package com.yessign.api;

import com.yessign.asn1.ASN1OctetString;
import com.yessign.asn1.ASN1Sequence;
import com.yessign.asn1.ASN1Set;
import com.yessign.asn1.DERObjectIdentifier;
import com.yessign.asn1.DERTaggedObject;
import com.yessign.asn1.cms.AttributeTypeAndValue;
import com.yessign.asn1.cms.ContentInfo;
import com.yessign.asn1.kisa.KISAHashContent;
import com.yessign.asn1.kisa.KISAIdentifyData;
import com.yessign.asn1.kisa.KISAObjectIdentifiers;
import com.yessign.asn1.kisa.KISAVId;
import com.yessign.asn1.pkcs.PKCSObjectIdentifiers;
import com.yessign.asn1.x509.GeneralNames;
import com.yessign.asn1.x509.X509Extensions;
import com.yessign.jce.cms.CMSException;
import com.yessign.jce.cms.CMSSignedData;
import com.yessign.jce.cms.SignerInformation;
import com.yessign.jce.provider.yessignProvider;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.cert.CertStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;

/* loaded from: classes.dex */
public class SignedDataManager {
    private CMSSignedData a = null;
    private boolean b;
    private boolean c;
    private boolean d;
    private boolean e;
    private String f;
    private String g;
    private byte[] h;
    private X509Certificate i;
    private ASN1Set j;
    private byte[] k;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public SignedDataManager() {
        init();
        this.b = true;
        this.c = true;
        this.d = true;
        this.f = null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a() throws VerifyOwnerException {
        StringBuilder sb;
        StringBuilder sb2;
        ASN1Set aSN1Set = this.j;
        if (aSN1Set == null) {
            throw new VerifyOwnerException("hash content가 존재하지 않음", 38);
        }
        if (this.k == null) {
            throw new VerifyOwnerException("인증서내에 VID가 존재하지 않음", 38);
        }
        try {
            KISAHashContent kISAHashContent = KISAHashContent.getInstance(ASN1Sequence.getInstance(ASN1OctetString.getInstance(aSN1Set.getObjectAt(0)).getOctets()));
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) GeneralNames.getInstance(ASN1Sequence.getInstance(ASN1OctetString.getInstance(ASN1Sequence.getInstance(this.k)).getOctets())).getGeneralName(0).getName();
                if (!((DERObjectIdentifier) aSN1Sequence.getObjectAt(0)).equals(KISAObjectIdentifiers.kisa_identifyData)) {
                    throw new VerifyOwnerException("kisa-identifyData OID 오류 : " + ((DERObjectIdentifier) aSN1Sequence.getObjectAt(0)).getId(), 38);
                }
                ASN1Sequence userInfo = KISAIdentifyData.getInstance(((DERTaggedObject) aSN1Sequence.getObjectAt(1)).getObject()).getUserInfo();
                String str = this.f;
                if (str != null) {
                    kISAHashContent.setIdn(str);
                }
                String idn = kISAHashContent.getIdn();
                if (this.e) {
                    Iterator objects = userInfo.getObjects();
                    while (objects.hasNext()) {
                        AttributeTypeAndValue attributeTypeAndValue = AttributeTypeAndValue.getInstance(objects.next());
                        if (attributeTypeAndValue.getAttrType().equals(KISAObjectIdentifiers.yessign_KftcVID)) {
                            KISAVId kISAVId = KISAVId.getInstance(attributeTypeAndValue.getAttrValues());
                            MessageDigest messageDigest = MessageDigest.getInstance(kISAVId.getHashAlgorithm().getObjectId().getId(), yessignProvider.PROVIDER);
                            byte[] vitualID = kISAVId.getVitualID();
                            messageDigest.update(kISAHashContent.getDERObject().getEncoded());
                            byte[] digest = messageDigest.digest();
                            messageDigest.reset();
                            messageDigest.update(digest);
                            if (Arrays.equals(vitualID, messageDigest.digest())) {
                                String str2 = this.f;
                                if (str2 != null) {
                                    this.g = str2;
                                    return;
                                } else {
                                    this.g = idn;
                                    return;
                                }
                            }
                            if (this.f != null) {
                                sb2 = new StringBuilder();
                                sb2.append("별도로 설정된 SSN 오류(KftcVID 검증) : ");
                                sb2.append(this.f);
                            } else {
                                sb2 = new StringBuilder();
                                sb2.append("HashContent 내의 SSN 오류(KftcVID 검증) : ");
                                sb2.append(idn);
                            }
                            throw new VerifyOwnerException(sb2.toString(), 37);
                        }
                    }
                } else {
                    Iterator objects2 = userInfo.getObjects();
                    while (objects2.hasNext()) {
                        AttributeTypeAndValue attributeTypeAndValue2 = AttributeTypeAndValue.getInstance(objects2.next());
                        if (attributeTypeAndValue2.getAttrType().equals(KISAObjectIdentifiers.kisa_vid)) {
                            KISAVId kISAVId2 = KISAVId.getInstance(attributeTypeAndValue2.getAttrValues());
                            MessageDigest messageDigest2 = MessageDigest.getInstance(kISAVId2.getHashAlgorithm().getObjectId().getId(), yessignProvider.PROVIDER);
                            byte[] vitualID2 = kISAVId2.getVitualID();
                            messageDigest2.update(kISAHashContent.getDERObject().getEncoded());
                            byte[] digest2 = messageDigest2.digest();
                            messageDigest2.reset();
                            messageDigest2.update(digest2);
                            if (Arrays.equals(vitualID2, messageDigest2.digest())) {
                                String str3 = this.f;
                                if (str3 != null) {
                                    this.g = str3;
                                    return;
                                } else {
                                    this.g = idn;
                                    return;
                                }
                            }
                            if (this.f != null) {
                                sb = new StringBuilder();
                                sb.append("별도로 설정된 SSN 오류 : ");
                                sb.append(this.f);
                            } else {
                                sb = new StringBuilder();
                                sb.append("HashContent 내의 SSN 오류 : ");
                                sb.append(idn);
                            }
                            throw new VerifyOwnerException(sb.toString(), 37);
                        }
                    }
                }
                throw new VerifyOwnerException("인증서내 SubjectAltName 확장 필드(KISA-VID 부분)에 해당 VID 정보가 없음", 38);
            } catch (VerifyOwnerException e) {
                throw e;
            } catch (Exception e2) {
                throw new VerifyOwnerException(e2.getMessage(), 38, e2.getCause());
            }
        } catch (Exception e3) {
            throw new VerifyOwnerException("서명 데이터의 Hash Content 필드 분석 실패 : " + e3.getMessage(), 38, e3.getCause());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private byte[] a(byte[] bArr, CertManager certManager) throws SignedDataException {
        boolean z;
        try {
            try {
                this.a = new CMSSignedData(bArr);
            } catch (CMSException unused) {
                this.a = new CMSSignedData(new ContentInfo(PKCSObjectIdentifiers.signedData, ASN1Sequence.getInstance(bArr)));
            }
            try {
                CertStore certificatesAndCRLs = this.a.getCertificatesAndCRLs("Collection", yessignProvider.PROVIDER);
                Iterator it = this.a.getSignerInfos().getSigners().iterator();
                if (!it.hasNext()) {
                    throw new SignedDataException("전자서명문의 서명검증 실패 - '서명자 정보가 없음'", 34);
                }
                SignerInformation signerInformation = (SignerInformation) it.next();
                X509Certificate x509Certificate = (X509Certificate) certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator().next();
                this.i = x509Certificate;
                if (this.b) {
                    CertVerifier.verifyCert(x509Certificate, 1, certManager);
                }
                if (!this.c) {
                    z = true;
                } else {
                    if (!yessignManager.checkSigAlgStrength(this.i, signerInformation.getDigestAlgOID())) {
                        throw new SignedDataException("인증서 암호체계 고도화에 적합하지 않은 강도가 약한 해쉬알고리즘으로 전자서명 되었음 - " + signerInformation.getDigestAlgOID(), 40);
                    }
                    z = signerInformation.verify(this.i, yessignProvider.PROVIDER);
                }
                if (!z) {
                    throw new SignedDataException("전자서명문의 서명검증 실패 - '서명값 불일치'", 33);
                }
                if (!this.a.getSignedContentType().equals(PKCSObjectIdentifiers.data.getId())) {
                    throw new SignedDataException("전자서명문의 내용이 처리하지 않는 데이터형 OID - " + this.a.getSignedContentType(), 32);
                }
                String certPolicy = yessignManager.getCertPolicy(this.i);
                if (certPolicy == null) {
                    throw new SignedDataException("전자서명문의 서명검증  처리에서 오류발생 - 인증서에서 정책획득 실패", 40);
                }
                if (yessignGEnv.TrusbillPolicy.contains(certPolicy)) {
                    this.e = true;
                }
                if (signerInformation.getUnsignedAttributes() != null && signerInformation.getUnsignedAttributes().get(KISAObjectIdentifiers.yessign_hashcontent) != null) {
                    ASN1Set attrValues = signerInformation.getUnsignedAttributes().get(KISAObjectIdentifiers.yessign_hashcontent).getAttrValues();
                    this.j = attrValues;
                    if (attrValues != null) {
                        this.k = this.i.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
                        if (this.d) {
                            a();
                        }
                    }
                }
                byte[] bArr2 = (byte[]) this.a.getSignedContent().getContent();
                this.h = bArr2;
                return bArr2;
            } catch (CertValidException e) {
                throw new SignedDataException("전자서명문의 인증서 유효성 검증 실패 - " + e.getMessage(), e.getErrCode(), e.getCause());
            } catch (SignedDataException e2) {
                throw e2;
            } catch (VerifyOwnerException e3) {
                throw new SignedDataException("전자서명문의 본인확인 실패 - " + e3.getMessage(), e3.getErrCode(), e3.getCause());
            } catch (Exception e4) {
                throw new SignedDataException("전자서명문의 디코딩 실패 - " + e4.getMessage(), 40, e4.getCause());
            }
        } catch (IOException e5) {
            throw new SignedDataException("전자서명문 디코딩 실패 - " + e5.getMessage(), 31, e5.getCause());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean existHashContent() {
        return this.j != null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public CMSSignedData getCmsSignedObj() {
        return this.a;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public byte[] getCmsSignedObjToBytes() {
        CMSSignedData cMSSignedData = this.a;
        if (cMSSignedData == null) {
            return null;
        }
        try {
            return cMSSignedData.encodeGeneralSyntax();
        } catch (Exception unused) {
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public byte[] getContent() {
        return this.h;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getInSSN() {
        return this.f;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509Certificate getSignerCert() {
        return this.i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getSignerCertDN() {
        X509Certificate x509Certificate = this.i;
        if (x509Certificate == null) {
            return null;
        }
        return x509Certificate.getSubjectDN().getName();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getSignerCertPolicy() {
        X509Certificate x509Certificate = this.i;
        if (x509Certificate == null) {
            return null;
        }
        try {
            return yessignManager.getCertPolicy(x509Certificate);
        } catch (Exception unused) {
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int getSignerCertSerialNumber() {
        X509Certificate x509Certificate = this.i;
        if (x509Certificate == null) {
            return 0;
        }
        try {
            return x509Certificate.getSerialNumber().intValue();
        } catch (Exception unused) {
            return 0;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getVerifiedSSN() {
        return this.g;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void init() {
        this.e = false;
        this.g = null;
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean isKftcVID() {
        return this.e;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean isVerifyCert() {
        return this.b;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean isVerifyOwner() {
        return this.d;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean isVerifySign() {
        return this.c;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setInSSN(String str) {
        this.f = str;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setVerifyCert(boolean z) {
        this.b = z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setVerifyOwner(boolean z) {
        this.d = z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setVerifySign(boolean z) {
        this.c = z;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void verifyCertOwner(String str) throws VerifyOwnerException {
        this.g = null;
        this.f = str;
        a();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public byte[] verifySignedData(byte[] bArr, CertManager certManager) throws SignedDataException {
        init();
        if (this.b && yessignGEnv.Validation == yessignGEnv.VD_OCSP) {
            if (yessignGEnv.OCSPUrl == null || yessignGEnv.OCSPUrl.length() == 0) {
                throw new SignedDataException("인증서 상태 조회를 요청할 OCSP URL이 설정되어 있지 않음", 10);
            }
            if (certManager == null || certManager.getSignCert() == null || certManager.getSignPriOrg() == null) {
                throw new SignedDataException("OCSP 요청에 서명할 인증서와 개인키 파라미터가 null임", 10);
            }
        }
        if (bArr != null) {
            return a(bArr, certManager);
        }
        throw new SignedDataException("전자서명문 바이트 배열 파라미터가 null임", 10);
    }
}
