package bluecrystal.service.service;

import bluecrystal.bcdeps.helper.DerEncoder;
import bluecrystal.bcdeps.helper.PkiOps;
import bluecrystal.domain.AppSignedInfo;
import bluecrystal.domain.AppSignedInfoEx;
import bluecrystal.domain.SignPolicy;
import bluecrystal.service.helper.Utils;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bluecrystal/service/service/BaseService.class */
public abstract class BaseService implements EnvelopeService {
    protected static final String SIG_POLICY_URI = "http://politicas.icpbrasil.gov.br/PA_AD_RB.der";
    protected static final String SIG_POLICY_BES_ID = "2.16.76.1.7.1.1.1";
    protected static final String SIG_POLICY_HASH = "20d6789325513bbc8c29624e1f40b61813ec5ce7";
    protected static final String SIG_POLICY_URI_20 = "http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_0.der";
    protected static final String SIG_POLICY_BES_ID_20 = "2.16.76.1.7.1.1.2";
    protected static final String SIG_POLICY_HASH_20 = "5311e6ce55665c8776085ef11c82fa3fb1341cade7981ed9f51d3e56de5f6aad";
    protected static final String SIG_POLICY_URI_21 = "http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_1.der";
    protected static final String SIG_POLICY_BES_ID_21 = "2.16.76.1.7.1.1.2.1";
    protected static final String SIG_POLICY_HASH_21 = "dd57c98a4313bc1398ce6543d3802458957cf716ae3294ec4d8c26251291e6c1";
    protected static final int NDX_SHA1 = 0;
    protected static final int NDX_SHA224 = 1;
    protected static final int NDX_SHA256 = 2;
    protected static final int NDX_SHA384 = 3;
    protected static final int NDX_SHA512 = 4;
    protected int version;
    protected int minKeyLen;
    protected boolean signedAttr;
    protected boolean signingCertFallback;
    protected boolean addChain;
    protected boolean procHash = true;
    protected byte[] policyHash;
    protected String policyUri;
    protected String policyId;
    static final Logger LOG = LoggerFactory.getLogger(BaseService.class);
    protected static PkiOps pkiOps = new PkiOps();
    protected static CertificateService certServ = new CertificateService();

    public BaseService() {
        LOG.debug("Constructed");
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public boolean isProcHash() {
        return this.procHash;
    }

    protected boolean isSigningCertFallback() {
        return this.signingCertFallback;
    }

    protected boolean isSignedAttr() {
        return this.signedAttr;
    }

    public byte[] rebuildEnvelope(byte[] bArr) throws Exception {
        throw new UnsupportedOperationException();
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] calcSha1(byte[] bArr) throws NoSuchAlgorithmException {
        return pkiOps.calcSha1(bArr);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] calcSha224(byte[] bArr) throws NoSuchAlgorithmException {
        return pkiOps.calcSha224(bArr);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] calcSha256(byte[] bArr) throws NoSuchAlgorithmException {
        return pkiOps.calcSha256(bArr);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] calcSha384(byte[] bArr) throws NoSuchAlgorithmException {
        return pkiOps.calcSha384(bArr);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] calcSha512(byte[] bArr) throws NoSuchAlgorithmException {
        return pkiOps.calcSha512(bArr);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] hashSignedAttribSha1(byte[] bArr, Date date, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, Exception, IOException {
        return this.signedAttr ? hackSi(convSiToByte(siCreate(bArr, date, x509Certificate, new DerEncoder(), pkiOps.calcSha1(x509Certificate.getEncoded()), NDX_SHA1))) : bArr;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildFromS3Sha1(List<AppSignedInfo> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(appSignedInfo);
            arrayList2.addAll(certServ.buildPath(loadCert));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, pkiOps.calcSha1(loadCert.getEncoded()), NDX_SHA1));
        }
        dedup(arrayList2);
        return buildBody(arrayList2, arrayList, i);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildCms(List<AppSignedInfoEx> list, int i) throws Exception {
        LOG.debug("buildCms");
        ArrayList arrayList = new ArrayList();
        Iterator<AppSignedInfoEx> it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(certServ.buildPath(it.next().getX509()));
        }
        dedup(arrayList);
        Iterator<X509Certificate> it2 = arrayList.iterator();
        while (it2.hasNext()) {
            LOG.debug(it2.next().getSubjectDN().toString());
        }
        return buildBody(arrayList, list, i);
    }

    public byte[] buildSha256(List<AppSignedInfoEx> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator<AppSignedInfoEx> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate x509 = it.next().getX509();
            arrayList.addAll(certServ.buildPath(x509));
            byte[] calcSha1 = this.signingCertFallback ? pkiOps.calcSha1(x509.getEncoded()) : pkiOps.calcSha256(x509.getEncoded());
        }
        dedup(arrayList);
        return buildBody(arrayList, list, i);
    }

    private void dedup(List<X509Certificate> list) {
        HashMap hashMap = new HashMap();
        for (X509Certificate x509Certificate : list) {
            hashMap.put(x509Certificate.getSubjectDN().getName(), x509Certificate);
        }
        list.clear();
        Iterator it = hashMap.values().iterator();
        while (it.hasNext()) {
            list.add((X509Certificate) it.next());
        }
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] hashSignedAttribSha224(byte[] bArr, Date date, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, Exception, IOException {
        if (this.signedAttr) {
            return hackSi(convSiToByte(siCreate(bArr, date, x509Certificate, new DerEncoder(), this.signingCertFallback ? pkiOps.calcSha1(x509Certificate.getEncoded()) : pkiOps.calcSha224(x509Certificate.getEncoded()), NDX_SHA224)));
        }
        return bArr;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildFromS3Sha224(List<AppSignedInfo> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(appSignedInfo);
            arrayList2.addAll(certServ.buildPath(loadCert));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, this.signingCertFallback ? pkiOps.calcSha1(loadCert.getEncoded()) : pkiOps.calcSha224(loadCert.getEncoded()), NDX_SHA224));
        }
        dedup(arrayList2);
        return buildBody(arrayList2, arrayList, i);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] hashSignedAttribSha256(byte[] bArr, Date date, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, Exception, IOException {
        if (this.signedAttr) {
            return hackSi(convSiToByte(siCreate(bArr, date, x509Certificate, new DerEncoder(), this.signingCertFallback ? pkiOps.calcSha1(x509Certificate.getEncoded()) : pkiOps.calcSha256(x509Certificate.getEncoded()), NDX_SHA256)));
        }
        return bArr;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildFromS3Sha256(List<AppSignedInfo> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(appSignedInfo);
            arrayList2.addAll(certServ.buildPath(loadCert));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, this.signingCertFallback ? pkiOps.calcSha1(loadCert.getEncoded()) : pkiOps.calcSha256(loadCert.getEncoded()), NDX_SHA256));
        }
        dedup(arrayList2);
        return buildBody(arrayList2, arrayList, i);
    }

    private X509Certificate loadCert(AppSignedInfo appSignedInfo) throws Exception {
        X509Certificate loadCertFromRepo;
        try {
            loadCertFromRepo = Utils.createCert(Utils.convHexToByte(appSignedInfo.getCertId()));
        } catch (Exception e) {
            loadCertFromRepo = Utils.loadCertFromRepo(appSignedInfo.getCertId());
        }
        return loadCertFromRepo;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] hashSignedAttribSha384(byte[] bArr, Date date, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, Exception, IOException {
        if (this.signedAttr) {
            return hackSi(convSiToByte(siCreate(bArr, date, x509Certificate, new DerEncoder(), this.signingCertFallback ? pkiOps.calcSha1(x509Certificate.getEncoded()) : pkiOps.calcSha384(x509Certificate.getEncoded()), NDX_SHA384)));
        }
        return bArr;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildFromS3Sha384(List<AppSignedInfo> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(appSignedInfo);
            arrayList2.addAll(certServ.buildPath(loadCert));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, this.signingCertFallback ? pkiOps.calcSha1(loadCert.getEncoded()) : pkiOps.calcSha384(loadCert.getEncoded()), NDX_SHA384));
        }
        dedup(arrayList2);
        return buildBody(arrayList2, arrayList, i);
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] hashSignedAttribSha512(byte[] bArr, Date date, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException, Exception, IOException {
        if (this.signedAttr) {
            return hackSi(convSiToByte(siCreate(bArr, date, x509Certificate, new DerEncoder(), this.signingCertFallback ? pkiOps.calcSha1(x509Certificate.getEncoded()) : pkiOps.calcSha512(x509Certificate.getEncoded()), NDX_SHA512)));
        }
        return bArr;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public byte[] buildFromS3Sha512(List<AppSignedInfo> list, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(appSignedInfo);
            arrayList2.addAll(certServ.buildPath(loadCert));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, this.signingCertFallback ? pkiOps.calcSha1(loadCert.getEncoded()) : pkiOps.calcSha512(loadCert.getEncoded()), NDX_SHA512));
        }
        dedup(arrayList2);
        return buildBody(arrayList2, arrayList, i);
    }

    private byte[] hackSi(byte[] bArr) throws IOException {
        byte[] bArr2 = new byte[bArr.length - NDX_SHA512];
        bArr2[NDX_SHA1] = bArr[NDX_SHA1];
        bArr2[NDX_SHA224] = bArr[NDX_SHA224];
        for (int i = NDX_SHA256; i < bArr2.length; i += NDX_SHA224) {
            bArr2[i] = bArr[i + NDX_SHA512];
        }
        return bArr2;
    }

    @Override // bluecrystal.service.service.EnvelopeService
    public ASN1Set siCreate(byte[] bArr, Date date, X509Certificate x509Certificate, DerEncoder derEncoder, byte[] bArr2, int i) throws Exception {
        return derEncoder.siCreateDerEncSignedADRB(bArr, this.policyHash, bArr2, x509Certificate, date, i, this.policyUri, this.policyId, this.signingCertFallback);
    }

    private byte[] buildBody(List<X509Certificate> list, List<AppSignedInfoEx> list2, int i) throws Exception {
        byte[] buildCmsBody;
        DerEncoder derEncoder = new DerEncoder();
        SignPolicy signPolicy = new SignPolicy(this.policyHash, this.policyUri, this.policyId);
        if (this.signedAttr) {
            buildCmsBody = derEncoder.buildADRBBody(list2, signPolicy, this.addChain ? list : null, this.version, this.signingCertFallback, i);
        } else {
            AppSignedInfoEx appSignedInfoEx = list2.get(NDX_SHA1);
            buildCmsBody = derEncoder.buildCmsBody(appSignedInfoEx.getSignedHash(), appSignedInfoEx.getX509(), this.addChain ? list : null, appSignedInfoEx.getIdSha(), this.version, i);
        }
        return buildCmsBody;
    }

    private static byte[] convSiToByte(ASN1Set aSN1Set) throws IOException {
        return DerEncoder.convSiToByte(aSN1Set);
    }
}
