package com.echoworx.edt.internal.util;

import com.echoworx.edt.common.pki.EDTCertificate;
import com.echoworx.edt.common.pki.EDTPKIException;
import com.echoworx.edt.common.pki.EDTPrivateKey;
import com.echoworx.edt.common.pki.EDTX509Certificate;
import com.echoworx.edt.common.pki.PKCS12Container;
import com.echoworx.edt.common.registry.CryptograpyException;
import com.echoworx.edt.common.registry.HandlerRegistry;
import com.echoworx.edt.common.registry.HandlerType;
import com.echoworx.edt.common.registry.LoggingFacade;
import com.echoworx.edt.common.registry.PKIFacade;
import com.echoworx.edt.credential.domain.Password;
import com.echoworx.edt.internal.common.KeyInfo;
import java.util.Date;
import java.util.Hashtable;

/* loaded from: classes.dex */
public class PKIUtils {
    public static final String KEY_SERVICE_TEMPORARY_CERTIFICATE_NAME = "EWKeyService TemplateCertificate";
    public static final int PKCS7_FORMAT_ENVELOPED = 3;
    public static final int PKCS7_FORMAT_SIGNED = 2;
    public static final int PKCS7_FORMAT_SIGNED_AND_ENVELOPED = 4;
    public static final int PKCS7_FORMAT_UNEXPECTED = 0;
    protected static PKIUtils _instance = null;
    protected PKIFacade fHelper = (PKIFacade) HandlerRegistry.getHandler(HandlerType.PKI_FACADE);
    protected LoggingFacade fLogger = ((LoggingFacade) HandlerRegistry.getHandler(HandlerType.LOG_FACADE)).getLogger(PKIUtils.class);

    protected PKIUtils() {
    }

    public static PKIUtils getInstance() {
        if (_instance == null) {
            _instance = new PKIUtils();
        }
        return _instance;
    }

    public int checkPKCS7(byte[] bArr) throws CryptograpyException {
        if (bArr.length < 256) {
            this.fLogger.debug("checkPKCS7:The input of checkPKCS7 is too short. Skipping.");
            return 0;
        }
        if (bArr[0] != 48 || (bArr[1] & 128) == 0) {
            return 0;
        }
        int i = (bArr[1] & Byte.MAX_VALUE) + 2;
        byte[] bArr2 = {6, 9, 42, -122, 72, -122, -9, 13, 1, 7};
        for (byte b = 0; b < 10; b = (byte) (b + 1)) {
            if (bArr[b + i] != bArr2[b]) {
                throw new CryptograpyException("Internal error.");
            }
        }
        byte b2 = bArr[i + 10];
        if (b2 <= 1 || b2 >= 5) {
            b2 = 0;
        }
        return b2;
    }

    public byte[] decryptAndVerifyPKCS7(byte[] bArr, EDTPrivateKey eDTPrivateKey, EDTX509Certificate eDTX509Certificate) {
        int checkPKCS7 = checkPKCS7(bArr);
        if (checkPKCS7 != 2 && checkPKCS7 != 3) {
            throw new CryptograpyException("The format of PKCS7 is invalid.");
        }
        int i = checkPKCS7;
        byte[] bArr2 = bArr;
        while (true) {
            if (i != 2 && i != 3) {
                return bArr2;
            }
            if (i == 3) {
                bArr2 = this.fHelper.loadASN1EncodedPKCS7(bArr2).decrypt(eDTPrivateKey, eDTX509Certificate);
                if (bArr2 == null) {
                    throw new CryptograpyException("The format of PKCS7 is invalid.");
                }
            } else if (i == 2 && (bArr2 = this.fHelper.loadASN1EncodedPKCS7(bArr2).verify()) == null) {
                throw new CryptograpyException("Invalid format of PKCS7.");
            }
            i = checkPKCS7(bArr2);
        }
    }

    public KeyInfo getKeyInfo(byte[] bArr, Password password, String str) {
        Date date;
        EDTX509Certificate eDTX509Certificate;
        EDTCertificate[] eDTCertificateArr;
        EDTPrivateKey eDTPrivateKey;
        PKCS12Container loadPKCS12Container = this.fHelper.loadPKCS12Container(bArr, password);
        EDTX509Certificate eDTX509Certificate2 = null;
        EDTPrivateKey eDTPrivateKey2 = null;
        EDTCertificate[] eDTCertificateArr2 = null;
        Hashtable hashtable = new Hashtable();
        Date date2 = null;
        EDTCertificate[] allCertificatesWithPrivateKey = loadPKCS12Container.getAllCertificatesWithPrivateKey();
        int i = 0;
        while (i < allCertificatesWithPrivateKey.length) {
            EDTX509Certificate eDTX509Certificate3 = (EDTX509Certificate) allCertificatesWithPrivateKey[i];
            EDTCertificate[] certificateChain = loadPKCS12Container.getCertificateChain(eDTX509Certificate3);
            EDTPrivateKey keyRelatedToCertificate = loadPKCS12Container.getKeyRelatedToCertificate(eDTX509Certificate3, null);
            String subjectDN = eDTX509Certificate3.getSubjectDN();
            if (keyRelatedToCertificate != null && subjectDN != null && subjectDN.indexOf(str) >= 0) {
                hashtable.put(eDTX509Certificate3, keyRelatedToCertificate);
                if (date2 == null || eDTX509Certificate3.getNotBefore().getTime() > date2.getTime()) {
                    eDTPrivateKey = keyRelatedToCertificate;
                    eDTX509Certificate = eDTX509Certificate3;
                    date = eDTX509Certificate3.getNotBefore();
                    eDTCertificateArr = certificateChain;
                    i++;
                    eDTX509Certificate2 = eDTX509Certificate;
                    eDTPrivateKey2 = eDTPrivateKey;
                    eDTCertificateArr2 = eDTCertificateArr;
                    date2 = date;
                }
            }
            date = date2;
            eDTX509Certificate = eDTX509Certificate2;
            eDTCertificateArr = eDTCertificateArr2;
            eDTPrivateKey = eDTPrivateKey2;
            i++;
            eDTX509Certificate2 = eDTX509Certificate;
            eDTPrivateKey2 = eDTPrivateKey;
            eDTCertificateArr2 = eDTCertificateArr;
            date2 = date;
        }
        if (eDTPrivateKey2 == null) {
            throw new EDTPKIException("Can't find the private key in key store.");
        }
        return new KeyInfo(eDTPrivateKey2, eDTX509Certificate2, eDTCertificateArr2, hashtable);
    }

    public EDTX509Certificate parseConfigurationPEM(byte[] bArr) {
        String str = new String(bArr);
        return this.fHelper.loadASN1EncodedPKCS7(Base64.decode(str.substring("-----BEGIN PKCS7-----".length(), str.indexOf(45, "-----BEGIN PKCS7-----".length())).getBytes())).getLeafCertificate();
    }
}
