package org.openecard.crypto.common.asn1.cvc;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.List;
import org.openecard.common.tlv.TLV;
import org.openecard.common.util.ByteUtils;
import org.openecard.crypto.common.asn1.eac.oid.CVCertificatesObjectIdentifier;
import org.openecard.crypto.common.asn1.eac.oid.TAObjectIdentifier;
import org.openecard.crypto.common.asn1.utils.ObjectIdentifierUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openecard/crypto/common/asn1/cvc/CardVerifiableCertificateVerifier.class */
public class CardVerifiableCertificateVerifier {
    private static final Logger _logger = LoggerFactory.getLogger(CardVerifiableCertificateVerifier.class);

    public static void verify(CardVerifiableCertificate cardVerifiableCertificate, CertificateDescription certificateDescription) throws CertificateException {
        try {
            for (TLV tlv : TLV.fromBER(cardVerifiableCertificate.getExtensions()).asList()) {
                String objectIdentifierUtils = ObjectIdentifierUtils.toString(tlv.getValue());
                if (objectIdentifierUtils.equals(CVCertificatesObjectIdentifier.id_description)) {
                    List<TLV> findChildTags = tlv.findChildTags(128L);
                    if (findChildTags != null && !findChildTags.isEmpty()) {
                        if (!ByteUtils.compare(selectDigest(cardVerifiableCertificate.getPublicKey().getObjectIdentifier()).digest(certificateDescription.getEncoded()), findChildTags.get(0).getValue())) {
                            throw new CertificateException("The checksum of the certificate description cannot be verified!");
                        }
                    }
                } else if (objectIdentifierUtils.equals(CVCertificatesObjectIdentifier.id_sector)) {
                    List<TLV> findChildTags2 = tlv.findChildTags(128L);
                    if (findChildTags2 != null && !findChildTags2.isEmpty()) {
                        findChildTags2.get(0);
                    }
                    List<TLV> findChildTags3 = tlv.findChildTags(129L);
                    if (findChildTags3 != null && !findChildTags3.isEmpty()) {
                        findChildTags3.get(0);
                    }
                } else {
                    _logger.warn("Unknown OID: {} ", objectIdentifierUtils);
                }
            }
        } catch (Exception e) {
            _logger.debug(e.getMessage());
            throw new CertificateException("Verification failed", e);
        }
    }

    private static MessageDigest selectDigest(String str) throws NoSuchAlgorithmException {
        if (str.equals(TAObjectIdentifier.id_TA_ECDSA_SHA_1) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_1) || str.equals(TAObjectIdentifier.id_TA_RSA_v1_5_SHA_1)) {
            return MessageDigest.getInstance("SHA-1");
        }
        if (str.equals(TAObjectIdentifier.id_TA_ECDSA_SHA_224)) {
            return MessageDigest.getInstance("SHA-224");
        }
        if (str.equals(TAObjectIdentifier.id_TA_ECDSA_SHA_256) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_256) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_256)) {
            return MessageDigest.getInstance("SHA-256");
        }
        if (str.equals(TAObjectIdentifier.id_TA_ECDSA_SHA_384) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_1) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_1)) {
            return MessageDigest.getInstance("SHA-384");
        }
        if (str.equals(TAObjectIdentifier.id_TA_ECDSA_SHA_512) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_512) || str.equals(TAObjectIdentifier.id_TA_RSA_PSS_SHA_512)) {
            return MessageDigest.getInstance("SHA-512");
        }
        throw new NoSuchAlgorithmException();
    }
}
