package cmbc.cfca.apple.pay;

import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cmbc.cfca.org.bouncycastle.asn1.ASN1Encodable;
import cmbc.cfca.org.bouncycastle.asn1.cms.Attribute;
import cmbc.cfca.org.bouncycastle.asn1.cms.CMSAttributes;
import cmbc.cfca.org.bouncycastle.asn1.cms.Time;
import cmbc.cfca.org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import cmbc.cfca.org.bouncycastle.cert.X509CertificateHolder;
import cmbc.cfca.org.bouncycastle.cms.CMSException;
import cmbc.cfca.org.bouncycastle.cms.CMSProcessableByteArray;
import cmbc.cfca.org.bouncycastle.cms.CMSSignedData;
import cmbc.cfca.org.bouncycastle.cms.CMSVerifierCertificateNotValidException;
import cmbc.cfca.org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import cmbc.cfca.org.bouncycastle.cms.SignerId;
import cmbc.cfca.org.bouncycastle.cms.SignerInformation;
import cmbc.cfca.org.bouncycastle.cms.SignerInformationVerifier;
import cmbc.cfca.org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import cmbc.cfca.org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import cmbc.cfca.org.bouncycastle.operator.OperatorCreationException;
import cmbc.cfca.org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import cmbc.cfca.org.bouncycastle.util.Store;
import cmbc.cfca.org.bouncycastle.util.StoreException;
import cmbc.cfca.org.bouncycastle.util.encoders.Hex;
import cmbc.cfca.sm2rsa.common.PKIException;
import cmbc.cfca.system.Debugger;
import cmbc.cfca.util.Base64;
import cmbc.cfca.x509.certificate.X509Cert;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;

/* loaded from: input_file:cmbc/cfca/apple/pay/ApplePay.class */
public class ApplePay {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) ApplePay.class);
    static final String AppleRootCAG3Base64Text = "MIICQzCCAcmgAwIBAgIILcX8iNLFS5UwCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNDMwMTgxOTA2WhcNMzkwNDMwMTgxOTA2WjBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABJjpLz1AcqTtkyJygRMc3RCV8cWjTnHcFBbZDuWmBSp3ZHtfTjjTuxxEtX/1H7YyYl3J6YRbTzBPEVoA/VhYDKX1DyxNB0cTddqXl5dvMVztK517IDvYuVTZXpmkOlEKMaNCMEAwHQYDVR0OBBYEFLuw3qFYM4iapIqZ3r6966/ayySrMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMQCD6cHEFl4aXTQY2e3v9GwOAEZLuN+yRhHFD/3meoyhpmvOwgPUnPWTxnS4at+qIxUCMG1mihDK1A3UT82NQz60imOlM27jbdoXt2QfyFMm+YhidDkLF1vLUagM6BgD56KyKA==";
    static final String OID_CUSTOM_LEAFCERT = "1.2.840.113635.100.6.29";
    static final String OID_CUSTOM_LEAFCERT_INTERMEDIATECA = "1.2.840.113635.100.6.2.14";
    private X509Cert signerCert = null;
    private Date signingTime = null;
    private String encryptionAlgOID = null;
    private byte[] contentDigest = null;
    final X509Cert appleRootCAG3 = new X509Cert(Base64.decode(AppleRootCAG3Base64Text));

    public final boolean p7VerifyMessageDetach(byte[] bArr, byte[] bArr2) throws PKIException {
        if (logger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("p7VerifyMessageDetach>>>>>>Running");
            stringBuffer.append("\n contentBytes: ");
            stringBuffer.append(Debugger.dump(bArr));
            stringBuffer.append("\n signatureBytes: ");
            stringBuffer.append(Debugger.dump(bArr2));
            logger.debug(stringBuffer.toString());
        }
        try {
            if (bArr == null) {
                throw new PKIException("852001", "missing contentBytes for ApplePay");
            }
            if (bArr2 == null) {
                throw new PKIException("852001", "missing signatureBytes for ApplePay");
            }
            try {
                CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
                logger.debug("p7VerifyMessageDetach<<<<<<Okay: decode signedData  for ApplePay");
                try {
                    Store certificates = cMSSignedData.getCertificates();
                    Iterator it = cMSSignedData.getSignerInfos().getSigners().iterator();
                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: decode signerInformation  for ApplePay");
                    if (!it.hasNext()) {
                        throw new PKIException("852001", "missing signerInfo  for ApplePay");
                    }
                    try {
                        SignerInformation signerInformation = (SignerInformation) it.next();
                        logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch signerInformation  for ApplePay");
                        try {
                            Attribute attribute = signerInformation.getSignedAttributes().get(CMSAttributes.signingTime);
                            if (attribute == null) {
                                throw new PKIException("852001", "missing signingTime for ApplePay");
                            }
                            ASN1Encodable objectAt = attribute.getAttrValues().getObjectAt(0);
                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch signingTime  for ApplePay>>{}", objectAt);
                            this.signingTime = Time.getInstance(objectAt).getDate();
                            try {
                                this.encryptionAlgOID = signerInformation.getEncryptionAlgOID();
                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch encryptionAlgOID  for ApplePay>>{}", this.encryptionAlgOID);
                                if (!"1.2.840.10045.4.3.2".equals(this.encryptionAlgOID)) {
                                    throw new PKIException("ecdsa-with-SHA256 1.2.840.10045.4.3.2");
                                }
                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  leaf certificate  for ApplePay>>signerSID={}", signerInformation.getSID());
                                try {
                                    Collection matches = certificates.getMatches(signerInformation.getSID());
                                    if (matches == null || matches.size() == 0) {
                                        throw new PKIException("852001", "missing leaf certificate for ApplePay");
                                    }
                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  leaf certificate  for ApplePay>>matches={}", Integer.valueOf(matches.size()));
                                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) matches.iterator().next();
                                    if (x509CertificateHolder == null) {
                                        throw new PKIException("852001", "missing leaf certificate for ApplePay");
                                    }
                                    try {
                                        byte[] encoded = x509CertificateHolder.getEncoded();
                                        if (logger.isDebugEnabled()) {
                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  leaf certificate  for ApplePay>>certBase64={}", new String(Base64.encode(encoded)));
                                        }
                                        try {
                                            this.signerCert = new X509Cert(encoded);
                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  leaf certificate  for ApplePay>>{}", this.signerCert);
                                            try {
                                                if (this.signerCert.getExtensionByteData(OID_CUSTOM_LEAFCERT) == null) {
                                                    throw new PKIException("852001", "missing custom OIDs: 1.2.840.113635.100.6.29 for the leaf certificate");
                                                }
                                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  custom OIDs: 1.2.840.113635.100.6.29 for the leaf certificate");
                                                AuthorityKeyIdentifier authorityKeyIdentifier = this.signerCert.getAuthorityKeyIdentifier();
                                                if (authorityKeyIdentifier == null || authorityKeyIdentifier.getKeyIdentifier() == null) {
                                                    throw new PKIException("852001", "missing AuthorityKeyIdentifier for the leaf certificate");
                                                }
                                                if (logger.isDebugEnabled()) {
                                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  AuthorityKeyIdentifier  for the leaf certificate=0x{}", Hex.toHexString(authorityKeyIdentifier.getKeyIdentifier()));
                                                }
                                                try {
                                                    Collection matches2 = certificates.getMatches(new SignerId(authorityKeyIdentifier.getKeyIdentifier()));
                                                    if (matches2 == null || matches2.size() == 0) {
                                                        throw new PKIException("852001", "missing intermediate CA for ApplePay");
                                                    }
                                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch intermediate CA for ApplePay>>matches={}", Integer.valueOf(matches2.size()));
                                                    X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) matches2.iterator().next();
                                                    if (x509CertificateHolder2 == null) {
                                                        throw new PKIException("852001", "missing intermediate CA for ApplePay");
                                                    }
                                                    try {
                                                        byte[] encoded2 = x509CertificateHolder2.getEncoded();
                                                        if (logger.isDebugEnabled()) {
                                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch intermediate CA  for ApplePay>>certBase64={}", new String(Base64.encode(encoded)));
                                                        }
                                                        try {
                                                            X509Cert x509Cert = new X509Cert(encoded2);
                                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch   intermediate CA  for ApplePay>>{}", x509Cert);
                                                            try {
                                                                if (x509Cert.getExtensionByteData(OID_CUSTOM_LEAFCERT_INTERMEDIATECA) == null) {
                                                                    throw new PKIException("852001", "missing custom OIDs: 1.2.840.113635.100.6.2.14 for the intermediate CA");
                                                                }
                                                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  custom OIDs: 1.2.840.113635.100.6.2.14 for the intermediate CA");
                                                                AuthorityKeyIdentifier authorityKeyIdentifier2 = x509Cert.getAuthorityKeyIdentifier();
                                                                if (authorityKeyIdentifier2 == null || authorityKeyIdentifier2.getKeyIdentifier() == null) {
                                                                    throw new PKIException("852001", "missing AuthorityKeyIdentifier for the intermediate CA");
                                                                }
                                                                if (logger.isDebugEnabled()) {
                                                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: fetch  AuthorityKeyIdentifier  for the the intermediate CA=0x{}", Hex.toHexString(authorityKeyIdentifier2.getKeyIdentifier()));
                                                                }
                                                                if (logger.isDebugEnabled()) {
                                                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay:compare SubjectKeyIdentifier  for the Apple Root CA - G3=0x{}", Hex.toHexString(this.appleRootCAG3.getSubjectKeyIdentifier().getKeyIdentifier()));
                                                                }
                                                                if (!Arrays.equals(authorityKeyIdentifier2.getKeyIdentifier(), this.appleRootCAG3.getSubjectKeyIdentifier().getKeyIdentifier())) {
                                                                    throw new PKIException("852001", "Ensure that the root CA is the Apple Root CA - G3 for the intermediate CA");
                                                                }
                                                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: Ensure that the root CA is the Apple Root CA - G3 for the intermediate CA");
                                                                try {
                                                                    SignerInformationVerifier build = new BcECDSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(x509CertificateHolder);
                                                                    logger.debug("p7VerifyMessageDetach<<<<<<Okay: signerInfoVerifierBuilder");
                                                                    try {
                                                                        boolean verify = signerInformation.verify(build);
                                                                        logger.debug("p7VerifyMessageDetach<<<<<<Okay: check the token’s signature={}", Boolean.valueOf(verify));
                                                                        if (!verify) {
                                                                            throw new PKIException("852001", "Invalid signature for the token’s signature");
                                                                        }
                                                                        this.contentDigest = signerInformation.getContentDigest();
                                                                        if (logger.isDebugEnabled()) {
                                                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: contentDigest=0x{}", Hex.toHexString(this.contentDigest));
                                                                        }
                                                                        try {
                                                                            boolean verify2 = this.signerCert.verify(x509Cert.getPublicKey());
                                                                            logger.debug("p7VerifyMessageDetach<<<<<<Okay: check signature for the leaf certificate={}", Boolean.valueOf(verify2));
                                                                            if (!verify2) {
                                                                                throw new PKIException("852001", "Invalid signature for the leaf certificate");
                                                                            }
                                                                            try {
                                                                                boolean verify3 = x509Cert.verify(this.appleRootCAG3.getPublicKey());
                                                                                logger.debug("p7VerifyMessageDetach<<<<<<Okay: check signature for the intermediate CA={}", Boolean.valueOf(verify3));
                                                                                if (!verify3) {
                                                                                    throw new PKIException("852001", "Invalid signature for the intermediate CA");
                                                                                }
                                                                                logger.debug("p7VerifyMessageDetach<<<<<<Successfully");
                                                                                return true;
                                                                            } catch (Exception e) {
                                                                                throw new PKIException("852001", "check signature failure for the  intermediate CA", e);
                                                                            }
                                                                        } catch (Exception e2) {
                                                                            throw new PKIException("852001", "check signature failure for the leaf certificate", e2);
                                                                        }
                                                                    } catch (CMSVerifierCertificateNotValidException e3) {
                                                                        throw new PKIException("852001", "check the token’s signature failure with invalid signingTime", e3);
                                                                    } catch (CMSException e4) {
                                                                        throw new PKIException("852001", "check the token’s signature failure", e4);
                                                                    }
                                                                } catch (OperatorCreationException e5) {
                                                                    throw new PKIException("852001", " Ensure that the signature is a valid ECDSA signature (ecdsa-with-SHA256 1.2.840.10045.4.3.2) for the token’s signature", e5);
                                                                }
                                                            } catch (Exception e6) {
                                                                throw new PKIException("852001", "check custom OIDs: 1.2.840.113635.100.6.2.14 failure for ApplePay", e6);
                                                            }
                                                        } catch (Exception e7) {
                                                            throw new PKIException("852001", "parse intermediate CA for ApplePay", e7);
                                                        }
                                                    } catch (IOException e8) {
                                                        throw new PKIException("852001", "read intermediate CA  for ApplePay", e8);
                                                    }
                                                } catch (StoreException e9) {
                                                    throw new PKIException("852001", "fetch intermediate CA for ApplePay", e9);
                                                }
                                            } catch (Exception e10) {
                                                throw new PKIException("852001", "check custom OIDs: 1.2.840.113635.100.6.29 failure for ApplePay", e10);
                                            }
                                        } catch (Exception e11) {
                                            throw new PKIException("852001", "pras leaf certificate for ApplePay", e11);
                                        }
                                    } catch (IOException e12) {
                                        throw new PKIException("852001", "read leaf certificate for ApplePay", e12);
                                    }
                                } catch (StoreException e13) {
                                    throw new PKIException("852001", "fetch leaf certificate for ApplePay", e13);
                                }
                            } catch (Exception e14) {
                                throw new PKIException("852001", "fetch  encryptionAlgOID  failure for ApplePay", e14);
                            }
                        } catch (PKIException e15) {
                            throw e15;
                        } catch (Exception e16) {
                            throw new PKIException("852001", "fetch  signingTime  failure for ApplePay", e16);
                        }
                    } catch (Exception e17) {
                        throw new PKIException("852001", "fetch  signerInformation  failure for ApplePay", e17);
                    }
                } catch (Exception e18) {
                    throw new PKIException("852001", "decode  signerInformation  failure for ApplePay", e18);
                }
            } catch (CMSException e19) {
                throw new PKIException("852001", "decode signedData  failure for ApplePay", e19);
            }
        } catch (PKIException e20) {
            if (logger.isDebugEnabled()) {
                logger.error("p7VerifyMessageDetach<<<<<<Failure: " + e20.getMessage(), (Throwable) e20);
            }
            throw e20;
        } catch (Exception e21) {
            if (logger.isDebugEnabled()) {
                logger.error("p7VerifyMessageDetach<<<<<<Exception: " + e21.getMessage(), (Throwable) e21);
            }
            throw new PKIException("852001", "P7VerifyMessageDetach failure", e21);
        }
    }

    public final Date getSigningTime() {
        return this.signingTime;
    }

    public final X509Cert getSignerCert() {
        return this.signerCert;
    }

    public final String getEncryptionAlgOID() {
        return this.encryptionAlgOID;
    }

    public final byte[] getContentDigest() {
        return this.contentDigest;
    }

    public static final byte[] concatenated(String str, String str2, String str3) throws PKIException {
        return concatenated(str, str2, str3, null);
    }

    public static final byte[] concatenated(String str, String str2, String str3, String str4) throws PKIException {
        if (str != null) {
            try {
                if (str.length() != 0) {
                    if (str2 == null || str2.length() == 0) {
                        throw new PKIException("852002", "missing base64Data");
                    }
                    if (str3 == null || str3.length() == 0) {
                        throw new PKIException("852002", "missing base64Data");
                    }
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        byteArrayOutputStream.write(Base64.decode(str));
                        try {
                            byteArrayOutputStream.write(Base64.decode(str2));
                            try {
                                byteArrayOutputStream.write(Hex.decode(str3));
                                if (str4 != null) {
                                    try {
                                        if (str4.length() != 0 && !"nil".equals(str4)) {
                                            byteArrayOutputStream.write(Hex.decode(str4));
                                        }
                                    } catch (IOException e) {
                                        throw new PKIException("852002", "invalid hexApplicationData", e);
                                    }
                                }
                                return byteArrayOutputStream.toByteArray();
                            } catch (IOException e2) {
                                throw new PKIException("852002", "invalid hexTransactionId", e2);
                            }
                        } catch (IOException e3) {
                            throw new PKIException("852002", "invalid base64Data", e3);
                        }
                    } catch (IOException e4) {
                        throw new PKIException("852002", "invalid base64EphemeralPublicKey", e4);
                    }
                }
            } catch (PKIException e5) {
                if (logger.isDebugEnabled()) {
                    logger.error("concatenated<<<<<<Failure: " + e5.getMessage(), (Throwable) e5);
                }
                throw e5;
            } catch (Exception e6) {
                if (logger.isDebugEnabled()) {
                    logger.error("concatenated<<<<<<Exception: " + e6.getMessage(), (Throwable) e6);
                }
                throw new PKIException("852002", "concatenated failure", e6);
            }
        }
        throw new PKIException("852002", "missing base64EphemeralPublicKey");
    }
}
