package de.cardcontact.tlv.cvc;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import de.cardcontact.tlv.ConstructedTLV;
import de.cardcontact.tlv.IntegerTLV;
import de.cardcontact.tlv.ObjectIdentifier;
import de.cardcontact.tlv.PrimitiveTLV;
import de.cardcontact.tlv.Sequence;
import de.cardcontact.tlv.TLV;
import de.cardcontact.tlv.TLVEncodingException;
import de.cardcontact.tlv.Tag;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/tlv/cvc/CardVerifiableCertificate.class */
public class CardVerifiableCertificate extends Certificate {
    final Logger log;
    private static final Tag TAG_AT = new Tag(7, (byte) 64, true);
    private static final Tag TAG_CVC = new Tag(33, (byte) 64, true);
    private static final Tag TAG_BODY = new Tag(78, (byte) 64, true);
    private static final Tag TAG_CAR = new Tag(2, (byte) 64, false);
    private static final Tag TAG_CHR = new Tag(32, (byte) 64, false);
    private static final Tag TAG_PUK = new Tag(73, (byte) 64, true);
    private static final Tag TAG_PK_ALGORITHM = new Tag(6, (byte) 0, false);
    private static final Tag TAG_PK_MODULUS = new Tag(1, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_EXPONENT = new Tag(2, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_C_A = new Tag(2, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_C_B = new Tag(3, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_BASE_POINT = new Tag(4, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_ORDER = new Tag(5, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_PUBLIC_P = new Tag(6, Byte.MIN_VALUE, false);
    private static final Tag TAG_PK_COFACTOR = new Tag(7, Byte.MIN_VALUE, false);
    private static final Tag TAG_EXTENSIONS = new Tag(5, (byte) 64, true);
    private static final Tag TAG_EXTENSION = new Tag(19, (byte) 64, true);
    private static final ObjectIdentifier ID_TA_ECDSA = new ObjectIdentifier("0.4.0.127.0.7.2.2.2.2");
    private byte[] bin;
    private ConstructedTLV tlv;
    private ConstructedTLV cvc;
    private ConstructedTLV body;
    private PrimitiveTLV signature;
    private PublicKey publicKey;
    private PrimitiveTLV outerCar;
    private PrimitiveTLV outerSignature;
    private byte[] domainParam;

    public CardVerifiableCertificate(String str, byte[] bArr) throws CertificateException {
        super(str);
        this.log = LoggerFactory.getLogger(CardVerifiableCertificate.class);
        this.bin = bArr;
        try {
            this.tlv = new ConstructedTLV(this.bin);
            if (this.tlv.getTag().equals(TAG_AT)) {
                this.cvc = (ConstructedTLV) this.tlv.get(0);
                this.body = (ConstructedTLV) this.cvc.get(0);
                this.signature = (PrimitiveTLV) this.cvc.get(1);
                this.outerCar = (PrimitiveTLV) this.tlv.get(1);
                this.outerSignature = (PrimitiveTLV) this.tlv.get(2);
            } else {
                if (!this.tlv.getTag().equals(TAG_CVC)) {
                    throw new CertificateException("This is not a Card Verifiable Certificate");
                }
                this.cvc = this.tlv;
                this.body = (ConstructedTLV) this.cvc.get(0);
                this.signature = (PrimitiveTLV) this.cvc.get(1);
            }
        } catch (TLVEncodingException e) {
            this.log.error("Decoding CVC", e);
            throw new CertificateParsingException(e);
        }
    }

    public CardVerifiableCertificate(byte[] bArr) throws CertificateException {
        this("CVC", bArr);
    }

    private void extractPublicKey(String str) throws CertificateException, NoSuchProviderException {
        if (!isECDSA(getPublicKeyOID())) {
            this.publicKey = getRSAPublicKey(str);
            return;
        }
        try {
            this.publicKey = getECPublicKey(str);
        } catch (TLVEncodingException e) {
            this.log.error("Extracting public key", e);
            throw new CertificateParsingException(e);
        }
    }

    private boolean isECDSA(ObjectIdentifier objectIdentifier) {
        int[] objectIdentifier2 = objectIdentifier.getObjectIdentifier();
        int[] objectIdentifier3 = ID_TA_ECDSA.getObjectIdentifier();
        for (int i = 0; i < objectIdentifier3.length; i++) {
            if (objectIdentifier2[i] != objectIdentifier3[i]) {
                return false;
            }
        }
        return true;
    }

    private ObjectIdentifier getPublicKeyOID() throws CertificateException {
        PrimitiveTLV primitiveTLV = null;
        try {
            primitiveTLV = (PrimitiveTLV) ((ConstructedTLV) this.body.findTag(TAG_PUK, null)).findTag(new Tag(6), null);
        } catch (TLVEncodingException e) {
            this.log.error("TLV decoding", e);
        }
        if (primitiveTLV != null) {
            return new ObjectIdentifier(primitiveTLV.getValue());
        }
        this.log.debug("No OID found.");
        throw new CertificateException("No OID found.");
    }

    public byte[] getAlgorithm() throws TLVEncodingException {
        return ((PrimitiveTLV) getPublicKeyFromCertificate().get(0)).getValue();
    }

    public BigInteger getModulus() throws TLVEncodingException {
        return byteArrayToUnsignedBigInteger(((PrimitiveTLV) getPublicKeyFromCertificate().get(1)).getValue());
    }

    public BigInteger getExponent() throws TLVEncodingException {
        return byteArrayToUnsignedBigInteger(((PrimitiveTLV) getPublicKeyFromCertificate().get(2)).getValue());
    }

    private ECPublicKeySpec getECPublicKeySpecFromDomain() throws TLVEncodingException {
        ConstructedTLV publicKeyFromCertificate = getPublicKeyFromCertificate();
        ConstructedTLV constructedTLV = new ConstructedTLV(this.domainParam);
        TLV findTag = publicKeyFromCertificate.findTag(TAG_PK_MODULUS, null);
        ECFieldFp eCFieldFp = new ECFieldFp(byteArrayToUnsignedBigInteger(findTag == null ? constructedTLV.findTag(TAG_PK_MODULUS, null).getValue() : findTag.getValue()));
        TLV findTag2 = publicKeyFromCertificate.findTag(TAG_PK_C_A, null);
        BigInteger byteArrayToUnsignedBigInteger = findTag2 == null ? byteArrayToUnsignedBigInteger(constructedTLV.findTag(TAG_PK_C_A, null).getValue()) : byteArrayToUnsignedBigInteger(findTag2.getValue());
        TLV findTag3 = publicKeyFromCertificate.findTag(TAG_PK_C_B, null);
        EllipticCurve ellipticCurve = new EllipticCurve(eCFieldFp, byteArrayToUnsignedBigInteger, findTag3 == null ? byteArrayToUnsignedBigInteger(constructedTLV.findTag(TAG_PK_C_B, null).getValue()) : byteArrayToUnsignedBigInteger(findTag3.getValue()));
        TLV findTag4 = publicKeyFromCertificate.findTag(TAG_PK_BASE_POINT, null);
        ECPoint eCPoint = getECPoint(findTag4 == null ? constructedTLV.findTag(TAG_PK_BASE_POINT, null).getValue() : findTag4.getValue());
        TLV findTag5 = publicKeyFromCertificate.findTag(TAG_PK_ORDER, null);
        BigInteger byteArrayToUnsignedBigInteger2 = findTag5 == null ? byteArrayToUnsignedBigInteger(constructedTLV.findTag(TAG_PK_ORDER, null).getValue()) : byteArrayToUnsignedBigInteger(findTag5.getValue());
        TLV findTag6 = publicKeyFromCertificate.findTag(TAG_PK_COFACTOR, null);
        ECParameterSpec eCParameterSpec = new ECParameterSpec(ellipticCurve, eCPoint, byteArrayToUnsignedBigInteger2, findTag6 == null ? constructedTLV.findTag(TAG_PK_COFACTOR, null).getValue()[0] : findTag6.getValue()[0]);
        TLV findTag7 = publicKeyFromCertificate.findTag(TAG_PK_PUBLIC_P, null);
        return new ECPublicKeySpec(getECPoint(findTag7 == null ? constructedTLV.findTag(TAG_PK_PUBLIC_P, null).getValue() : findTag7.getValue()), eCParameterSpec);
    }

    private ECPublicKeySpec getECPublicKeySpec() throws TLVEncodingException {
        ConstructedTLV publicKeyFromCertificate = getPublicKeyFromCertificate();
        return new ECPublicKeySpec(getECPoint(publicKeyFromCertificate.findTag(TAG_PK_PUBLIC_P, null).getValue()), new ECParameterSpec(new EllipticCurve(new ECFieldFp(byteArrayToUnsignedBigInteger(publicKeyFromCertificate.findTag(TAG_PK_MODULUS, null).getValue())), byteArrayToUnsignedBigInteger(publicKeyFromCertificate.findTag(TAG_PK_C_A, null).getValue()), byteArrayToUnsignedBigInteger(publicKeyFromCertificate.findTag(TAG_PK_C_B, null).getValue())), getECPoint(publicKeyFromCertificate.findTag(TAG_PK_BASE_POINT, null).getValue()), byteArrayToUnsignedBigInteger(publicKeyFromCertificate.findTag(TAG_PK_ORDER, null).getValue()), publicKeyFromCertificate.findTag(TAG_PK_COFACTOR, null).getValue()[0]));
    }

    private BigInteger byteArrayToUnsignedBigInteger(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return new BigInteger(bArr2);
    }

    private ECPoint getECPoint(byte[] bArr) {
        int length = (bArr.length - 1) / 2;
        byte[] bArr2 = new byte[length];
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 1, bArr2, 0, length);
        System.arraycopy(bArr, 1 + length, bArr3, 0, length);
        return new ECPoint(byteArrayToUnsignedBigInteger(bArr2), byteArrayToUnsignedBigInteger(bArr3));
    }

    private ConstructedTLV getPublicKeyFromCertificate() throws TLVEncodingException {
        return (ConstructedTLV) this.body.get(2);
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() {
        return this.bin;
    }

    private PublicKey getECPublicKey(String str) throws TLVEncodingException, NoSuchProviderException {
        KeyFactory keyFactory;
        PublicKey publicKey = null;
        try {
            if (str != null) {
                this.log.debug("KeyFactory.getInstance(\"EC\", " + str + ")");
                keyFactory = KeyFactory.getInstance(SmartCardHSMKey.EC, str);
            } else {
                this.log.debug("KeyFactory.getInstance(\"EC\")");
                keyFactory = KeyFactory.getInstance(SmartCardHSMKey.EC);
            }
            ECPublicKeySpec eCPublicKeySpecFromDomain = this.domainParam != null ? getECPublicKeySpecFromDomain() : getECPublicKeySpec();
            this.log.debug("Calling key factory");
            publicKey = keyFactory.generatePublic(eCPublicKeySpecFromDomain);
            this.log.debug("Key created");
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            this.log.error("Decoding public key", e);
        }
        return publicKey;
    }

    private PublicKey getRSAPublicKey(String str) throws CertificateException {
        ConstructedTLV constructedTLV = (ConstructedTLV) this.body.findTag(TAG_PUK, null);
        if (constructedTLV == null) {
            throw new CertificateException("Certificate doesn't contain a public key object.");
        }
        PublicKey publicKey = null;
        try {
            publicKey = (str != null ? KeyFactory.getInstance(SmartCardHSMKey.RSA, str) : KeyFactory.getInstance(SmartCardHSMKey.RSA)).generatePublic(new RSAPublicKeySpec(byteArrayToUnsignedBigInteger(((PrimitiveTLV) constructedTLV.findTag(TAG_PK_MODULUS, null)).getValue()), byteArrayToUnsignedBigInteger(((PrimitiveTLV) constructedTLV.findTag(TAG_PK_EXPONENT, null)).getValue())));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            this.log.error("Decoding RSA key", e);
        }
        return publicKey;
    }

    public PublicKey getPublicKey(byte[] bArr) {
        this.log.debug("getPublicKey(domainParam)");
        this.domainParam = bArr;
        try {
            extractPublicKey(null);
        } catch (NoSuchProviderException | CertificateException e) {
            e.printStackTrace();
        }
        return this.publicKey;
    }

    public PublicKey getPublicKey(String str) {
        try {
            extractPublicKey(str);
        } catch (NoSuchProviderException | CertificateException e) {
            e.printStackTrace();
        }
        return this.publicKey;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            extractPublicKey(null);
        } catch (NoSuchProviderException | CertificateException e) {
            e.printStackTrace();
        }
        return this.publicKey;
    }

    public void setDomainParameter(byte[] bArr) {
        ConstructedTLV constructedTLV = null;
        try {
            constructedTLV = new ConstructedTLV(bArr);
        } catch (TLVEncodingException e) {
            e.printStackTrace();
        }
        ConstructedTLV constructedTLV2 = (ConstructedTLV) this.body.findTag(TAG_PUK, null);
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_MODULUS, null));
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_C_A, null));
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_C_B, null));
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_BASE_POINT, null));
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_ORDER, null));
        constructedTLV2.add(constructedTLV.findTag(TAG_PK_COFACTOR, null));
    }

    public byte[] getDomainParameter() {
        return ((ConstructedTLV) this.body.findTag(TAG_PUK, null)).getBytes();
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return this.tlv.dump();
    }

    public byte[] getCAR() {
        return ((PrimitiveTLV) this.body.findTag(TAG_CAR, null)).getValue();
    }

    public byte[] getOuterCAR() {
        if (this.outerCar != null) {
            return this.outerCar.getValue();
        }
        return null;
    }

    public byte[] getOuterCARTLV() throws CertificateException {
        if (this.outerCar != null) {
            return this.outerCar.getBytes();
        }
        throw new CertificateException("Certificate has no Outer Cerification Authority Reference");
    }

    public byte[] getCHR() {
        return ((PrimitiveTLV) this.body.findTag(TAG_CHR, null)).getValue();
    }

    private byte[] getDataTBS() {
        if (this.outerCar == null) {
            return this.body.getBytes();
        }
        byte[] bytes = this.cvc.getBytes();
        byte[] bytes2 = this.outerCar.getBytes();
        byte[] bArr = new byte[bytes.length + bytes2.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(bytes2, 0, bArr, bytes.length, bytes2.length);
        return bArr;
    }

    public TLV getExtension(ObjectIdentifier objectIdentifier) {
        ConstructedTLV constructedTLV = (ConstructedTLV) this.body.findTag(TAG_EXTENSIONS, null);
        if (constructedTLV == null) {
            return null;
        }
        for (int i = 0; i < constructedTLV.getChildCount(); i++) {
            ConstructedTLV constructedTLV2 = (ConstructedTLV) constructedTLV.get(i);
            if (objectIdentifier.equals((PrimitiveTLV) constructedTLV2.get(0))) {
                return constructedTLV2.get(1);
            }
        }
        return null;
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, (String) null);
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = str == null ? Signature.getInstance("SHA256withECDSA") : Signature.getInstance("SHA256withECDSA", str);
        signature.initVerify(publicKey);
        signature.update(getDataTBS());
        if (!signature.verify(this.outerSignature == null ? wrapSignature(this.signature.getValue()) : wrapSignature(this.outerSignature.getValue()))) {
            throw new CertificateException("Certificate verification failed.");
        }
    }

    public byte[] getBody() {
        return this.body.getBytes();
    }

    public byte[] getCVC() {
        return this.cvc.getBytes();
    }

    public byte[] getSignature() {
        return this.signature.getBytes();
    }

    public byte[] getOuterSignature() throws CertificateException {
        if (this.outerSignature != null) {
            return this.outerSignature.getBytes();
        }
        throw new CertificateException("Certificate has no Outer Signature");
    }

    public byte[] getSubjectPublicKeyIdentifier() {
        byte[] bytes;
        try {
            ConstructedTLV publicKeyFromCertificate = getPublicKeyFromCertificate();
            if (isECDSA(getPublicKeyOID())) {
                bytes = publicKeyFromCertificate.findTag(TAG_PK_PUBLIC_P, null).getValue();
            } else {
                BigInteger byteArrayToUnsignedBigInteger = byteArrayToUnsignedBigInteger(((PrimitiveTLV) publicKeyFromCertificate.findTag(TAG_PK_MODULUS, null)).getValue());
                BigInteger byteArrayToUnsignedBigInteger2 = byteArrayToUnsignedBigInteger(((PrimitiveTLV) publicKeyFromCertificate.findTag(TAG_PK_EXPONENT, null)).getValue());
                Sequence sequence = new Sequence();
                sequence.add(new IntegerTLV(byteArrayToUnsignedBigInteger));
                sequence.add(new IntegerTLV(byteArrayToUnsignedBigInteger2));
                bytes = sequence.getBytes();
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(bytes, 0, bytes.length);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException("getSubjectPublicKeyIdentifier() failed", e);
        }
    }

    public static byte[] wrapSignature(byte[] bArr) {
        int length = bArr.length / 2;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        BigInteger bigInteger = new BigInteger(1, bArr2);
        System.arraycopy(bArr, length, bArr2, 0, length);
        BigInteger bigInteger2 = new BigInteger(1, bArr2);
        Sequence sequence = new Sequence();
        sequence.add(new IntegerTLV(bigInteger));
        sequence.add(new IntegerTLV(bigInteger2));
        return sequence.getBytes();
    }

    public static byte[] unwrapSignature(byte[] bArr, int i) throws TLVEncodingException {
        ConstructedTLV constructedTLV = new ConstructedTLV(bArr);
        byte[] value = constructedTLV.get(0).getValue();
        byte[] value2 = constructedTLV.get(1).getValue();
        byte[] bArr2 = new byte[i * 2];
        int length = value.length > i ? i : value.length;
        System.arraycopy(value, value.length - length, bArr2, i - length, length);
        int length2 = value2.length > i ? i : value2.length;
        System.arraycopy(value2, value2.length - length2, bArr2, (i + i) - length2, length2);
        return bArr2;
    }
}
