package net.netca.pki.encoding.asn1.pki;

import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import net.netca.pki.NonExistentException;
import net.netca.pki.PkiException;
import net.netca.pki.encoding.Base64;
import net.netca.pki.encoding.asn1.ASN1Data;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.ASN1Type;
import net.netca.pki.encoding.asn1.ASN1TypeManager;
import net.netca.pki.encoding.asn1.BitString;
import net.netca.pki.encoding.asn1.Integer;
import net.netca.pki.encoding.asn1.Sequence;
import net.netca.pki.encoding.asn1.SequenceOf;
import net.netca.pki.encoding.asn1.SequenceType;

/* loaded from: classes3.dex */
public final class X509Certificate {
    public static final int V1 = 0;
    public static final int V2 = 1;
    public static final int V3 = 2;
    private static final ASN1Type type = ASN1TypeManager.getInstance().get("Certificate");
    private ASN1Data cert;
    private byte[] encode;

    public X509Certificate(String str) throws PkiException {
        init(str);
    }

    public X509Certificate(Sequence sequence) throws PkiException {
        if (!type.match(sequence)) {
            throw new PkiException("bad cert");
        }
        this.cert = new ASN1Data("Certificate", sequence);
        this.encode = sequence.encode();
    }

    public X509Certificate(byte[] bArr) throws PkiException {
        init(bArr, 0, bArr.length);
    }

    public X509Certificate(byte[] bArr, int i, int i2) throws PkiException {
        init(bArr, i, i2);
    }

    public static X509Certificate decode(byte[] bArr) throws PkiException {
        return new X509Certificate(bArr);
    }

    public static SequenceType getASN1Type() {
        return (SequenceType) type;
    }

    private void init(String str) throws PkiException {
        if (str == null || str.length() == 0) {
            throw new PkiException("bad input param");
        }
        char charAt = str.charAt(0);
        if (charAt == 'M') {
            byte[] decode = Base64.decode(true, str);
            initDer(decode, 0, decode.length);
        } else {
            if (charAt != '-') {
                throw new PkiException("bad cert encode");
            }
            byte[] pemDecode = Base64.pemDecode("CERTIFICATE", str);
            initDer(pemDecode, 0, pemDecode.length);
        }
    }

    private void init(byte[] bArr, int i, int i2) throws PkiException {
        if (bArr == null || i < 0 || i2 <= 0) {
            throw new PkiException("bad input param");
        }
        if (i + i2 > bArr.length) {
            throw new PkiException("bad input param");
        }
        if (bArr[0] == 48) {
            initDer(bArr, i, i2);
            return;
        }
        if (bArr[0] == 77) {
            try {
                byte[] decode = Base64.decode(true, new String(bArr, i, i2, "UTF-8"));
                initDer(decode, 0, decode.length);
            } catch (UnsupportedEncodingException unused) {
                throw new PkiException("bad cert encode");
            }
        } else {
            if (bArr[0] != 45) {
                throw new PkiException("bad cert encode");
            }
            try {
                byte[] pemDecode = Base64.pemDecode("CERTIFICATE", new String(bArr, i, i2, "UTF-8"));
                initDer(pemDecode, 0, pemDecode.length);
            } catch (UnsupportedEncodingException unused2) {
                throw new PkiException("bad cert encode");
            }
        }
    }

    private void initDer(byte[] bArr, int i, int i2) throws PkiException {
        ASN1Object decode = ASN1Object.decode(bArr, i, i2, type);
        if (decode == null) {
            throw new PkiException("bad cert der encode");
        }
        this.cert = new ASN1Data("Certificate", decode);
        this.encode = new byte[i2];
        System.arraycopy(bArr, i, this.encode, 0, i2);
    }

    public byte[] derEncode() {
        return this.encode;
    }

    public boolean equals(Object obj) {
        if (obj instanceof X509Certificate) {
            return Arrays.equals(this.encode, ((X509Certificate) obj).encode);
        }
        return false;
    }

    public Sequence getASN1Object() {
        return (Sequence) this.cert.getValue();
    }

    public String[] getCACertUrl() throws PkiException {
        Extensions extensions = getExtensions();
        if (extensions == null) {
            throw new NonExistentException("no extensions");
        }
        Extension extension = extensions.get(Extension.AUTHORITYINFOACCESS_OID);
        if (extension == null) {
            throw new NonExistentException("no aia extension");
        }
        InfoAccessExtension infoAccessExtension = (InfoAccessExtension) extension.getExtensionObject();
        int size = infoAccessExtension.size();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < size; i++) {
            AccessDescription accessDescription = infoAccessExtension.get(i);
            if (accessDescription.getAccessMethod().equals(AccessDescription.CAISSUERS_OID)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    arrayList.add(accessLocation.getURI());
                }
            }
        }
        if (arrayList.size() != 0) {
            return (String[]) arrayList.toArray(new String[0]);
        }
        throw new NonExistentException("no ca issuer url in aia extension");
    }

    public String[] getCRLUrl() throws PkiException {
        ArrayList arrayList = new ArrayList();
        Extensions extensions = getExtensions();
        if (extensions == null) {
            throw new NonExistentException("no extensions");
        }
        Extension extension = extensions.get(Extension.CRLDISTRIBUTIONPOINTS_OID);
        if (extension == null) {
            throw new NonExistentException("no crldp extension");
        }
        CRLDistributionPointsExtension cRLDistributionPointsExtension = (CRLDistributionPointsExtension) extension.getExtensionObject();
        int size = cRLDistributionPointsExtension.size();
        for (int i = 0; i < size; i++) {
            DistributionPointName distributionPoint = cRLDistributionPointsExtension.get(i).getDistributionPoint();
            if (distributionPoint != null && distributionPoint.getType() == 0) {
                GeneralNames fullName = distributionPoint.getFullName();
                int size2 = fullName.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    GeneralName generalName = fullName.get(i2);
                    if (generalName.getType() == 6) {
                        arrayList.add(generalName.getURI());
                    }
                }
            }
        }
        if (arrayList.size() != 0) {
            return (String[]) arrayList.toArray(new String[0]);
        }
        throw new NonExistentException("no crl url in crldp extension");
    }

    public Sequence getCertObject() {
        return (Sequence) this.cert.getValue();
    }

    public Extensions getExtensions() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.extensions.value");
        if (value == null) {
            return null;
        }
        return new Extensions((SequenceOf) value);
    }

    public AlgorithmIdentifier getInnerSignatureAlgorithmIdentifier() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.signature");
        if (value != null) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("get inner signature algorithm fail");
    }

    public X500Name getIssuer() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.issuer");
        if (value != null) {
            return new X500Name((SequenceOf) value);
        }
        throw new PkiException("get issuer fail");
    }

    public BitString getIssuerUniqueID() throws PkiException {
        return (BitString) this.cert.getValue("tbsCertificate.issuerUniqueID.value");
    }

    public Date getNotAfter() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.validity.notAfter");
        if (value != null) {
            return new Time(value).getTime();
        }
        throw new PkiException("get notAfter fail");
    }

    public Date getNotBefore() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.validity.notBefore");
        if (value != null) {
            return new Time(value).getTime();
        }
        throw new PkiException("get notBefore fail");
    }

    public String getOcspUrl() throws PkiException {
        Extensions extensions = getExtensions();
        if (extensions == null) {
            throw new NonExistentException("no extensions");
        }
        Extension extension = extensions.get(Extension.AUTHORITYINFOACCESS_OID);
        if (extension == null) {
            throw new NonExistentException("no aia extension");
        }
        InfoAccessExtension infoAccessExtension = (InfoAccessExtension) extension.getExtensionObject();
        int size = infoAccessExtension.size();
        for (int i = 0; i < size; i++) {
            AccessDescription accessDescription = infoAccessExtension.get(i);
            if (accessDescription.getAccessMethod().equals(AccessDescription.OCSP_OID)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    return accessLocation.getURI();
                }
            }
        }
        throw new NonExistentException("no ocsp url in aia extension");
    }

    public AlgorithmIdentifier getOutterSignatureAlgorithmIdentifier() throws PkiException {
        ASN1Object value = this.cert.getValue("signatureAlgorithm");
        if (value != null) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("get outter signature algorithm fail");
    }

    public byte[] getSerialNumber() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.serialNumber");
        if (value != null) {
            return ((Integer) value).getContentEncode();
        }
        throw new PkiException("get serialNumber fail");
    }

    public byte[] getSignature() throws PkiException {
        ASN1Object value = this.cert.getValue("signature");
        if (value == null) {
            throw new PkiException("get signature fail");
        }
        BitString bitString = (BitString) value;
        if (bitString.getUnusedBits() == 0) {
            return bitString.getValue();
        }
        throw new PkiException("signature's unusedBits is not zeor " + bitString.getUnusedBits());
    }

    public AlgorithmIdentifier getSignatureAlgorithmIdentifier() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.signature");
        if (value == null) {
            throw new PkiException("get inner signature algorithm fail");
        }
        ASN1Object value2 = this.cert.getValue("signatureAlgorithm");
        if (value2 == null) {
            throw new PkiException("get outter signature algorithm fail");
        }
        if (value.equals(value2)) {
            return new AlgorithmIdentifier((Sequence) value);
        }
        throw new PkiException("inner and outter signature algorithm differ");
    }

    public X500Name getSubject() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.subject");
        if (value != null) {
            return new X500Name((SequenceOf) value);
        }
        throw new PkiException("get subject fail");
    }

    public SubjectPublicKeyInfo getSubjectPublicKeyInfo() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.subjectPublicKeyInfo");
        if (value != null) {
            return new SubjectPublicKeyInfo((Sequence) value);
        }
        throw new PkiException("get subjectPublicKeyInfo fail");
    }

    public BitString getSubjectUniqueID() throws PkiException {
        return (BitString) this.cert.getValue("tbsCertificate.subjectUniqueID.value");
    }

    public byte[] getTbs() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate");
        if (value != null) {
            return value.encode();
        }
        throw new PkiException("get tbsCertificate fail");
    }

    public int getVersion() throws PkiException {
        ASN1Object value = this.cert.getValue("tbsCertificate.version.value");
        if (value != null) {
            return ((Integer) value).getIntegerValue();
        }
        throw new PkiException("get version fail");
    }

    public boolean isInValidity() throws PkiException {
        return isInValidity(new Date());
    }

    public boolean isInValidity(Date date) throws PkiException {
        return (date.before(getNotBefore()) || date.after(getNotAfter())) ? false : true;
    }

    public boolean isRSA() {
        try {
            String oid = getSubjectPublicKeyInfo().getAlgorithm().getOid();
            if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID) || oid.equals(AlgorithmIdentifier.RSAES_OAEP_OID)) {
                return true;
            }
            return oid.equals(AlgorithmIdentifier.RSASSA_PSS_OID);
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean isSM2() {
        try {
            return getSubjectPublicKeyInfo().isSM2();
        } catch (Exception unused) {
            return false;
        }
    }

    public String pemEncode() {
        return Base64.pemEncode("CERTIFICATE", this.encode);
    }

    public boolean verifySignature(Verifible verifible, PublicKey publicKey) throws PkiException {
        byte[] tbs = getTbs();
        return verifible.verify(publicKey, getSignatureAlgorithmIdentifier(), tbs, 0, tbs.length, getSignature());
    }
}
