package at.egiz.signaturelibrary.SecurityLayer;

import at.egiz.signaturelibrary.SecurityLayer.Data.VerificationResult;
import at.egiz.signaturelibrary.SecurityLayer.Exceptions.SL20Exception;
import at.egiz.signaturelibrary.SecurityLayer.Utils.IJOSETools;
import at.egiz.signaturelibrary.SecurityLayer.Utils.SL20Constants;
import at.egiz.signaturelibrary.SecurityLayer.Utils.X509Utils;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.X509Util;
import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
import org.jose4j.lang.JoseException;

/* loaded from: classes.dex */
public class JsonSecurityUtils implements IJOSETools {
    private static final String TAG = "at.egiz.signaturelibrary.SecurityLayer.JsonSecurityUtils";
    private Key encPrivKey = null;
    private X509Certificate[] encCertChain = null;
    private List<X509Certificate> trustedCerts = new ArrayList();

    @Override // at.egiz.signaturelibrary.SecurityLayer.Utils.IJOSETools
    public JsonElement decryptPayload(String str) throws SL20Exception {
        try {
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            AlgorithmConstraints.ConstraintType constraintType = AlgorithmConstraints.ConstraintType.WHITELIST;
            List<String> list = SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION;
            jsonWebEncryption.setAlgorithmConstraints(new AlgorithmConstraints(constraintType, (String[]) list.toArray(new String[list.size()])));
            AlgorithmConstraints.ConstraintType constraintType2 = AlgorithmConstraints.ConstraintType.WHITELIST;
            List<String> list2 = SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION;
            jsonWebEncryption.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints(constraintType2, (String[]) list2.toArray(new String[list2.size()])));
            jsonWebEncryption.setCompactSerialization(str);
            List<X509Certificate> certificateChainHeaderValue = jsonWebEncryption.getCertificateChainHeaderValue();
            String x509CertSha256ThumbprintHeaderValue = jsonWebEncryption.getX509CertSha256ThumbprintHeaderValue();
            if (certificateChainHeaderValue != null) {
                if (!X509Utils.sortCertificates(certificateChainHeaderValue).get(0).equals(this.encCertChain[0])) {
                    throw new SL20Exception("error.pdf.sl20.21");
                }
            } else {
                if (x509CertSha256ThumbprintHeaderValue.isEmpty()) {
                    throw new SL20Exception("error.pdf.sl20.21");
                }
                if (!X509Util.x5tS256(this.encCertChain[0]).equals(x509CertSha256ThumbprintHeaderValue)) {
                    throw new SL20Exception("error.pdf.sl20.21");
                }
            }
            jsonWebEncryption.setKey(this.encPrivKey);
            return new JsonParser().parse(jsonWebEncryption.getPlaintextString());
        } catch (JsonSyntaxException e) {
            throw new SL20Exception(e.getLocalizedMessage());
        } catch (JoseException e2) {
            throw new SL20Exception(e2.getLocalizedMessage());
        }
    }

    @Override // at.egiz.signaturelibrary.SecurityLayer.Utils.IJOSETools
    public VerificationResult validateSignature(String str) throws SL20Exception {
        Key resolveKey;
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setCompactSerialization(str);
            AlgorithmConstraints.ConstraintType constraintType = AlgorithmConstraints.ConstraintType.WHITELIST;
            List<String> list = SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING;
            jsonWebSignature.setAlgorithmConstraints(new AlgorithmConstraints(constraintType, (String[]) list.toArray(new String[list.size()])));
            List<X509Certificate> certificateChainHeaderValue = jsonWebSignature.getCertificateChainHeaderValue();
            String x509CertSha256ThumbprintHeaderValue = jsonWebSignature.getX509CertSha256ThumbprintHeaderValue();
            if (certificateChainHeaderValue != null) {
                List<X509Certificate> sortCertificates = X509Utils.sortCertificates(certificateChainHeaderValue);
                resolveKey = this.trustedCerts.contains(sortCertificates.get(0)) ? sortCertificates.get(0).getPublicKey() : null;
            } else {
                if (x509CertSha256ThumbprintHeaderValue.isEmpty()) {
                    throw new SL20Exception("error.pdf.sl20.20");
                }
                resolveKey = new X509VerificationKeyResolver(this.trustedCerts).resolveKey(jsonWebSignature, Collections.emptyList());
            }
            if (resolveKey == null) {
                throw new SL20Exception("error.pdf.sl20.20");
            }
            jsonWebSignature.setKey(resolveKey);
            boolean verifySignature = jsonWebSignature.verifySignature();
            if (verifySignature) {
                return new VerificationResult(new JsonParser().parse(jsonWebSignature.getPayload()).getAsJsonObject(), null, verifySignature);
            }
            throw new SL20Exception("error.pdf.sl20.20");
        } catch (SL20Exception e) {
            throw e;
        } catch (JoseException e2) {
            throw new SL20Exception(e2.getLocalizedMessage());
        }
    }
}
