package de.cardcontact.opencard.eac;

import de.cardcontact.opencard.eac.cvc.AuthenticatedRequest;
import de.cardcontact.opencard.eac.cvc.CVCertificate;
import de.cardcontact.opencard.eac.cvc.CertificateHolderAuthorizationTemplate;
import de.cardcontact.opencard.eac.cvc.CertificateHolderReference;
import de.cardcontact.opencard.eac.cvc.CertificationAuthorityReference;
import de.cardcontact.opencard.eac.cvc.ECPublicKeyTLV;
import de.cardcontact.opencard.eac.cvc.ECSignature;
import de.cardcontact.tlv.ObjectIdentifier;
import de.cardcontact.tlv.TLV;
import de.cardcontact.tlv.TLVEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.time.LocalDate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/opencard/eac/CardVerifiableCertificate.class */
public class CardVerifiableCertificate extends Certificate {
    final Logger log;
    byte[] encoded;
    AuthenticatedRequest req;
    CVCertificate cvc;
    ECParameterSpec domain;

    public CardVerifiableCertificate(byte[] bArr) throws CertificateException {
        super("CVC");
        this.log = LoggerFactory.getLogger(CardVerifiableCertificate.class);
        this.req = null;
        this.domain = null;
        try {
            TLV factory = TLV.factory(bArr);
            if (factory.getTag().equals(AuthenticatedRequest.TAG)) {
                this.req = new AuthenticatedRequest(factory);
                this.cvc = this.req.getCVCertificate();
            } else {
                this.cvc = new CVCertificate(factory);
            }
            int size = factory.getSize();
            this.encoded = new byte[size];
            System.arraycopy(bArr, 0, this.encoded, 0, size);
        } catch (TLVEncodingException e) {
            this.log.error("Decoding CVC failed with ", e);
            throw new CertificateParsingException(e);
        }
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        return this.encoded;
    }

    public static String signAlgoForOID(ObjectIdentifier objectIdentifier) {
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_256.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA256.equals(objectIdentifier)) {
            return "SHA256withECDSA";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_384.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA384.equals(objectIdentifier)) {
            return "SHA384withECDSA";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_512.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA512.equals(objectIdentifier)) {
            return "SHA512withECDSA";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_224.equals(objectIdentifier)) {
            return "SHA224withECDSA";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_1.equals(objectIdentifier)) {
            return "SHA1withECDSA";
        }
        return null;
    }

    public static String hashAlgoForOID(ObjectIdentifier objectIdentifier) {
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_256.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA256.equals(objectIdentifier)) {
            return "SHA-256";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_384.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA384.equals(objectIdentifier)) {
            return "SHA-384";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_512.equals(objectIdentifier) || ECPublicKeyTLV.ECDSA_with_SHA512.equals(objectIdentifier)) {
            return "SHA-512";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_224.equals(objectIdentifier)) {
            return "SHA-224";
        }
        if (ECPublicKeyTLV.id_TA_ECDSA_SHA_1.equals(objectIdentifier)) {
            return "SHA-1";
        }
        return null;
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, (String) null);
    }

    public void verify(PublicKey publicKey, String str, String str2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature;
        byte[] wrapSignature;
        if (str2 == null && !"Android Runtime".equals(System.getProperty("java.runtime.name")) && Security.getProvider("BC") != null) {
            str2 = "BC";
        }
        if (str2 == null) {
            this.log.debug("Using default provider");
            signature = Signature.getInstance(str);
        } else {
            this.log.debug("Using provider " + str2);
            signature = Signature.getInstance(str, str2);
        }
        signature.initVerify(publicKey);
        if (this.req != null) {
            signature.update(this.cvc.getBytes());
            signature.update(this.req.getCertificationAuthorityReference().getBytes());
            wrapSignature = ECSignature.wrapSignature(this.req.getSignatureTLV().getValue());
        } else {
            signature.update(this.cvc.getCertificateBody().getBytes());
            wrapSignature = ECSignature.wrapSignature(this.cvc.getSignatureTLV().getValue());
        }
        if (!signature.verify(wrapSignature)) {
            throw new CertificateException("Certificate verification failed.");
        }
        this.domain = ((ECPublicKey) publicKey).getParams();
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, "SHA256withECDSA", str);
    }

    public String getSignatureAlgorithm() {
        return signAlgoForOID(getPublicKeyOID());
    }

    public void verify(CardVerifiableCertificate cardVerifiableCertificate) throws GeneralSecurityException {
        verify(cardVerifiableCertificate.getPublicKey(), cardVerifiableCertificate.getSignatureAlgorithm(), null);
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.cvc.getCertificateBody().getPublicKeyTLV().getPublicKey(this.domain);
    }

    public PublicKey getPublicKey(AlgorithmParameterSpec algorithmParameterSpec) {
        return this.cvc.getCertificateBody().getPublicKeyTLV().getPublicKey(algorithmParameterSpec);
    }

    public byte[] getCurveOID() {
        if (this.cvc.getCertificateBody().getPublicKeyTLV() instanceof ECPublicKeyTLV) {
            return ((ECPublicKeyTLV) this.cvc.getCertificateBody().getPublicKeyTLV()).getCurveOID();
        }
        throw new IllegalArgumentException("getCurveOID() only supported for ECPublicKey");
    }

    public ECParameterSpec getECParameterSpec() {
        return this.domain;
    }

    public ObjectIdentifier getPublicKeyOID() {
        return this.cvc.getCertificateBody().getPublicKeyTLV().getObjectIdentifier();
    }

    public CertificationAuthorityReference getCertificationAuthorityReference() {
        return this.cvc.getCertificateBody().getCertificationAuthorityReference();
    }

    public CertificationAuthorityReference getOuterCertificationAuthorityReference() {
        return this.req.getCertificationAuthorityReference();
    }

    public CertificateHolderReference getCertificateHolderReference() {
        return this.cvc.getCertificateBody().getCertificateHolderReference();
    }

    public LocalDate getCertificateEffectiveDate() {
        return this.cvc.getCertificateBody().getCertificateEffectiveDate().getLocalDate();
    }

    public LocalDate getCertificateExpirationDate() {
        return this.cvc.getCertificateBody().getCertificateExpirationDate().getLocalDate();
    }

    public CertificateHolderAuthorizationTemplate getCertificateHolderAuthorizationTemplate() {
        return this.cvc.getCertificateBody().getCertificateHolderAuthorizationTemplate();
    }

    public CVCertificate getCVCertificate() {
        return this.cvc;
    }

    public AuthenticatedRequest getAuthenticatedRequest() {
        return this.req;
    }

    public TLV getExtension(Class cls) {
        return this.cvc.getCertificateBody().getExtensions().getExtension(cls);
    }

    public byte[] getSubjectPublicKeyIdentifier() {
        try {
            byte[] encodedForSPKI = getCVCertificate().getCertificateBody().getPublicKeyTLV().getEncodedForSPKI();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(encodedForSPKI, 0, encodedForSPKI.length);
            return messageDigest.digest();
        } catch (Exception e) {
            throw new RuntimeException("getSubjectPublicKeyIdentifier() failed", e);
        }
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return this.cvc.dump();
    }
}
