package org.verapdf.pdfa.parsers.pkcs7;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.util.Arrays;

/* JADX WARN: Classes with same name are omitted:
  input_file:Q2024_2/XPM-LDK.praxis/Bin/pruefung.jar:org/verapdf/pdfa/parsers/pkcs7/X509CertificateImpl.class
  input_file:Q2024_3/XPM-LDK.praxis/Bin/pruefung.jar:org/verapdf/pdfa/parsers/pkcs7/X509CertificateImpl.class
  input_file:Q2024_4/XPM-LDK.praxis/Bin/pruefung.jar:org/verapdf/pdfa/parsers/pkcs7/X509CertificateImpl.class
 */
/* loaded from: input_file:Q2025_1/XPM-LDK.praxis/Bin/pruefung.jar:org/verapdf/pdfa/parsers/pkcs7/X509CertificateImpl.class */
public class X509CertificateImpl {
    private int version = 0;

    public X509CertificateImpl(DEREncodedValue dEREncodedValue) throws CertificateException {
        try {
            parse(dEREncodedValue);
        } catch (IOException e) {
            throw new CertificateException("Error while initializing certificate. ", e);
        }
    }

    public int getVersion() {
        return this.version;
    }

    private void parse(DEREncodedValue dEREncodedValue) throws CertificateException, IOException {
        if (dEREncodedValue.in == null || dEREncodedValue.valueTag != 48) {
            throw new CertificateParsingException("Invalid DER-encoded certificate data");
        }
        DEREncodedValue[] dEREncodedValueArr = new DEREncodedValue[3];
        for (int i = 0; i < 3; i++) {
            dEREncodedValueArr[i] = dEREncodedValue.in.getDEREncodedValue();
        }
        if (dEREncodedValue.in.available() != 0) {
            throw new CertificateParsingException("Extra signed data available = " + dEREncodedValue.in.available() + " bytes");
        }
        byte[] parseAlgId = parseAlgId(dEREncodedValueArr[1]);
        if (dEREncodedValueArr[1].in.available() != 0) {
            throw new CertificateParsingException("Algorithm ID field contains extra data");
        }
        dEREncodedValueArr[2].getBitString();
        if (dEREncodedValueArr[2].in.available() != 0) {
            throw new CertificateParsingException("Signed fields contain extra data");
        }
        if (dEREncodedValueArr[0].valueTag != 48) {
            throw new CertificateParsingException("Invalid certificate signed fields");
        }
        parseCertificateInfo(dEREncodedValueArr[0].in, parseAlgId);
    }

    private byte[] parseAlgId(DEREncodedValue dEREncodedValue) throws IOException {
        if (dEREncodedValue.valueTag != 48) {
            throw new IOException("Tag is not a sequence");
        }
        DEREncodedInputStream dEREncodedInputStream = dEREncodedValue.toDEREncodedInputStream();
        byte[] oid = dEREncodedInputStream.getOID();
        DEREncodedValue dEREncodedValue2 = dEREncodedInputStream.available() == 0 ? null : dEREncodedInputStream.getDEREncodedValue();
        if (dEREncodedValue2 != null && dEREncodedValue2.valueTag == 5 && !dEREncodedValue2.areEmpty()) {
            throw new IOException("Invalid null tag");
        }
        if (dEREncodedInputStream.available() != 0) {
            throw new IOException("Algorithm ID contains extra data");
        }
        return oid;
    }

    private void parseCertificateInfo(DEREncodedInputStream dEREncodedInputStream, byte[] bArr) throws IOException, CertificateException {
        parseVersionAndSerialNumber(dEREncodedInputStream);
        if (!Arrays.equals(bArr, parseAlgId(dEREncodedInputStream.getDEREncodedValue()))) {
            throw new CertificateException("Signature algorithms mismatch");
        }
        validateX500Name(parseX500Name(dEREncodedInputStream), "Empty issuer DN isn't allowed in X509Certificates");
        parseValidity(dEREncodedInputStream);
        DEREncodedValue[] parseX500Name = parseX500Name(dEREncodedInputStream);
        if (this.version == 0) {
            validateX500Name(parseX500Name, "Empty subject DN isn't allowed in V1 X509Certificates");
        }
        DEREncodedValue dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
        if (dEREncodedValue.valueTag != 48) {
            throw new IOException("Subject key is corrupted");
        }
        parseAlgId(dEREncodedValue.in.getDEREncodedValue());
        if (dEREncodedInputStream.available() != 0) {
            if (this.version == 0) {
                throw new CertificateParsingException("V1 X509Certificate contains extra data");
            }
            parseExtraData(dEREncodedInputStream);
        }
    }

    private void parseVersionAndSerialNumber(DEREncodedInputStream dEREncodedInputStream) throws IOException {
        DEREncodedValue dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
        if (dEREncodedValue.isContextSpecific((byte) 0)) {
            if (dEREncodedValue.isConstructed()) {
                DEREncodedValue dEREncodedValue2 = dEREncodedValue.in.getDEREncodedValue();
                BigInteger bigInteger = dEREncodedValue2.getBigInteger();
                if (bigInteger.compareTo(BigInteger.valueOf(2147483647L)) > 0) {
                    throw new IOException("Integer greater than maximum valid value");
                }
                if (bigInteger.compareTo(BigInteger.valueOf(-2147483648L)) < 0) {
                    throw new IOException("Integer less than minimum valid value");
                }
                this.version = bigInteger.intValue();
                if (dEREncodedValue2.in.available() != 0) {
                    throw new IOException("X509Certificate version has bad format");
                }
            }
            dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
        }
        dEREncodedValue.getBigInteger();
        if (dEREncodedValue.in.available() != 0) {
            throw new IOException("Serial number contains extra data");
        }
    }

    private DEREncodedValue[] parseX500Name(DEREncodedInputStream dEREncodedInputStream) throws IOException {
        DEREncodedValue[] sequence;
        byte[] byteArray = dEREncodedInputStream.inputBuffer.toByteArray();
        try {
            sequence = dEREncodedInputStream.getSequence(5);
        } catch (IOException e) {
            sequence = byteArray == null ? null : new DEREncodedInputStream(new DEREncodedValue((byte) 48, byteArray).toByteArray()).getSequence(5);
        }
        return sequence;
    }

    private void validateX500Name(DEREncodedValue[] dEREncodedValueArr, String str) throws IOException, CertificateParsingException {
        if (dEREncodedValueArr != null) {
            for (DEREncodedValue dEREncodedValue : dEREncodedValueArr) {
                if (dEREncodedValue.valueTag != 49) {
                    throw new IOException("Invalid set tag in X500 name");
                }
                if (new DEREncodedInputStream(dEREncodedValue.toByteArray()).getSet(5).length == 0) {
                    throw new CertificateParsingException(str);
                }
            }
        }
    }

    private void parseValidity(DEREncodedInputStream dEREncodedInputStream) throws IOException {
        DEREncodedValue dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
        if (dEREncodedValue.valueTag != 48) {
            throw new IOException("Invalid starting sequence tag");
        }
        if (dEREncodedValue.in.available() == 0) {
            throw new IOException("Certificate validity contains no data");
        }
        DEREncodedValue[] sequence = new DEREncodedInputStream(dEREncodedValue.toByteArray()).getSequence(2);
        if (sequence.length != 2 || ((sequence[0].valueTag != 23 && sequence[0].valueTag != 24) || (sequence[1].valueTag != 23 && sequence[1].valueTag != 24))) {
            throw new IOException("Error while parsing certificate validity");
        }
    }

    private void parseExtraData(DEREncodedInputStream dEREncodedInputStream) throws CertificateParsingException, IOException {
        DEREncodedValue dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
        if (dEREncodedValue.isContextSpecific((byte) 1)) {
            if (dEREncodedInputStream.available() == 0) {
                return;
            } else {
                dEREncodedValue = dEREncodedInputStream.getDEREncodedValue();
            }
        }
        if (dEREncodedValue.isContextSpecific((byte) 2)) {
            if (dEREncodedInputStream.available() == 0) {
                return;
            } else {
                dEREncodedInputStream.getDEREncodedValue();
            }
        }
        if (this.version != 2) {
            throw new CertificateParsingException("Extensions not allowed in v2 certificate");
        }
    }
}
