package com.pcbsys.nirvana.client;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.zip.CRC32;

/* loaded from: input_file:com/pcbsys/nirvana/client/nCertificateValidator.class */
public class nCertificateValidator implements nMessageValidator {
    private static final String defaultAlgorithm = "SHA1withRSA";
    private LinkedHashMap<Long, nSignatureStore> mySignatures;
    private nSignatureStore active;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/pcbsys/nirvana/client/nCertificateValidator$nSignatureStore.class */
    public static class nSignatureStore {
        Certificate myCert;
        Signature mySignature;
        long myKey;

        nSignatureStore(Certificate certificate, Signature signature, long j) {
            this.mySignature = signature;
            this.myKey = j;
            this.myCert = certificate;
        }
    }

    public static String getDefaultAlgorithm() {
        return defaultAlgorithm;
    }

    public nCertificateValidator(X509Certificate[] x509CertificateArr) throws nIllegalArgumentException, NoSuchAlgorithmException, InvalidKeyException {
        this(x509CertificateArr, defaultAlgorithm);
    }

    public nCertificateValidator(X509Certificate[] x509CertificateArr, String str) throws nIllegalArgumentException, NoSuchAlgorithmException, InvalidKeyException {
        this.mySignatures = new LinkedHashMap<>();
        this.active = null;
        if (x509CertificateArr == null) {
            throw new nIllegalArgumentException("Supplied certificates can not be null");
        }
        if (x509CertificateArr.length == 0) {
            throw new nIllegalArgumentException("Must supply at least one certificate");
        }
        if (str == null) {
            throw new nIllegalArgumentException("Signature algorithm can not be null");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate == null) {
                throw new nIllegalArgumentException("Can not have NULL X509Certificate");
            }
            loadCertificate(x509Certificate, str);
        }
    }

    public nCertificateValidator(KeyStore keyStore) throws nIllegalArgumentException, NoSuchAlgorithmException, InvalidKeyException, KeyStoreException {
        this(keyStore, defaultAlgorithm);
    }

    public nCertificateValidator(KeyStore keyStore, String str) throws nIllegalArgumentException, NoSuchAlgorithmException, InvalidKeyException, KeyStoreException {
        this.mySignatures = new LinkedHashMap<>();
        this.active = null;
        if (keyStore == null) {
            throw new nIllegalArgumentException("Supplied keystore can not be null");
        }
        if (str == null) {
            throw new nIllegalArgumentException("Signature algorithm can not be null");
        }
        loadKeystore(keyStore, str);
    }

    public nCertificateValidator(String str, String str2) throws nIllegalArgumentException, KeyStoreException, FileNotFoundException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, str2, defaultAlgorithm);
    }

    public nCertificateValidator(String str, String str2, String str3) throws nIllegalArgumentException, KeyStoreException, FileNotFoundException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchAlgorithmException, InvalidKeyException {
        this.mySignatures = new LinkedHashMap<>();
        this.active = null;
        if (str == null) {
            throw new nIllegalArgumentException("Supplied keystoreName can not be null");
        }
        if (str2 == null) {
            throw new nIllegalArgumentException("Supplied keyStorePasswd can not be null");
        }
        if (str3 == null) {
            throw new nIllegalArgumentException("Signature algorithm can not be null");
        }
        File file = new File(str);
        if (!file.exists()) {
            throw new FileNotFoundException("Suppplied KeyStore filename does not exist:" + str);
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            loadKeystore(keyStore, str3);
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public Certificate[] getLoadedCertificates() {
        Certificate[] certificateArr = new Certificate[this.mySignatures.size()];
        Iterator<nSignatureStore> it = this.mySignatures.values().iterator();
        int i = 0;
        while (it.hasNext()) {
            certificateArr[i] = it.next().myCert;
            i++;
        }
        return certificateArr;
    }

    @Override // com.pcbsys.nirvana.client.nMessageValidator
    public Provider getProvider() {
        return this.mySignatures.entrySet().iterator().next().getValue().mySignature.getProvider();
    }

    @Override // com.pcbsys.nirvana.client.nMessageValidator
    public void start(byte[] bArr) {
        this.active = this.mySignatures.get(Long.valueOf(getCRCKey(bArr)));
    }

    @Override // com.pcbsys.nirvana.client.nMessageValidator
    public void stop() {
        this.active = null;
    }

    @Override // com.pcbsys.nirvana.client.nMessageValidator
    public void update(byte[] bArr) throws Exception {
        if (this.active != null) {
            this.active.mySignature.update(bArr);
        }
    }

    @Override // com.pcbsys.nirvana.client.nMessageValidator
    public Object check(byte[] bArr) throws Exception {
        if (this.active == null) {
            throw new Exception("Unable to locate signing certificate to validate");
        }
        byte[] bArr2 = new byte[bArr.length - 4];
        System.arraycopy(bArr, 4, bArr2, 0, bArr2.length);
        if (!this.active.mySignature.verify(bArr2)) {
            throw new Exception("Signatures do not match");
        }
        this.active.mySignature.initVerify(this.active.myCert.getPublicKey());
        return this.active.myCert;
    }

    private void loadCertificate(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        CRC32 crc32 = new CRC32();
        crc32.update(x509Certificate.getSignature());
        crc32.update(x509Certificate.getSerialNumber().toByteArray());
        int value = (int) crc32.getValue();
        Signature signature = Signature.getInstance(str);
        signature.initVerify(x509Certificate.getPublicKey());
        nSignatureStore nsignaturestore = new nSignatureStore(x509Certificate, signature, value);
        try {
            this.mySignatures.put(Long.valueOf(nsignaturestore.myKey), nsignaturestore);
        } catch (Exception e) {
        }
    }

    private long getCRCKey(byte[] bArr) {
        int i = 24;
        int i2 = 0;
        for (int i3 = 0; i3 < 4; i3++) {
            i2 = ((bArr[i3] & 255) << i) | i2;
            i -= 8;
        }
        return i2;
    }

    private void loadKeystore(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeyException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            loadCertificate((X509Certificate) keyStore.getCertificate(aliases.nextElement().toString()), str);
        }
    }
}
