package lv.euso.mobileeid.util;

import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.KeyFactory;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.signers.PlainDSAEncoding;
import org.bouncycastle.crypto.signers.StandardDSAEncoding;
import org.bouncycastle.jce.interfaces.ECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes4.dex */
public class CertUtil {
    public static final Provider BC = new BouncyCastleProvider();
    public static final int cRLSignBit = 6;
    public static final int dataEnciphermentBit = 3;
    public static final int digitalSignatureBit = 0;
    public static final int ecipherOnlyBit = 8;
    public static final int encipherOnlyBit = 7;
    public static final int keyAgreementBit = 4;
    public static final int keyCertSignBit = 5;
    public static final int keyEnciphermentBit = 2;
    public static final int nonRepudiationBit = 1;

    public static String calculateVerificationCode(Map<String, byte[]> map) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        Iterator it = new TreeSet(map.keySet()).iterator();
        while (it.hasNext()) {
            byte[] bArr = map.get((String) it.next());
            sHA256Digest.update(bArr, 0, bArr.length);
            sHA256Digest.update((byte) 0);
        }
        byte[] bArr2 = new byte[32];
        sHA256Digest.doFinal(bArr2, 0);
        String valueOf = String.valueOf(ByteBuffer.wrap(bArr2).getShort(r5.limit() - 2) & 65535);
        return ("0000" + valueOf).substring(valueOf.length());
    }

    public static String deriveUserId(X509Certificate x509Certificate) throws CertificateException, NoSuchProviderException {
        String subjectNameAttribute = getSubjectNameAttribute(x509Certificate, BCStyle.SERIALNUMBER);
        if (Pattern.matches("^PNO[A-Z]{2}-[\\S]{5,12}$", subjectNameAttribute)) {
            return subjectNameAttribute;
        }
        String str = "PNO" + getSubjectNameAttribute(x509Certificate, BCStyle.C) + "-" + subjectNameAttribute.trim();
        if (Pattern.matches("^PNO[A-Z]{2}-[\\S]{5,12}$", str)) {
            return str;
        }
        throw new CertificateException("Cannot convert serialNumber to userId PNO format: " + subjectNameAttribute);
    }

    public static ASN1ObjectIdentifier detectAlgorithmFromDigest(byte[] bArr) throws Exception {
        int length = bArr.length;
        if (length == 32) {
            return new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1");
        }
        if (length == 48) {
            return new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.2");
        }
        if (length == 64) {
            return new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.3");
        }
        throw new Exception("Unsupported digest length: " + bArr.length);
    }

    public static String detectAlgorithmNameFromDigest(byte[] bArr) throws Exception {
        int length = bArr.length;
        if (length == 32) {
            return "SHA256";
        }
        if (length == 48) {
            return "SHA384";
        }
        if (length == 64) {
            return "SHA512";
        }
        throw new Exception("Unsupported digest length: " + bArr.length);
    }

    public static byte[] ecdsaSignatureFromASN1(byte[] bArr, ECPublicKey eCPublicKey) throws Exception {
        BigInteger n = eCPublicKey.getParameters().getN();
        BigInteger[] decode = StandardDSAEncoding.INSTANCE.decode(n, bArr);
        return PlainDSAEncoding.INSTANCE.encode(n, decode[0], decode[1]);
    }

    public static byte[] ecdsaSignatureToASN1(byte[] bArr, ECPublicKey eCPublicKey) throws Exception {
        BigInteger n = eCPublicKey.getParameters().getN();
        BigInteger[] decode = PlainDSAEncoding.INSTANCE.decode(n, bArr);
        return StandardDSAEncoding.INSTANCE.encode(n, decode[0], decode[1]);
    }

    public static byte[] ecdsaSignatureToASN1(byte[] bArr, byte[] bArr2) throws Exception {
        return ecdsaSignatureToASN1(bArr, (ECPublicKey) KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(bArr2)));
    }

    public static X509Certificate generateCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509", BC).generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static String getGivenname(X509Certificate x509Certificate) throws CertificateException, NoSuchProviderException {
        return getSubjectNameAttribute(x509Certificate, BCStyle.GIVENNAME);
    }

    public static String getIssuerNameAttribute(X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return getNameAttribute(x509Certificate.getIssuerX500Principal(), aSN1ObjectIdentifier);
    }

    public static String getKeyAlgorithm(X509Certificate x509Certificate) {
        return x509Certificate.getPublicKey().getAlgorithm();
    }

    public static final boolean getKeyUsageBit(X509Certificate x509Certificate, int i) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null || keyUsage.length <= i) {
            return false;
        }
        return keyUsage[i];
    }

    public static String getNameAttribute(X500Principal x500Principal, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return IETFUtils.valueToString(new X500Name(x500Principal.getName()).getRDNs(aSN1ObjectIdentifier)[0].getFirst().getValue());
    }

    public static String getSerialnumber(X509Certificate x509Certificate) throws CertificateException, NoSuchProviderException {
        return getSubjectNameAttribute(x509Certificate, BCStyle.SERIALNUMBER);
    }

    public static String getSignatureAlgorithm(X509Certificate x509Certificate, String str) {
        String keyAlgorithm = getKeyAlgorithm(x509Certificate);
        if ("EC".equals(keyAlgorithm)) {
            keyAlgorithm = "ECDSA";
        }
        return str + JsonPOJOBuilder.DEFAULT_WITH_PREFIX + keyAlgorithm;
    }

    public static String getSubjectNameAttribute(X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return getNameAttribute(x509Certificate.getSubjectX500Principal(), aSN1ObjectIdentifier);
    }

    public static String getSurname(X509Certificate x509Certificate) throws CertificateException, NoSuchProviderException {
        return getSubjectNameAttribute(x509Certificate, BCStyle.SURNAME);
    }

    public static boolean isAuthenticationCertificate(X509Certificate x509Certificate) {
        return getKeyUsageBit(x509Certificate, 0);
    }

    public static boolean isSigningCertificate(X509Certificate x509Certificate) {
        return getKeyUsageBit(x509Certificate, 1);
    }

    public static byte[] normalizeSignature(byte[] bArr, PublicKey publicKey) throws Exception {
        return publicKey instanceof ECPublicKey ? ecdsaSignatureToASN1(bArr, (ECPublicKey) publicKey) : bArr;
    }
}
