package eu.europa.esig.dss.crl;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.tsl.KeyUsageBit;
import eu.europa.esig.dss.x509.CertificateToken;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.DigestInputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509CRLEntry;
import java.text.MessageFormat;
import java.util.Arrays;
import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/crl/CRLUtilsStreamImpl.class */
public class CRLUtilsStreamImpl extends AbstractCRLUtils implements ICRLUtils {
    private static final Logger LOG = LoggerFactory.getLogger(CRLUtilsStreamImpl.class);

    public CRLValidity isValidCRL(InputStream inputStream, CertificateToken certificateToken) throws IOException {
        CRLValidity cRLValidity = new CRLValidity();
        ByteArrayOutputStream dERContent = getDERContent(inputStream);
        Throwable th = null;
        try {
            try {
                CRLInfo crlInfos = getCrlInfos(dERContent);
                SignatureAlgorithm forOID = SignatureAlgorithm.forOID(crlInfos.getCertificateListSignatureAlgorithmOid());
                byte[] recomputeDigest = recomputeDigest(dERContent, getMessageDigest(forOID.getDigestAlgorithm()));
                cRLValidity.setCrlEncoded(dERContent.toByteArray());
                cRLValidity.setSignatureAlgorithm(forOID);
                cRLValidity.setThisUpdate(crlInfos.getThisUpdate());
                cRLValidity.setNextUpdate(crlInfos.getNextUpdate());
                checkCriticalExtensions(cRLValidity, crlInfos.getCriticalExtensions().keySet(), crlInfos.getCriticalExtension(Extension.issuingDistributionPoint.getId()));
                extractExpiredCertsOnCRL(cRLValidity, crlInfos.getNonCriticalExtension(Extension.expiredCertsOnCRL.getId()));
                if (crlInfos.getIssuer().equals(certificateToken.getSubjectX500Principal())) {
                    cRLValidity.setIssuerX509PrincipalMatches(true);
                }
                checkSignatureValue(cRLValidity, crlInfos.getSignatureValue(), recomputeDigest, certificateToken);
                if (dERContent != null) {
                    if (0 != 0) {
                        try {
                            dERContent.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dERContent.close();
                    }
                }
                return cRLValidity;
            } finally {
            }
        } catch (Throwable th3) {
            if (dERContent != null) {
                if (th != null) {
                    try {
                        dERContent.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dERContent.close();
                }
            }
            throw th3;
        }
    }

    private MessageDigest getMessageDigest(DigestAlgorithm digestAlgorithm) {
        try {
            return MessageDigest.getInstance(digestAlgorithm.getOid(), "BC");
        } catch (GeneralSecurityException e) {
            throw new DSSException("Cannot generate a MessageDigest", e);
        }
    }

    public X509CRLEntry getRevocationInfo(CRLValidity cRLValidity, BigInteger bigInteger) {
        InputStream crlInputStream;
        Throwable th;
        CRLParser cRLParser = new CRLParser();
        X509CRLEntry x509CRLEntry = null;
        try {
            crlInputStream = cRLValidity.getCrlInputStream();
            th = null;
        } catch (IOException e) {
            LOG.error("Unable to retrieve the revocation status", e);
        }
        try {
            try {
                x509CRLEntry = cRLParser.retrieveRevocationInfo(crlInputStream, bigInteger);
                if (crlInputStream != null) {
                    if (0 != 0) {
                        try {
                            crlInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        crlInputStream.close();
                    }
                }
                return x509CRLEntry;
            } finally {
            }
        } finally {
        }
    }

    private void checkSignatureValue(CRLValidity cRLValidity, byte[] bArr, byte[] bArr2, CertificateToken certificateToken) {
        try {
            byte[] signedDigest = getSignedDigest(bArr, certificateToken);
            if (Arrays.equals(bArr2, signedDigest)) {
                cRLValidity.setSignatureIntact(true);
                cRLValidity.setIssuerToken(certificateToken);
                cRLValidity.setCrlSignKeyUsage(certificateToken.checkKeyUsage(KeyUsageBit.crlSign));
            } else {
                Object[] objArr = new Object[2];
                objArr[0] = signedDigest == null ? "" : Hex.toHexString(signedDigest);
                objArr[1] = bArr2 == null ? "" : Hex.toHexString(bArr2);
                String format = MessageFormat.format("Signed digest '{0}' and computed digest '{1} 'don't match", objArr);
                cRLValidity.setSignatureInvalidityReason(format);
                LOG.warn(format);
            }
        } catch (IOException | GeneralSecurityException e) {
            cRLValidity.setSignatureInvalidityReason(e.getClass().getSimpleName() + " - " + e.getMessage());
        }
    }

    private byte[] recomputeDigest(ByteArrayOutputStream byteArrayOutputStream, MessageDigest messageDigest) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        Throwable th = null;
        try {
            DigestInputStream digestInputStream = new DigestInputStream(byteArrayInputStream, messageDigest);
            Throwable th2 = null;
            try {
                try {
                    new CRLParser().processDigest(digestInputStream);
                    byte[] digest = digestInputStream.getMessageDigest().digest();
                    if (digestInputStream != null) {
                        if (0 != 0) {
                            try {
                                digestInputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            digestInputStream.close();
                        }
                    }
                    return digest;
                } finally {
                }
            } catch (Throwable th4) {
                if (digestInputStream != null) {
                    if (th2 != null) {
                        try {
                            digestInputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        digestInputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private CRLInfo getCrlInfos(ByteArrayOutputStream byteArrayOutputStream) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        Throwable th = null;
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(byteArrayInputStream);
            Throwable th2 = null;
            try {
                try {
                    CRLInfo retrieveInfo = new CRLParser().retrieveInfo(bufferedInputStream);
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    return retrieveInfo;
                } finally {
                }
            } catch (Throwable th4) {
                if (bufferedInputStream != null) {
                    if (th2 != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private byte[] getSignedDigest(byte[] bArr, CertificateToken certificateToken) throws GeneralSecurityException, IOException {
        PublicKey publicKey = certificateToken.getPublicKey();
        Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
        cipher.init(2, publicKey);
        ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.doFinal(bArr));
        Throwable th = null;
        try {
            try {
                byte[] digest = new DigestInfo(aSN1InputStream.readObject()).getDigest();
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                return digest;
            } finally {
            }
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (th != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    private ByteArrayOutputStream getDERContent(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int read = inputStream.read();
        byteArrayOutputStream.write(read);
        byte[] bArr = new byte[4096];
        while (true) {
            int read2 = inputStream.read(bArr);
            if (-1 == read2) {
                break;
            }
            byteArrayOutputStream.write(bArr, 0, read2);
        }
        if (isPemEncoded(read)) {
            byteArrayOutputStream = PemToDerConverter.convert(byteArrayOutputStream);
        } else if (!isDerEncoded(read)) {
            throw new DSSException("Unsupported CRL");
        }
        return byteArrayOutputStream;
    }

    private boolean isPemEncoded(int i) {
        return 45 == ((byte) i);
    }

    private boolean isDerEncoded(int i) {
        return 48 == i;
    }
}
