package kz.akkamal.aksig;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Vector;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import kz.akkamal.aksig.AnsiSecureRandom;
import kz.akkamal.aksig.Gost28147PbeKeyFactory;
import kz.akkamal.aksig.Gost3410Signer;
import kz.akkamal.aksig.Gost3411Digest;
import kz.akkamal.aksig.RsaSigner;
import kz.akkamal.aksig.util.encoders.Base64;
import kz.akkamal.essclia.aktest.profile.ks.AKKeyStoreSign;
import kz.akkamal.org.bouncycastle.asn1.akkamal.AkKamalObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.gamma.GammaTechObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.knca.KNCAObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

/* loaded from: classes.dex */
public class AkSigProv extends Provider {
    public static final String PROV_INFO = "Ak Kamal Sign Library v.3.00";
    public static final String PROV_NAME = "AkSig";
    public static final double PROV_VER = 3.0d;
    private static final HashMap<String, String> digestNameToOid;
    private static final HashMap<String, String> sigKeyOidToName;
    private static final HashMap<String, String> sigNameToOid;
    private static boolean verifiedSelfIntegrity = false;
    private static final byte[] bytesOfProviderCert = Base64.decode("MIIDtzCCA3WgAwIBAgICA9YwCwYHKoZIzjgEAwUAMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWduaW5nIENBMB4XDTE0MDMwNjIyNDMwOFoXDTE5MDMxMDIyNDMwOFowZDEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMR4wHAYDVQQDExVBayBLYW1hbCBTZWN1cml0eSBMTFAwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEAqo5Vwaoro2dp0q65x924AIS4jFf0bGOedwxWL0d0l3I67ezIrS2SyMVwgxWP9x+kWIiPvBwbX6c9XIRQAW8dsSZwuCi3FWIzw02V/QavFoWgd+P4oAFtucSZqxSYV3Ydr5Rmu6NZf2wxLjSEQifgUvyErVmwy8N6rSgFoq0P+vOjgYcwgYQwEQYJYIZIAYb4QgEBBAQDAgQQMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUYNsff9pQYVm0J4jAl9bzWtC9EwUwHwYDVR0jBBgwFoAUZeL0hsnTTvCRTliiavXYeFqawaYwHwYDVR0RBBgwFoEUcGthcmFiaWRpQGFra2FtYWwua3owCwYHKoZIzjgEAwUAAy8AMCwCFDRu1srLyrl9Y0OJcayLdidBYTtMAhRMghfi1fR5I4qBITnHZ1ZhJufULw==");
    private static X509Certificate providerCert = null;
    private static final HashMap<String, String> sigOidToName = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class JarVerifier {
        private JarFile jarFile = null;
        private URL jarURL;

        JarVerifier(URL url) {
            this.jarURL = null;
            this.jarURL = url;
        }

        private static X509Certificate[] getAChain(Certificate[] certificateArr, int i) {
            if (i > certificateArr.length - 1) {
                return null;
            }
            int i2 = i;
            while (i2 < certificateArr.length - 1 && ((X509Certificate) certificateArr[i2 + 1]).getSubjectDN().equals(((X509Certificate) certificateArr[i2]).getIssuerDN())) {
                i2++;
            }
            int i3 = (i2 - i) + 1;
            X509Certificate[] x509CertificateArr = new X509Certificate[i3];
            for (int i4 = 0; i4 < i3; i4++) {
                x509CertificateArr[i4] = (X509Certificate) certificateArr[i + i4];
            }
            return x509CertificateArr;
        }

        private JarFile retrieveJarFileFromURL(URL url) throws PrivilegedActionException, MalformedURLException {
            if (!url.getProtocol().equalsIgnoreCase("jar")) {
                url = new URL("jar:" + url.toString() + "!/");
            }
            this.jarURL = url;
            return (JarFile) AccessController.doPrivileged(new PrivilegedExceptionAction<JarFile>() { // from class: kz.akkamal.aksig.AkSigProv.JarVerifier.1
                @Override // java.security.PrivilegedExceptionAction
                public JarFile run() throws Exception {
                    JarURLConnection jarURLConnection = (JarURLConnection) JarVerifier.this.jarURL.openConnection();
                    jarURLConnection.setUseCaches(false);
                    return jarURLConnection.getJarFile();
                }
            });
        }

        protected void finalize() throws Throwable {
            this.jarFile.close();
        }

        public void verify(X509Certificate x509Certificate) throws IOException {
            if (x509Certificate == null) {
                throw new SecurityException("Provider certificate is invalid");
            }
            try {
                if (this.jarFile == null) {
                    this.jarFile = retrieveJarFileFromURL(this.jarURL);
                }
                Vector vector = new Vector();
                if (this.jarFile.getManifest() == null) {
                    throw new SecurityException("The provider is not signed");
                }
                byte[] bArr = new byte[8192];
                Enumeration<JarEntry> entries = this.jarFile.entries();
                while (entries.hasMoreElements()) {
                    JarEntry nextElement = entries.nextElement();
                    if (!nextElement.isDirectory()) {
                        vector.addElement(nextElement);
                        InputStream inputStream = this.jarFile.getInputStream(nextElement);
                        do {
                        } while (inputStream.read(bArr, 0, bArr.length) != -1);
                        inputStream.close();
                    }
                }
                Enumeration elements = vector.elements();
                while (elements.hasMoreElements()) {
                    JarEntry jarEntry = (JarEntry) elements.nextElement();
                    Certificate[] certificates = jarEntry.getCertificates();
                    if (certificates != null && certificates.length != 0) {
                        int i = 0;
                        boolean z = false;
                        while (true) {
                            X509Certificate[] aChain = getAChain(certificates, i);
                            if (aChain == null) {
                                break;
                            }
                            if (aChain[0].equals(x509Certificate)) {
                                z = true;
                                break;
                            }
                            i += aChain.length;
                        }
                        if (!z) {
                            throw new SecurityException("The provider is not signed by a trusted signer");
                        }
                    } else if (!jarEntry.getName().startsWith("META-INF")) {
                        throw new SecurityException("The provider has unsigned class files.");
                    }
                }
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        }
    }

    static {
        sigOidToName.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
        sigOidToName.put(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId(), "ECGOST3410-KALKAN");
        sigOidToName.put(GammaTechObjectIdentifiers.ecgost3410.getId(), AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        sigOidToName.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "Sha1WithRsa");
        sigOidToName.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "Sha256WithRsa");
        sigOidToName.put(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId(), "Sha384WithRsa");
        sigOidToName.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "Sha512WithRsa");
        sigNameToOid = new HashMap<>();
        sigNameToOid.put("ECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId());
        sigNameToOid.put(AKKeyStoreSign.ALG_SIGN_GOST_TUMAR, GammaTechObjectIdentifiers.ecgost3410.getId());
        sigNameToOid.put("ECGOST3410-KALKAN", KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId());
        sigNameToOid.put("Sha1WithRsa", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId());
        sigNameToOid.put("Sha256WithRsa", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
        sigNameToOid.put("Sha384WithRsa", PKCSObjectIdentifiers.sha384WithRSAEncryption.getId());
        sigNameToOid.put("Sha512WithRsa", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId());
        sigKeyOidToName = new HashMap<>();
        sigKeyOidToName.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
        sigKeyOidToName.put(KNCAObjectIdentifiers.gost34310_2004_key.getId(), "ECGOST3410");
        sigKeyOidToName.put(GammaTechObjectIdentifiers.ecgost3410Key.getId(), "ECGOST3410");
        sigKeyOidToName.put(GammaTechObjectIdentifiers.ecgost3410.getId(), "ECGOST3410");
        sigKeyOidToName.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
        digestNameToOid = new HashMap<>();
        digestNameToOid.put("SHA1", OIWObjectIdentifiers.idSHA1.toString());
        digestNameToOid.put("SHA256", NISTObjectIdentifiers.id_sha256.toString());
        digestNameToOid.put("SHA384", NISTObjectIdentifiers.id_sha384.toString());
        digestNameToOid.put("SHA512", NISTObjectIdentifiers.id_sha512.toString());
    }

    public AkSigProv() {
        super("AkSig", 3.0d, PROV_INFO);
        put("MessageDigest.SHA1", Sha1Digest.class.getName());
        put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1.toString(), "SHA1");
        put("MessageDigest.SHA256", Sha256Digest.class.getName());
        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256.toString(), "SHA256");
        put("MessageDigest.SHA384", Sha384Digest.class.getName());
        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384.toString(), "SHA384");
        put("MessageDigest.SHA512", Sha512Digest.class.getName());
        put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512.toString(), "SHA512");
        put("MessageDigest.GOST3411", Gost3411Digest.class.getName());
        put("MessageDigest.GOST3411-TUMAR", Gost3411Digest.Tumar.class.getName());
        put("Alg.Alias.MessageDigest." + GammaTechObjectIdentifiers.ecgost3411, "GOST3411-TUMAR");
        put("Signature.ECGOST3410", Gost3410Signer.class.getName());
        put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410");
        put("Signature.ECGOST3410-TUMAR", Gost3410Signer.Tumar.class.getName());
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3410, AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3411 + "withECGOST3410", AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("Alg.Alias.Signature." + GammaTechObjectIdentifiers.ecgost3411 + "with" + GammaTechObjectIdentifiers.ecgost3410, AKKeyStoreSign.ALG_SIGN_GOST_TUMAR);
        put("Signature.ECGOST3410-KALKAN", Gost3410Signer.Kalkan.class.getName());
        put("Alg.Alias.Signature." + KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004, "ECGOST3410-KALKAN");
        put("Signature.Sha1WithRsa", RsaSigner.SHA1WithRSA.class.getName());
        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "Sha1WithRsa");
        put("Signature.Sha256WithRsa", RsaSigner.SHA256WithRSA.class.getName());
        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "Sha256WithRsa");
        put("Signature.Sha384WithRsa", RsaSigner.SHA384WithRSA.class.getName());
        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha384WithRSAEncryption, "Sha384WithRsa");
        put("Signature.Sha512WithRsa", RsaSigner.SHA512WithRSA.class.getName());
        put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha512WithRSAEncryption, "Sha512WithRsa");
        put("KeyPairGenerator.ECGOST3410", Gost3410KeyPairGenerator.class.getName());
        put("KeyPairGenerator.RSA", RsaKeyPairGenerator.class.getName());
        put("CertificateFactory.X509", X509CertificateFactory.class.getName());
        put("Alg.Alias.CertificateFactory.X.509", "X509");
        put("SecureRandom.X917", AnsiSecureRandom.SimpleGenerator.class.getName());
        put("SecureRandom.X917WithBio", AnsiSecureRandom.BioInitializedGenerator.class.getName());
        put("SecretKeyFactory.GOST28147-PBE", Gost28147PbeKeyFactory.Cipher.class.getName());
        put("Alg.Alias.SecretKeyFactory." + AkKamalObjectIdentifiers.gost28147_cbc_pbe, "GOST28147-PBE");
        put("SecretKeyFactory.GOST28147-MAC-PBE", Gost28147PbeKeyFactory.Mac.class.getName());
        put("Alg.Alias.SecretKeyFactory." + AkKamalObjectIdentifiers.gost28147_mac_pbe, "GOST28147-MAC-PBE");
        put("Cipher.GOST28147-CBC", Gost28147CbcCipher.class.getName());
        put("Alg.Alias.Cipher." + AkKamalObjectIdentifiers.gost28147_cbc_pbe, "GOST28147-CBC");
        put("Mac.GOST28147", Gost28147Mac.class.getName());
        put("Alg.Alias.Mac." + AkKamalObjectIdentifiers.gost28147_mac_pbe, "GOST28147");
        put("KeyStore.AKS", Pkcs12KeyStore.class.getName());
    }

    public static final synchronized boolean checkClassJar(String str, boolean z) {
        boolean z2 = true;
        synchronized (AkSigProv.class) {
            URL url = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: kz.akkamal.aksig.AkSigProv.2
                @Override // java.security.PrivilegedAction
                public URL run() {
                    return AkSigProv.class.getProtectionDomain().getCodeSource().getLocation();
                }
            });
            if (url != null) {
                JarVerifier jarVerifier = new JarVerifier(url);
                try {
                    if (providerCert == null) {
                        providerCert = setupProviderCert();
                    }
                    jarVerifier.verify(providerCert);
                } catch (Exception e) {
                    throw new SecurityException(e);
                }
            } else if (z) {
                z2 = false;
            }
        }
        return z2;
    }

    public static String getDigestOid(String str) {
        return digestNameToOid.get(str);
    }

    public static String getSigAlgName(String str) {
        return sigOidToName.get(str);
    }

    public static String getSigAlgOid(String str) {
        return sigNameToOid.get(str);
    }

    public static String getSigKeyAlgName(String str) {
        return sigKeyOidToName.get(str);
    }

    public static final synchronized boolean selfIntegrityChecking() {
        boolean z = true;
        synchronized (AkSigProv.class) {
            if (!verifiedSelfIntegrity) {
                URL url = (URL) AccessController.doPrivileged(new PrivilegedAction<URL>() { // from class: kz.akkamal.aksig.AkSigProv.1
                    @Override // java.security.PrivilegedAction
                    public URL run() {
                        return AkSigProv.class.getProtectionDomain().getCodeSource().getLocation();
                    }
                });
                if (url == null) {
                    z = false;
                } else {
                    JarVerifier jarVerifier = new JarVerifier(url);
                    try {
                        if (providerCert == null) {
                            providerCert = setupProviderCert();
                        }
                        jarVerifier.verify(providerCert);
                        if (!checkClassJar("kz.akkamal.org.bouncycastle.asn1.ASN1Object", true)) {
                            z = false;
                        } else if (!checkClassJar("kz.akkamal.org.bouncycastle.math.ec.ECCurve", true)) {
                            z = false;
                        } else if (checkClassJar("kz.akkamal.xmlsig.XmlSigLib", false)) {
                            verifiedSelfIntegrity = true;
                        } else {
                            z = false;
                        }
                    } catch (Exception e) {
                        throw new SecurityException(e);
                    }
                }
            }
        }
        return z;
    }

    private static X509Certificate setupProviderCert() throws IOException, CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytesOfProviderCert);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }
}
