package org.eclipse.osgi.internal.signedcontent;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.apache.xalan.xsltc.compiler.Constants;
import org.eclipse.osgi.util.NLS;
import org.wso2.securevault.definition.CipherInformation;

/* loaded from: input_file:org/eclipse/osgi/internal/signedcontent/PKCS7Processor.class */
public class PKCS7Processor implements SignedContentConstants {
    static CertificateFactory certFact;
    private final String signer;
    private final String file;
    private Certificate[] certificates;
    private Certificate[] tsaCertificates;
    private Map<int[], byte[]> signedAttrs;
    private Map<int[], byte[]> unsignedAttrs;
    private byte[] signature;
    private String digestAlgorithm;
    private String signatureAlgorithm;
    private Certificate signerCert;
    private Date signingTime;

    static {
        try {
            certFact = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            SignedBundleHook.log(e.getMessage(), 4, e);
        }
    }

    private static String oid2String(int[] iArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < iArr.length; i++) {
            if (i > 0) {
                stringBuffer.append('.');
            }
            stringBuffer.append(iArr[i]);
        }
        return stringBuffer.toString();
    }

    private static String findEncryption(int[] iArr) throws NoSuchAlgorithmException {
        if (Arrays.equals(DSA_OID, iArr)) {
            return "DSA";
        }
        if (Arrays.equals(RSA_OID, iArr)) {
            return CipherInformation.DEFAULT_ALGORITHM;
        }
        throw new NoSuchAlgorithmException(new StringBuffer("No algorithm found for ").append(oid2String(iArr)).toString());
    }

    private static String findDigest(int[] iArr) throws NoSuchAlgorithmException {
        if (Arrays.equals(SHA1_OID, iArr)) {
            return "SHA1";
        }
        if (Arrays.equals(SHA224_OID, iArr)) {
            return SignedContentConstants.SHA224_STR;
        }
        if (Arrays.equals(SHA256_OID, iArr)) {
            return "SHA256";
        }
        if (Arrays.equals(SHA384_OID, iArr)) {
            return SignedContentConstants.SHA384_STR;
        }
        if (Arrays.equals(SHA512_OID, iArr)) {
            return SignedContentConstants.SHA512_STR;
        }
        if (Arrays.equals(SHA512_224_OID, iArr)) {
            return SignedContentConstants.SHA512_224_STR;
        }
        if (Arrays.equals(SHA512_256_OID, iArr)) {
            return SignedContentConstants.SHA512_256_STR;
        }
        if (Arrays.equals(MD5_OID, iArr)) {
            return "MD5";
        }
        if (Arrays.equals(MD2_OID, iArr)) {
            return SignedContentConstants.MD2_STR;
        }
        throw new NoSuchAlgorithmException(new StringBuffer("No algorithm found for ").append(oid2String(iArr)).toString());
    }

    public PKCS7Processor(byte[] bArr, int i, int i2, String str, String str2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        this.signer = str;
        this.file = str2;
        List<Certificate> list = null;
        BERProcessor stepInto = new BERProcessor(bArr, i, i2).stepInto();
        if (!Arrays.equals(stepInto.getObjId(), SIGNEDDATA_OID)) {
            throw new SignatureException(NLS.bind(SignedContentMessages.PKCS7_Invalid_File, str, str2));
        }
        stepInto.stepOver();
        BERProcessor stepInto2 = stepInto.stepInto().stepInto();
        stepInto2.stepOver();
        stepInto2.stepOver();
        processEncapContentInfo(stepInto2);
        stepInto2.stepOver();
        if (stepInto2.classOfTag == 2 && stepInto2.tag == 0) {
            list = processCertificates(stepInto2);
        }
        if (list == null || list.size() < 1) {
            throw new SignatureException("There are no certificates in the .RSA/.DSA file!");
        }
        stepInto2.stepOver();
        if (stepInto2.classOfTag == 0 && stepInto2.tag == 1) {
            stepInto2.stepOver();
        }
        processSignerInfos(stepInto2, list);
        List<Certificate> constructCertPath = constructCertPath(list, this.signerCert);
        this.certificates = (Certificate[]) constructCertPath.toArray(new Certificate[constructCertPath.size()]);
        verifyCerts();
        if (this.signingTime == null) {
            this.signingTime = PKCS7DateParser.parseDate(this, str, str2);
        }
    }

    private void processEncapContentInfo(BERProcessor bERProcessor) throws SignatureException {
        BERProcessor stepInto = bERProcessor.stepInto();
        if (Arrays.equals(stepInto.getObjId(), TIMESTAMP_TST_OID)) {
            stepInto.stepOver();
            byte[] bytes = stepInto.stepInto().getBytes();
            BERProcessor stepInto2 = new BERProcessor(bytes, 0, bytes.length).stepInto();
            if (stepInto2.getIntValue().intValue() != 1) {
                throw new SignatureException("Not a version 1 time-stamp token");
            }
            stepInto2.stepOver();
            stepInto2.stepOver();
            stepInto2.stepOver();
            stepInto2.stepOver();
            String str = new String(stepInto2.getBytes());
            if (!str.endsWith(Constants.HASIDCALL_INDEX_SIG)) {
                throw new SignatureException("Wrong dateformat used in time-stamp token");
            }
            int indexOf = str.indexOf(46);
            StringBuffer stringBuffer = new StringBuffer("yyyyMMddHHmmss");
            if (indexOf != -1) {
                int indexOf2 = (str.indexOf(90) - 1) - indexOf;
                stringBuffer.append('.');
                for (int i = 0; i < indexOf2; i++) {
                    stringBuffer.append('s');
                }
            }
            stringBuffer.append("'Z'");
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat(stringBuffer.toString(), Locale.ENGLISH);
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
                this.signingTime = simpleDateFormat.parse(str);
            } catch (ParseException e) {
                throw ((SignatureException) new SignatureException(SignedContentMessages.PKCS7_Parse_Signing_Time).initCause(e));
            }
        }
    }

    private List<Certificate> constructCertPath(List<Certificate> list, Certificate certificate) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(certificate);
        X509Certificate x509Certificate = (X509Certificate) certificate;
        int size = list.size();
        for (int i = 0; i < size; i++) {
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (subjectX500Principal.equals(issuerX500Principal)) {
                break;
            }
            x509Certificate = null;
            Iterator<Certificate> it = list.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                if (x509Certificate2.getSubjectX500Principal().equals(issuerX500Principal)) {
                    arrayList.add(x509Certificate2);
                    x509Certificate = x509Certificate2;
                }
            }
        }
        return arrayList;
    }

    public void verifyCerts() throws InvalidKeyException, SignatureException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        if (this.certificates == null || this.certificates.length == 0) {
            throw new CertificateException("There are no certificates in the signature block file!");
        }
        int length = this.certificates.length;
        for (int i = 0; i < length; i++) {
            X509Certificate x509Certificate = (X509Certificate) this.certificates[i];
            if (i != length - 1) {
                x509Certificate.verify(((X509Certificate) this.certificates[i + 1]).getPublicKey());
            } else if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                x509Certificate.verify(x509Certificate.getPublicKey());
            }
        }
    }

    private Certificate processSignerInfos(BERProcessor bERProcessor, List<Certificate> list) throws CertificateException, NoSuchAlgorithmException, SignatureException {
        BERProcessor stepInto = bERProcessor.stepInto().stepInto();
        if (stepInto.getIntValue().intValue() != 1) {
            throw new CertificateException(SignedContentMessages.PKCS7_SignerInfo_Version_Not_Supported);
        }
        stepInto.stepOver();
        BERProcessor stepInto2 = stepInto.stepInto();
        X500Principal x500Principal = new X500Principal(new ByteArrayInputStream(stepInto2.buffer, stepInto2.offset, stepInto2.endOffset - stepInto2.offset));
        stepInto2.stepOver();
        BigInteger intValue = stepInto2.getIntValue();
        X509Certificate x509Certificate = null;
        Iterator<Certificate> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            if (x509Certificate2.getIssuerX500Principal().equals(x500Principal) && x509Certificate2.getSerialNumber().equals(intValue)) {
                x509Certificate = x509Certificate2;
                break;
            }
        }
        if (x509Certificate == null) {
            throw new CertificateException("Signer certificate not in pkcs7block");
        }
        this.signerCert = x509Certificate;
        stepInto.stepOver();
        this.digestAlgorithm = findDigest(stepInto.stepInto().getObjId());
        stepInto.stepOver();
        processSignedAttributes(stepInto);
        this.signatureAlgorithm = findEncryption(stepInto.stepInto().getObjId());
        stepInto.stepOver();
        this.signature = stepInto.getBytes();
        stepInto.stepOver();
        processUnsignedAttributes(stepInto);
        return x509Certificate;
    }

    private void processUnsignedAttributes(BERProcessor bERProcessor) throws SignatureException {
        if (bERProcessor.classOfTag == 2 && bERProcessor.tag == 1) {
            this.unsignedAttrs = new HashMap();
            BERProcessor stepInto = bERProcessor.stepInto();
            do {
                BERProcessor stepInto2 = stepInto.stepInto();
                int[] objId = stepInto2.getObjId();
                stepInto2.stepOver();
                this.unsignedAttrs.put(objId, stepInto2.getBytes());
                stepInto.stepOver();
            } while (!stepInto.endOfSequence());
        }
    }

    private void processSignedAttributes(BERProcessor bERProcessor) throws SignatureException {
        if (bERProcessor.classOfTag == 2) {
            this.signedAttrs = new HashMap();
            BERProcessor stepInto = bERProcessor.stepInto();
            do {
                BERProcessor stepInto2 = stepInto.stepInto();
                int[] objId = stepInto2.getObjId();
                stepInto2.stepOver();
                this.signedAttrs.put(objId, stepInto2.getBytes());
                stepInto.stepOver();
            } while (!stepInto.endOfSequence());
            bERProcessor.stepOver();
        }
    }

    public Certificate[] getCertificates() {
        return this.certificates == null ? new Certificate[0] : this.certificates;
    }

    public void verifySFSignature(byte[] bArr, int i, int i2) throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        Signature signature = Signature.getInstance(new StringBuffer(String.valueOf(this.digestAlgorithm)).append(JsonPOJOBuilder.DEFAULT_WITH_PREFIX).append(this.signatureAlgorithm).toString());
        signature.initVerify(this.signerCert.getPublicKey());
        signature.update(bArr, i, i2);
        if (!signature.verify(this.signature)) {
            throw new SignatureException(NLS.bind(SignedContentMessages.Signature_Not_Verify, this.signer, this.file));
        }
    }

    public Map<int[], byte[]> getUnsignedAttrs() {
        return this.unsignedAttrs;
    }

    public Map<int[], byte[]> getSignedAttrs() {
        return this.signedAttrs;
    }

    private List<Certificate> processCertificates(BERProcessor bERProcessor) throws CertificateException, SignatureException {
        ArrayList arrayList = new ArrayList(3);
        BERProcessor stepInto = bERProcessor.stepInto();
        do {
            X509Certificate x509Certificate = (X509Certificate) certFact.generateCertificate(new ByteArrayInputStream(stepInto.buffer, stepInto.offset, stepInto.endOffset - stepInto.offset));
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
            stepInto.stepOver();
        } while (!stepInto.endOfSequence());
        return arrayList;
    }

    public Date getSigningTime() {
        return this.signingTime;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTSACertificates(Certificate[] certificateArr) {
        this.tsaCertificates = certificateArr;
    }

    public Certificate[] getTSACertificates() {
        return this.tsaCertificates == null ? new Certificate[0] : this.tsaCertificates;
    }
}
