package signgate.crypto.util;

import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Set;
import signgate.crypto.asn1.Asn1Exception;
import signgate.crypto.x509.ocsp.BasicOCSPResponse;
import signgate.crypto.x509.ocsp.CertID;
import signgate.crypto.x509.ocsp.OCSPException;
import signgate.crypto.x509.ocsp.OCSPRequest;
import signgate.crypto.x509.ocsp.OCSPResponse;
import signgate.crypto.x509.ocsp.Request;
import signgate.crypto.x509.ocsp.RequestExtensions;
import signgate.crypto.x509.ocsp.RequestList;
import signgate.crypto.x509.ocsp.ResponseBytes;
import signgate.crypto.x509.ocsp.ResponseData;
import signgate.crypto.x509.ocsp.ResponseExtensions;
import signgate.crypto.x509.ocsp.ResponseList;
import signgate.crypto.x509.ocsp.SingleResponse;
import signgate.crypto.x509.ocsp.TBSRequest;
import signgate.provider.oid.OID;

/* loaded from: input_file:signgate/crypto/util/OCSPUtil.class */
public class OCSPUtil {
    public static final String KICA_ISSUER_DN = "cn=signGATE CA2,ou=AccreditedCA,o=KICA,c=KR";
    public static final String KICA_SERVER_URL = "http://ocsp.signgate.com:9020/OCSPServer";
    public static final String KICA_GATWAY_SERVER_URL = "http://ocsp.signgate.com:4505/OCSPServer";
    public static final String KICA_ISSUER_DN_Mobile = "cn=signGATE MobileCA,ou=AccreditedCA,o=KICA,c=KR";
    public static final String KICA_SERVER_URL_Mobile = "http://ocsp3.signgate.com:9040/OCSPServer";
    public static final String SIGNKOREA_ISSUER_DN = "cn=SignKorea CA,ou=AccreditedCA,o=SignKorea,c=KR";
    public static final String SIGNKOREA_SERVER_URL = "http://ocsp.signkorea.com";
    public static final String YESSIGN_ISSUER_DN = "cn=yessignCA,ou=AccreditedCA,o=yessign,c=kr";
    public static final String YESSIGN_SERVER_URL = "http://ocsp.yessign.org:4612";
    public static final String NCASIGN_ISSUER_DN = "cn=NCASignCA,ou=AccreditedCA,o=NCASign,c=KR";
    public static final String NCASIGN_SERVER_URL = "http://ocsp.nca.or.kr:14203/OCSPServer";
    public static final String CROSSCERT_ISSUER_DN = "cn=CrossCert Certificate Authority,ou=AccreditedCA,o=CrossCert,c=KR";
    public static final String CROSSCERT_SERVER_URL = "http://ocsp1.crosscert.com:14203/OCSPServer";
    public static final String TRADESIGN_ISSUER_DN = "cn= TradeSignCA,ou=AccreditedCA,o=TradeSign,c=KR";
    public static final String TRADESIGN_SERVER_URL = "http://ocsp.tradesign.net:80/OCSPServer";
    public static final String KICA_ISSUER_DN_TEST = "cn=signGATE CA,ou=licensedCA,o=KICA,c=KR";
    public static final String KICA_SERVER_URL_TEST = "http://ocsp.signgate.com:9020/OCSPServer";
    public static final String SIGNKOREA_ISSUER_DN_TEST = "cn=SignKorea Test CA,ou=LicensedCA,o=SignKorea,c=KR";
    public static final String SIGNKOREA_SERVER_URL_TEST = "http://211.58.248.101/cgi-bin/vacgi.cgi";
    public static final String YESSIGN_ISSUER_DN_TEST = "cn=yessignCA-OCSP,ou=LicensedCA,o=yessign,c=kr";
    public static final String YESSIGN_SERVER_URL_TEST = "http://203.233.91.233:4612/";
    public static final String NCASIGN_ISSUER_DN_TEST = "cn=OCSP TESTCA1,ou=licensedCA,o=NCASign,c=KR";
    public static final String NCASIGN_SERVER_URL_TEST = "http://ocsp.nca.or.kr:14203/OCSPServer";
    public static final String CROSSCERT_ISSUER_DN_TEST = "cn=OCSPServer,ou=licensedCA,o=CrossCert,c=KR";
    public static final String CROSSCERT_SERVER_URL_TEST = "http://ocsp1.crosscert.com:14203/OCSPServer";
    protected String statusInfo;
    protected String errorMsg;
    protected TBSRequest tbsRequest;
    protected RequestExtensions requestExtensions;
    protected RequestList requestList;
    protected Request request;
    protected CertID requestCertID;
    protected ResponseBytes responseBytes;
    protected BasicOCSPResponse basicOCSPResponse;
    protected ResponseData responseData;
    protected ResponseExtensions responseExtensions;
    protected ResponseList responseList;
    protected Set SingleResponses;
    protected CertID responseCertID;
    protected SingleResponse singleResponse;
    protected String stackTraceMsg;
    protected Debug debug;
    public static final int ADDHOUR = 9;
    public static final int INTERVAL_MINUTE = 10;
    protected String certCrlDirName = new StringBuffer().append("SignGATE").append(File.separator).toString();
    protected boolean isOcspserver = false;
    protected String Ocspserver_url = OID.nullOID;

    public String getStackTraceMsg() {
        return this.stackTraceMsg;
    }

    public String getErrorMsg() {
        return this.errorMsg;
    }

    private String decPassword(String str) {
        new CipherUtil("RSA");
        try {
            String envDecrypt = CipherUtil.envDecrypt(str);
            if (!envDecrypt.equals(OID.nullOID)) {
                return envDecrypt;
            }
            this.errorMsg = "패스워드 복호화에 실패하였습니다.";
            return null;
        } catch (Exception e) {
            this.errorMsg = "패스워드 복호화에 실패하였습니다.";
            Debug debug = this.debug;
            Debug.logException(e);
            return null;
        }
    }

    public void setKicaGatewayOcspServer(boolean z) {
        this.isOcspserver = z;
        this.Ocspserver_url = OID.nullOID;
    }

    public void setOcspServer(String str) {
        this.Ocspserver_url = str;
        this.isOcspserver = false;
    }

    public boolean isValid(CertUtil certUtil) throws Exception {
        return isValid(certUtil, null, null, null);
    }

    public boolean isValid(CertUtil certUtil, String str) throws Exception {
        this.certCrlDirName = new StringBuffer().append(str).append(File.separator).append(this.certCrlDirName).toString();
        return isValid(certUtil, null, null, null);
    }

    public boolean isValid(CertUtil certUtil, String str, String str2, String str3, String str4, boolean z) throws Exception {
        if (z) {
            str2 = decPassword(str2);
            if (str2 == null) {
                return false;
            }
        }
        return isValid(certUtil, str, str2, str3, str4);
    }

    public boolean isValid(CertUtil certUtil, String str, String str2, String str3, String str4) throws Exception {
        this.certCrlDirName = new StringBuffer().append(str4).append(File.separator).append(this.certCrlDirName).toString();
        return isValid(certUtil, str, str2, str3);
    }

    public boolean isValid(CertUtil certUtil, String str, String str2, String str3, boolean z) throws Exception {
        if (z) {
            str2 = decPassword(str2);
            if (str2 == null) {
                return false;
            }
        }
        return isValid(certUtil, str, str2, str3);
    }

    public boolean isValid(CertUtil certUtil, String str, String str2, String str3) throws Exception {
        OCSPRequest oCSPRequest = new OCSPRequest(certUtil, str, str2, str3);
        this.debug = new Debug();
        this.tbsRequest = oCSPRequest.getTBSRequest();
        this.requestList = this.tbsRequest.getRequestList();
        this.requestExtensions = this.tbsRequest.getRequestExtensions();
        this.request = this.requestList.getRequest();
        this.requestCertID = this.request.getCertID();
        try {
            try {
                this.responseBytes = new OCSPResponse(getResponse(certUtil, oCSPRequest.encode())).getResponseBytes();
                this.basicOCSPResponse = this.responseBytes.getBasicOCSPResponse();
                this.responseData = this.basicOCSPResponse.getResponseData();
                this.responseExtensions = this.responseData.getResponseExtensions();
                this.responseList = this.responseData.getResponseList();
                this.SingleResponses = this.responseList.getSingleResponseHashSet();
                Iterator it = this.SingleResponses.iterator();
                while (it.hasNext()) {
                    this.singleResponse = (SingleResponse) it.next();
                }
                this.responseCertID = this.singleResponse.getCertID();
                if (!isValidNonce()) {
                    this.errorMsg = "Random number of request and response does not agreement.";
                    return false;
                }
                if (!isValidOCSPCert()) {
                    this.errorMsg = "Failed in certificate verification of OCSP server.";
                    return false;
                }
                if (!isSameCertID()) {
                    this.errorMsg = "Certificate of request and response does not agreement.";
                    return false;
                }
                if (!verifySignature()) {
                    this.errorMsg = "A digital signature of response message is wrong.";
                    return false;
                }
                if (!isCorrectResponder(certUtil)) {
                    this.errorMsg = "generated message from respondents without authority.";
                    return false;
                }
                if (!isTimeCorrect(this.singleResponse)) {
                    this.errorMsg = "Incorrect response time";
                    return false;
                }
                if (this.singleResponse.getCertStatus() == 0) {
                    return true;
                }
                this.errorMsg = this.singleResponse.getFailReason();
                return false;
            } catch (Exception e) {
                Debug debug = this.debug;
                this.stackTraceMsg = Debug.logException(e);
                this.errorMsg = new StringBuffer().append("잘못된 응답 : ").append(e.toString()).toString();
                return false;
            }
        } catch (Asn1Exception e2) {
            Debug debug2 = this.debug;
            this.stackTraceMsg = Debug.logException(e2);
            this.errorMsg = e2.getMessage();
            return false;
        } catch (OCSPException e3) {
            Debug debug3 = this.debug;
            this.stackTraceMsg = Debug.logException(e3);
            this.errorMsg = e3.getMessage();
            return false;
        }
    }

    protected byte[] getResponse(CertUtil certUtil, byte[] bArr) throws Exception {
        String str = null;
        if (this.isOcspserver) {
            str = KICA_GATWAY_SERVER_URL;
        }
        if (!this.Ocspserver_url.equals(OID.nullOID)) {
            str = KICA_GATWAY_SERVER_URL;
        }
        if (str == null) {
            str = certUtil.getAuthorityInfoAccess();
            this.debug = new Debug();
            if (str == null) {
                String issuerDN = certUtil.getIssuerDN();
                if (issuerDN.equals(KICA_ISSUER_DN)) {
                    str = "http://ocsp.signgate.com:9020/OCSPServer";
                } else if (issuerDN.equals(KICA_ISSUER_DN_Mobile)) {
                    str = KICA_SERVER_URL_Mobile;
                } else if (issuerDN.equals(SIGNKOREA_ISSUER_DN)) {
                    str = SIGNKOREA_SERVER_URL;
                } else if (issuerDN.equals(YESSIGN_ISSUER_DN)) {
                    str = YESSIGN_SERVER_URL;
                } else if (issuerDN.equals(NCASIGN_ISSUER_DN)) {
                    str = "http://ocsp.nca.or.kr:14203/OCSPServer";
                } else if (issuerDN.equals(CROSSCERT_ISSUER_DN)) {
                    str = "http://ocsp1.crosscert.com:14203/OCSPServer";
                } else {
                    if (!issuerDN.equals(TRADESIGN_ISSUER_DN)) {
                        throw new OCSPException("OCSP Server info not found");
                    }
                    str = TRADESIGN_SERVER_URL;
                }
            }
        }
        if (str.indexOf("http://") == -1) {
            str = new StringBuffer().append("http://").append(str).toString();
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("content-type", "application/ocsp-request");
            httpURLConnection.connect();
            OutputStream outputStream = httpURLConnection.getOutputStream();
            outputStream.write(bArr);
            outputStream.flush();
            outputStream.close();
            if (httpURLConnection.getResponseCode() != 200) {
                throw new OCSPException(new StringBuffer().append("POST Error : ").append(httpURLConnection.getResponseMessage()).toString());
            }
            InputStream inputStream = httpURLConnection.getInputStream();
            byte[] bArr2 = new byte[httpURLConnection.getContentLength()];
            int i = 0;
            while (true) {
                int read = inputStream.read();
                if (read == -1) {
                    inputStream.close();
                    return bArr2;
                }
                int i2 = i;
                i++;
                bArr2[i2] = (byte) read;
            }
        } catch (Exception e) {
            Debug debug = this.debug;
            this.stackTraceMsg = Debug.logException(e);
            throw new OCSPException(new StringBuffer().append("While got Response, an error occurred. --> ").append(e.getMessage()).toString());
        }
    }

    protected boolean isValidNonce() throws OCSPException {
        this.debug = new Debug();
        try {
            return equals(this.requestExtensions.getNonceBytes(), this.responseExtensions.getNonceBytes());
        } catch (Exception e) {
            Debug debug = this.debug;
            this.stackTraceMsg = Debug.logException(e);
            return false;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:48:0x0301
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected boolean isValidOCSPCert() throws signgate.crypto.x509.ocsp.OCSPException, java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1452
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: signgate.crypto.util.OCSPUtil.isValidOCSPCert():boolean");
    }

    protected boolean isSameCertID() {
        return equals(this.requestCertID.getIssuerNameHash(), this.responseCertID.getIssuerNameHash()) && equals(this.requestCertID.getIssuerKeyHash(), this.responseCertID.getIssuerKeyHash()) && this.requestCertID.getCertificateSerialNumber() == this.responseCertID.getCertificateSerialNumber();
    }

    protected static boolean equals(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    protected boolean verifySignature() throws Exception {
        byte[] dncodedResponseData = this.basicOCSPResponse.getDncodedResponseData();
        CertUtil[] certUtils = this.basicOCSPResponse.getCertUtils();
        byte[] bytes = this.basicOCSPResponse.getBitString().getBytes();
        SignUtil signUtil = new SignUtil();
        signUtil.verifyInit(certUtils[0].derToPem().getBytes());
        signUtil.verifyUpdate(dncodedResponseData);
        return signUtil.verifyFinal(bytes);
    }

    protected boolean isCorrectResponder(CertUtil certUtil) {
        CertUtil[] certUtils = this.basicOCSPResponse.getCertUtils();
        this.debug = new Debug();
        try {
            return certUtils[0].getExtKeyUsage().equals(OID.extKeyUsageForOCSP);
        } catch (Exception e) {
            this.errorMsg = "no extKeyUsage field in the certificate";
            Debug debug = this.debug;
            this.stackTraceMsg = Debug.logException(e);
            return false;
        }
    }

    protected boolean isTimeCorrect(SingleResponse singleResponse) {
        String str = new String(singleResponse.getThisUpdateGeneralizedTime().getBytes());
        String str2 = null;
        if (singleResponse.getNextUpdateGeneralizedTime() != null) {
            str2 = new String(singleResponse.getNextUpdateGeneralizedTime().getBytes());
        }
        return str2 == null ? timeCheck(str, 10) : timeCheck(str, str2);
    }

    protected boolean timeCheck(String str, int i) {
        String replace = StringUtil.replace(StringUtil.replace(str, "Z", OID.nullOID), "z", OID.nullOID);
        Calendar calendar = Calendar.getInstance();
        if (replace.length() == 14) {
            calendar.set(Integer.parseInt(replace.substring(0, 4)), Integer.parseInt(replace.substring(4, 6)) - 1, Integer.parseInt(replace.substring(6, 8)), Integer.parseInt(replace.substring(8, 10)), Integer.parseInt(replace.substring(10, 12)), Integer.parseInt(replace.substring(12, 14)));
        } else {
            calendar.set(Integer.parseInt(replace.substring(0, 4)), Integer.parseInt(replace.substring(4, 6)) - 1, Integer.parseInt(replace.substring(6, 8)), Integer.parseInt(replace.substring(8, 10)), Integer.parseInt(replace.substring(10, 12)), 0);
        }
        calendar.add(10, 9);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(12, -i);
        return !calendar2.after(calendar);
    }

    protected boolean timeCheck(String str, String str2) {
        String replace = StringUtil.replace(StringUtil.replace(str, "Z", OID.nullOID), "z", OID.nullOID);
        String replace2 = StringUtil.replace(StringUtil.replace(str2, "Z", OID.nullOID), "z", OID.nullOID);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        if (replace.length() == 14) {
            calendar.set(Integer.parseInt(replace.substring(0, 4)), Integer.parseInt(replace.substring(4, 6)) - 1, Integer.parseInt(replace.substring(6, 8)), Integer.parseInt(replace.substring(8, 10)), Integer.parseInt(replace.substring(10, 12)), Integer.parseInt(replace.substring(12, 14)));
        } else {
            calendar.set(Integer.parseInt(replace.substring(0, 4)), Integer.parseInt(replace.substring(4, 6)) - 1, Integer.parseInt(replace.substring(6, 8)), Integer.parseInt(replace.substring(8, 10)), Integer.parseInt(replace.substring(10, 12)), 0);
        }
        if (replace2.length() == 14) {
            calendar2.set(Integer.parseInt(replace2.substring(0, 4)), Integer.parseInt(replace2.substring(4, 6)) - 1, Integer.parseInt(replace2.substring(6, 8)), Integer.parseInt(replace2.substring(8, 10)), Integer.parseInt(replace2.substring(10, 12)), Integer.parseInt(replace2.substring(12, 14)));
        } else {
            calendar2.set(Integer.parseInt(replace2.substring(0, 4)), Integer.parseInt(replace2.substring(4, 6)) - 1, Integer.parseInt(replace2.substring(6, 8)), Integer.parseInt(replace2.substring(8, 10)), Integer.parseInt(replace2.substring(10, 12)), 0);
        }
        calendar.add(10, 9);
        calendar2.add(10, 9);
        return (calendar.after(calendar2) || Calendar.getInstance().after(calendar2)) ? false : true;
    }
}
