package de.rub.nds.tlsattacker.core.certificate.transparency;

import de.rub.nds.asn1.parser.ParserException;
import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.certificate.ExtensionObjectIdentifier;
import de.rub.nds.tlsattacker.core.certificate.transparency.logs.CtLog;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/certificate/transparency/SignedCertificateTimestampSignature.class */
public class SignedCertificateTimestampSignature {
    protected static final Logger LOGGER = LogManager.getLogger();
    private byte[] encodedSignature;
    private byte[] signature;
    private SignatureAndHashAlgorithm signatureAndhashAlgorithm;

    public byte[] getEncodedSignature() {
        return this.encodedSignature;
    }

    public void setEncodedSignature(byte[] bArr) {
        this.encodedSignature = bArr;
    }

    public byte[] getSignature() {
        return this.signature;
    }

    public void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return this.signatureAndhashAlgorithm;
    }

    public void setSignatureAndHashAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.signatureAndhashAlgorithm = signatureAndHashAlgorithm;
    }

    private boolean verifySignature(SignedCertificateTimestamp signedCertificateTimestamp, CtLog ctLog) {
        try {
            Signature signature = Signature.getInstance(this.signatureAndhashAlgorithm.getJavaName());
            signature.initVerify(KeyFactory.getInstance(this.signatureAndhashAlgorithm.getSignatureAlgorithm().getJavaName()).generatePublic(new X509EncodedKeySpec(ctLog.getPublicKey())));
            signature.update(assembleSignatureData(signedCertificateTimestamp));
            return signature.verify(this.signature);
        } catch (Exception e) {
            LOGGER.warn("Unable to verify SCT signature", e);
            return false;
        }
    }

    private byte[] assembleSignatureData(SignedCertificateTimestamp signedCertificateTimestamp) throws ParserException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(SignedCertificateTimestampVersion.encodeVersion(signedCertificateTimestamp.getVersion()));
        byteArrayOutputStream.write(SignedCertificateTimestampSignatureType.encodeVersion(SignedCertificateTimestampSignatureType.CERTIFICATE_TIMESTAMP));
        byteArrayOutputStream.write(ArrayConverter.longToBytes(signedCertificateTimestamp.getTimestamp(), 8));
        byteArrayOutputStream.write(SignedCertificateTimestampEntryType.encodeVersion(signedCertificateTimestamp.getLogEntryType()));
        byteArrayOutputStream.write(SignedCertificateTimestampEntryType.X509ChainEntry == signedCertificateTimestamp.getLogEntryType() ? convertCertificateToDer(signedCertificateTimestamp.getCertificate()) : convertToPreCertificate(signedCertificateTimestamp.getCertificate(), signedCertificateTimestamp.getIssuerCertificate()));
        byte[] extensions = signedCertificateTimestamp.getExtensions();
        byteArrayOutputStream.write(ArrayConverter.intToBytes(extensions.length, 2));
        byteArrayOutputStream.write(extensions);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] convertToPreCertificate(Certificate certificate, Certificate certificate2) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(MessageDigest.getInstance("SHA-256").digest(certificate2.getSubjectPublicKeyInfo().getEncoded("DER")));
        } catch (NoSuchAlgorithmException e) {
            LOGGER.warn("SHA-256 is not supported on this platform", e);
        }
        TBSCertificate tBSCertificate = certificate.getTBSCertificate();
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(tBSCertificate.getSerialNumber());
        v3TBSCertificateGenerator.setSignature(tBSCertificate.getSignature());
        v3TBSCertificateGenerator.setIssuer(tBSCertificate.getIssuer());
        v3TBSCertificateGenerator.setStartDate(tBSCertificate.getStartDate());
        v3TBSCertificateGenerator.setEndDate(tBSCertificate.getEndDate());
        v3TBSCertificateGenerator.setSubject(tBSCertificate.getSubject());
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(tBSCertificate.getSubjectPublicKeyInfo());
        v3TBSCertificateGenerator.setIssuerUniqueID(tBSCertificate.getIssuerUniqueId());
        v3TBSCertificateGenerator.setSubjectUniqueID(tBSCertificate.getSubjectUniqueId());
        ArrayList arrayList = new ArrayList();
        Extensions extensions = tBSCertificate.getExtensions();
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : extensions.getExtensionOIDs()) {
            if (!ExtensionObjectIdentifier.PRECERTIFICATE_POISON.equals(aSN1ObjectIdentifier.getId()) && !ExtensionObjectIdentifier.SIGNED_CERTIFICATE_TIMESTAMP_LIST.getOID().equals(aSN1ObjectIdentifier.getId())) {
                arrayList.add(extensions.getExtension(aSN1ObjectIdentifier));
            }
        }
        v3TBSCertificateGenerator.setExtensions(new Extensions((Extension[]) arrayList.toArray(new Extension[0])));
        byteArrayOutputStream.write(convertCertificateToDer(v3TBSCertificateGenerator.generateTBSCertificate()));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] convertCertificateToDer(ASN1Object aSN1Object) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] encoded = aSN1Object.getEncoded("DER");
        byteArrayOutputStream.write(ArrayConverter.intToBytes(encoded.length, 3));
        byteArrayOutputStream.write(encoded);
        return byteArrayOutputStream.toByteArray();
    }

    public String toString(SignedCertificateTimestamp signedCertificateTimestamp, CtLog ctLog) {
        StringBuilder sb = new StringBuilder();
        sb.append("\n Signature: ");
        sb.append(this.signatureAndhashAlgorithm.getSignatureAlgorithm() + " with " + this.signatureAndhashAlgorithm.getHashAlgorithm());
        if (ctLog != null) {
            sb.append(verifySignature(signedCertificateTimestamp, ctLog) ? " (valid)" : " (invalid)");
        } else {
            sb.append(" (not tested)");
        }
        sb.append(ArrayConverter.bytesToHexString(this.signature).replaceAll("\\n", "\n    "));
        return sb.toString();
    }
}
