package net.netca.pki.encoding.globalplatform;

import com.tencent.smtt.sdk.WebView;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.ECDSASigValue;
import net.netca.pki.encoding.asn1.pki.PublicKey;
import net.netca.pki.encoding.asn1.pki.Signable;
import net.netca.pki.encoding.asn1.pki.Verifible;

/* loaded from: classes3.dex */
public final class Certificate {
    public static final int AUTHORIZATION = 1;
    public static final int CERT_TYPE_SM_DP = 13107457;
    public static final int CERT_TYPE_SM_SR = 13107458;
    public static final int CHECKSUM = 4;
    public static final int COMPUTATION_DECIPHERMENT = 64;
    public static final int CONFIDENTIALITY = 8;
    public static final int DIGITAL_SIGNATURE = 2;
    public static final int DISCRETIONARY_DATA_TYPE_BER = 115;
    public static final int DISCRETIONARY_DATA_TYPE_UNSPECIFIED_FORMAT = 83;
    public static final int KEYAGREEMENT = 32768;
    public static final int SECURE_MESSAGING_IN_COMMAND = 16;
    public static final int SECURE_MESSAGING_IN_RESPONSE = 32;
    public static final int VERIFICATION_ENCIPHERMENT = 128;
    private byte[] ECASDImageNumber;
    private byte[] caId;
    private byte[] discretionaryData;
    private byte[] eUICCExtendedGSMASASAccreditationSerialNumber;
    private byte[] eUICCProductLineIdentifier;
    private byte[] eUICCSupplierIdentifier;
    private String effectiveDate;
    private byte[] encodeValue;
    private String expirationDate;
    private byte[] issuerSubjectKeyIdentifier;
    private int keyUsage;
    private ECCPublicKey publicKey;
    private byte[] signatureValue;
    private byte[] sn;
    private byte[] subjectId;
    private byte[] tbs;
    private int discretionaryDataType = 115;
    private int serverCertType = -1;

    public Certificate() {
    }

    public Certificate(byte[] bArr) throws PkiException {
        if (bArr.length < 4) {
            throw new PkiException("data too much short");
        }
        if (bArr[0] != Byte.MAX_VALUE) {
            throw new PkiException("bad cert tag");
        }
        if (bArr[1] != 33) {
            throw new PkiException("bad cert tag");
        }
        int decodeLength = decodeLength(bArr, 2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength) + 2;
        if (lengthEncodeLength + decodeLength != bArr.length) {
            throw new PkiException("bad length,mismatch");
        }
        if (decodeLength < 2) {
            throw new PkiException("bad length,data too much short");
        }
        int decodeCertificateSerialNumber = decodeCertificateSerialNumber(bArr, lengthEncodeLength) + lengthEncodeLength;
        int decodeCAIdentifier = decodeCertificateSerialNumber + decodeCAIdentifier(bArr, decodeCertificateSerialNumber);
        int decodeSubjectIdentifier = decodeCAIdentifier + decodeSubjectIdentifier(bArr, decodeCAIdentifier);
        int decodeKeyUsage = decodeSubjectIdentifier + decodeKeyUsage(bArr, decodeSubjectIdentifier);
        if (bArr.length - decodeKeyUsage < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[decodeKeyUsage] == 95 && bArr[decodeKeyUsage + 1] == 37) {
            decodeKeyUsage += decodeEffectiveDate(bArr, decodeKeyUsage);
        } else {
            this.effectiveDate = null;
        }
        int decodeExpirationDate = decodeKeyUsage + decodeExpirationDate(bArr, decodeKeyUsage);
        if (bArr.length - decodeExpirationDate < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[decodeExpirationDate] == 69) {
            decodeExpirationDate += decodeECASDImageNumber(bArr, decodeExpirationDate);
        } else {
            this.ECASDImageNumber = null;
        }
        int decodeDiscretionaryData = decodeExpirationDate + decodeDiscretionaryData(bArr, decodeExpirationDate);
        int decodePublicKey = decodeDiscretionaryData + decodePublicKey(bArr, decodeDiscretionaryData);
        int i = decodePublicKey - lengthEncodeLength;
        this.tbs = new byte[i];
        System.arraycopy(bArr, lengthEncodeLength, this.tbs, 0, i);
        if (decodePublicKey + decodeSignature(bArr, decodePublicKey) != bArr.length) {
            throw new PkiException("bad length,mismatch");
        }
        this.encodeValue = bArr;
    }

    private void checkData() throws PkiException {
        if (this.sn == null) {
            throw new PkiException("Certificate Serial Number is null");
        }
        if (this.caId == null) {
            throw new PkiException("CA Identifier is null");
        }
        if (this.subjectId == null) {
            throw new PkiException("Subject Identifier is null");
        }
        if (this.expirationDate == null) {
            throw new PkiException("Expiration Date is null");
        }
        if (this.discretionaryData == null) {
            throw new PkiException("Discretionary Data is null");
        }
        if (this.publicKey == null) {
            throw new PkiException("Public Key is null");
        }
    }

    private void checkDate(String str) throws PkiException {
        if (str.length() != 8) {
            throw new PkiException("date must be YYYYMMDD");
        }
        for (char c : str.toCharArray()) {
            if (c < '0' || c > '9') {
                throw new PkiException("date must be YYYYMMDD");
            }
        }
    }

    private int decodeCAIdentifier(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i <= 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 66) {
            throw new PkiException("bad CA Identifier type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode CA Identifier fail,read end of data");
        }
        this.caId = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.caId, 0, decodeLength);
        return i3;
    }

    private int decodeCertificateSerialNumber(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i <= 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -109) {
            throw new PkiException("bad Certificate Serial Number type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode Certificate Serial Number fail,read end of data");
        }
        this.sn = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.sn, 0, decodeLength);
        return i3;
    }

    private String decodeDate(byte[] bArr, int i) throws PkiException {
        char[] cArr = new char[8];
        int i2 = 0;
        int i3 = 0;
        while (i2 < 4) {
            int i4 = bArr[i + i2] & 255;
            int i5 = (i4 >>> 4) & 15;
            if (i5 < 0 || i5 > 9) {
                throw new PkiException("bad Date");
            }
            cArr[i3] = (char) (i5 + 48);
            int i6 = i4 & 15;
            if (i6 < 0 || i6 > 9) {
                throw new PkiException("bad Date");
            }
            cArr[i3 + 1] = (char) (i6 + 48);
            i2++;
            i3 += 2;
        }
        return new String(cArr);
    }

    private int decodeDiscretionaryData(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 115 && bArr[i] != 83) {
            throw new PkiException("bad Discretionary Data type");
        }
        this.discretionaryDataType = bArr[i];
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode Discretionary Data fail,read end of data");
        }
        this.discretionaryData = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.discretionaryData, 0, decodeLength);
        if (this.discretionaryDataType == 115) {
            parseBERDiscretionaryData(this.discretionaryData, 0, this.discretionaryData.length);
        }
        return i3;
    }

    private int decodeECASDImageNumber(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 69) {
            throw new PkiException("bad ECASD Image Number type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode ECASD Image Number fail,read end of data");
        }
        this.ECASDImageNumber = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.ECASDImageNumber, 0, decodeLength);
        return i3;
    }

    private int decodeEffectiveDate(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 7) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 95) {
            throw new PkiException("bad Effective Date type");
        }
        if (bArr[i + 1] != 37) {
            throw new PkiException("bad Effective Date type");
        }
        if (bArr[i + 2] != 4) {
            throw new PkiException("bad Effective Date length");
        }
        this.effectiveDate = decodeDate(bArr, i + 3);
        return 7;
    }

    private int decodeExpirationDate(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 7) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 95) {
            throw new PkiException("bad Expiration Date type");
        }
        if (bArr[i + 1] != 36) {
            throw new PkiException("bad Expiration Date type");
        }
        if (bArr[i + 2] != 4) {
            throw new PkiException("bad Effective Date length");
        }
        this.expirationDate = decodeDate(bArr, i + 3);
        return 7;
    }

    private int decodeKeyUsage(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i <= 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -107) {
            throw new PkiException("bad Key Usage type");
        }
        int decodeLength = decodeLength(bArr, i + 1);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength) + 1 + decodeLength;
        if (i + lengthEncodeLength > bArr.length) {
            throw new PkiException("decode Key Usage fail,read end of data");
        }
        if (decodeLength != 1 && decodeLength != 2) {
            throw new PkiException("decode Key Usage length fail");
        }
        if (decodeLength == 1) {
            this.keyUsage = bArr[i + 2];
            this.keyUsage &= WebView.NORMAL_MODE_ALPHA;
        } else {
            this.keyUsage = ((bArr[i + 3] & 255) << 8) | (bArr[i + 2] & 255);
        }
        return lengthEncodeLength;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int decodeLength(byte[] bArr, int i) throws PkiException {
        int length = bArr.length - i;
        if (length <= 0) {
            throw new PkiException("decode length fail,read end of data");
        }
        if (bArr[i] == 0) {
            return 0;
        }
        if (bArr[i] > 0) {
            return bArr[i];
        }
        int i2 = bArr[i] & 127;
        if (i2 + 1 > length) {
            throw new PkiException("decode length fail,read end of data");
        }
        if (i2 == 1) {
            return bArr[i + 1] & 255;
        }
        if (i2 != 2) {
            throw new PkiException("decode length fail,unsupport");
        }
        return (bArr[i + 2] & 255) | ((bArr[i + 1] & 255) << 8);
    }

    private int decodePublicKey(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 3) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != Byte.MAX_VALUE) {
            throw new PkiException("bad Public Key type");
        }
        if (bArr[i + 1] != 73) {
            throw new PkiException("bad Public Key type");
        }
        int decodeLength = decodeLength(bArr, i + 2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength) + 2 + decodeLength;
        if (i + lengthEncodeLength > bArr.length) {
            throw new PkiException("decode Public Key fail,read end of data");
        }
        this.publicKey = new ECCPublicKey(bArr, i, lengthEncodeLength);
        return lengthEncodeLength;
    }

    private int decodeSignature(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i <= 3) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 95) {
            throw new PkiException("bad Signature type");
        }
        if (bArr[i + 1] != 55) {
            throw new PkiException("bad Signature type");
        }
        int i2 = i + 2;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 2 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode Signature fail,read end of data");
        }
        this.signatureValue = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.signatureValue, 0, decodeLength);
        return i3;
    }

    private int decodeSubjectIdentifier(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i <= 3) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != 95) {
            throw new PkiException("bad Subject Identifier type");
        }
        if (bArr[i + 1] != 32) {
            throw new PkiException("bad Subject Identifier type");
        }
        int i2 = i + 2;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 2 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode Subject Identifier fail,read end of data");
        }
        this.subjectId = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.subjectId, 0, decodeLength);
        return i3;
    }

    private int decodeeUICCExtendedGSMASASAccreditationSerialNumber(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -62) {
            throw new PkiException("bad eUICC Extended GSMA SAS Accreditation Serial Number type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode eUICC Extended GSMA SAS Accreditation Serial Number fail,read end of data");
        }
        this.eUICCExtendedGSMASASAccreditationSerialNumber = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.eUICCExtendedGSMASASAccreditationSerialNumber, 0, decodeLength);
        return i3;
    }

    private int decodeeUICCProductLineIdentifier(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -63) {
            throw new PkiException("bad eUICC Product Line Identifier type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode eUICC Product Line Identifier fail,read end of data");
        }
        this.eUICCProductLineIdentifier = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.eUICCProductLineIdentifier, 0, decodeLength);
        return i3;
    }

    private int decodeeUICCSupplierIdentifier(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -64) {
            throw new PkiException("bad eUICC Supplier Identifier type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode eUICC Supplier Identifier fail,read end of data");
        }
        this.eUICCSupplierIdentifier = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.eUICCSupplierIdentifier, 0, decodeLength);
        return i3;
    }

    private int decodeissuerSubjectKeyIdentifier(byte[] bArr, int i) throws PkiException {
        if (bArr.length - i < 2) {
            throw new PkiException("bad length,data too much short");
        }
        if (bArr[i] != -55) {
            throw new PkiException("bad Subject Key Identifier of issuer type");
        }
        int i2 = i + 1;
        int decodeLength = decodeLength(bArr, i2);
        int lengthEncodeLength = getLengthEncodeLength(decodeLength);
        int i3 = lengthEncodeLength + 1 + decodeLength;
        if (i + i3 > bArr.length) {
            throw new PkiException("decode Subject Key Identifier of issuer fail,read end of data");
        }
        this.issuerSubjectKeyIdentifier = new byte[decodeLength];
        System.arraycopy(bArr, i2 + lengthEncodeLength, this.issuerSubjectKeyIdentifier, 0, decodeLength);
        return i3;
    }

    private void encodeCertType(byte[] bArr, int i, int i2) {
        int i3 = (i2 >>> 16) & WebView.NORMAL_MODE_ALPHA;
        if (i3 > 127) {
            bArr[i] = (byte) (i3 - 256);
        } else {
            bArr[i] = (byte) i3;
        }
        int i4 = (i2 >>> 8) & WebView.NORMAL_MODE_ALPHA;
        if (i4 > 127) {
            bArr[i + 1] = (byte) (i4 - 256);
        } else {
            bArr[i + 1] = (byte) i4;
        }
        int i5 = i2 & WebView.NORMAL_MODE_ALPHA;
        if (i5 > 127) {
            bArr[i + 2] = (byte) (i5 - 256);
        } else {
            bArr[i + 2] = (byte) i5;
        }
    }

    private void encodeDate(byte[] bArr, int i, String str) {
        char[] charArray = str.toCharArray();
        for (int i2 = 0; i2 < charArray.length; i2 += 2) {
            int encodeDateChar = encodeDateChar(charArray[i2], charArray[i2 + 1]);
            if (encodeDateChar > 127) {
                bArr[i] = (byte) (encodeDateChar - 256);
            } else {
                bArr[i] = (byte) encodeDateChar;
            }
            i++;
        }
    }

    private int encodeDateChar(char c, char c2) {
        return ((c - '0') << 4) | (c2 - '0');
    }

    private int encodeKeyUsage(byte[] bArr, int i, int i2) {
        bArr[i] = -107;
        if (i2 <= 255) {
            bArr[i + 1] = 1;
            if (i2 > 127) {
                bArr[i + 2] = (byte) (i2 - 256);
            } else {
                bArr[i + 2] = (byte) i2;
            }
            return 3;
        }
        bArr[i + 1] = 2;
        int i3 = i2 & WebView.NORMAL_MODE_ALPHA;
        if (i3 > 127) {
            bArr[i + 2] = (byte) (i3 - 256);
        } else {
            bArr[i + 2] = (byte) i3;
        }
        int i4 = (i2 >>> 8) & WebView.NORMAL_MODE_ALPHA;
        if (i4 > 127) {
            bArr[i + 3] = (byte) (i4 - 256);
            return 4;
        }
        bArr[i + 3] = (byte) i4;
        return 4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int encodeLength(byte[] bArr, int i, int i2) {
        if (i2 <= 127) {
            bArr[i] = (byte) i2;
            return 1;
        }
        if (i2 <= 255) {
            bArr[i] = -127;
            if (i2 > 127) {
                bArr[i + 1] = (byte) (i2 - 256);
            } else {
                bArr[i + 1] = (byte) i2;
            }
            return 2;
        }
        if (i2 > 65535) {
            return -1;
        }
        bArr[i] = -126;
        int i3 = (i2 >>> 8) & WebView.NORMAL_MODE_ALPHA;
        if (i3 > 127) {
            bArr[i + 1] = (byte) (i3 - 256);
        } else {
            bArr[i + 1] = (byte) i3;
        }
        int i4 = i2 & WebView.NORMAL_MODE_ALPHA;
        if (i4 > 127) {
            bArr[i + 2] = (byte) (i4 - 256);
            return 3;
        }
        bArr[i + 2] = (byte) i4;
        return 3;
    }

    private int getDiscretionaryDataLength(byte[] bArr, int i) {
        int length = bArr != null ? 0 + bArr.length + 2 : 0;
        return i != -1 ? length + 3 : length;
    }

    private int getDiscretionaryDataLength(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        int length = bArr != null ? 0 + bArr.length + 2 : 0;
        if (bArr2 != null) {
            length += bArr2.length + 2;
        }
        if (bArr3 != null) {
            length += bArr3.length + 2;
        }
        return bArr4 != null ? length + bArr4.length + 2 : length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getLengthEncodeLength(int i) {
        if (i <= 127) {
            return 1;
        }
        if (i <= 255) {
            return 2;
        }
        return i <= 65535 ? 3 : -1;
    }

    private int getSignLength(byte[] bArr, byte[] bArr2) {
        int length = bArr.length + getLengthEncodeLength(bArr2.length) + 2 + bArr2.length;
        return length + getLengthEncodeLength(length) + 2;
    }

    private byte[] getTbsEncode() {
        if (this.tbs != null) {
            return this.tbs;
        }
        byte[] bArr = new byte[getTbsLength()];
        bArr[0] = -109;
        bArr[1] = (byte) this.sn.length;
        System.arraycopy(this.sn, 0, bArr, 2, this.sn.length);
        int length = this.sn.length + 2 + 0;
        bArr[length] = 66;
        bArr[length + 1] = (byte) this.caId.length;
        System.arraycopy(this.caId, 0, bArr, length + 2, this.caId.length);
        int length2 = length + this.caId.length + 2;
        bArr[length2] = 95;
        bArr[length2 + 1] = 32;
        bArr[length2 + 2] = (byte) this.subjectId.length;
        System.arraycopy(this.subjectId, 0, bArr, length2 + 3, this.subjectId.length);
        int length3 = length2 + this.subjectId.length + 3;
        int encodeKeyUsage = length3 + encodeKeyUsage(bArr, length3, this.keyUsage);
        if (this.effectiveDate != null) {
            bArr[encodeKeyUsage] = 95;
            bArr[encodeKeyUsage + 1] = 37;
            bArr[encodeKeyUsage + 2] = 4;
            encodeDate(bArr, encodeKeyUsage + 3, this.effectiveDate);
            encodeKeyUsage += 7;
        }
        bArr[encodeKeyUsage] = 95;
        bArr[encodeKeyUsage + 1] = 36;
        bArr[encodeKeyUsage + 2] = 4;
        encodeDate(bArr, encodeKeyUsage + 3, this.expirationDate);
        int i = encodeKeyUsage + 7;
        if (this.ECASDImageNumber != null) {
            bArr[i] = 69;
            bArr[i + 1] = (byte) this.ECASDImageNumber.length;
            System.arraycopy(this.ECASDImageNumber, 0, bArr, i + 2, this.ECASDImageNumber.length);
            i += this.ECASDImageNumber.length + 2;
        }
        bArr[i] = (byte) this.discretionaryDataType;
        int i2 = i + 1;
        int encodeLength = i2 + encodeLength(bArr, i2, this.discretionaryData.length);
        System.arraycopy(this.discretionaryData, 0, bArr, encodeLength, this.discretionaryData.length);
        int length4 = encodeLength + this.discretionaryData.length;
        byte[] encode = this.publicKey.encode();
        System.arraycopy(encode, 0, bArr, length4, encode.length);
        this.tbs = bArr;
        return this.tbs;
    }

    private int getTbsLength() {
        int length = this.sn.length + 2 + 0 + this.caId.length + 2 + this.subjectId.length + 3;
        int i = this.keyUsage > 255 ? length + 4 : length + 3;
        if (this.effectiveDate != null) {
            i += 7;
        }
        int i2 = i + 7;
        if (this.ECASDImageNumber != null) {
            i2 += this.ECASDImageNumber.length + 2;
        }
        return i2 + getLengthEncodeLength(this.discretionaryData.length) + 1 + this.discretionaryData.length + this.publicKey.encode().length;
    }

    private void parseBERDiscretionaryData(byte[] bArr, int i, int i2) throws PkiException {
        this.eUICCSupplierIdentifier = null;
        this.eUICCProductLineIdentifier = null;
        this.eUICCExtendedGSMASASAccreditationSerialNumber = null;
        this.issuerSubjectKeyIdentifier = null;
        this.serverCertType = -1;
        if (i2 < 2) {
            throw new PkiException("bad discretionaryData");
        }
        int i3 = i2 + i;
        while (i < i3) {
            if (bArr[i] == -64) {
                i += decodeeUICCSupplierIdentifier(bArr, i);
                if (i > i3) {
                    throw new PkiException("bad eUICC Supplier Identifier,too long");
                }
            } else if (bArr[i] == -63) {
                i += decodeeUICCProductLineIdentifier(bArr, i);
                if (i > i3) {
                    throw new PkiException("bad eUICC Product Line Identifier,too long");
                }
            } else if (bArr[i] == -62) {
                i += decodeeUICCExtendedGSMASASAccreditationSerialNumber(bArr, i);
                if (i > i3) {
                    throw new PkiException("bad eUICC Extended GSMA SAS Accreditation Serial Number,too long");
                }
            } else if (bArr[i] == -56) {
                if (i3 - i < 3) {
                    return;
                }
                int i4 = i + 1;
                if (bArr[i4] == 1 && bArr[i + 2] == 1) {
                    this.serverCertType = CERT_TYPE_SM_DP;
                    i += 3;
                } else {
                    if (bArr[i4] != 1 || bArr[i + 2] != 2) {
                        return;
                    }
                    this.serverCertType = CERT_TYPE_SM_SR;
                    i += 3;
                }
            } else {
                if (bArr[i] != -55) {
                    return;
                }
                i += decodeissuerSubjectKeyIdentifier(bArr, i);
                if (i > i3) {
                    throw new PkiException("bad Subject Key Identifier of issuer,too long");
                }
            }
        }
        if (i != i3) {
            throw new PkiException("bad discretionaryData,data too short");
        }
    }

    private byte[] toR_SSignValue(int i, byte[] bArr) throws PkiException {
        return ECDSASigValue.decode(bArr).encodeNonASN1(i);
    }

    public byte[] getCAIdentifier() {
        return this.caId;
    }

    public byte[] getDiscretionaryData() {
        return this.discretionaryData;
    }

    public int getDiscretionaryDataType() {
        return this.discretionaryDataType;
    }

    public byte[] getECASDImageNumber() {
        return this.ECASDImageNumber;
    }

    public String getEffectiveDate() {
        return this.effectiveDate;
    }

    public byte[] getEncode() {
        return this.encodeValue;
    }

    public String getExpirationDate() {
        return this.expirationDate;
    }

    public byte[] getIssuerSubjectKeyIdentifier() {
        return this.issuerSubjectKeyIdentifier;
    }

    public int getKeyUsage() {
        return this.keyUsage;
    }

    public ECCPublicKey getPublicKey() {
        return this.publicKey;
    }

    public byte[] getSerialNumber() {
        return this.sn;
    }

    public int getServerCertType() {
        return this.serverCertType;
    }

    public byte[] getSignature() {
        return this.signatureValue;
    }

    public byte[] getSubjectIdentifier() {
        return this.subjectId;
    }

    public byte[] geteUICCExtendedGSMASASAccreditationSerialNumber() {
        return this.eUICCExtendedGSMASASAccreditationSerialNumber;
    }

    public byte[] geteUICCProductLineIdentifier() {
        return this.eUICCProductLineIdentifier;
    }

    public byte[] geteUICCSupplierIdentifier() {
        return this.eUICCSupplierIdentifier;
    }

    public void setCAIdentifier(byte[] bArr) throws PkiException {
        this.caId = bArr;
        this.tbs = null;
    }

    public void setDiscretionaryData(int i, byte[] bArr) throws PkiException {
        if (i != 83 && i != 115) {
            throw new PkiException("bad Discretionary Data type");
        }
        this.discretionaryDataType = i;
        this.discretionaryData = bArr;
        this.tbs = null;
    }

    public void setDiscretionaryData(byte[] bArr) throws PkiException {
        setDiscretionaryData(115, bArr);
    }

    public void setDiscretionaryData(byte[] bArr, int i) throws PkiException {
        if (bArr == null) {
            throw new PkiException("must has Discretionary Data");
        }
        if (i != 13107457 && i != 13107458 && i != -1) {
            throw new PkiException("bad cert type");
        }
        byte[] bArr2 = new byte[getDiscretionaryDataLength(bArr, i)];
        int i2 = 0;
        if (bArr != null) {
            bArr2[0] = -55;
            bArr2[1] = (byte) bArr.length;
            System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
            i2 = 0 + bArr.length + 2;
        }
        if (i != -1) {
            encodeCertType(bArr2, i2, i);
        }
        this.discretionaryData = bArr2;
        this.discretionaryDataType = 115;
        this.eUICCSupplierIdentifier = null;
        this.eUICCProductLineIdentifier = null;
        this.eUICCExtendedGSMASASAccreditationSerialNumber = null;
        this.issuerSubjectKeyIdentifier = bArr;
        this.serverCertType = i;
        this.tbs = null;
    }

    public void setDiscretionaryData(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws PkiException {
        int i;
        if (bArr == null && bArr2 == null && bArr3 == null && bArr4 == null) {
            throw new PkiException("must has Discretionary Data");
        }
        byte[] bArr5 = new byte[getDiscretionaryDataLength(bArr, bArr2, bArr3, bArr4)];
        if (bArr != null) {
            bArr5[0] = -64;
            bArr5[1] = (byte) bArr.length;
            System.arraycopy(bArr, 0, bArr5, 2, bArr.length);
            i = bArr.length + 2 + 0;
        } else {
            i = 0;
        }
        if (bArr2 != null) {
            bArr5[i] = -63;
            bArr5[i + 1] = (byte) bArr2.length;
            System.arraycopy(bArr2, 0, bArr5, i + 2, bArr2.length);
            i += bArr2.length + 2;
        }
        if (bArr3 != null) {
            bArr5[i] = -62;
            bArr5[i + 1] = (byte) bArr3.length;
            System.arraycopy(bArr3, 0, bArr5, i + 2, bArr3.length);
            i += bArr3.length + 2;
        }
        if (bArr4 != null) {
            bArr5[i] = -55;
            bArr5[i + 1] = (byte) bArr4.length;
            System.arraycopy(bArr4, 0, bArr5, i + 2, bArr4.length);
            int length = bArr4.length;
        }
        this.discretionaryData = bArr5;
        this.discretionaryDataType = 115;
        this.eUICCSupplierIdentifier = bArr;
        this.eUICCProductLineIdentifier = bArr2;
        this.eUICCExtendedGSMASASAccreditationSerialNumber = bArr3;
        this.issuerSubjectKeyIdentifier = bArr4;
        this.serverCertType = -1;
        this.tbs = null;
    }

    public void setECASDImageNumber(byte[] bArr) throws PkiException {
        if (bArr.length < 1 || bArr.length > 16) {
            throw new PkiException("the length of ECASD Image Number must be 1-16");
        }
        this.ECASDImageNumber = bArr;
        this.tbs = null;
    }

    public void setEffectiveDate(String str) throws PkiException {
        if (str == null) {
            this.effectiveDate = null;
            this.tbs = null;
        } else {
            checkDate(str);
            this.effectiveDate = str;
            this.tbs = null;
        }
    }

    public void setExpirationDate(String str) throws PkiException {
        checkDate(str);
        this.expirationDate = str;
        this.tbs = null;
    }

    public void setKeyUsage(int i) throws PkiException {
        this.keyUsage = i;
        this.tbs = null;
    }

    public void setPublicKey(ECCPublicKey eCCPublicKey) throws PkiException {
        this.publicKey = eCCPublicKey;
        this.tbs = null;
    }

    public void setSerialNumber(byte[] bArr) throws PkiException {
        if (bArr.length < 1 || bArr.length > 16) {
            throw new PkiException("the length of Certificate Serial Number must be 1-16");
        }
        this.sn = bArr;
        this.tbs = null;
    }

    public void setSubjectIdentifier(byte[] bArr) throws PkiException {
        if (bArr.length < 1 || bArr.length > 16) {
            throw new PkiException("the length of Subject Identifier must be 1-16");
        }
        this.subjectId = bArr;
        this.tbs = null;
    }

    public byte[] sign(Signable signable, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        checkData();
        byte[] tbsEncode = getTbsEncode();
        this.signatureValue = toR_SSignValue(this.publicKey.getBits(), signable.sign(algorithmIdentifier, tbsEncode, 0, tbsEncode.length));
        byte[] bArr = new byte[getSignLength(tbsEncode, this.signatureValue)];
        bArr[0] = Byte.MAX_VALUE;
        bArr[1] = 33;
        int encodeLength = encodeLength(bArr, 2, tbsEncode.length + 2 + getLengthEncodeLength(this.signatureValue.length) + this.signatureValue.length) + 2;
        System.arraycopy(tbsEncode, 0, bArr, encodeLength, tbsEncode.length);
        int length = encodeLength + tbsEncode.length;
        bArr[length] = 95;
        bArr[length + 1] = 55;
        int i = length + 2;
        System.arraycopy(this.signatureValue, 0, bArr, i + encodeLength(bArr, i, this.signatureValue.length), this.signatureValue.length);
        this.encodeValue = bArr;
        return bArr;
    }

    public boolean verify(Verifible verifible, PublicKey publicKey, AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        if (this.signatureValue == null) {
            throw new PkiException("signature is null");
        }
        ECDSASigValue decodeNonASN1 = ECDSASigValue.decodeNonASN1(this.signatureValue);
        byte[] tbsEncode = getTbsEncode();
        return verifible.verify(publicKey, algorithmIdentifier, tbsEncode, 0, tbsEncode.length, decodeNonASN1.getASN1Object().encode());
    }
}
