package com.gpki.secureweb.php;

import com.dsjdf.jdf.Logger;
import com.gpki.gpkiapi.GpkiApi;
import com.gpki.gpkiapi.cert.X509Certificate;
import com.gpki.gpkiapi.cms.SignedContent;
import com.gpki.gpkiapi.cms.SignedData;
import com.gpki.gpkiapi.crypto.Random;
import com.gpki.gpkiapi.exception.GpkiApiException;
import com.gpki.gpkiapi.util.Base64;
import com.gpki.gpkiapi.util.Dump;
import com.gpki.secureweb.Base64ContentInfo;
import com.gpki.secureweb.EncryptedData;
import com.gpki.secureweb.EnvelopData;
import com.gpki.secureweb.GPKIKeyInfo;
import com.gpki.secureweb.GPKISecureWEBConfig;
import com.gpki.secureweb.GPKISecureWEBDefine;
import com.gpki.secureweb.GPKISecureWEBException;
import com.gpki.secureweb.KDF;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.StringTokenizer;

/* loaded from: input_file:com/gpki/secureweb/php/GPKISecureWeb.class */
public class GPKISecureWeb implements GPKISecureWEBDefine {
    private String encryptData;
    private String decryptData;
    private String messageType;
    private byte[] signData;
    private Hashtable paramMap;
    private byte[] privatekey_random;
    private String processLog = "";
    private X509Certificate signer_cert = null;
    private final byte CERT_VERIFY_SUCCESS = 0;
    private final byte CERT_VERIFY_FAIL = 1;
    private GPKIKeyInfo keyinfo = new GPKIKeyInfo();

    public GPKISecureWeb(String str, String str2, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, String str3) {
        try {
            this.keyinfo.setClientKey(bArr);
            this.keyinfo.setClientIV(bArr2);
            this.keyinfo.setServerKey(bArr3);
            this.keyinfo.setServerIV(bArr4);
            this.keyinfo.setAlgo(str2);
            this.keyinfo.setChallenge(str3);
        } catch (GPKISecureWEBException e) {
            Logger.err.println(this, e.getMessage());
            e.getMessage();
        }
        this.encryptData = str;
    }

    public String getParameter(String str) {
        return (String) ((List) this.paramMap.get(str)).get(0);
    }

    public String[] getParameterValues(String str) {
        List list = (List) this.paramMap.get(str);
        String[] strArr = new String[list.size()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = (String) list.get(i);
        }
        return strArr;
    }

    public String[] getParameterNames() {
        Enumeration keys = this.paramMap.keys();
        ArrayList arrayList = new ArrayList(10);
        while (keys.hasMoreElements()) {
            arrayList.add(keys.nextElement());
        }
        String[] strArr = new String[arrayList.size()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = (String) arrayList.get(i);
        }
        return strArr;
    }

    public String getQueryString() {
        return this.decryptData;
    }

    public String getMessageType() {
        return this.messageType;
    }

    public String getSignType() {
        String str = "";
        int parseInt = Integer.parseInt(this.messageType);
        if (parseInt == 1 || parseInt == 23 || parseInt == 22 || parseInt == 20) {
            str = "WIRE";
        } else if (parseInt == 33 || parseInt == 32 || parseInt == 30) {
            str = "WIRELESS";
        }
        return str;
    }

    public byte[] getSignedData() {
        return this.signData;
    }

    public String encrypt(String str) throws GPKISecureWEBException {
        try {
            Logger.debug.println(this, new StringBuffer("keyinfo = ").append(this.keyinfo).toString());
            Logger.debug.println(this, new StringBuffer("Algo = ").append(this.keyinfo.getAlgo()).toString());
            Logger.debug.println(this, new StringBuffer("ServerKey = ").append(this.keyinfo.getServerKey()).toString());
            Logger.debug.println(this, new StringBuffer("ServerIV = ").append(this.keyinfo.getServerIV()).toString());
            EncryptedData encryptedData = new EncryptedData();
            encryptedData.setKey(this.keyinfo.getAlgo(), this.keyinfo.getServerKey(), this.keyinfo.getServerIV());
            return encryptedData.encrypt(str);
        } catch (Exception e) {
            throw new GPKISecureWEBException(e.getMessage());
        }
    }

    public String encrypt(int i) throws GPKISecureWEBException {
        return encrypt(String.valueOf(i));
    }

    public String getChallenge() throws GPKISecureWEBException {
        try {
            this.keyinfo.setChallenge(new Base64().encode(new Random().generateRandom(20)));
            return this.keyinfo.getChallenge();
        } catch (GpkiApiException e) {
            Logger.err.println(this, e.getMessage());
            throw new GPKISecureWEBException(e.getMessage());
        }
    }

    public byte[] getPrivateRandom() {
        return this.privatekey_random;
    }

    public GPKIKeyInfo getGPKIKeyInfo() {
        return this.keyinfo;
    }

    /* JADX WARN: Unreachable blocks removed: 9, instructions: 9 */
    public void init() throws GPKISecureWEBException {
        this.paramMap = new Hashtable(20);
        try {
            Logger.debug.println(this, new StringBuffer("GPKISecureWEBConfig = ").append(GPKISecureWEBConfig.getInstance().getClass().getName()).toString());
            GpkiApi.init(GPKISecureWEBConfig.getGPKIAPIConfFilePath());
            Logger.debug.println(this, new StringBuffer("GpkiApi.init() = ").append(GPKISecureWEBConfig.getGPKIAPIConfFilePath()).toString());
            Logger.debug.println(this, new StringBuffer("encryptData = ").append(this.encryptData).toString());
        } catch (Exception e) {
            Logger.err.println(this, e.getMessage());
            throw new GPKISecureWEBException(e.getMessage());
        }
        if (this.encryptData == null) {
            return;
        }
        String str = this.encryptData;
        Base64ContentInfo base64ContentInfo = new Base64ContentInfo(str);
        byte contentType = base64ContentInfo.getContentType();
        Logger.debug.println(this, new StringBuffer("content_type = ").append((int) contentType).toString());
        this.messageType = String.valueOf((int) contentType);
        if (contentType != 20) {
        }
        if (contentType == 0) {
            try {
                EncryptedData encryptedData = new EncryptedData(str);
                Logger.debug.println(this, new StringBuffer("keyinfo.getAlgo()==").append(this.keyinfo.getAlgo()).toString());
                Logger.debug.println(this, new StringBuffer("keyinfo.getClientKey()==").append(this.keyinfo.getClientKey()).toString());
                encryptedData.setKey(this.keyinfo.getAlgo(), this.keyinfo.getClientKey(), this.keyinfo.getClientIV());
                Logger.info.println(this, "key값 세팅 완료");
                this.decryptData = new String(encryptedData.decrypt());
                setDecrytData2Query(this.decryptData);
                return;
            } catch (Exception e2) {
                throw new GPKISecureWEBException(e2);
            }
        }
        if (contentType == 1) {
            try {
                EncryptedData encryptedData2 = new EncryptedData(str);
                encryptedData2.setKey(this.keyinfo.getAlgo(), this.keyinfo.getClientKey(), this.keyinfo.getClientIV());
                Logger.info.println(this, "key값 세팅 완료");
                this.signData = encryptedData2.decrypt();
                SignedData signedData = new SignedData();
                signedData.verify(this.signData);
                Logger.info.println(this, "signdata.verify 수행");
                this.decryptData = new String(signedData.getMessage());
                setDecrytData2Query(this.decryptData);
                Logger.debug.println(this, new StringBuffer("decryptData = ").append(this.decryptData).toString());
                int signerCnt = signedData.getSignerCnt();
                Logger.info.println(this, new StringBuffer("signer_cnt = ").append(signerCnt).toString());
                if (signerCnt > 0) {
                    this.signer_cert = signedData.getSignerCert(signerCnt - 1);
                    Logger.info.println(this, new StringBuffer("signer_cert = ").append(this.signer_cert.getSubjectDN()).toString());
                    checkPolicy(this.signer_cert);
                    Logger.info.println(this, "정책검증 완료 ");
                    verifyCert(this.signer_cert);
                    Logger.info.println(this, "인증서 검증 완료 ");
                    return;
                }
                return;
            } catch (Exception e3) {
                throw new GPKISecureWEBException(e3);
            }
        }
        if (contentType == 2) {
            try {
                EncryptedData encryptedData3 = new EncryptedData(str);
                encryptedData3.setKey(this.keyinfo.getAlgo(), this.keyinfo.getClientKey(), this.keyinfo.getClientIV());
                this.signData = encryptedData3.decrypt();
                Logger.debug.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] signData : ").append(Dump.toHexString(this.signData, 0L, this.signData.length)).toString());
                SignedContent signedContent = new SignedContent();
                signedContent.verify(this.signData);
                this.decryptData = new String(signedContent.getMessage());
                Logger.debug.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] 원본 메시지 : ").append(Dump.toHexString(this.decryptData.getBytes(), 0L, this.decryptData.getBytes().length)).toString());
                setDecrytData2Query(this.decryptData);
                this.signer_cert = signedContent.getSignerCert();
                Logger.debug.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] signer_cert : ").append(this.signer_cert).toString());
                checkPolicy(this.signer_cert);
                Logger.debug.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] checkPolicy 완료").toString());
                verifyCert(this.signer_cert);
                Logger.info.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] 인증서 검증 완료  : DN  [").append(this.signer_cert.getSubjectDN()).append("]").toString());
                return;
            } catch (Exception e4) {
                Logger.err.println(this, new StringBuffer("[").append(Thread.currentThread().getName()).append("] ENCRYPTED_SIGNDATA Error : ").append(e4.getMessage()).toString());
                throw new GPKISecureWEBException(e4);
            }
        }
        if (contentType == 21 || contentType == 31) {
            try {
                EnvelopData envelopData = new EnvelopData(str);
                this.decryptData = new String(envelopData.decrypt());
                setDecrytData2Query(this.decryptData);
                checkChallenge(this.keyinfo);
                Logger.info.println(this, "challenge값 체크 완료");
                KDF kdf = new KDF();
                kdf.setBaseKey(envelopData.secretkey, envelopData.getContentInfo());
                this.keyinfo = kdf.getGPKIKeyInfo();
                return;
            } catch (Exception e5) {
                Logger.err.println(this, new StringBuffer("EnvelopData Error : ").append(e5.getMessage()).toString());
                throw new GPKISecureWEBException(e5);
            }
        }
        if (contentType == 23) {
            try {
                KDF processEnvelopData = processEnvelopData(str);
                Logger.info.println(this, "Key교환을 위한 keyblock 생성 완료");
                SignedData signedData2 = new SignedData();
                signedData2.verify(this.signData);
                Logger.info.println(this, "signdata.verify 수행");
                this.decryptData = new String(signedData2.getMessage());
                setDecrytData2Query(this.decryptData);
                checkChallenge(this.keyinfo);
                Logger.info.println(this, "challenge값 체크 완료");
                this.signer_cert = signedData2.getSignerCert(0);
                Logger.info.println(this, new StringBuffer("클라이언트 인증서 DN : ").append(this.signer_cert.getSubjectDN()).toString());
                checkPolicy(this.signer_cert);
                Logger.info.println(this, "정책검증 완료 ");
                verifyCert(this.signer_cert);
                Logger.info.println(this, "인증서 검증 완료 ");
                Logger.debug.println(this, new StringBuffer("kdf.getGPKIKeyInfo() =").append(processEnvelopData.getGPKIKeyInfo()).toString());
                this.keyinfo = processEnvelopData.getGPKIKeyInfo();
                Logger.debug.println(this, "getKeyInfo");
                this.keyinfo.setSignerCert(this.signer_cert);
                Logger.debug.println(this, "setSignerCert");
                this.keyinfo.setAuthType(true);
                Logger.debug.println(this, "setAuthType");
                return;
            } catch (Exception e6) {
                throw new GPKISecureWEBException(e6);
            }
        }
        if (contentType == 22) {
            try {
                KDF processEnvelopData2 = processEnvelopData(str);
                SignedData signedData3 = new SignedData();
                signedData3.verify(this.signData);
                this.decryptData = new String(signedData3.getMessage());
                setDecrytData2Query(this.decryptData);
                checkChallenge(this.keyinfo);
                int signerCnt2 = signedData3.getSignerCnt();
                if (signerCnt2 > 0) {
                    this.signer_cert = signedData3.getSignerCert(signerCnt2 - 1);
                    Logger.debug.println(this, new StringBuffer("signer_cert : ").append(this.signer_cert).toString());
                    checkPolicy(this.signer_cert);
                    Logger.debug.println(this, "checkPolicy 완료");
                    verifyCert(this.signer_cert);
                    Logger.debug.println(this, "verifyCert 완료");
                }
                this.keyinfo = processEnvelopData2.getGPKIKeyInfo();
                Logger.debug.println(this, new StringBuffer("keyinfo==").append(this.keyinfo).toString());
                return;
            } catch (Exception e7) {
                throw new GPKISecureWEBException(e7);
            }
        }
        if (contentType == 33 || contentType == 32) {
            try {
                KDF processEnvelopData3 = processEnvelopData(str);
                SignedContent signedContent2 = new SignedContent();
                signedContent2.verify(this.signData);
                this.decryptData = new String(signedContent2.getMessage());
                setDecrytData2Query(this.decryptData);
                checkChallenge(this.keyinfo);
                this.signer_cert = signedContent2.getSignerCert();
                checkPolicy(this.signer_cert);
                verifyCert(this.signer_cert);
                this.keyinfo = processEnvelopData3.getGPKIKeyInfo();
                if (contentType == 33) {
                    this.keyinfo.setSignerCert(this.signer_cert);
                    this.keyinfo.setAuthType(true);
                    return;
                }
                return;
            } catch (Exception e8) {
                throw new GPKISecureWEBException(e8);
            }
        }
        if (contentType != 20) {
            if (contentType == 30) {
                try {
                    this.signData = base64ContentInfo.getContentInfo();
                    SignedContent signedContent3 = new SignedContent();
                    signedContent3.verify(this.signData);
                    this.decryptData = new String(signedContent3.getMessage());
                    this.signer_cert = signedContent3.getSignerCert();
                    checkPolicy(this.signer_cert);
                    verifyCert(this.signer_cert);
                    return;
                } catch (Exception e9) {
                    throw new GPKISecureWEBException(e9);
                }
            }
            return;
        }
        try {
            this.signData = base64ContentInfo.getContentInfo();
            SignedData signedData4 = new SignedData();
            signedData4.verify(this.signData);
            this.decryptData = new String(signedData4.getMessage());
            int signerCnt3 = signedData4.getSignerCnt();
            for (int i = 0; i < signerCnt3; i++) {
                this.signer_cert = signedData4.getSignerCert(i);
                checkPolicy(this.signer_cert);
                verifyCert(this.signer_cert);
            }
            return;
        } catch (Exception e10) {
            throw new GPKISecureWEBException(e10);
        }
        Logger.err.println(this, e.getMessage());
        throw new GPKISecureWEBException(e.getMessage());
    }

    private void setDecrytData2Query(String str) {
        Logger.debug.println(this, new StringBuffer("decryptData  =  ").append(str).toString());
        if (str != null || !str.equals("")) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "&");
            while (stringTokenizer.hasMoreElements()) {
                String str2 = (String) stringTokenizer.nextElement();
                String substring = str2.substring(0, str2.indexOf(61));
                String substring2 = str2.substring(str2.indexOf(61) + 1);
                List arrayList = this.paramMap.containsKey(substring) ? (List) this.paramMap.get(substring) : new ArrayList();
                arrayList.add(substring2);
                this.paramMap.put(substring, arrayList);
            }
        }
        Logger.debug.println(this, "setDecrytData2Query end");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkChallenge(GPKIKeyInfo gPKIKeyInfo) throws GPKISecureWEBException {
        String parameter = getParameter("challenge");
        try {
            try {
                if (GPKISecureWEBConfig.getCheckChallenge().equalsIgnoreCase("yes")) {
                    Logger.debug.println(this, "execute checkChallenge");
                    if (parameter == null || gPKIKeyInfo.getChallenge().equals("")) {
                        throw new GPKISecureWEBException(new StringBuffer("Replay chechk -> challenge is null or empty : ").append(parameter).append(" , ").append(gPKIKeyInfo.getChallenge()).toString());
                    }
                    if (!gPKIKeyInfo.getChallenge().equals(parameter)) {
                        throw new GPKISecureWEBException(new StringBuffer("Replay attak..").append(parameter).append(" ").append(gPKIKeyInfo.getChallenge()).toString());
                    }
                }
            } catch (GPKISecureWEBException e) {
                Logger.err.println(this, e.getMessage());
                throw new GPKISecureWEBException(e.getMessage());
            }
        } finally {
            gPKIKeyInfo.setChallenge("");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkPolicy(X509Certificate x509Certificate) throws GPKISecureWEBException {
        try {
            if (GPKISecureWEBConfig.getAnyPolicy().equals("yes")) {
                String certPolicy = x509Certificate.getCertPolicy();
                String policies = GPKISecureWEBConfig.getPolicies();
                Logger.info.println(this, new StringBuffer("signer_policies : ").append(certPolicy).append(" ::: ").append("config_policies : ").append(policies).toString());
                ArrayList arrayList = new ArrayList(4);
                StringTokenizer stringTokenizer = new StringTokenizer(certPolicy, ",");
                StringTokenizer stringTokenizer2 = new StringTokenizer(policies, ",");
                while (stringTokenizer2.hasMoreTokens()) {
                    arrayList.add(stringTokenizer2.nextToken());
                }
                String str = "";
                while (true) {
                    if (!stringTokenizer.hasMoreTokens()) {
                        break;
                    }
                    String nextToken = stringTokenizer.nextToken();
                    if (arrayList.contains(nextToken)) {
                        str = nextToken;
                        break;
                    }
                }
                if (str.equals("")) {
                    Logger.info.println(this, new StringBuffer("정책검증 에러 - client cert policies : ").append(certPolicy).append("- config_policies : ").append(policies).toString());
                    throw new GPKISecureWEBException(new StringBuffer("CheckPolicy Error - client cert policies : ").append(certPolicy).append("- config_policies : ").append(policies).toString());
                }
            }
        } catch (Exception e) {
            Logger.err.println(this, e.getMessage());
            throw new GPKISecureWEBException(e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x03a6 A[Catch: Exception -> 0x03d6, LOOP:1: B:12:0x03a9->B:25:0x03a6, LOOP_END, TryCatch #1 {Exception -> 0x03d6, blocks: (B:2:0x0000, B:4:0x000c, B:7:0x0083, B:9:0x0062, B:11:0x008a, B:12:0x03a9, B:14:0x00bb, B:16:0x00c8, B:18:0x025e, B:20:0x026b, B:22:0x028e, B:25:0x03a6, B:36:0x02e6, B:38:0x032b, B:40:0x0336, B:42:0x0341, B:44:0x0362, B:46:0x034c, B:47:0x0361, B:51:0x036e, B:52:0x00d5, B:54:0x0105, B:56:0x013d, B:57:0x0150, B:58:0x0168, B:60:0x015b, B:62:0x0170, B:65:0x0183, B:68:0x01c9, B:70:0x021b, B:72:0x0226, B:74:0x0231, B:76:0x0252, B:78:0x023c, B:79:0x0251, B:30:0x03b6, B:31:0x03d2, B:84:0x0011, B:85:0x0057), top: B:1:0x0000, inners: #0, #2 }] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x03a3 A[SYNTHETIC] */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void verifyCert(com.gpki.gpkiapi.cert.X509Certificate r7) throws com.gpki.secureweb.GPKISecureWEBException {
        /*
            Method dump skipped, instructions count: 1035
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.gpki.secureweb.php.GPKISecureWeb.verifyCert(com.gpki.gpkiapi.cert.X509Certificate):void");
    }

    private KDF processEnvelopData(String str) throws GPKISecureWEBException {
        try {
            EnvelopData envelopData = new EnvelopData(str);
            this.signData = envelopData.decrypt();
            this.privatekey_random = envelopData.getPrivateKeyRandom();
            KDF kdf = new KDF();
            kdf.setBaseKey(envelopData.secretkey, envelopData.getContentInfo());
            Logger.info.println(this, "key값 세팅 완료");
            return kdf;
        } catch (Exception e) {
            throw new GPKISecureWEBException(e);
        }
    }

    public String getProcessLog() {
        return this.processLog;
    }

    public X509Certificate getSignerCert() {
        return this.signer_cert;
    }
}
