package net.netca.pki.crypto.android.interfaces.impl;

import android.content.Context;
import android.text.TextUtils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.netca.pki.Certificate;
import net.netca.pki.PkiException;
import net.netca.pki.crypto.android.constant.NetcaPKIConst;
import net.netca.pki.crypto.android.core.DeviceItem;
import net.netca.pki.crypto.android.core.DeviceManager;
import net.netca.pki.crypto.android.core.NetcaCert;
import net.netca.pki.crypto.android.exceptions.CertRevokedException;
import net.netca.pki.crypto.android.exceptions.UserCancelException;
import net.netca.pki.crypto.android.global.PKISetting;
import net.netca.pki.crypto.android.interfaces.CertInterface;
import net.netca.pki.crypto.android.utils.CertUtil;
import net.netca.pki.crypto.android.utils.SelectCertUtil;

/* loaded from: classes3.dex */
public class CertImpl implements CertInterface {
    private ArrayList<NetcaCert> getAllCertsFromDevice() {
        ArrayList<NetcaCert> arrayList = new ArrayList<>();
        int count = DeviceManager.getInstance().getCount();
        for (int i = 0; i < count; i++) {
            DeviceItem item = DeviceManager.getInstance().getItem(i);
            if (item != null) {
                Iterator<Certificate> it = item.getCerts().iterator();
                while (it.hasNext()) {
                    try {
                        NetcaCert netcaCert = new NetcaCert(it.next());
                        if (netcaCert.isActive() && !netcaCert.isExpired()) {
                            arrayList.add(netcaCert);
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
        }
        return arrayList;
    }

    private ArrayList<Certificate> getCertListByType(String str) throws PkiException {
        ArrayList<Certificate> arrayList = new ArrayList<>();
        ArrayList<NetcaCert> allCertsFromDevice = getAllCertsFromDevice();
        for (int i = 0; i < allCertsFromDevice.size(); i++) {
            NetcaCert netcaCert = allCertsFromDevice.get(i);
            if (!netcaCert.isExpired()) {
                if (str == null || str.equalsIgnoreCase(NetcaPKIConst.Cert.CERT_TYPE_SIGN_ENCRYPT)) {
                    arrayList.add(new Certificate(netcaCert.getPemCode()));
                } else if (str.equalsIgnoreCase(NetcaPKIConst.Cert.CERT_TYPE_SIGN)) {
                    if (netcaCert.getCertType() == NetcaCert.CertTypeEnum.Signature || netcaCert.getCertType() == NetcaCert.CertTypeEnum.Both) {
                        arrayList.add(new Certificate(netcaCert.getPemCode()));
                    }
                } else if (str.equalsIgnoreCase(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT) && (netcaCert.getCertType() == NetcaCert.CertTypeEnum.Encrypt || netcaCert.getCertType() == NetcaCert.CertTypeEnum.Both)) {
                    arrayList.add(new Certificate(netcaCert.getPemCode()));
                }
            }
        }
        return arrayList;
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public List<Certificate> getEncCertList() throws PkiException {
        return getCertListByType(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public List<Certificate> getSignCertList() throws PkiException {
        return getCertListByType(NetcaPKIConst.Cert.CERT_TYPE_SIGN);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public synchronized Certificate getSingleEncCert() throws PkiException {
        ArrayList<Certificate> certListByType = getCertListByType(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT);
        if (certListByType != null && !certListByType.isEmpty()) {
            if (certListByType.size() == 1) {
                return certListByType.get(0);
            }
            Context activity = PKISetting.getInstance().getActivity();
            if (activity == null) {
                activity = PKISetting.getInstance().getApplicationContext();
            }
            Certificate cert = new SelectCertUtil(activity, certListByType).getCert();
            if (cert != null) {
                return cert;
            }
            throw new UserCancelException("用户取消");
        }
        return null;
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public synchronized Certificate getSingleSignCert() throws PkiException {
        ArrayList<Certificate> certListByType = getCertListByType(NetcaPKIConst.Cert.CERT_TYPE_SIGN);
        if (certListByType != null && !certListByType.isEmpty()) {
            if (certListByType.size() == 1) {
                return certListByType.get(0);
            }
            Context activity = PKISetting.getInstance().getActivity();
            if (activity == null) {
                activity = PKISetting.getInstance().getApplicationContext();
            }
            Certificate cert = new SelectCertUtil(activity, certListByType).getCert();
            if (cert != null) {
                return cert;
            }
            throw new UserCancelException("用户取消");
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x002d A[DONT_GENERATE] */
    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isSm2(net.netca.pki.Certificate r4) throws net.netca.pki.PkiException {
        /*
            r3 = this;
            r0 = 0
            int r1 = r4.getKeyUsage()     // Catch: java.lang.Throwable -> L31
            r2 = r1 & 1
            if (r2 == 0) goto L1d
            boolean r1 = r4.isInValidity()     // Catch: java.lang.Throwable -> L31
            if (r1 == 0) goto L15
            r1 = 2
            net.netca.pki.PublicKey r4 = r4.getPublicKey(r1)     // Catch: java.lang.Throwable -> L31
            goto L26
        L15:
            r1 = 268435458(0x10000002, float:2.5243555E-29)
            net.netca.pki.PublicKey r4 = r4.getPublicKey(r1)     // Catch: java.lang.Throwable -> L31
            goto L26
        L1d:
            r1 = r1 & 8
            if (r1 == 0) goto L27
            r1 = 1
            net.netca.pki.PublicKey r4 = r4.getPublicKey(r1)     // Catch: java.lang.Throwable -> L31
        L26:
            r0 = r4
        L27:
            boolean r4 = r0.isSM2()     // Catch: java.lang.Throwable -> L31
            if (r0 == 0) goto L30
            r0.free()
        L30:
            return r4
        L31:
            r4 = move-exception
            if (r0 == 0) goto L37
            r0.free()
        L37:
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: net.netca.pki.crypto.android.interfaces.impl.CertImpl.isSm2(net.netca.pki.Certificate):boolean");
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public byte[] verifyCertByCrl(Certificate certificate, String str) throws PkiException {
        if (TextUtils.isEmpty(str)) {
            str = certificate.getAttribute(56);
        }
        byte[] certCRL = CertUtil.getCertCRL(str, certificate);
        switch (certificate.verifyWithCrl(certCRL)) {
            case -2:
                throw new CertRevokedException("CA证书已吊销");
            case -1:
                throw new PkiException("证书状态未知");
            case 0:
                throw new CertRevokedException("证书已吊销");
            default:
                return certCRL;
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public byte[] verifyCertByOcsp(Certificate certificate, String str) throws PkiException {
        if (TextUtils.isEmpty(str)) {
            str = certificate.getAttribute(58);
        }
        byte[] certOCSP = CertUtil.getCertOCSP(str, certificate);
        switch (CertUtil.getOcspStatus(certOCSP)) {
            case -2:
                throw new CertRevokedException("CA证书已吊销");
            case -1:
                throw new PkiException("证书状态未知");
            case 0:
                throw new CertRevokedException("证书已吊销");
            default:
                return certOCSP;
        }
    }
}
