package net.netca.pki.encoding.json.jose;

import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64Url;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.json.JSON;
import net.netca.pki.encoding.json.JSONArray;
import net.netca.pki.encoding.json.JSONString;

/* loaded from: classes3.dex */
public class JWSSignerInfo {
    private int certId;
    private boolean isSign;
    private Header protectedHeader;
    private String protectedHeaderEncode;
    private X509Certificate signerCert;
    private byte[] signvalue;
    private Header unprotectedHeader;

    public JWSSignerInfo() {
        this.protectedHeader = null;
        this.unprotectedHeader = null;
        this.protectedHeaderEncode = null;
        this.certId = 2;
        this.signerCert = null;
        this.isSign = false;
        this.signvalue = null;
        this.protectedHeader = new Header();
        this.unprotectedHeader = new Header();
    }

    public JWSSignerInfo(Header header, String str, Header header2, byte[] bArr) throws PkiException {
        this.protectedHeader = null;
        this.unprotectedHeader = null;
        this.protectedHeaderEncode = null;
        this.certId = 2;
        this.signerCert = null;
        this.isSign = false;
        this.signvalue = null;
        this.protectedHeaderEncode = str;
        this.protectedHeader = header;
        if (header2 == null) {
            this.unprotectedHeader = new Header();
        } else {
            this.unprotectedHeader = header2;
        }
        checkDupHeader();
        setSignature(bArr);
        this.certId = Utils.getCertIdByRegisterParam(this.protectedHeader);
    }

    public JWSSignerInfo(Header header, Header header2, int i2, byte[] bArr, X509Certificate x509Certificate) throws PkiException {
        this.protectedHeader = null;
        this.unprotectedHeader = null;
        this.protectedHeaderEncode = null;
        this.certId = 2;
        this.signerCert = null;
        this.isSign = false;
        this.signvalue = null;
        this.protectedHeader = header;
        if (header2 == null) {
            this.unprotectedHeader = new Header();
        } else {
            this.unprotectedHeader = header2;
        }
        this.certId = i2;
        checkDupHeader();
        setSignature(bArr);
    }

    private void checkDupHeader() throws PkiException {
        if (this.protectedHeader.haveSameHeaderParams(this.unprotectedHeader)) {
            throw new PkiException("has Dup Header in protectedheader and  unprotectedHeader!");
        }
    }

    private JSON getHeaderParams(String str) {
        JSON headerJsonValue;
        JSON headerJsonValue2;
        Header header = this.protectedHeader;
        if (header != null && (headerJsonValue2 = header.getHeaderJsonValue(str)) != null) {
            return headerJsonValue2;
        }
        Header header2 = this.unprotectedHeader;
        if (header2 == null || (headerJsonValue = header2.getHeaderJsonValue(str)) == null) {
            return null;
        }
        return headerJsonValue;
    }

    private void setSignature(byte[] bArr) {
        this.isSign = true;
        this.signvalue = bArr;
    }

    public X509Certificate checkSignCert(X509Certificate x509Certificate, IHash iHash) throws PkiException {
        X509Certificate x509Certificate2;
        JSON headerParams = getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_CHAIN);
        boolean z = false;
        if (headerParams == null) {
            x509Certificate2 = null;
        } else {
            if (!(headerParams instanceof JSONArray)) {
                throw new PkiException("bad json cert!");
            }
            JSONArray jSONArray = (JSONArray) headerParams;
            if (jSONArray.size() <= 0) {
                throw new PkiException("bad json cert!");
            }
            if (!(jSONArray.get(0) instanceof JSONString)) {
                throw new PkiException("bad json cert!");
            }
            x509Certificate2 = new X509Certificate(((JSONString) jSONArray.get(0)).getString());
        }
        if (x509Certificate2 != null && (z = Utils.verifyCertx5t(getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT), HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT, x509Certificate2, iHash))) {
            z = Utils.verifyCertx5t(getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT), HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT, x509Certificate2, iHash);
        }
        if (z) {
            this.signerCert = x509Certificate2;
            return x509Certificate2;
        }
        if (x509Certificate == null) {
            throw new PkiException("no sign cert!");
        }
        if (!Utils.verifyCertx5t(getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT), HeaderParameterNames.X509_CERTIFICATE_THUMBPRINT, x509Certificate, iHash)) {
            throw new PkiException("no match signCert by x5t#S256!");
        }
        if (!Utils.verifyCertx5t(getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT), HeaderParameterNames.X509_CERTIFICATE_SHA256_THUMBPRINT, x509Certificate, iHash)) {
            throw new PkiException("no match signCert by x5t#S256!");
        }
        this.signerCert = x509Certificate;
        return x509Certificate;
    }

    public String getAlgo() {
        String headerStringValue = this.protectedHeader.getHeaderStringValue(HeaderParameterNames.ALGORITHM);
        return headerStringValue == null ? this.unprotectedHeader.getHeaderStringValue(HeaderParameterNames.ALGORITHM) : headerStringValue;
    }

    public int getCertIdType() {
        return this.certId;
    }

    public Header getProtectHeader() throws PkiException {
        return this.protectedHeader;
    }

    public String getProtectHeaderEncode() throws PkiException {
        if (this.protectedHeaderEncode == null) {
            this.protectedHeaderEncode = Utils.getBase64URLEncode(this.protectedHeader.getJSONObject().normalize());
        }
        return this.protectedHeaderEncode;
    }

    public JSON getProtectedHeader(String str) {
        return this.protectedHeader.getHeaderJsonValue(str);
    }

    public String getProtectedHeaderString(String str) {
        if (this.protectedHeader.getHeaderJsonValue(str) instanceof JSONString) {
            return ((JSONString) this.protectedHeader.getHeaderJsonValue(str)).getString();
        }
        return null;
    }

    public X509Certificate getSignCert() throws PkiException {
        X509Certificate x509Certificate = this.signerCert;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        JSON headerParams = getHeaderParams(HeaderParameterNames.X509_CERTIFICATE_CHAIN);
        if (headerParams == null) {
            return null;
        }
        if (!(headerParams instanceof JSONArray)) {
            throw new PkiException("bad json cert!");
        }
        JSONArray jSONArray = (JSONArray) headerParams;
        if (jSONArray.size() <= 0) {
            throw new PkiException("bad json cert!");
        }
        if (jSONArray.get(0) instanceof JSONString) {
            return new X509Certificate(((JSONString) jSONArray.get(0)).getString());
        }
        throw new PkiException("bad json cert!");
    }

    public byte[] getSignature() {
        return this.signvalue;
    }

    public String getSignatureEncode() throws PkiException {
        byte[] bArr = this.signvalue;
        if (bArr == null) {
            return null;
        }
        return Base64Url.encode(false, false, 0, null, bArr, 0, bArr.length);
    }

    public Header getUnProtectHeader() throws PkiException {
        return this.unprotectedHeader;
    }

    public JSON getUnProtectedHeader(String str) {
        return this.unprotectedHeader.getHeaderJsonValue(str);
    }

    public String getUnProtectedHeaderString(String str) {
        if (this.unprotectedHeader.getHeaderJsonValue(str) instanceof JSONString) {
            return ((JSONString) this.unprotectedHeader.getHeaderJsonValue(str)).getString();
        }
        return null;
    }

    public boolean isSign() {
        return this.isSign;
    }

    public boolean isSignature() {
        String algo = getAlgo();
        if (algo == null) {
            return false;
        }
        return algo.equals(JWS.RSA_SHA256) || algo.equals(JWS.RSA_SHA384) || algo.equals(JWS.RSA_SHA512) || algo.equals(JWS.RSASSA_PSS_256) || algo.equals(JWS.RSASSA_PSS_384) || algo.equals(JWS.RSASSA_PSS_512) || algo.equals(JWS.ECDSA_SHA256) || algo.equals(JWS.ECDSA_SHA384) || algo.equals(JWS.ECDSA_SHA512) || algo.equals(JWS.SM2_SM3);
    }
}
