package com.huawei.inverterapp.solar.utils.parsexml;

import android.annotation.TargetApi;
import com.huawei.networkenergy.appplatform.common.log.Log;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CRLReason;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.CollectionStore;

/* compiled from: TbsSdkJava */
/* loaded from: classes2.dex */
public class CMSVerify {
    private static final Logger LOGGER = Logger.getLogger(CMSVerify.class.getName());
    private static final String VERSION = "V100R002C00SPC300B001";
    private String sigFile;
    private String srcFile;
    private List<String> crtFiles = new ArrayList();
    private List<byte[]> crtDatas = new ArrayList();
    private List<String> crlFiles = new ArrayList();
    private List<byte[]> crlDatas = new ArrayList();
    private boolean checkCRL = true;
    private Map<BigInteger, X509Certificate> certMap = new HashMap();
    private Map<X500Principal, X509CRL> crlMap = new HashMap();
    private Set<TrustAnchor> crts = new HashSet();

    public CMSVerify() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public CMSVerify(String str, String str2, String[] strArr, String[] strArr2) {
        Security.addProvider(new BouncyCastleProvider());
        this.sigFile = str;
        this.srcFile = str2;
        if (strArr != null) {
            this.crtFiles.addAll(Arrays.asList(strArr));
        }
        if (strArr2 != null) {
            this.crlFiles.addAll(Arrays.asList(strArr2));
        }
    }

    private void addCRL(X509CRL x509crl) {
        X500Principal issuerX500Principal = x509crl.getIssuerX500Principal();
        if (!this.crlMap.containsKey(issuerX500Principal)) {
            this.crlMap.put(x509crl.getIssuerX500Principal(), x509crl);
            return;
        }
        if (x509crl.getThisUpdate().after(this.crlMap.get(issuerX500Principal).getThisUpdate())) {
            this.crlMap.remove(issuerX500Principal);
            this.crlMap.put(issuerX500Principal, x509crl);
        }
    }

    private void addCert(X509Certificate x509Certificate) throws AnnotatedException {
        CMSVerifyUtil.getInstance().checkAlgAlgorithm(x509Certificate.getSigAlgOID());
        CMSVerifyUtil.getInstance().checkCertHaveKeyUsage(x509Certificate);
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (this.certMap.containsKey(serialNumber)) {
            if (!this.certMap.get(serialNumber).equals(x509Certificate)) {
                throw new AnnotatedException("Certificates has conflict.");
            }
            return;
        }
        this.certMap.put(serialNumber, x509Certificate);
        if (CMSVerifyUtil.getInstance().isSelfIssued(x509Certificate)) {
            CMSVerifyUtil.getInstance().checkKeyUsage(x509Certificate, 5);
            CMSVerifyUtil.getInstance().checkBasicConstraints(x509Certificate);
            this.crts.add(new TrustAnchor(x509Certificate, null));
        }
    }

    private PKIXCertPathBuilderResult checkCertPath(CollectionStore collectionStore, X509Certificate x509Certificate, Date date, String str) throws AnnotatedException, GeneralSecurityException {
        CMSVerifyUtil.getInstance().checkCertHaveKeyUsage(x509Certificate);
        CMSVerifyUtil.getInstance().checkKeyUsage(x509Certificate, 0);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        Iterator it = collectionStore.iterator();
        while (it.hasNext()) {
            X509Certificate coverte = CMSVerifyUtil.getInstance().coverte((X509CertificateHolder) it.next());
            if (!CMSVerifyUtil.getInstance().isSelfIssued(coverte)) {
                addCert(coverte);
            }
        }
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.crts, x509CertSelector);
        ArrayList certAndCRLs = getCertAndCRLs();
        pKIXBuilderParameters.setMaxPathLength(certAndCRLs.size());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certAndCRLs), BouncyCastleProvider.PROVIDER_NAME));
        pKIXBuilderParameters.addCertPathChecker(new ExtendedKeyUsagePropertyChecker(str));
        pKIXBuilderParameters.setRevocationEnabled(this.checkCRL);
        if (date != null) {
            pKIXBuilderParameters.setDate(date);
        }
        return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
    }

    @TargetApi(24)
    private void checkCertPathResult(PKIXCertPathBuilderResult pKIXCertPathBuilderResult) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        CRLReason revocationReason;
        Iterator<? extends Certificate> it = pKIXCertPathBuilderResult.getCertPath().getCertificates().iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            X509CRL cRLofcert = getCRLofcert(x509Certificate);
            if (cRLofcert != null && (revokedCertificate = cRLofcert.getRevokedCertificate(x509Certificate)) != null && (revocationReason = revokedCertificate.getRevocationReason()) != CRLReason.AFFILIATION_CHANGED && revocationReason != CRLReason.SUPERSEDED && revocationReason != CRLReason.CESSATION_OF_OPERATION) {
                throw new AnnotatedException("Certificate has revoked。");
            }
        }
    }

    private Date checkTimeStamp(CMSTypedData cMSTypedData, TimeStampToken timeStampToken) throws AnnotatedException, IOException, OperatorCreationException, TSPException, CMSException, GeneralSecurityException {
        CollectionStore collectionStore = (CollectionStore) timeStampToken.getCertificates();
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        CMSVerifyUtil.getInstance().checkAlgAlgorithm(timeStampInfo.getHashAlgorithm().getAlgorithm().getId());
        X509CertificateHolder signCert = getSignCert(collectionStore, timeStampToken.getSID());
        Date genTime = timeStampInfo.getGenTime();
        PKIXCertPathBuilderResult checkCertPath = checkCertPath(collectionStore, CMSVerifyUtil.getInstance().coverte(signCert), genTime, "1.3.6.1.5.5.7.3.8");
        if (this.checkCRL) {
            checkCertPathResult(checkCertPath);
        }
        SignerInformationVerifier genVerifier = CMSVerifyUtil.getInstance().genVerifier(signCert);
        timeStampToken.validate(genVerifier);
        verifyTSPMatchCMS(genVerifier, cMSTypedData, timeStampToken);
        return genTime;
    }

    private X509CRL getCRLofcert(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        Iterator<Map.Entry<X500Principal, X509CRL>> it = this.crlMap.entrySet().iterator();
        while (it.hasNext()) {
            X509CRL value = it.next().getValue();
            if (value.getRevokedCertificate(x509Certificate) != null) {
                return value;
            }
        }
        return null;
    }

    private ArrayList getCertAndCRLs() {
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<BigInteger, X509Certificate>> it = this.certMap.entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getValue());
        }
        Iterator<Map.Entry<X500Principal, X509CRL>> it2 = this.crlMap.entrySet().iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getValue());
        }
        return arrayList;
    }

    private X509CertificateHolder getSignCert(CollectionStore collectionStore, SignerId signerId) throws GeneralSecurityException, IOException {
        Iterator it = collectionStore.getMatches(signerId).iterator();
        return it.hasNext() ? (X509CertificateHolder) it.next() : new X509CertificateHolder(this.certMap.get(signerId.getSerialNumber()).getEncoded());
    }

    private SignerInformationVerifier getVerifier(SignerInformation signerInformation, CMSSignedData cMSSignedData) throws GeneralSecurityException, AnnotatedException, CMSException, OperatorCreationException, TSPException, IOException {
        ASN1Set attrValues;
        ASN1Encodable objectAt;
        CMSVerifyUtil.getInstance().checkAlgAlgorithm(signerInformation.getDigestAlgOID());
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        Date checkTimeStamp = (unsignedAttributes == null || (attrValues = unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken).getAttrValues()) == null || (objectAt = attrValues.getObjectAt(0)) == null) ? null : checkTimeStamp(new CMSProcessableByteArray(signerInformation.getSignature()), new TimeStampToken(new CMSSignedData(objectAt.toASN1Primitive().getEncoded())));
        if (checkTimeStamp == null) {
            throw new AnnotatedException("CMS signature does not have time stamp.");
        }
        CollectionStore collectionStore = (CollectionStore) cMSSignedData.getCertificates();
        X509CertificateHolder signCert = getSignCert(collectionStore, signerInformation.getSID());
        checkCertPath(collectionStore, CMSVerifyUtil.getInstance().coverte(signCert), checkTimeStamp, "1.3.6.1.5.5.7.3.3");
        return CMSVerifyUtil.getInstance().genVerifier(signCert);
    }

    public static String getVersion() {
        return VERSION;
    }

    private void loadCRL() throws GeneralSecurityException, IOException, AnnotatedException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it = this.crlFiles.iterator();
        while (it.hasNext()) {
            CMSVerifyUtil.getInstance().readCRLs(it.next(), arrayList, arrayList2);
        }
        Iterator<byte[]> it2 = this.crlDatas.iterator();
        while (it2.hasNext()) {
            CMSVerifyUtil.getInstance().readCRLBuf(it2.next(), arrayList, arrayList2);
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            addCRL((X509CRL) it3.next());
        }
        Iterator it4 = arrayList2.iterator();
        while (it4.hasNext()) {
            addCert((X509Certificate) it4.next());
        }
    }

    private void loadCert() throws GeneralSecurityException, IOException, AnnotatedException {
        Iterator<String> it = this.crtFiles.iterator();
        while (it.hasNext()) {
            addCert(CMSVerifyUtil.getInstance().readCert(it.next()));
        }
        Iterator<byte[]> it2 = this.crtDatas.iterator();
        while (it2.hasNext()) {
            addCert(CMSVerifyUtil.getInstance().readCertBuf(it2.next()));
        }
    }

    private void verifyTSPMatchCMS(SignerInformationVerifier signerInformationVerifier, CMSTypedData cMSTypedData, TimeStampToken timeStampToken) throws AnnotatedException, OperatorCreationException, CMSException, IOException {
        byte[] bArr;
        DigestCalculator digestCalculator;
        OutputStream outputStream;
        if (cMSTypedData == null || (outputStream = (digestCalculator = signerInformationVerifier.getDigestCalculator(timeStampToken.getTimeStampInfo().getHashAlgorithm())).getOutputStream()) == null) {
            bArr = null;
        } else {
            try {
                cMSTypedData.write(outputStream);
                bArr = digestCalculator.getDigest();
            } finally {
                try {
                    outputStream.close();
                } catch (IOException unused) {
                    LOGGER.log(Level.WARNING, "Close output stream failed.");
                }
            }
        }
        if (bArr == null || !org.bouncycastle.util.Arrays.constantTimeAreEqual(bArr, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) {
            throw new AnnotatedException("MessageImprint digest value does not match calculated value.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void addCrlData(byte[] bArr) {
        this.crlDatas.add(bArr.clone());
    }

    public void addCrlFile(String str) {
        this.crlFiles.add(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void addCrtData(byte[] bArr) {
        this.crtDatas.add(bArr.clone());
    }

    public void addCrtFile(String str) {
        this.crtFiles.add(str);
    }

    public String[] getCrlFile() {
        return (String[]) this.crlFiles.toArray().clone();
    }

    public String[] getCrtFile() {
        return (String[]) this.crtFiles.toArray().clone();
    }

    public String getSigFile() {
        return this.sigFile;
    }

    public String getSrcFile() {
        return this.srcFile;
    }

    public boolean isCheckCRL() {
        return this.checkCRL;
    }

    public void reSet() {
        this.sigFile = null;
        this.srcFile = null;
        this.crtFiles.clear();
        this.crtDatas.clear();
        this.crlFiles.clear();
        this.crlDatas.clear();
        this.certMap.clear();
        this.crlMap.clear();
        this.crts.clear();
        this.checkCRL = true;
    }

    public void setCheckCRL(boolean z) {
        this.checkCRL = z;
    }

    public void setSigFile(String str) {
        this.sigFile = str;
    }

    public void setSrcFile(String str) {
        this.srcFile = str;
    }

    public boolean verify() throws GeneralSecurityException, AnnotatedException, CMSException, OperatorCreationException, TSPException, IOException {
        this.certMap.clear();
        this.crlMap.clear();
        this.crts.clear();
        try {
            byte[] readPEM = CMSVerifyUtil.getInstance().readPEM(this.sigFile);
            if (readPEM == null) {
                readPEM = CMSVerifyUtil.getInstance().readbuf(this.sigFile);
            }
            try {
                loadCert();
                if (this.checkCRL) {
                    try {
                        loadCRL();
                    } catch (IOException unused) {
                        throw new AnnotatedException("Read CRL files fail.");
                    }
                }
                CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableFile(new File(this.srcFile)), readPEM);
                Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().iterator();
                if (!it.hasNext()) {
                    throw new AnnotatedException("CMS signature does not have signer information.");
                }
                SignerInformation next = it.next();
                return next.verify(getVerifier(next, cMSSignedData));
            } catch (IOException unused2) {
                throw new AnnotatedException("Read certificate files fail.");
            }
        } catch (IOException e2) {
            Log.debug("ver", "Exception :" + e2.toString());
            throw new AnnotatedException("Read signature file fail.");
        }
    }
}
