package org.xipki.security.ctlog;

import java.io.IOException;
import java.math.BigInteger;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.util.Pack;
import org.xipki.security.ObjectIdentifiers;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog.class */
public class CtLog {

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$DigitallySigned.class */
    public static class DigitallySigned {
        private final SignatureAndHashAlgorithm algorithm;
        private final byte[] signature;

        public static DigitallySigned getInstance(byte[] bArr, AtomicInteger atomicInteger) {
            int i = atomicInteger.get();
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance(CtLog.copyOf(bArr, i, 2));
            int i2 = i + 2;
            int readInt2 = CtLog.readInt2(bArr, i2);
            int i3 = i2 + 2;
            byte[] copyOf = CtLog.copyOf(bArr, i3, readInt2);
            atomicInteger.set(i3 + readInt2);
            return new DigitallySigned(signatureAndHashAlgorithm, copyOf);
        }

        public DigitallySigned(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr) {
            this.algorithm = (SignatureAndHashAlgorithm) Args.notNull(signatureAndHashAlgorithm, "algorithm");
            this.signature = (byte[]) Args.notNull(bArr, "signature");
        }

        public SignatureAndHashAlgorithm getAlgorithm() {
            return this.algorithm;
        }

        public byte[] getSignature() {
            return Arrays.copyOf(this.signature, this.signature.length);
        }

        public Object getSignatureObject() {
            switch (this.algorithm.signature) {
                case ecdsa:
                case dsa:
                    ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(this.signature);
                    return new BigInteger[]{ASN1Integer.getInstance(aSN1Sequence.getObjectAt(0)).getPositiveValue(), ASN1Integer.getInstance(aSN1Sequence.getObjectAt(1)).getPositiveValue()};
                default:
                    return this.signature;
            }
        }

        public byte[] getEncoded() {
            byte[] encoded = this.algorithm.getEncoded();
            byte[] bArr = new byte[encoded.length + 2 + this.signature.length];
            System.arraycopy(encoded, 0, bArr, 0, encoded.length);
            int length = encoded.length;
            int length2 = this.signature.length;
            System.arraycopy(this.signature, 0, bArr, length + CtLog.writeInt(length2, bArr, length, 2), length2);
            return bArr;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$HashAlgorithm.class */
    public enum HashAlgorithm {
        none((byte) 0),
        md5((byte) 1),
        sha1((byte) 2),
        sha224((byte) 3),
        sha256((byte) 4),
        sha384((byte) 5),
        sha512((byte) 6);

        private final byte code;

        HashAlgorithm(byte b) {
            this.code = b;
        }

        public byte getCode() {
            return this.code;
        }

        public static HashAlgorithm ofCode(byte b) {
            for (HashAlgorithm hashAlgorithm : values()) {
                if (hashAlgorithm.code == b) {
                    return hashAlgorithm;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$SerializedSCT.class */
    public static class SerializedSCT {
        private final List<SignedCertificateTimestamp> scts;

        public static SerializedSCT getInstance(byte[] bArr) {
            if (2 + CtLog.readInt2(bArr, 0) != bArr.length) {
                throw new IllegalArgumentException("length unmatch");
            }
            LinkedList linkedList = new LinkedList();
            AtomicInteger atomicInteger = new AtomicInteger(2);
            while (atomicInteger.get() < bArr.length) {
                linkedList.add(SignedCertificateTimestamp.getInstance(bArr, atomicInteger, CtLog.readInt2(bArr, atomicInteger.getAndAdd(2))));
            }
            return new SerializedSCT(linkedList);
        }

        public SerializedSCT(List<SignedCertificateTimestamp> list) {
            this.scts = list == null ? new LinkedList() : new LinkedList(list);
        }

        public int size() {
            return this.scts.size();
        }

        public SignedCertificateTimestamp get(int i) {
            return this.scts.get(i);
        }

        public SignedCertificateTimestamp remove(int i) {
            return this.scts.remove(i);
        }

        public void add(SignedCertificateTimestamp signedCertificateTimestamp) {
            this.scts.add(signedCertificateTimestamp);
        }

        public byte[] getEncoded() {
            if (this.scts.isEmpty()) {
                return new byte[]{0, 0};
            }
            ArrayList<byte[]> arrayList = new ArrayList(this.scts.size());
            int i = 0;
            Iterator<SignedCertificateTimestamp> it = this.scts.iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                byte[] bArr = new byte[2 + encoded.length];
                CtLog.writeInt(encoded.length, bArr, 0, 2);
                System.arraycopy(encoded, 0, bArr, 2, encoded.length);
                i += bArr.length;
                arrayList.add(bArr);
            }
            byte[] bArr2 = new byte[2 + i];
            int writeInt = CtLog.writeInt(i, bArr2, 0, 2);
            for (byte[] bArr3 : arrayList) {
                System.arraycopy(bArr3, 0, bArr2, writeInt, bArr3.length);
                writeInt += bArr3.length;
            }
            return bArr2;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$SignatureAlgorithm.class */
    public enum SignatureAlgorithm {
        anonymous((byte) 0),
        rsa((byte) 1),
        dsa((byte) 2),
        ecdsa((byte) 3);

        private final byte code;

        SignatureAlgorithm(byte b) {
            this.code = b;
        }

        public byte getCode() {
            return this.code;
        }

        public static SignatureAlgorithm ofCode(byte b) {
            for (SignatureAlgorithm signatureAlgorithm : values()) {
                if (signatureAlgorithm.code == b) {
                    return signatureAlgorithm;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$SignatureAndHashAlgorithm.class */
    public static class SignatureAndHashAlgorithm {
        private final HashAlgorithm hash;
        private final SignatureAlgorithm signature;

        public static SignatureAndHashAlgorithm getInstance(byte[] bArr) {
            return new SignatureAndHashAlgorithm(HashAlgorithm.ofCode(bArr[0]), SignatureAlgorithm.ofCode(bArr[1]));
        }

        public SignatureAndHashAlgorithm(HashAlgorithm hashAlgorithm, SignatureAlgorithm signatureAlgorithm) {
            this.hash = (HashAlgorithm) Args.notNull(hashAlgorithm, "hash");
            this.signature = (SignatureAlgorithm) Args.notNull(signatureAlgorithm, "signature");
        }

        public HashAlgorithm getHash() {
            return this.hash;
        }

        public SignatureAlgorithm getSignature() {
            return this.signature;
        }

        public byte[] getEncoded() {
            return new byte[]{this.hash.getCode(), this.signature.getCode()};
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$SignedCertificateTimestamp.class */
    public static class SignedCertificateTimestamp {
        private final byte version;
        private final byte[] logId;
        private final long timestamp;
        private final byte[] extensions;
        private final DigitallySigned digitallySigned;

        public static SignedCertificateTimestamp getInstance(byte[] bArr, AtomicInteger atomicInteger, int i) {
            int i2 = atomicInteger.get();
            int i3 = i2 + 1;
            byte b = bArr[i2];
            byte[] copyOf = CtLog.copyOf(bArr, i3, 32);
            int i4 = i3 + 32;
            long bigEndianToLong = Pack.bigEndianToLong(bArr, i4);
            int i5 = i4 + 8;
            int readInt2 = CtLog.readInt2(bArr, i5);
            int i6 = i5 + 2;
            byte[] copyOf2 = readInt2 == 0 ? new byte[0] : CtLog.copyOf(bArr, i6, readInt2);
            atomicInteger.set(i6 + readInt2);
            DigitallySigned digitallySigned = DigitallySigned.getInstance(bArr, atomicInteger);
            if (atomicInteger.get() != i2 + i) {
                throw new IllegalArgumentException("length unmatch");
            }
            return new SignedCertificateTimestamp(b, copyOf, bigEndianToLong, copyOf2, digitallySigned);
        }

        public SignedCertificateTimestamp(byte b, byte[] bArr, long j, byte[] bArr2, DigitallySigned digitallySigned) {
            this.version = b;
            Args.notNull(bArr, "logId");
            Args.equals(bArr.length, "logID.length", 32);
            this.logId = bArr;
            this.timestamp = j;
            this.extensions = bArr2 == null ? new byte[0] : bArr2;
            this.digitallySigned = (DigitallySigned) Args.notNull(digitallySigned, "digitallySigned");
        }

        public int getVersion() {
            return this.version;
        }

        public byte[] getLogId() {
            return Arrays.copyOf(this.logId, this.logId.length);
        }

        public long getTimestamp() {
            return this.timestamp;
        }

        public byte[] getExtensions() {
            return this.extensions.length == 0 ? this.extensions : Arrays.copyOf(this.extensions, this.extensions.length);
        }

        public DigitallySigned getDigitallySigned() {
            return this.digitallySigned;
        }

        public byte[] getEncoded() {
            byte[] encoded = this.digitallySigned.getEncoded();
            byte[] bArr = new byte[43 + this.extensions.length + encoded.length];
            bArr[0] = this.version;
            System.arraycopy(this.logId, 0, bArr, 1, this.logId.length);
            int length = 0 + 1 + this.logId.length;
            System.arraycopy(Pack.longToBigEndian(this.timestamp), 0, bArr, length, 8);
            int i = length + 8;
            int writeInt = i + CtLog.writeInt(this.extensions.length, bArr, i, 2);
            if (this.extensions.length > 0) {
                System.arraycopy(this.extensions, 0, bArr, writeInt, this.extensions.length);
                writeInt += this.extensions.length;
            }
            System.arraycopy(encoded, 0, bArr, writeInt, encoded.length);
            return bArr;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/ctlog/CtLog$SignedCertificateTimestampList.class */
    public static class SignedCertificateTimestampList {
        private final SerializedSCT sctList;

        public static SignedCertificateTimestampList getInstance(byte[] bArr) {
            return new SignedCertificateTimestampList(SerializedSCT.getInstance(bArr));
        }

        public SignedCertificateTimestampList(SerializedSCT serializedSCT) {
            this.sctList = (SerializedSCT) Args.notNull(serializedSCT, "sctList");
        }

        public SerializedSCT getSctList() {
            return this.sctList;
        }

        public byte[] getEncoded() {
            return this.sctList.getEncoded();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int writeInt(int i, byte[] bArr, int i2, int i3) {
        if (i3 == 4) {
            i2++;
            bArr[i2] = (byte) (i >>> 24);
        }
        if (i3 >= 3) {
            int i4 = i2;
            i2++;
            bArr[i4] = (byte) (i >>> 16);
        }
        if (i3 >= 2) {
            int i5 = i2;
            i2++;
            bArr[i5] = (byte) (i >>> 8);
        }
        bArr[i2] = (byte) i;
        return i3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int readInt2(byte[] bArr, int i) {
        return ((255 & bArr[i]) << 8) | (255 & bArr[i + 1]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] copyOf(byte[] bArr, int i, int i2) {
        return Arrays.copyOfRange(bArr, i, i + i2);
    }

    public static void update(Signature signature, byte b, long j, byte[] bArr, byte[] bArr2, byte[] bArr3) throws SignatureException {
        signature.update(b);
        signature.update((byte) 0);
        signature.update(Pack.longToBigEndian(j));
        signature.update(new byte[]{0, 1});
        signature.update(bArr2);
        signature.update(encodeLength(bArr3.length, 3));
        signature.update(bArr3);
        int length = bArr == null ? 0 : bArr.length;
        signature.update(encodeLength(length, 2));
        if (length > 0) {
            signature.update(bArr);
        }
    }

    public static byte[] getPreCertTbsCert(TBSCertificate tBSCertificate) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1Sequence aSN1Primitive = tBSCertificate.toASN1Primitive();
        for (int i = 0; i < 7; i++) {
            aSN1EncodableVector.add(aSN1Primitive.getObjectAt(i));
        }
        ASN1TaggedObject objectAt = aSN1Primitive.getObjectAt(7);
        int tagNo = objectAt.getTagNo();
        ASN1Sequence aSN1Primitive2 = objectAt.getBaseObject().toASN1Primitive();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector(aSN1Primitive2.size() - 1);
        int size = aSN1Primitive2.size();
        for (int i2 = 0; i2 < size; i2++) {
            ASN1Sequence aSN1Primitive3 = aSN1Primitive2.getObjectAt(i2).toASN1Primitive();
            ASN1Encodable objectAt2 = aSN1Primitive3.getObjectAt(0);
            if (!ObjectIdentifiers.Extn.id_precertificate.equals(objectAt2) && !ObjectIdentifiers.Extn.id_SCTs.equals(objectAt2)) {
                aSN1EncodableVector2.add(aSN1Primitive3);
            }
        }
        aSN1EncodableVector.add(new DERTaggedObject(true, tagNo, new DERSequence(aSN1EncodableVector2)));
        return new DERSequence(aSN1EncodableVector).getEncoded();
    }

    private static byte[] encodeLength(int i, int i2) {
        byte[] bArr = new byte[i2];
        writeInt(i, bArr, 0, i2);
        return bArr;
    }
}
