package kz.akkamal.akcrypto.jce;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import kz.akkamal.akcrypto.jce.AKCAES;
import kz.akkamal.akcrypto.jce.AKCBlockCipher;
import kz.akkamal.akcrypto.jce.AKCGost28147;
import kz.akkamal.akcrypto.jce.AkcAlgorithmParameterGenerator;
import kz.akkamal.akcrypto.jce.AkcAlgorithmParameters;
import kz.akkamal.akcrypto.jce.AkcMac;
import kz.akkamal.akcrypto.jce.AkcPbeKeyFactory;
import kz.akkamal.akcrypto.jce.AkcRsaCipher;
import kz.akkamal.akcrypto.jce.JDKPKCS12KeyStore;
import kz.akkamal.akcrypto.jce.JceEcGostSigner;
import kz.akkamal.akcrypto.jce.JceMessageDigest;
import kz.akkamal.akcrypto.jce.JceRsaSignature;
import kz.akkamal.akcrypto.jce.JceSecureRandom;
import kz.akkamal.akcrypto.util.encoders.Base64;
import kz.akkamal.essclia.aktest.profile.ks.AKKeyStoreSign;
import kz.akkamal.org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.gamma.GammaTechObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

/* loaded from: classes.dex */
public class AkKamalCryptoEngine extends Provider {
    public static final String PROV_INFO = "Ak Kamal Crypto Engine v.1.00";
    public static final String PROV_NAME = "AkCrypto";
    public static final double PROV_VER = 1.0d;
    public static final String SECRET_FORMAT = "AKC-SECRET";
    private static boolean verifiedSelfIntegrity = true;
    private static final byte[] bytesOfProviderCert = Base64.decode("MIIDrjCCA2ygAwIBAgICAscwCwYHKoZIzjgEAwUAMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWduaW5nIENBMB4XDTA5MDIyNzAzMjk1MloXDTE0MDMwMzAzMjk1MlowWzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRUwEwYDVQQDEwxBa0thbWFsIElTQ0MwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA8lOQPKsSZiE0c3YX0XIcO2jGEgdz7YYTbJqe+ZFhLC+2+yuoTRBcAzEDyk2xpe36o/PB6cuQ6x8bOYw99xRTgzpt9EjLzLiinBqd+/JwcfyYBy8kuqmveqpru7bHE2oTRGWYN9Ptu4wx+xAs51oYkKtHcSOHYKWIJ4coTCX3DR6jgYcwgYQwEQYJYIZIAYb4QgEBBAQDAgQQMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUrShxucUWzP/jRUo9aJ5B4QqE8towHwYDVR0jBBgwFoAUZeL0hsnTTvCRTliiavXYeFqawaYwHwYDVR0RBBgwFoEUYXZhcmxhbW92QGFra2FtYWwua3owCwYHKoZIzjgEAwUAAy8AMCwCFFPfW8yEqIDVixwIljzCtaO/8rX0AhRVOCvmfxwYETWgPtnDIf17mD1Jsg==");
    private static X509Certificate providerCert = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class JarVerifier {
        private JarFile jarFile = null;
        private URL jarURL;

        JarVerifier(URL url) {
            this.jarURL = null;
            this.jarURL = url;
        }

        private static X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
            if (i > certificateArr.length - 1) {
                return null;
            }
            int i2 = i;
            while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
                i2++;
            }
            int i3 = (i2 - i) + 1;
            X509Certificate[] x509CertificateArr = new X509Certificate[i3];
            for (int i4 = 0; i4 < i3; i4++) {
                x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
            }
            return x509CertificateArr;
        }

        private JarFile retrieveJarFileFromURL(URL url) throws PrivilegedActionException, MalformedURLException {
            if (!url.getProtocol().equalsIgnoreCase("jar")) {
                url = new URL("jar:" + url.toString() + "!/");
            }
            this.jarURL = url;
            return (JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { // from class: kz.akkamal.akcrypto.jce.AkKamalCryptoEngine.JarVerifier.1
                @Override // java.security.PrivilegedExceptionAction
                public JarFile run() throws Exception {
                    JarURLConnection jarURLConnection = (JarURLConnection) JarVerifier.this.jarURL.openConnection();
                    jarURLConnection.setUseCaches(false);
                    return jarURLConnection.getJarFile();
                }
            });
        }

        protected void finalize() throws Throwable {
            this.jarFile.close();
        }

        public void verify(X509Certificate x509Certificate) throws IOException {
            if (x509Certificate == null) {
                throw new SecurityException("Provider certificate is invalid");
            }
            try {
                if (this.jarFile == null) {
                    this.jarFile = retrieveJarFileFromURL(this.jarURL);
                }
                Vector vector = new Vector();
                if (this.jarFile.getManifest() == null) {
                    throw new SecurityException("The provider is not signed");
                }
                byte[] bArr = new byte[8192];
                Enumeration<JarEntry> entries = this.jarFile.entries();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory()) {
                        vector.addElement(nextElement);
                        InputStream inputStream = this.jarFile.getInputStream(nextElement);
                        do {
                        } while (inputStream.read(bArr, 0, bArr.length) != -1);
                        inputStream.close();
                    }
                }
                Enumeration elements = vector.elements();
                while (elements.hasMoreElements()) {
                    JarEntry jarEntry = (JarEntry) elements.nextElement();
                    Certificate[] certificates = jarEntry.getCertificates();
                    if (certificates != null && certificates.length != 0) {
                        int i = 0;
                        boolean z = false;
                        while (true) {
                            X509Certificate[] aChain = getAChain(certificates, i);
                            if (aChain == null) {
                                break;
                            }
                            if (aChain[0].equals(x509Certificate)) {
                                z = true;
                                break;
                            }
                            i += aChain.length;
                        }
                        if (!z) {
                            throw new SecurityException("The provider is not signed by a trusted signer");
                        }
                    } else if (!jarEntry.getName().startsWith("META-INF")) {
                        throw new SecurityException("The provider has unsigned class files.");
                    }
                }
            } catch (Exception e) {
                SecurityException securityException = new SecurityException();
                securityException.initCause(e);
                throw securityException;
            }
        }
    }

    public AkKamalCryptoEngine() {
        super("AkCrypto", 1.0d, PROV_INFO);
        initRandomGenerators();
        initDigests();
        initSymmetricCipher();
        initAsymmetricCipher();
        initSignature();
        initCertFactories();
        initMacs();
        initKeyStores();
    }

    private void initAsymmetricCipher() {
        put("Cipher.RSA-RAW", AkcRsaCipher.class.getName());
        put("Cipher.RSA", AkcRsaCipher.PKCS1v1_5Padding.class.getName());
    }

    private void initCertFactories() {
        put("CertificateFactory.X.509", JDKX509CertificateFactory.class.getName());
        put("Alg.Alias.CertificateFactory.X509", "X.509");
    }

    private void initDigests() {
        put("MessageDigest.SHA1", JceMessageDigest.SHA1.class.getName());
        put("Alg.Alias.MessageDigest.SHA-1", "SHA1");
        put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA1");
        put("MessageDigest.SHA256", JceMessageDigest.SHA256.class.getName());
        put("Alg.Alias.MessageDigest.SHA-256", "SHA256");
        put("MessageDigest.GOST3411", JceMessageDigest.GOST3411.class.getName());
        put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411");
        put("MessageDigest.GOST3411-TUMAR", JceMessageDigest.GOST3411Tumar.class.getName());
        put("Alg.Alias.MessageDigest." + GammaTechObjectIdentifiers.ecgost3411, "GOST3411-TUMAR");
    }

    private void initKeyStores() {
        put("KeyStore.PKCS12", JDKPKCS12KeyStore.AkPkcs12KeyStore.class.getName());
    }

    private void initMacs() {
        put("Mac.GOST28147", AkcMac.GOST28147.class.getName());
        put("Mac.AES", AKCAES.MAC_CBC.class.getName());
        put("Mac.PBEWITHHMACSHA", AkcMac.PBEWithSHA.class.getName());
        put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA");
        put("SecretKeyFactory.PBEWITHHMACSHA", AkcPbeKeyFactory.PBEWithSHA.class.getName());
        put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA");
        put("AlgorithmParameters.PBEWITHHMACSHA", AkcAlgorithmParameters.PBEWithHmacSHA.class.getName());
        put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.26", "PBEWITHHMACSHA");
        put("AlgorithmParameterGenerator.PBEWITHHMACSHA", AkcAlgorithmParameterGenerator.PBEWithHmacSha.class.getName());
        put("Alg.Alias.AlgorithmParameterGenerator.1.3.14.3.2.26", "PBEWITHHMACSHA");
    }

    private void initRandomGenerators() {
        put("SecureRandom.X917", JceSecureRandom.X917.class.getName());
    }

    private void initSignature() {
        put("Signature.ECGOST3410", JceEcGostSigner.EcGost3410.class.getName());
        put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410");
        put("Signature.ECGOST3410-TUMAR", JceEcGostSigner.EcGost3410Tumar.class.getName());
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3410, AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3411 + "withECGOST3410", AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3411 + "with" + GammaTechObjectIdentifiers.ecgost3410, AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("KeyFactory.ECGOST3410", JceEcGostKeyFactory.class.getName());
        put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
        put("KeyPairGenerator.ECGOST3410", JceEcGostKeyPairGenerator.class.getName());
        put("Signature.SHA1withRSA", JceRsaSignature.SHA1WithRSAEncryption.class.getName());
        put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
        put("Signature.SHA256withRSA", JceRsaSignature.SHA1WithRSAEncryption.class.getName());
        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256withRSA");
        put("KeyFactory.RSA", JceRsaKeyFactory.class.getName());
        put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA");
        put("KeyPairGenerator.RSA", JceRsaKeyPairGenerator.class.getName());
    }

    private void initSymmetricCipher() {
        put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", AKCBlockCipher.PBEWithSHAAndDES3Key.class.getName());
        put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
        put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", AkcPbeKeyFactory.PBEWithSHAAndDES3Key.class.getName());
        put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
        put("AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", AkcAlgorithmParameters.PBEWithSHAAndDES3Key.class.getName());
        put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC.getId(), "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
        put("AlgorithmParameterGenerator.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", AkcAlgorithmParameterGenerator.PBEWithSHAAndDES3Key.class.getName());
        put("Cipher.GOST28147", AKCGost28147.ECB.class.getName());
        put("Alg.Alias.Cipher.GOST-28147", "GOST28147");
        put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, AKCGost28147.CBC.class.getName());
        put("KeyGenerator.GOST28147", AKCGost28147.KeyGen.class.getName());
        put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147");
        put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147");
        put("AlgorithmParameters.GOST28147", AKCGost28147.AlgParams.class.getName());
        put("AlgorithmParameterGenerator.GOST28147", AKCGost28147.AlgParamGen.class.getName());
        put("Cipher.AES", AKCAES.ECB.class.getName());
        put("KeyGenerator.AES", AKCAES.KeyGen256.class.getName());
        put("AlgorithmParameters.AES", AKCAES.AlgParams.class.getName());
        put("AlgorithmParameterGenerator.AES", AKCAES.AlgParamGen.class.getName());
    }

    public static final synchronized boolean selfIntegrityChecking() {
        boolean z = true;
        synchronized (AkKamalCryptoEngine.class) {
            if (!verifiedSelfIntegrity) {
                URL url = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: kz.akkamal.akcrypto.jce.AkKamalCryptoEngine.1
                    @Override // java.security.PrivilegedAction
                    public URL run() {
                        return AkKamalCryptoEngine.class.getProtectionDomain().getCodeSource().getLocation();
                    }
                });
                if (url == null) {
                    z = false;
                } else {
                    JarVerifier jarVerifier = new JarVerifier(url);
                    try {
                        if (providerCert == null) {
                            providerCert = setupProviderCert();
                        }
                        jarVerifier.verify(providerCert);
                        verifiedSelfIntegrity = true;
                    } catch (Exception e) {
                        throw new SecurityException(e);
                    }
                }
            }
        }
        return z;
    }

    private static X509Certificate setupProviderCert() throws IOException, CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytesOfProviderCert);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }
}
