccessFileInputStream(this.crlFile);
                        readTag();
                        readLength();
                        this.inputStream.mark(0);
                        skipTbsCertList();
                        readSignatureAlgorithm();
                        readSignatureValue();
                        this.inputStream.reset();
                        if (this.publicKey != null) {
                            this.crlVerify = new DefaultCRLVerify(this.session, this.publicKey, getMechanism(), null);
                        } else {
                            this.crlVerify = new EmptyCRLVerify(null);
                        }
                        this.inputStream = new BufferedInputStream(this.inputStream, 1048576);
                        readTbsCertList();
                        this.crlInfo = new X509CRLInfo(this);
                        x509CRLInfo = this.crlInfo;
                    }
                } catch (Exception e) {
                    throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
                }
            } finally {
                closeInputStream();
            }
        }
        return x509CRLInfo;
    }

    public CRLInputStream parseRevokeds() throws PKIException {
        CRLInputStream buildCRLInputStream;
        synchronized (this) {
            try {
                this.inputStream = new RandomAccessFileInputStream(this.crlFile);
                this.crlVerify = new EmptyCRLVerify(null);
                readTag();
                readLength();
                this.inputStream = new BufferedInputStream(this.inputStream, 1048576);
                buildCRLInputStream = buildCRLInputStream();
            } catch (Exception e) {
                throw new PKIException(PKIException.ENCODED_CRL, PKIException.ENCODED_CRL_DES, e);
            }
        }
        return buildCRLInputStream;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void readFully(byte[] bArr) throws IOException {
        int length = bArr.length;
        if (length == 0) {
            return;
        }
        while (length > 0) {
            int read = this.inputStream.read(bArr, bArr.length - length, length);
            if (read < 0) {
                throw new EOFException("unexpected end of stream");
            }
            length -= read;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Length readLength() throws IOException {
        int read = this.inputStream.read();
        int i = 1;
        if (read < 0) {
            throw new IOException("EOF found when length expected");
        }
        if (read == 128) {
            return new Length(-1, 1);
        }
        if (read <= 127) {
            Length length = new Length(read, 1);
            byte[] bArr = {(byte) read};
            new byte[1][0] = (byte) read;
            length.setLenData(bArr);
            length.setDataReaded(bArr);
            return length;
        }
        int i2 = read & CertificateBody.profileType;
        int i3 = 0;
        byte[] bArr2 = new byte[i2];
        for (int i4 = 0; i4 < i2; i4++) {
            int read2 = this.inputStream.read();
            bArr2[i4] = (byte) read2;
            i++;
            if (read2 < 0) {
                throw new IOException("EOF found reading length");
            }
            i3 = (i3 << 8) + read2;
        }
        Length length2 = new Length(i3, i);
        length2.setLenData(bArr2);
        byte[] bArr3 = new byte[i];
        bArr3[0] = (byte) read;
        System.arraycopy(bArr2, 0, bArr3, 1, bArr2.length);
        length2.setDataReaded(bArr3);
        return length2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int readTag() throws IOException {
        int read = this.inputStream.read();
        if (read == -1) {
            throw new EOFException();
        }
        return read;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verify() throws PKIException {
        return this.crlVerify.verifyFinal(this.signData);
    }
}
