package kz.gamma.hardware.crypto.software.ocsp;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Vector;
import kz.gamma.hardware.asn1.ASN1InputStream;
import kz.gamma.hardware.asn1.ASN1OctetString;
import kz.gamma.hardware.asn1.ASN1Sequence;
import kz.gamma.hardware.asn1.DERIA5String;
import kz.gamma.hardware.asn1.DERInteger;
import kz.gamma.hardware.asn1.DERNull;
import kz.gamma.hardware.asn1.DERObject;
import kz.gamma.hardware.asn1.DERObjectIdentifier;
import kz.gamma.hardware.asn1.DEROctetString;
import kz.gamma.hardware.asn1.DERSequence;
import kz.gamma.hardware.asn1.cryptopro.GammaObjectIndentifiers;
import kz.gamma.hardware.asn1.cryptopro.KZObjectIndentifiers;
import kz.gamma.hardware.asn1.ocsp.BasicOCSPResponse;
import kz.gamma.hardware.asn1.ocsp.CertID;
import kz.gamma.hardware.asn1.ocsp.OCSPObjectIdentifiers;
import kz.gamma.hardware.asn1.ocsp.OCSPRequest;
import kz.gamma.hardware.asn1.ocsp.OCSPResponse;
import kz.gamma.hardware.asn1.ocsp.Request;
import kz.gamma.hardware.asn1.ocsp.ResponseData;
import kz.gamma.hardware.asn1.ocsp.SingleResponse;
import kz.gamma.hardware.asn1.ocsp.TBSRequest;
import kz.gamma.hardware.asn1.x509.AlgorithmIdentifier;
import kz.gamma.hardware.asn1.x509.GeneralName;
import kz.gamma.hardware.asn1.x509.SubjectPublicKeyInfo;
import kz.gamma.hardware.asn1.x509.X509Extension;
import kz.gamma.hardware.asn1.x509.X509Extensions;
import kz.gamma.hardware.core.CertificateAuthorities;
import kz.gamma.hardware.crypto.GOST3411Digest;
import kz.gamma.hardware.crypto.software.SignatureVerifier;
import kz.gamma.hardware.jce.CryptoObject;
import kz.gamma.hardware.jce.PrincipalUtil;
import kz.gamma.hardware.jce.exception.JCEHardwareException;
import kz.gamma.hardware.util.UtilCM;
import kz.gamma.hardware.x509.extension.AuthorityKeyIdentifierStructure;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:kz/gamma/hardware/crypto/software/ocsp/OCSPUtilities.class */
public class OCSPUtilities {
    public byte[] generateOcspRequest(byte[] bArr, String str, String str2, byte[] bArr2, String str3) throws CertificateException, IOException {
        DEROctetString dEROctetString;
        DEROctetString dEROctetString2;
        GeneralName generalName = null;
        if (str != null && str.length() > 0) {
            generalName = new GeneralName(6, new DERIA5String(str.getBytes()));
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(str2), DERNull.INSTANCE);
        if (str3 == null) {
            throw new RuntimeException("ca cannot be null");
        }
        if (str3.equals(CertificateAuthorities.NCA)) {
            X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2));
            byte[] encoded = PrincipalUtil.getSubjectX509Principal(x509Certificate2).getEncoded();
            byte[] bArr3 = new byte[32];
            GOST3411Digest gOST3411Digest = new GOST3411Digest();
            gOST3411Digest.update(encoded, 0, encoded.length);
            gOST3411Digest.doFinal(bArr3, 0);
            dEROctetString = new DEROctetString(bArr3);
            byte[] bytes = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(x509Certificate2.getPublicKey().getEncoded()).readObject()).getPublicKeyData().getBytes();
            byte[] bArr4 = new byte[32];
            gOST3411Digest.reset();
            gOST3411Digest.update(bytes, 0, bytes.length);
            gOST3411Digest.doFinal(bArr4, 0);
            dEROctetString2 = new DEROctetString(bArr4);
        } else {
            if (!str3.equals(CertificateAuthorities.GAMMACA)) {
                throw new RuntimeException("Unknown ca: " + str3);
            }
            byte[] encoded2 = x509Certificate.getIssuerX500Principal().getEncoded();
            byte[] bArr5 = new byte[32];
            GOST3411Digest gOST3411Digest2 = new GOST3411Digest();
            gOST3411Digest2.update(encoded2, 0, encoded2.length);
            gOST3411Digest2.doFinal(bArr5, 0);
            dEROctetString = new DEROctetString(bArr5);
            dEROctetString2 = new DEROctetString(new AuthorityKeyIdentifierStructure(x509Certificate.getExtensionValue("2.5.29.35")).getKeyIdentifier());
        }
        DERSequence dERSequence = new DERSequence(new Request(new CertID(algorithmIdentifier, dEROctetString, dEROctetString2, new DERInteger(x509Certificate.getSerialNumber())), null));
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(valueOf.toByteArray())));
        return new OCSPRequest(new TBSRequest(generalName, dERSequence, new X509Extensions(vector, vector2)), null).getEncoded();
    }

    public Map verifyOcspResponse(byte[] bArr) throws CertificateException, IOException {
        ASN1InputStream aSN1InputStream = null;
        try {
            HashMap hashMap = new HashMap();
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(bArr);
            DERObject readObject = aSN1InputStream2.readObject();
            aSN1InputStream2.close();
            ASN1InputStream aSN1InputStream3 = new ASN1InputStream(new OCSPResponse((ASN1Sequence) readObject).getResponseBytes().getResponse().getOctets());
            BasicOCSPResponse basicOCSPResponse = BasicOCSPResponse.getInstance(aSN1InputStream3.readObject());
            ResponseData tbsResponseData = basicOCSPResponse.getTbsResponseData();
            hashMap.put("status", Integer.valueOf(SingleResponse.getInstance(tbsResponseData.getResponses().getObjectAt(0)).getCertStatus().getTagNo()));
            String id = basicOCSPResponse.getSignatureAlgorithm().getObjectId().getId();
            if (!id.equals(GammaObjectIndentifiers.gost34310.getId()) && !id.equals(KZObjectIndentifiers.GOST_34_310_SIGNATURE.getId())) {
                throw new JCEHardwareException(String.format("Unknown signature algorithm: %s", id));
            }
            byte[] bytes = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(((X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(basicOCSPResponse.getCerts().getObjectAt(0).getDERObject().getEncoded()))).getPublicKey().getEncoded()).readObject()).getPublicKeyData().getBytes();
            byte[] reverseParts = UtilCM.reverseParts(bytes, bytes.length - 64);
            byte[] encoded = tbsResponseData.getEncoded();
            byte[] bArr2 = new byte[32];
            GOST3411Digest gOST3411Digest = new GOST3411Digest();
            gOST3411Digest.update(encoded, 0, encoded.length);
            gOST3411Digest.doFinal(bArr2, 0);
            hashMap.put("valid", Boolean.valueOf(SignatureVerifier.getInstance(CryptoObject.GOST).verify(reverseParts, UtilCM.inverseCopyByte(bArr2, 0, bArr2.length), basicOCSPResponse.getSignature().getBytes())));
            if (aSN1InputStream3 != null) {
                try {
                    aSN1InputStream3.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            return hashMap;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    aSN1InputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
            }
            throw th;
        }
    }
}
