package bluecrystal.service.api;

import bluecrystal.domain.AppSignedInfoEx;
import bluecrystal.domain.CiKeyUsage;
import bluecrystal.domain.NameValue;
import bluecrystal.domain.OperationStatus;
import bluecrystal.domain.SignCompare;
import bluecrystal.service.exception.InvalidSigntureException;
import bluecrystal.service.service.ADRBService_23;
import bluecrystal.service.service.CertificateService;
import bluecrystal.service.service.CmsWithChainService;
import bluecrystal.service.service.CryptoService;
import bluecrystal.service.service.CryptoServiceImpl;
import bluecrystal.service.service.SignVerifyService;
import bluecrystal.service.service.Validator;
import bluecrystal.service.service.ValidatorSrv;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.encoders.Base64;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: input_file:bluecrystal/service/api/BlucApi.class */
public class BlucApi {
    private CryptoService ccServ = null;
    private SignVerifyService verify;
    private CertificateService certServ;
    private ValidatorSrv validatorServ;
    public static final int NDX_SHA1 = 0;
    public static final int NDX_SHA224 = 1;
    public static final int NDX_SHA256 = 2;
    public static final int NDX_SHA384 = 3;
    public static final int NDX_SHA512 = 4;
    private static final int FALLBACK_LIMIT = 2048;
    private static CmsWithChainService serv1024;
    private static ADRBService_23 serv2048;

    public BlucApi() {
        this.verify = null;
        this.certServ = null;
        this.validatorServ = null;
        setCcServ(new CryptoServiceImpl());
        this.verify = new SignVerifyService();
        this.certServ = new CertificateService();
        this.validatorServ = new Validator();
        serv1024 = new CmsWithChainService();
        serv2048 = new ADRBService_23();
    }

    public boolean certificate(byte[] bArr, CertificateResponse certificateResponse) throws Exception {
        loadCert(bArr);
        String cn = getCN(bArr);
        certificateResponse.setCn(cn);
        certificateResponse.setName(obterNomeExibicao(cn));
        setDetails(bArr, certificateResponse.getCertdetails());
        certificateResponse.setCpf(certificateResponse.getCertdetails().get("cpf0"));
        certificateResponse.setSubject(certificateResponse.getCertdetails().get("subject0"));
        return true;
    }

    public boolean envelope(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, boolean z, Date date, EnvelopeResponse envelopeResponse) throws Exception {
        X509Certificate loadCert = loadCert(bArr);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) loadCert.getPublicKey();
        envelopeResponse.setCn(obterNomeExibicao(getCN(bArr)));
        setDetails(bArr, envelopeResponse.getCertdetails());
        if (!z) {
            envelopeResponse.setEnvelope(composeEnvolopePKCS7(bArr4, loadCert.getEncoded(), bArr3, date));
            envelopeResponse.setPolicy("PKCS#7");
            envelopeResponse.setPolicyversion("1.0");
            envelopeResponse.setPolicyoid("1.2.840.113549.1.7");
            return true;
        }
        if (rSAPublicKey.getModulus().bitLength() == FALLBACK_LIMIT) {
            envelopeResponse.setEnvelope(composeEnvelopeADRB(bArr4, loadCert.getEncoded(), bArr3, date));
            envelopeResponse.setPolicy("AD-RB");
            envelopeResponse.setPolicyversion("2.3");
            envelopeResponse.setPolicyoid("2.16.76.1.7.1.1.2.3");
            return true;
        }
        envelopeResponse.setEnvelope(composeEnvelopeADRB10(bArr4, loadCert.getEncoded(), bArr2, date));
        envelopeResponse.setPolicy("AD-RB");
        envelopeResponse.setPolicyversion("1.0");
        envelopeResponse.setPolicyoid("2.16.76.1.7.1.1.1");
        return true;
    }

    public boolean signedAttributes(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z, Date date, HashResponse hashResponse) throws Exception {
        X509Certificate loadCert = loadCert(bArr);
        hashResponse.setCn(obterNomeExibicao(getCN(bArr)));
        setDetails(bArr, hashResponse.getCertdetails());
        RSAPublicKey rSAPublicKey = (RSAPublicKey) loadCert.getPublicKey();
        if (!z) {
            hashResponse.setHash(new String(Base64.encode(bArr2)));
            hashResponse.setPolicy("PKCS#7");
            return true;
        }
        if (rSAPublicKey.getModulus().bitLength() >= FALLBACK_LIMIT) {
            hashResponse.setHash(hashSignedAttribADRB(bArr3, date, loadCert.getEncoded()));
            hashResponse.setPolicy("AD-RB");
            hashResponse.setPolicyversion("2.3");
            hashResponse.setPolicyoid("2.16.76.1.7.1.1.2.3");
            return true;
        }
        hashResponse.setHash(hashSignedAttribADRB10(bArr2, date, loadCert.getEncoded()));
        hashResponse.setPolicy("AD-RB");
        hashResponse.setPolicyversion("1.0");
        hashResponse.setPolicyoid("2.16.76.1.7.1.1.1");
        return true;
    }

    private String getCN(byte[] bArr) throws Exception {
        return getCertSubjectCn(new String(Base64.encode(bArr)));
    }

    private void setDetails(byte[] bArr, Map<String, String> map) throws Exception {
        for (NameValue nameValue : parseCertificate(new String(Base64.encode(bArr)))) {
            map.put(nameValue.getName(), nameValue.getValue());
        }
    }

    private String hashSignedAttribADRB10(byte[] bArr, Date date, byte[] bArr2) throws Exception {
        return new String(Base64.encode(getCcServ().hashSignedAttribSha1(bArr, date, loadCert(bArr2))));
    }

    private String hashSignedAttribADRB(byte[] bArr, Date date, byte[] bArr2) throws Exception {
        return new String(Base64.encode(getCcServ().hashSignedAttribSha256(bArr, date, loadCert(bArr2))));
    }

    private String extractSignature(String str) throws Exception {
        return new String(Base64.encode(getCcServ().extractSignature(Base64.decode(str))));
    }

    public X509Certificate extractCert(byte[] bArr) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private String composeEnvolopePKCS7(byte[] bArr, byte[] bArr2, byte[] bArr3, Date date) throws Exception {
        X509Certificate loadCert = loadCert(bArr2);
        X500Name asX500Name = X500Name.asX500Name(loadCert.getSubjectX500Principal());
        BigInteger serialNumber = loadCert.getSerialNumber();
        AlgorithmId algorithmId = new AlgorithmId(AlgorithmId.SHA_oid);
        AlgorithmId[] algorithmIdArr = {algorithmId};
        PKCS7 pkcs7 = new PKCS7(algorithmIdArr, new ContentInfo(ContentInfo.DIGESTED_DATA_OID, (DerValue) null), new X509Certificate[]{loadCert}, new SignerInfo[]{new SignerInfo(asX500Name, serialNumber, algorithmId, new AlgorithmId(AlgorithmId.RSAEncryption_oid), bArr)});
        DerOutputStream derOutputStream = new DerOutputStream();
        pkcs7.encodeSignedData(derOutputStream);
        return new String(Base64.encode(derOutputStream.toByteArray()));
    }

    private String composeEnvelopeADRB10(byte[] bArr, byte[] bArr2, byte[] bArr3, Date date) throws Exception {
        X509Certificate loadCert = loadCert(bArr2);
        byte[] composeBodySha1 = getCcServ().composeBodySha1(bArr, loadCert, bArr3, date);
        if (verifySign(0, loadCert, getCcServ().calcSha1(getCcServ().hashSignedAttribSha1(bArr3, date, loadCert)), bArr)) {
            return new String(Base64.encode(composeBodySha1));
        }
        throw new InvalidSigntureException();
    }

    private String composeEnvelopeADRB(byte[] bArr, byte[] bArr2, byte[] bArr3, Date date) throws Exception {
        X509Certificate loadCert = loadCert(bArr2);
        byte[] composeBodySha256 = getCcServ().composeBodySha256(bArr, loadCert, bArr3, date);
        if (verifySign(2, loadCert, getCcServ().calcSha256(getCcServ().hashSignedAttribSha256(bArr3, date, loadCert)), bArr)) {
            return new String(Base64.encode(composeBodySha256));
        }
        throw new InvalidSigntureException();
    }

    private SignCompare extractSignCompare(String str) throws Exception {
        return getCcServ().extractSignCompare(Base64.decode(str));
    }

    private String obtemPolitica(byte[] bArr) {
        String str = null;
        try {
            str = getCcServ().extractSignCompare(bArr).getPsOid();
        } catch (Exception e) {
        }
        return str;
    }

    private static String obterNomeExibicao(String str) {
        String str2 = str.split(",")[0];
        String[] split = str2.split(":");
        return split.length == 2 ? split[0] : str2;
    }

    private String recuperarNomePolitica(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1415712671:
                if (str.equals("2.16.76.1.7.1.1.1")) {
                    z = false;
                    break;
                }
                break;
            case -1415711710:
                if (str.equals("2.16.76.1.7.1.2.1")) {
                    z = true;
                    break;
                }
                break;
            case -1415710749:
                if (str.equals("2.16.76.1.7.1.3.1")) {
                    z = 2;
                    break;
                }
                break;
            case -1415709788:
                if (str.equals("2.16.76.1.7.1.4.1")) {
                    z = 3;
                    break;
                }
                break;
            case -1415708827:
                if (str.equals("2.16.76.1.7.1.5.1")) {
                    z = 4;
                    break;
                }
                break;
            case 1004758437:
                if (str.equals("2.16.76.1.7.1.1.2.1")) {
                    z = 5;
                    break;
                }
                break;
            case 1004758439:
                if (str.equals("2.16.76.1.7.1.1.2.3")) {
                    z = 10;
                    break;
                }
                break;
            case 1005681958:
                if (str.equals("2.16.76.1.7.1.2.2.1")) {
                    z = 6;
                    break;
                }
                break;
            case 1005681960:
                if (str.equals("2.16.76.1.7.1.2.2.3")) {
                    z = 11;
                    break;
                }
                break;
            case 1006605479:
                if (str.equals("2.16.76.1.7.1.3.2.1")) {
                    z = 7;
                    break;
                }
                break;
            case 1006605481:
                if (str.equals("2.16.76.1.7.1.3.2.3")) {
                    z = 12;
                    break;
                }
                break;
            case 1007529000:
                if (str.equals("2.16.76.1.7.1.4.2.1")) {
                    z = 8;
                    break;
                }
                break;
            case 1007529002:
                if (str.equals("2.16.76.1.7.1.4.2.3")) {
                    z = 13;
                    break;
                }
                break;
            case 1008452521:
                if (str.equals("2.16.76.1.7.1.5.2.1")) {
                    z = 9;
                    break;
                }
                break;
            case 1008452523:
                if (str.equals("2.16.76.1.7.1.5.2.3")) {
                    z = 14;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "AD-RB v1.0";
            case true:
                return "AD-RT v1.0";
            case true:
                return "AD-RV v1.0";
            case true:
                return "AD-RC v1.0";
            case true:
                return "AD-RA v1.0";
            case CiKeyUsage.keyCertSign /* 5 */:
                return "AD-RB v2.1";
            case CiKeyUsage.cRLSign /* 6 */:
                return "AD-RT v2.1";
            case CiKeyUsage.encipherOnly /* 7 */:
                return "AD-RV v2.1";
            case CiKeyUsage.decipherOnly /* 8 */:
                return "AD-RC v2.1";
            case CiKeyUsage.length /* 9 */:
                return "AD-RA v2.1";
            case true:
                return "AD-RB v2.3";
            case true:
                return "AD-RT v2.3";
            case true:
                return "AD-RV v2.3";
            case true:
                return "AD-RC v2.3";
            case true:
                return "AD-RA v2.3";
            default:
                return str;
        }
    }

    private boolean validateSignatureByPolicy(byte[] bArr, byte[] bArr2) throws Exception {
        return this.ccServ.validateSignatureByPolicy(bArr, bArr2);
    }

    private X509Certificate loadCert(byte[] bArr) throws FileNotFoundException, CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }

    protected boolean verifySign(int i, X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws Exception {
        return this.verify.verify(i, bArr, bArr2, x509Certificate);
    }

    public String extractSignerCert(String str) throws Exception {
        return new String(Base64.encode(this.certServ.decodeEE(Base64.decode(str)).getEncoded()));
    }

    public String getCertSubject(String str) throws Exception {
        return this.validatorServ.parseCertificateAsMap(str).get("subject0");
    }

    public String getCertSubjectCn(String str) throws Exception {
        for (String str2 : this.validatorServ.parseCertificateAsMap(str).get("subject0").split(",")) {
            if (str2.startsWith("CN")) {
                String[] split = str2.trim().split("=");
                if (split.length == 2) {
                    return split[1];
                }
            }
        }
        return null;
    }

    public NameValue[] parseCertificate(String str) throws Exception {
        return this.validatorServ.parseCertificate(str);
    }

    public int validateSign(byte[] bArr, byte[] bArr2, byte[] bArr3, Date date, boolean z, ValidateResponse validateResponse) throws Exception {
        String obtemPolitica = obtemPolitica(bArr);
        byte[] encoded = this.certServ.decodeEE(bArr).getEncoded();
        validateResponse.setCertificate(new String(Base64.encode(encoded)));
        validateResponse.setCn(obterNomeExibicao(getCN(encoded)));
        setDetails(encoded, validateResponse.getCertdetails());
        if (obtemPolitica == null) {
            OperationStatus validateSign = getCcServ().validateSign(bArr, bArr2, date, z);
            validateResponse.setStatus(validateSign.getMessageByStatus());
            if (validateSign.getStatus() != 0 && validateSign.getStatus() != 1) {
                validateResponse.setError("Não foi possível validar a assinatura digital: " + validateSign.getBestExplanation());
            }
            return validateSign.getStatus();
        }
        int i = 1024;
        if (validateResponse.getCertdetails().containsKey("key_length0")) {
            i = Integer.parseInt(validateResponse.getCertdetails().get("key_length0"));
        }
        OperationStatus validateSign2 = getCcServ().validateSign(bArr, i < FALLBACK_LIMIT ? bArr2 : bArr3, date, z);
        validateResponse.setStatus(validateSign2.getMessageByStatus());
        if (validateSign2.getStatus() != 0 && validateSign2.getStatus() != 1) {
            validateResponse.setError("Não foi possível validar a assinatura digital: " + validateSign2.getBestExplanation());
            return validateSign2.getStatus();
        }
        if (!validateSignatureByPolicy(bArr, null)) {
            validateResponse.setError("Não foi possíel validar a assinatura com política");
            return validateSign2.getStatus();
        }
        String recuperarNomePolitica = recuperarNomePolitica(obtemPolitica);
        if (recuperarNomePolitica != null) {
            String[] split = recuperarNomePolitica.split(" v");
            validateResponse.setPolicy(split[0]);
            validateResponse.setPolicyversion(split[1]);
        }
        validateResponse.setPolicyoid(obtemPolitica);
        return 0;
    }

    public byte[] attachContentsToPKCS7(byte[] bArr, byte[] bArr2, Date date, boolean z) throws Exception {
        byte[] contentDigest;
        byte[] composeBodySha256;
        if (obtemPolitica(bArr2) == null) {
            byte[] calcSha1 = getCcServ().calcSha1(bArr);
            OperationStatus validateSign = getCcServ().validateSign(bArr2, calcSha1, date, z);
            if (0 != validateSign.getStatus() && 1 != validateSign.getStatus()) {
                throw new Exception("invalid signature: " + validateSign.getBestExplanation());
            }
            CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            Store certificates = cMSSignedData.getCertificates();
            Collection matches = certificates.getMatches((Selector) null);
            Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
            it.hasNext();
            SignerInformation signerInformation = (SignerInformation) it.next();
            X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) certificates.getMatches(signerInformation.getSID()).iterator().next();
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
            signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder));
            contentDigest = signerInformation.getContentDigest();
            if (!Arrays.equals(contentDigest, calcSha1)) {
                throw new Exception("hashes doesn't match");
            }
            composeBodySha256 = composeBodySha1(signerInformation.getSignature(), certificate, matches, contentDigest, null, bArr.length);
        } else {
            byte[] calcSha256 = getCcServ().calcSha256(bArr);
            CMSSignedData cMSSignedData2 = new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            Store certificates2 = cMSSignedData2.getCertificates();
            Collection matches2 = certificates2.getMatches((Selector) null);
            Iterator it2 = cMSSignedData2.getSignerInfos().getSigners().iterator();
            it2.hasNext();
            SignerInformation signerInformation2 = (SignerInformation) it2.next();
            X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) certificates2.getMatches(signerInformation2.getSID()).iterator().next();
            X509Certificate certificate2 = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder2);
            signerInformation2.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder2));
            contentDigest = signerInformation2.getContentDigest();
            if (!Arrays.equals(contentDigest, calcSha256)) {
                throw new Exception("hashes doesn't match");
            }
            composeBodySha256 = composeBodySha256(signerInformation2.getSignature(), certificate2, matches2, contentDigest, this.ccServ.extractSignCompare(bArr2).getSigningTime(), bArr.length);
        }
        byte[] bArr3 = null;
        Exception exc = null;
        OperationStatus operationStatus = new OperationStatus(9999, null);
        for (int i = 0; i < 4; i++) {
            try {
                Map<String, String> createBodyMap = createBodyMap(composeBodySha256, bArr.length, i);
                byte[] decode = Base64.decode(createBodyMap.get("envelope_1"));
                byte[] decode2 = Base64.decode(createBodyMap.get("envelope_2"));
                bArr3 = new byte[decode.length + bArr.length + decode2.length];
                System.arraycopy(decode, 0, bArr3, 0, decode.length);
                System.arraycopy(bArr, 0, bArr3, decode.length, bArr.length);
                System.arraycopy(decode2, 0, bArr3, decode.length + bArr.length, decode2.length);
                operationStatus = getCcServ().validateSign(bArr3, contentDigest, date, z);
                exc = null;
                break;
            } catch (Exception e) {
                if (exc == null) {
                    exc = e;
                }
            }
        }
        if (exc != null) {
            throw exc;
        }
        if (0 == operationStatus.getStatus() || 1 == operationStatus.getStatus()) {
            return bArr3;
        }
        throw new Exception("invalid attached signature: " + operationStatus.getBestExplanation());
    }

    public byte[] composeBodySha1(byte[] bArr, X509Certificate x509Certificate, Collection collection, byte[] bArr2, Date date, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        new ArrayList();
        arrayList.add(new AppSignedInfoEx(bArr, bArr2, date, x509Certificate, getCcServ().calcSha1(x509Certificate.getEncoded()), 0));
        return serv1024.buildCms(arrayList, i);
    }

    public byte[] composeBodySha256(byte[] bArr, X509Certificate x509Certificate, Collection collection, byte[] bArr2, Date date, int i) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AppSignedInfoEx(bArr, bArr2, date, x509Certificate, getCcServ().calcSha256(x509Certificate.getEncoded()), 2));
        return serv2048.buildCms(arrayList, i);
    }

    private Map<String, String> createBodyMap(byte[] bArr, int i, int i2) {
        HashMap hashMap = new HashMap();
        int i3 = 0;
        while (i3 < bArr.length) {
            if (bArr[i3] == -70) {
                boolean z = true;
                int i4 = 0;
                while (true) {
                    if (i4 >= i) {
                        break;
                    }
                    if (bArr[i4 + i3] != -70) {
                        z = false;
                        break;
                    }
                    i4++;
                }
                if (z) {
                    break;
                }
            }
            i3++;
        }
        int i5 = i3 + i2;
        byte[] bArr2 = new byte[i5 - 0];
        for (int i6 = 0; i6 < bArr2.length; i6++) {
            bArr2[i6] = bArr[0 + i6];
        }
        hashMap.put("envelope_1", new String(Base64.encode(bArr2)));
        int i7 = i5 + i;
        byte[] bArr3 = new byte[bArr.length - i7];
        for (int i8 = 0; i8 < bArr3.length; i8++) {
            bArr3[i8] = bArr[i7 + i8];
        }
        hashMap.put("envelope_2", new String(Base64.encode(bArr3)));
        return hashMap;
    }

    public CryptoService getCcServ() {
        return this.ccServ;
    }

    public void setCcServ(CryptoService cryptoService) {
        this.ccServ = cryptoService;
    }
}
