package org.eclipse.osgi.internal.verifier;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import org.eclipse.osgi.internal.provisional.verifier.CertificateChain;

/* loaded from: input_file:org/eclipse/osgi/internal/verifier/PKCS7Processor.class */
public class PKCS7Processor implements CertificateChain {
    private static CertificateFactory certFact;
    private String certChain;
    private Certificate[] certificates;
    private boolean trusted;
    private static final int[] SIGNEDDATA_OID = {1, 2, 840, 113549, 1, 7, 2};
    private static final int[] MD5_OID = {1, 2, 840, 113549, 2, 5};
    private static final int[] MD2_OID = {1, 2, 840, 113549, 2, 2};
    private static final int[] SHA1_OID = {1, 3, 14, 3, 2, 26};
    private static final int[] DSA_OID = {1, 2, 840, 10040, 4, 1};
    private static final int[] RSA_OID = {1, 2, 840, 113549, 1, 1, 1};
    private static KeyStores keyStores = new KeyStores();

    static {
        try {
            certFact = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            e.printStackTrace();
        }
    }

    String oid2String(int[] iArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < iArr.length; i++) {
            if (i > 0) {
                stringBuffer.append('.');
            }
            stringBuffer.append(iArr[i]);
        }
        return stringBuffer.toString();
    }

    String findEncryption(int[] iArr) throws NoSuchAlgorithmException {
        if (Arrays.equals(DSA_OID, iArr)) {
            return "DSA";
        }
        if (Arrays.equals(RSA_OID, iArr)) {
            return "RSA";
        }
        throw new NoSuchAlgorithmException(new StringBuffer("No algorithm found for ").append(oid2String(iArr)).toString());
    }

    String findDigest(int[] iArr) throws NoSuchAlgorithmException {
        if (Arrays.equals(SHA1_OID, iArr)) {
            return "SHA1";
        }
        if (Arrays.equals(MD5_OID, iArr)) {
            return "MD5";
        }
        if (Arrays.equals(MD2_OID, iArr)) {
            return "MD2";
        }
        throw new NoSuchAlgorithmException(new StringBuffer("No algorithm found for ").append(oid2String(iArr)).toString());
    }

    public PKCS7Processor(String str, boolean z, byte[][] bArr) throws CertificateException {
        this.certChain = str;
        this.trusted = z;
        this.certificates = new Certificate[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            this.certificates[i] = certFact.generateCertificate(new ByteArrayInputStream(bArr[i]));
        }
    }

    public PKCS7Processor(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws IOException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        X500Principal subjectX500Principal;
        Collection<? extends Certificate> generateCertificates = certFact.generateCertificates(new ByteArrayInputStream(bArr, i, i2));
        BERProcessor stepInto = new BERProcessor(bArr, i, i2).stepInto();
        if (!Arrays.equals(stepInto.getObjId(), SIGNEDDATA_OID)) {
            throw new IOException("Not a valid PKCS#7 file");
        }
        stepInto.stepOver();
        BERProcessor stepInto2 = stepInto.stepInto().stepInto();
        stepInto2.stepOver();
        stepInto2.stepOver();
        stepInto2.stepOver();
        stepInto2.stepOver();
        if (stepInto2.classOfTag == 0 && stepInto2.tag == 1) {
            stepInto2.stepOver();
        }
        BERProcessor stepInto3 = stepInto2.stepInto().stepInto();
        stepInto3.stepOver();
        BERProcessor stepInto4 = stepInto3.stepInto();
        X500Principal x500Principal = new X500Principal(new ByteArrayInputStream(stepInto4.buffer, stepInto4.offset, stepInto4.endOffset - stepInto4.offset));
        stepInto4.stepOver();
        BigInteger intValue = stepInto4.getIntValue();
        X509Certificate x509Certificate = null;
        Iterator<? extends Certificate> it = generateCertificates.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate x509Certificate2 = (X509Certificate) it.next();
            if (x509Certificate2.getIssuerX500Principal().equals(x500Principal) && x509Certificate2.getSerialNumber().equals(intValue)) {
                x509Certificate = x509Certificate2;
                break;
            }
        }
        if (x509Certificate == null) {
            throw new CertificateException("Signer certificate not in pkcs7block");
        }
        stepInto3.stepOver();
        String findDigest = findDigest(stepInto3.stepInto().getObjId());
        stepInto3.stepOver();
        if (stepInto3.classOfTag == 2) {
            stepInto3.stepOver();
        }
        String findEncryption = findEncryption(stepInto3.stepInto().getObjId());
        stepInto3.stepOver();
        byte[] bytes = stepInto3.getBytes();
        Signature signature = Signature.getInstance(new StringBuffer(String.valueOf(findDigest)).append("with").append(findEncryption).toString());
        signature.initVerify(x509Certificate.getPublicKey());
        signature.update(bArr2, i3, i4);
        if (!signature.verify(bytes)) {
            throw new SignatureException("Signature doesn't verify");
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        StringBuffer stringBuffer = new StringBuffer();
        X509Certificate x509Certificate3 = x509Certificate;
        X509Certificate x509Certificate4 = null;
        boolean z = true;
        do {
            try {
                x509Certificate3.checkValidity();
            } catch (CertificateException unused) {
                z = false;
            }
            if (x509Certificate4 != null) {
                x509Certificate4.verify(x509Certificate3.getPublicKey());
                arrayList.add(x509Certificate3);
            }
            x509Certificate4 = x509Certificate3;
            subjectX500Principal = x509Certificate3.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate3.getIssuerX500Principal();
            if (stringBuffer.length() > 0) {
                stringBuffer.append("; ");
            }
            stringBuffer.append(subjectX500Principal);
            if (subjectX500Principal.equals(issuerX500Principal)) {
                this.certificates = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
                this.trusted = z && keyStores.isTrusted(x509Certificate3);
                this.certChain = stringBuffer.toString();
                return;
            } else {
                x509Certificate3 = null;
                Iterator<? extends Certificate> it2 = generateCertificates.iterator();
                while (it2.hasNext()) {
                    X509Certificate x509Certificate5 = (X509Certificate) it2.next();
                    if (x509Certificate5.getSubjectX500Principal().equals(issuerX500Principal)) {
                        x509Certificate3 = x509Certificate5;
                    }
                }
            }
        } while (x509Certificate3 != null);
        throw new CertificateException(new StringBuffer().append(subjectX500Principal).append(" missing from chain").toString());
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateChain
    public Certificate getSigner() {
        if (this.certificates == null || this.certificates.length == 0) {
            return null;
        }
        return this.certificates[0];
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateChain
    public Certificate getRoot() {
        if (this.certificates == null || this.certificates.length == 0) {
            return null;
        }
        return this.certificates[this.certificates.length - 1];
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateChain
    public Certificate[] getCertificates() {
        return this.certificates;
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateChain
    public String getChain() {
        return this.certChain;
    }

    @Override // org.eclipse.osgi.internal.provisional.verifier.CertificateChain
    public boolean isTrusted() {
        return this.trusted;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof CertificateChain) || this.certificates == null) {
            return false;
        }
        CertificateChain certificateChain = (CertificateChain) obj;
        if (this.trusted != certificateChain.isTrusted()) {
            return false;
        }
        if (this.certChain == null) {
            if (certificateChain.getChain() != null) {
                return false;
            }
        } else if (!this.certChain.equals(certificateChain.getChain())) {
            return false;
        }
        Certificate[] certificates = certificateChain.getCertificates();
        if (certificates == null || this.certificates.length != certificates.length) {
            return false;
        }
        for (int i = 0; i < this.certificates.length; i++) {
            if (!this.certificates[i].equals(certificates[i])) {
                return false;
            }
        }
        return true;
    }
}
