package net.netca.pki.encoding.asn1.pki.seseal;

import java.util.Arrays;
import java.util.Date;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.OctetString;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceType;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.Hashable;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.Verifible;
import net.netca.pki.encoding.asn1.pki.X509Certificate;

/* loaded from: classes3.dex */
public final class Stamp {
    public static final int GBT_38540 = 2;
    public static final int GMT_0031 = 1;
    private static final SequenceType gbType;
    private static final ASN1TypeManager manager;
    private static final SequenceType signInfoType;
    private static final SequenceType tbsType;
    private static final SequenceType type;
    private Sequence seq;
    private final int stampType;

    static {
        ASN1TypeManager aSN1TypeManager = ASN1TypeManager.getInstance();
        manager = aSN1TypeManager;
        type = (SequenceType) aSN1TypeManager.get("SESeal");
        tbsType = (SequenceType) aSN1TypeManager.get("SESeal_TBS");
        gbType = (SequenceType) aSN1TypeManager.get("GBSESeal");
        signInfoType = (SequenceType) aSN1TypeManager.get("SES_SignInfo");
    }

    public Stamp(Sequence sequence) throws PkiException {
        int i2;
        if (gbType.match(sequence)) {
            i2 = 2;
        } else {
            if (!type.match(sequence)) {
                throw new PkiException("not SESeal");
            }
            i2 = 1;
        }
        this.stampType = i2;
        this.seq = sequence;
    }

    public Stamp(StampInfo stampInfo, X509Certificate x509Certificate, String str, byte[] bArr) throws PkiException {
        if (!stampInfo.isSEStamp()) {
            throw new PkiException("not SEStamp");
        }
        int stampType = stampInfo.getStampType();
        this.stampType = stampType;
        if (stampType != 1) {
            Sequence sequence = new Sequence(gbType);
            this.seq = sequence;
            sequence.add(stampInfo.getASN1Object());
            this.seq.add(new OctetString(x509Certificate.derEncode()));
            this.seq.add(new ObjectIdentifier(str));
            this.seq.add(new BitString(0, bArr));
            return;
        }
        Sequence sequence2 = new Sequence(type);
        this.seq = sequence2;
        sequence2.add(stampInfo.getASN1Object());
        Sequence sequence3 = new Sequence(signInfoType);
        sequence3.add(new OctetString(x509Certificate.derEncode()));
        sequence3.add(new ObjectIdentifier(str));
        sequence3.add(new BitString(0, bArr));
        this.seq.add(sequence3);
    }

    private Stamp(byte[] bArr) throws PkiException {
        boolean z;
        try {
            this.seq = (Sequence) ASN1Object.decode(bArr, gbType);
            z = true;
        } catch (PkiException unused) {
            this.seq = (Sequence) ASN1Object.decode(bArr, type);
            z = false;
        }
        if (z) {
            this.stampType = 2;
        } else {
            this.stampType = 1;
        }
    }

    public static void checkKeyUsage(X509Certificate x509Certificate) throws PkiException {
        Extension extension;
        Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
            return;
        }
        NamedBitStringExtension namedBitStringExtension = (NamedBitStringExtension) extension.getExtensionObject();
        if (!namedBitStringExtension.isSet(0) && !namedBitStringExtension.isSet(1)) {
            throw new PkiException("not sign cert");
        }
    }

    public static Stamp decode(byte[] bArr) throws PkiException {
        return new Stamp(bArr);
    }

    public static byte[] getTbs(int i2, StampInfo stampInfo, X509Certificate x509Certificate, String str) throws PkiException {
        Sequence aSN1Object;
        if (i2 == 1) {
            aSN1Object = new Sequence(tbsType);
            aSN1Object.add(stampInfo.getASN1Object());
            aSN1Object.add(new OctetString(x509Certificate.derEncode()));
            aSN1Object.add(new ObjectIdentifier(str));
        } else {
            aSN1Object = stampInfo.getASN1Object();
        }
        return aSN1Object.encode();
    }

    public Sequence getASN1Object() throws PkiException {
        return this.seq;
    }

    public SequenceType getASN1Type() {
        return this.stampType == 1 ? type : gbType;
    }

    public X509Certificate getCert() throws PkiException {
        return this.stampType == 1 ? new X509Certificate(((OctetString) ((Sequence) this.seq.get(1)).get(0)).getValue()) : new X509Certificate(((OctetString) this.seq.get(1)).getValue());
    }

    public StampInfo getEstampInfo() throws PkiException {
        return new StampInfo((Sequence) this.seq.get(0));
    }

    public String getSignatureAlgorithm() throws PkiException {
        Sequence sequence;
        int i2 = 1;
        if (this.stampType == 1) {
            sequence = (Sequence) this.seq.get(1);
        } else {
            sequence = this.seq;
            i2 = 2;
        }
        return ((ObjectIdentifier) sequence.get(i2)).getString();
    }

    public byte[] getSignedValue() throws PkiException {
        Sequence sequence;
        int i2;
        if (this.stampType == 1) {
            sequence = (Sequence) this.seq.get(1);
            i2 = 2;
        } else {
            sequence = this.seq;
            i2 = 3;
        }
        BitString bitString = (BitString) sequence.get(i2);
        if (bitString.getUnusedBits() == 0) {
            return bitString.getValue();
        }
        throw new PkiException("signedValue unusedBits is not zeor:" + bitString.getUnusedBits());
    }

    public int getStampType() {
        return this.stampType;
    }

    public boolean hasCert(X509Certificate x509Certificate, Hashable hashable) {
        try {
            ESPropertyInfo property = getEstampInfo().getProperty();
            if (property.getCertListType() != 1) {
                CertDigestList certDigestList = property.getCertDigestList();
                for (int i2 = 0; i2 < certDigestList.size(); i2++) {
                    if (certDigestList.get(i2).match(hashable, x509Certificate)) {
                        return true;
                    }
                }
                return false;
            }
            X509Certificate[] certList = property.getCertList();
            byte[] derEncode = x509Certificate.derEncode();
            for (X509Certificate x509Certificate2 : certList) {
                if (Arrays.equals(x509Certificate2.derEncode(), derEncode)) {
                    return true;
                }
            }
            return false;
        } catch (PkiException unused) {
            return false;
        }
    }

    public boolean isSEStamp() {
        try {
            return getEstampInfo().isSEStamp();
        } catch (PkiException unused) {
            return false;
        }
    }

    public boolean verify(Date date, Verifible verifible) throws PkiException {
        if (!isSEStamp()) {
            throw new PkiException("not SEStamp");
        }
        StampInfo estampInfo = getEstampInfo();
        ESPropertyInfo property = estampInfo.getProperty();
        if (property.getCertListType() == 1) {
            if (property.getCertList().length == 0) {
                throw new PkiException("no seal signer cert");
            }
        } else if (property.getCertDigestList().size() == 0) {
            throw new PkiException("no seal signer cert");
        }
        if (date.before(property.getValidStart())) {
            throw new PkiException("stamp is not reached validity period");
        }
        if (date.after(property.getValidEnd())) {
            throw new PkiException("stamp is expired");
        }
        ESPictureInfo picture = estampInfo.getPicture();
        if (picture.getHeight() < 0) {
            throw new PkiException("the height of picture is less than zero");
        }
        if (picture.getWidth() < 0) {
            throw new PkiException("the width of picture is less than zero");
        }
        X509Certificate cert = getCert();
        if (!cert.isInValidity(date)) {
            throw new PkiException("cert is not in validity");
        }
        checkKeyUsage(cert);
        return verifySignature(verifible);
    }

    public boolean verifySignature(Verifible verifible) throws PkiException {
        X509Certificate cert = getCert();
        String signatureAlgorithm = getSignatureAlgorithm();
        byte[] signedValue = getSignedValue();
        byte[] tbs = getTbs(this.stampType, getEstampInfo(), cert, signatureAlgorithm);
        return verifible.verify(cert.getSubjectPublicKeyInfo().getPublicKey(), AlgorithmIdentifier.CreateAlgorithmIdentifierNullParam(signatureAlgorithm), tbs, 0, tbs.length, signedValue);
    }
}
