package bluecrystal.service.service;

import bluecrystal.bcdeps.helper.DerEncoder;
import bluecrystal.domain.AppSignedInfo;
import bluecrystal.domain.AppSignedInfoEx;
import bluecrystal.domain.OperationStatus;
import bluecrystal.domain.SignCompare;
import bluecrystal.domain.SignCompare2;
import bluecrystal.domain.SignPolicyRef;
import bluecrystal.service.loader.Messages;
import bluecrystal.service.loader.SignaturePolicyLoader;
import bluecrystal.service.loader.SignaturePolicyLoaderImpl;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.DERTaggedObject;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:bluecrystal/service/service/CryptoServiceImpl.class */
public class CryptoServiceImpl implements CryptoService {
    private String validateCert = Messages.getString("CryptoService.validateCert");
    private static EnvelopeService serv2048;
    private static EnvelopeService serv1024;
    private static CertificateService certServ;
    private static SignVerifyService signVerifyServ;
    private static SignaturePolicyLoader signaturePolicyLoader;
    private static final int NDX_SHA1 = 0;
    private static final int NDX_SHA224 = 1;
    private static final int NDX_SHA256 = 2;
    private static final int NDX_SHA384 = 3;
    private static final int NDX_SHA512 = 4;
    private static final int SIGNER_ONLY = 1;
    private static final int FULL_PATH = 2;
    private static final String ID_SHA1 = "1.3.14.3.2.26";
    private static final String ID_SHA256 = "2.16.840.1.101.3.4.2.1";

    public int doIt(String str) {
        return NDX_SHA1;
    }

    public CryptoServiceImpl() {
        serv2048 = new ADRBService_21();
        serv1024 = new ADRBService_10();
        certServ = new CertificateService();
        signVerifyServ = new SignVerifyService();
        signaturePolicyLoader = new SignaturePolicyLoaderImpl();
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] hashSignedAttribSha1(byte[] bArr, Date date, X509Certificate x509Certificate) throws Exception {
        return serv1024.hashSignedAttribSha1(bArr, date, x509Certificate);
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] hashSignedAttribSha256(byte[] bArr, Date date, X509Certificate x509Certificate) throws Exception {
        return serv2048.hashSignedAttribSha256(bArr, date, x509Certificate);
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] extractSignature(byte[] bArr) throws Exception {
        return DerEncoder.extractSignature(bArr);
    }

    public String extractHashId(byte[] bArr) throws Exception {
        return DerEncoder.extractHashId(bArr);
    }

    @Override // bluecrystal.service.service.CryptoService
    public SignCompare extractSignCompare(byte[] bArr) throws Exception {
        SignCompare signCompare = new SignCompare();
        DERTaggedObject extractDTOSignPolicyOid = extractDTOSignPolicyOid(bArr, signCompare);
        if (extractDTOSignPolicyOid != null) {
            extractSignPolicyRefFromSignedAttrib(extractDTOSignPolicyOid, signCompare);
        }
        return signCompare;
    }

    @Override // bluecrystal.service.service.CryptoService
    public SignCompare2 extractSignCompare2(byte[] bArr) throws Exception {
        SignCompare2 signCompare2 = new SignCompare2();
        DerEncoder.extractSignCompare2(bArr, signCompare2);
        return signCompare2;
    }

    public DERTaggedObject extractDTOSignPolicyOid(byte[] bArr, SignCompare signCompare) throws Exception {
        return DerEncoder.extractDTOSignPolicyOid(bArr, signCompare);
    }

    public int validateSignByContent(byte[] bArr, byte[] bArr2, Date date, boolean z) throws Exception {
        return validateSign(bArr, ID_SHA256.compareTo(extractHashId(bArr)) == 0 ? calcSha256(bArr2) : calcSha1(bArr2), date, z);
    }

    @Override // bluecrystal.service.service.CryptoService
    public int validateSign(byte[] bArr, byte[] bArr2, Date date, boolean z) throws Exception {
        byte[] bArr3;
        SignCompare extractSignCompare = extractSignCompare(bArr);
        X509Certificate decodeEE = certServ.decodeEE(bArr);
        String extractHashId = extractHashId(bArr);
        byte[] extractSignature = extractSignature(bArr);
        OperationStatus isValid = Boolean.parseBoolean(this.validateCert) ? date != null ? certServ.isValid(date, decodeEE, z) : certServ.isValid(extractSignCompare.getSigningTime(), decodeEE, z) : new OperationStatus(NDX_SHA1, new Date());
        if (isValid.getStatus() == 0) {
            int i = NDX_SHA1;
            if (extractSignCompare.getSignedAttribs() == null || extractSignCompare.getSignedAttribs().size() == 0) {
                bArr3 = bArr2;
            } else if (ID_SHA256.compareTo(extractHashId) == 0) {
                i = 2;
                bArr3 = calcSha256(hashSignedAttribSha256(bArr2, extractSignCompare.getSigningTime(), decodeEE));
            } else {
                bArr3 = calcSha1(hashSignedAttribSha1(bArr2, extractSignCompare.getSigningTime(), decodeEE));
            }
            if (!signVerifyServ.verify(i, bArr3, extractSignature, decodeEE)) {
                isValid.setStatus(9999);
            }
        }
        return isValid.getStatus();
    }

    @Override // bluecrystal.service.service.CryptoService
    public boolean validateSignatureByPolicy(SignPolicyRef signPolicyRef, SignCompare signCompare) {
        boolean after = signCompare.getSigningTime().after(signPolicyRef.getNotBefore());
        boolean before = signCompare.getSigningTime().before(signPolicyRef.getNotAfter());
        List mandatedSignedAttr = signPolicyRef.getMandatedSignedAttr();
        List signedAttribs = signCompare.getSignedAttribs();
        boolean z = true;
        Iterator it = mandatedSignedAttr.iterator();
        while (it.hasNext()) {
            if (!signedAttribs.contains((String) it.next())) {
                z = NDX_SHA1;
            }
        }
        boolean z2 = true;
        if (signPolicyRef.getMandatedCertificateRef() == 1) {
            z2 = signCompare.getNumCerts() == 1;
        } else if (signPolicyRef.getMandatedCertificateRef() == 2) {
            z2 = signCompare.getNumCerts() > 1;
        }
        return after && before && z && z2 && (signPolicyRef.getPsOid().compareTo(signCompare.getPsOid()) == 0);
    }

    private void extractSignPolicyRefFromSignedAttrib(DERTaggedObject dERTaggedObject, SignCompare signCompare) throws Exception {
        DerEncoder.extractSignPolicyRefFromSignedAttrib(dERTaggedObject, signCompare);
    }

    @Override // bluecrystal.service.service.CryptoService
    public SignPolicyRef extractVerifyRefence(byte[] bArr) throws IOException, ParseException {
        return DerEncoder.extractVerifyRefence(bArr);
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] composeBodySha1(byte[] bArr, X509Certificate x509Certificate, byte[] bArr2, Date date) throws Exception {
        ArrayList arrayList = new ArrayList();
        new ArrayList();
        arrayList.add(new AppSignedInfoEx(bArr, bArr2, date, x509Certificate, calcSha1(x509Certificate.getEncoded()), NDX_SHA1));
        return serv1024.buildCms(arrayList, -1);
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] composeBodySha256(byte[] bArr, X509Certificate x509Certificate, byte[] bArr2, Date date) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AppSignedInfoEx(bArr, bArr2, date, x509Certificate, calcSha256(x509Certificate.getEncoded()), 2));
        return serv2048.buildCms(arrayList, -1);
    }

    public byte[] composeBodySha256(List<AppSignedInfo> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        BASE64Decoder bASE64Decoder = new BASE64Decoder();
        for (AppSignedInfo appSignedInfo : list) {
            X509Certificate loadCert = loadCert(bASE64Decoder.decodeBuffer(appSignedInfo.getCertId()));
            arrayList.add(new AppSignedInfoEx(appSignedInfo, loadCert, calcSha256(loadCert.getEncoded()), 2));
        }
        return serv2048.buildCms(arrayList, -1);
    }

    private X509Certificate loadCert(byte[] bArr) throws FileNotFoundException, CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] calcSha1(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        messageDigest.reset();
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    @Override // bluecrystal.service.service.CryptoService
    public byte[] calcSha256(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        messageDigest.reset();
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    @Override // bluecrystal.service.service.CryptoService
    public boolean validateSignatureByPolicy(byte[] bArr, byte[] bArr2) throws Exception {
        try {
            SignCompare extractSignCompare = extractSignCompare(bArr);
            if (bArr2 == null) {
                bArr2 = signaturePolicyLoader.loadFromUrl(extractSignCompare.getPsUrl());
            }
            return validateSignatureByPolicy(extractVerifyRefence(bArr2), extractSignCompare);
        } catch (Exception e) {
            throw e;
        }
    }
}
