package net.netca.pki.impl.jce;

import com.sun.jna.Function;
import com.tencent.soter.core.keystore.KeyPropertiesCompact;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import net.netca.pki.algorithm.ecc.Curve;
import net.netca.pki.algorithm.ecc.ECCPublicKey;
import net.netca.pki.d;
import net.netca.pki.encoding.Hex;
import net.netca.pki.encoding.asn1.ASN1Object;
import net.netca.pki.encoding.asn1.BMPString;
import net.netca.pki.encoding.asn1.BMPStringType;
import net.netca.pki.encoding.asn1.ChoiceType;
import net.netca.pki.encoding.asn1.IA5String;
import net.netca.pki.encoding.asn1.IA5StringType;
import net.netca.pki.encoding.asn1.ObjectIdentifier;
import net.netca.pki.encoding.asn1.ObjectIdentifierType;
import net.netca.pki.encoding.asn1.PrintableString;
import net.netca.pki.encoding.asn1.PrintableStringType;
import net.netca.pki.encoding.asn1.UTF8String;
import net.netca.pki.encoding.asn1.UTF8StringType;
import net.netca.pki.encoding.asn1.VisibleString;
import net.netca.pki.encoding.asn1.VisibleStringType;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.AttributeTypeAndValue;
import net.netca.pki.encoding.asn1.pki.BasicConstraintsExtension;
import net.netca.pki.encoding.asn1.pki.DSAPublicKey;
import net.netca.pki.encoding.asn1.pki.ExtKeyUsageExtension;
import net.netca.pki.encoding.asn1.pki.Extension;
import net.netca.pki.encoding.asn1.pki.Extensions;
import net.netca.pki.encoding.asn1.pki.GeneralName;
import net.netca.pki.encoding.asn1.pki.GeneralNames;
import net.netca.pki.encoding.asn1.pki.GeneralNamesExtension;
import net.netca.pki.encoding.asn1.pki.JCEPrivateKeyDecrypter;
import net.netca.pki.encoding.asn1.pki.JCESigner;
import net.netca.pki.encoding.asn1.pki.JCEVerifier;
import net.netca.pki.encoding.asn1.pki.NamedBitStringExtension;
import net.netca.pki.encoding.asn1.pki.OctetStringExtension;
import net.netca.pki.encoding.asn1.pki.OtherName;
import net.netca.pki.encoding.asn1.pki.PublicKey;
import net.netca.pki.encoding.asn1.pki.RSAPublicKey;
import net.netca.pki.encoding.asn1.pki.RelativeDistinguishedName;
import net.netca.pki.encoding.asn1.pki.SubjectPublicKeyInfo;
import net.netca.pki.encoding.asn1.pki.X500Name;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;
import net.netca.pki.encoding.asn1.pki.X509CertificatePathBuilder;
import net.netca.pki.encoding.asn1.pki.X509CertificatePathValidator;
import net.netca.pki.global.IHash;
import net.netca.pki.global.IPrivateKeyDecrypt;
import net.netca.pki.global.IPublicKeyEncrypt;
import net.netca.pki.global.ISign;
import net.netca.pki.global.IVerify;
import net.netca.pki.global.RevokeInfo;
import net.netca.pki.global.UnsupportedException;
import net.netca.pki.global.X509Certificate;
import net.netca.pki.u;

/* loaded from: classes.dex */
public final class JCEX509Certificate extends X509Certificate {
    private net.netca.pki.encoding.asn1.pki.X509Certificate cert;
    private X509CertificateAndPrivateKey certAndPrivateKey;
    private int ku;
    private JCEPki pki;
    private PrivateKey privateKey;
    private int publicKeyType;
    private RevokeInfo revokeInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEX509Certificate(JCEPki jCEPki, String str) {
        this.pki = jCEPki;
        this.cert = new net.netca.pki.encoding.asn1.pki.X509Certificate(str);
        this.publicKeyType = getPublicKeyType(this.cert);
        this.certAndPrivateKey = null;
        this.privateKey = null;
        this.ku = getKeyUsage(this.cert);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEX509Certificate(JCEPki jCEPki, X509CertificateAndPrivateKey x509CertificateAndPrivateKey, PrivateKey privateKey) {
        this.pki = jCEPki;
        this.privateKey = privateKey;
        this.certAndPrivateKey = x509CertificateAndPrivateKey;
        this.cert = x509CertificateAndPrivateKey.getCert();
        this.publicKeyType = getPublicKeyType(this.cert);
        this.ku = getKeyUsage(this.cert);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEX509Certificate(JCEPki jCEPki, byte[] bArr) {
        this(jCEPki, bArr, 0, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCEX509Certificate(JCEPki jCEPki, byte[] bArr, int i, int i2) {
        this.pki = jCEPki;
        this.cert = new net.netca.pki.encoding.asn1.pki.X509Certificate(bArr, i, i2);
        this.publicKeyType = getPublicKeyType(this.cert);
        this.certAndPrivateKey = null;
        this.privateKey = null;
        this.ku = getKeyUsage(this.cert);
    }

    private SM2Encrypt createSM2Encrypt() {
        if (this.publicKeyType == 2 && this.cert.getSubjectPublicKeyInfo().getSubjectPublicKey().getUnusedBits() == 0) {
            return new SM2Encrypt(ECCPublicKey.Parse(Curve.getSM2Curve(), this.cert.getSubjectPublicKeyInfo().getSubjectPublicKey().getValue()));
        }
        return null;
    }

    private SM2Verify createSM2Verify() {
        if (this.publicKeyType == 2 && this.cert.getSubjectPublicKeyInfo().getSubjectPublicKey().getUnusedBits() == 0) {
            return new SM2Verify(ECCPublicKey.Parse(Curve.getSM2Curve(), this.cert.getSubjectPublicKeyInfo().getSubjectPublicKey().getValue()));
        }
        return null;
    }

    private void getAttribute(List<String> list, AttributeTypeAndValue attributeTypeAndValue, String str) {
        if (attributeTypeAndValue.getType().equals(str)) {
            list.add(attributeTypeAndValue.getStringValue());
        }
    }

    private void getAttribute(List<String> list, RelativeDistinguishedName relativeDistinguishedName, String str) {
        int size = relativeDistinguishedName.size();
        for (int i = 0; i < size; i++) {
            getAttribute(list, relativeDistinguishedName.get(i), str);
        }
    }

    private void getAttribute(List<String> list, X500Name x500Name, String str) {
        for (int size = x500Name.size() - 1; size >= 0; size--) {
            getAttribute(list, x500Name.get(size), str);
        }
    }

    private String getAttributeString(X500Name x500Name, String str) {
        ArrayList arrayList = new ArrayList();
        getAttribute(arrayList, x500Name, str);
        if (arrayList.size() == 0) {
            return null;
        }
        return arrayList.get(0);
    }

    private String[] getAttributeStringArray(X500Name x500Name, String str) {
        ArrayList arrayList = new ArrayList();
        getAttribute(arrayList, x500Name, str);
        if (arrayList.size() == 0) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    private int getCertClass(byte[] bArr) {
        String encode = Hex.encode(true, bArr);
        if (encode.equals("307B310B300906035504061302434E31243022060355040A131B4E4554434120436572746966696361746520417574686F72697479311F301D060355040B1316436F6465205369676E696E6720436C61737341204341312530230603550403131C4E4554434120436F6465205369676E696E6720436C61737341204341") || encode.equals("308189310B300906035504061302434E310E300C060355040A13054E455443413131302F060355040B1328436C617373422054657374696E6720616E64204576616C756174696F6E20436F64655369676E4341313730350603550403132E4E4554434120436C617373422054657374696E6720616E64204576616C756174696F6E20436F64655369676E4341")) {
            return 12;
        }
        if (encode.equals("3077310B300906035504061302434E31243022060355040A131B4E4554434120436572746966696361746520417574686F72697479311D301B060355040B1314496E646976696475616C20436C61737341204341312330210603550403131A4E4554434120496E646976696475616C20436C61737341204341") || encode.equals("30818D310B300906035504061302434E310E300C060355040A13054E4554434131333031060355040B132A436C617373422054657374696E6720616E64204576616C756174696F6E20496E646976696475616C434131393037060355040313304E4554434120436C617373422054657374696E6720616E64204576616C756174696F6E20496E646976696475616C4341") || encode.equals("3058310B300906035504061302434E31243022060355040A0C1B4E4554434120436572746966696361746520417574686F726974793123302106035504030C1A434353204E45544341204C3320496E646976696475616C204341")) {
            return 9;
        }
        if (encode.equals("307B310B300906035504061302434E31243022060355040A131B4E4554434120436572746966696361746520417574686F72697479311F301D060355040B13164F7267616E697A6174696F6E20436C61737341204341312530230603550403131C4E45544341204F7267616E697A6174696F6E20436C61737341204341") || encode.equals("308191310B300906035504061302434E310E300C060355040A13054E4554434131353033060355040B132C436C617373422054657374696E6720616E64204576616C756174696F6E204F7267616E697A6174696F6E4341313B3039060355040313324E4554434120436C617373422054657374696E6720616E64204576616C756174696F6E204F7267616E697A6174696F6E4341") || encode.equals("305A310B300906035504061302434E31243022060355040A0C1B4E4554434120436572746966696361746520417574686F726974793125302306035504030C1C434353204E45544341204C33204F7267616E697A6174696F6E204341")) {
            try {
                String[] cn2 = getCN();
                if (cn2 == null) {
                    return 6;
                }
                String o = getO();
                if (o != null && cn2.length == 1) {
                    if (cn2[0].equals(o)) {
                        return 6;
                    }
                }
                return 8;
            } catch (Exception unused) {
                return 0;
            }
        }
        if (!encode.equals("3052310B300906035504061302434E31243022060355040A0C1B4E4554434120436572746966696361746520417574686F72697479311D301B06035504030C14434353204E45544341204C322053756231204341") && !encode.equals("3052310B300906035504061302434E31243022060355040A0C1B4E4554434120436572746966696361746520417574686F72697479311D301B06035504030C14434353204E45544341204C312053756231204341")) {
            return (encode.equals("306F310B300906035504061302434E31243022060355040A131B4E4554434120436572746966696361746520417574686F7269747931193017060355040B131053657276657220436C61737341204341311F301D060355040313164E455443412053657276657220436C61737341204341") || encode.equals("308185310B300906035504061302434E310E300C060355040A13054E45544341312F302D060355040B1326436C617373422054657374696E6720616E64204576616C756174696F6E205365727665724341313530330603550403132C4E4554434120436C617373422054657374696E6720616E64204576616C756174696F6E205365727665724341") || encode.equals("3054310B300906035504061302434E31243022060355040A0C1B4E4554434120436572746966696361746520417574686F72697479311F301D06035504030C16434353204E45544341204C3320446576696365204341")) ? 10 : 0;
        }
        try {
            String[] cn3 = getCN();
            if (cn3 == null) {
                return 6;
            }
            String o2 = getO();
            if (o2 == null) {
                return 9;
            }
            if (cn3.length == 1) {
                if (cn3[0].equals(o2)) {
                    return 6;
                }
            }
            return 8;
        } catch (Exception unused2) {
            return 0;
        }
    }

    private void getDNSInGeneralName(List<String> list, GeneralName generalName) {
        if (generalName.getType() == 2) {
            list.add(generalName.getDNSName());
        }
    }

    private void getDNSInGeneralNames(List<String> list, GeneralNames generalNames) {
        int size = generalNames.size();
        for (int i = 0; i < size; i++) {
            getDNSInGeneralName(list, generalNames.get(i));
        }
    }

    private void getDNSInSubjectAltName(List<String> list) {
        Extension extension = getExtension(Extension.SUBJECT_ALTNAME_OID);
        if (extension == null) {
            return;
        }
        getDNSInGeneralNames(list, ((GeneralNamesExtension) extension.getExtensionObject()).getGeneralNames());
    }

    private void getEmailInGeneralName(List<String> list, GeneralName generalName) {
        if (generalName.getType() == 1) {
            list.add(generalName.getRFC822Name());
        }
    }

    private void getEmailInGeneralNames(List<String> list, GeneralNames generalNames) {
        int size = generalNames.size();
        for (int i = 0; i < size; i++) {
            getEmailInGeneralName(list, generalNames.get(i));
        }
    }

    private void getEmailInSubjectAltName(List<String> list) {
        Extension extension = getExtension(Extension.SUBJECT_ALTNAME_OID);
        if (extension == null) {
            return;
        }
        getEmailInGeneralNames(list, ((GeneralNamesExtension) extension.getExtensionObject()).getGeneralNames());
    }

    private Extension getExtension(String str) {
        Extensions extensions = this.cert.getExtensions();
        if (extensions == null) {
            return null;
        }
        return extensions.get(str);
    }

    private void getIPInGeneralName(List<String> list, GeneralName generalName) {
        if (generalName.getType() == 7) {
            byte[] iPAddress = generalName.getIPAddress();
            StringBuilder sb = new StringBuilder();
            int i = 0;
            if (iPAddress.length == 4) {
                int i2 = iPAddress[0];
                if (i2 < 0) {
                    i2 += 256;
                }
                sb.append(i2);
                sb.append(".");
                int i3 = iPAddress[1];
                if (i3 < 0) {
                    i3 += 256;
                }
                sb.append(i3);
                sb.append(".");
                int i4 = iPAddress[2];
                if (i4 < 0) {
                    i4 += 256;
                }
                sb.append(i4);
                sb.append(".");
                int i5 = iPAddress[3];
                if (i5 < 0) {
                    i5 += 256;
                }
                sb.append(i5);
            } else {
                if (iPAddress.length != 16) {
                    throw new u("bad ip");
                }
                char[] charArray = Hex.encode(true, iPAddress).toCharArray();
                while (i < charArray.length - 2) {
                    sb.append(charArray[i]);
                    sb.append(charArray[i + 1]);
                    sb.append(":");
                    i += 2;
                }
                sb.append(charArray[i]);
                sb.append(charArray[i + 1]);
            }
            list.add(sb.toString());
        }
    }

    private void getIPInGeneralNames(List<String> list, GeneralNames generalNames) {
        int size = generalNames.size();
        for (int i = 0; i < size; i++) {
            getIPInGeneralName(list, generalNames.get(i));
        }
    }

    private void getIPInSubjectAltName(List<String> list) {
        Extension extension = getExtension(Extension.SUBJECT_ALTNAME_OID);
        if (extension == null) {
            return;
        }
        getIPInGeneralNames(list, ((GeneralNamesExtension) extension.getExtensionObject()).getGeneralNames());
    }

    private String getKeyType(int i) {
        if (i == 1) {
            return KeyPropertiesCompact.KEY_ALGORITHM_RSA;
        }
        if (i == 9) {
            return "DSA";
        }
        if (i == 2 || i == 10 || i == 3 || i == 4 || i == 5) {
            return KeyPropertiesCompact.KEY_ALGORITHM_EC;
        }
        return null;
    }

    private int getKeyUsage(net.netca.pki.encoding.asn1.pki.X509Certificate x509Certificate) {
        Extension extension;
        Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null || (extension = extensions.get(Extension.KEYUSAGE_OID)) == null) {
            return -1;
        }
        NamedBitStringExtension namedBitStringExtension = (NamedBitStringExtension) extension.getExtensionObject();
        int i = 0;
        for (int i2 = 0; i2 < 9; i2++) {
            if (namedBitStringExtension.isSet(i2)) {
                i |= 1 << i2;
            }
        }
        return i;
    }

    private static String getPublicKeyEncryptAlgorithmName(String str) {
        return str.equals(AlgorithmIdentifier.RSAEncrypt_OID) ? "RSA/ECB/PKCS1Padding" : str.equals(AlgorithmIdentifier.SM2ENC_OID) ? "SM2/ECB/NoPadding" : str;
    }

    private int getPublicKeyType(net.netca.pki.encoding.asn1.pki.X509Certificate x509Certificate) {
        ASN1Object param;
        AlgorithmIdentifier algorithm = x509Certificate.getSubjectPublicKeyInfo().getAlgorithm();
        String oid = algorithm.getOid();
        if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID)) {
            return 1;
        }
        if (oid.equals(AlgorithmIdentifier.RSAES_OAEP_OID)) {
            return 7;
        }
        if (oid.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            return 6;
        }
        if (oid.equals(AlgorithmIdentifier.DHPublicNumber_OID)) {
            return 8;
        }
        if (oid.equals(AlgorithmIdentifier.DSA_OID)) {
            return 9;
        }
        if ((!oid.equals(AlgorithmIdentifier.ECPubKey_OID) && !oid.equals(AlgorithmIdentifier.ECMQV_OID) && !oid.equals(AlgorithmIdentifier.ECDH_OID)) || (param = algorithm.getParam()) == null) {
            return -1;
        }
        String string = ((ObjectIdentifier) param.to(ObjectIdentifierType.getInstance())).getString();
        if (string.equals(AlgorithmIdentifier.SM2Curve_OID)) {
            return 2;
        }
        if (string.equals("1.2.840.10045.3.1.7")) {
            return 3;
        }
        if (string.equals("1.3.132.0.34")) {
            return 4;
        }
        if (string.equals("1.3.132.0.35")) {
            return 5;
        }
        return string.equals("1.3.132.0.33") ? 10 : -1;
    }

    private static String getSignatureAlgorithmName(String str) {
        return str.equals(AlgorithmIdentifier.SHA1WithRSA_OID) ? "SHA1withRSA" : str.equals(AlgorithmIdentifier.SM3WithSM2_OID) ? "SM3withSM2" : str.equals(AlgorithmIdentifier.MD5WithRSA_OID) ? "MD5withRSA" : str.equals(AlgorithmIdentifier.SHA224WithRSA_OID) ? "SHA224withRSA" : str.equals(AlgorithmIdentifier.SHA256WithRSA_OID) ? "SHA256withRSA" : str.equals(AlgorithmIdentifier.SHA384WithRSA_OID) ? "SHA384withRSA" : str.equals(AlgorithmIdentifier.SHA512WithRSA_OID) ? "SHA512withRSA" : str.equals(AlgorithmIdentifier.SHA512_224WithRSA_OID) ? "SHA512_224withRSA" : str.equals(AlgorithmIdentifier.SHA512_256WithRSA_OID) ? "SHA512_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_224WithRSA_OID) ? "SHA3_224withRSA" : str.equals(AlgorithmIdentifier.SHA3_256WithRSA_OID) ? "SHA3_256withRSA" : str.equals(AlgorithmIdentifier.SHA3_384WithRSA_OID) ? "SHA3_384withRSA" : str.equals(AlgorithmIdentifier.SHA3_512WithRSA_OID) ? "SHA3_512withRSA" : str.equals(AlgorithmIdentifier.SM3WithRSA_OID) ? "SM3withRSA" : str.equals(AlgorithmIdentifier.MD2WithRSA_OID) ? "MD2withRSA" : str.equals(AlgorithmIdentifier.DSAWithSHA1_OID) ? "SHA1withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA224_OID) ? "SHA224withDSA" : str.equals(AlgorithmIdentifier.DSAWithSHA256_OID) ? "SHA256withDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA1_OID) ? "SHA1withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA224_OID) ? "SHA224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA256_OID) ? "SHA256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA384_OID) ? "SHA384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA512_OID) ? "SHA512withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_224_OID) ? "SHA3_224withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_256_OID) ? "SHA3_256withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_384_OID) ? "SHA3_384withECDSA" : str.equals(AlgorithmIdentifier.ECDSAWithSHA3_512_OID) ? "SHA3_512withECDSA" : str.equals(AlgorithmIdentifier.SM2SIGN_OID) ? "SM3withSM2" : str;
    }

    private void getUPNInGeneralName(List<String> list, GeneralName generalName) {
        if (generalName.getType() == 0) {
            OtherName otherName = generalName.getOtherName();
            if (otherName.getType().equals(OtherName.UPN_OID)) {
                list.add(((UTF8String) otherName.getValue().to(UTF8StringType.getInstance())).getString());
            }
        }
    }

    private void getUPNInGeneralNames(List<String> list, GeneralNames generalNames) {
        int size = generalNames.size();
        for (int i = 0; i < size; i++) {
            getUPNInGeneralName(list, generalNames.get(i));
        }
    }

    private void getUPNInSubjectAltName(List<String> list) {
        Extension extension = getExtension(Extension.SUBJECT_ALTNAME_OID);
        if (extension == null) {
            return;
        }
        getUPNInGeneralNames(list, ((GeneralNamesExtension) extension.getExtensionObject()).getGeneralNames());
    }

    private boolean isCACert() {
        try {
            Extension extension = getExtension(Extension.BASIC_CONSTRAINTS_OID);
            if (extension == null) {
                return false;
            }
            return ((BasicConstraintsExtension) extension.getExtensionObject()).isCA();
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // net.netca.pki.global.X509Certificate
    public X509Certificate[] buildCertPath() {
        X509CertificatePathBuilder x509CertificatePathBuilder = new X509CertificatePathBuilder();
        x509CertificatePathBuilder.setMaxPathCount(1);
        ArrayList<String> rootCerts = this.pki.getRootCerts();
        if (rootCerts == null || rootCerts.size() == 0) {
            throw new u("no root cert");
        }
        for (int i = 0; i < rootCerts.size(); i++) {
            try {
                x509CertificatePathBuilder.addRootCert(new net.netca.pki.encoding.asn1.pki.X509Certificate(rootCerts.get(i)));
            } catch (u unused) {
            }
        }
        ArrayList<String> cACerts = this.pki.getCACerts();
        if (cACerts != null) {
            for (int i2 = 0; i2 < cACerts.size(); i2++) {
                try {
                    x509CertificatePathBuilder.addCACert(new net.netca.pki.encoding.asn1.pki.X509Certificate(cACerts.get(i2)));
                } catch (u unused2) {
                }
            }
        }
        ArrayList<net.netca.pki.encoding.asn1.pki.X509Certificate[]> build = x509CertificatePathBuilder.build(this.cert);
        if (build.size() == 0) {
            throw new u("build cert path fail");
        }
        net.netca.pki.encoding.asn1.pki.X509Certificate[] x509CertificateArr = build.get(0);
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
            x509CertificateArr2[i3] = new JCEX509Certificate(this.pki, x509CertificateArr[i3].derEncode());
        }
        return x509CertificateArr2;
    }

    @Override // net.netca.pki.global.X509Certificate
    public byte[] computeThumbprint(String str) {
        IHash iHash;
        byte[] derEncode = derEncode();
        try {
            iHash = this.pki.getHashObject(str);
        } catch (Throwable th) {
            th = th;
            iHash = null;
        }
        try {
            iHash.update(derEncode, 0, derEncode.length);
            byte[] doFinal = iHash.doFinal();
            if (iHash instanceof d) {
                ((d) iHash).free();
            }
            return doFinal;
        } catch (Throwable th2) {
            th = th2;
            if (iHash instanceof d) {
                ((d) iHash).free();
            }
            throw th;
        }
    }

    @Override // net.netca.pki.global.X509Certificate
    public byte[] derEncode() {
        return this.cert.derEncode();
    }

    @Override // net.netca.pki.global.X509Certificate
    public JCEX509Certificate dup() {
        return this;
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getC() {
        return getAttributeString(this.cert.getSubject(), X500Name.COUNTRYNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getCN() {
        return getAttributeStringArray(this.cert.getSubject(), X500Name.COMMONNAME_OID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateAndPrivateKey getCertAndPrivateKey() {
        return this.certAndPrivateKey;
    }

    @Override // net.netca.pki.global.X509Certificate
    public int getCertClass() {
        byte[] encode = this.cert.getIssuer().getASN1Object().encode();
        if (Arrays.equals(encode, this.cert.getSubject().getASN1Object().encode())) {
            try {
                JCEVerifier jCEVerifier = new JCEVerifier();
                PublicKey publicKey = this.cert.getSubjectPublicKeyInfo().getPublicKey();
                if (publicKey == null) {
                    return 2;
                }
                byte[] tbs = this.cert.getTbs();
                return jCEVerifier.verify(publicKey, this.cert.getSignatureAlgorithmIdentifier(), tbs, 0, tbs.length, this.cert.getSignature()) ? 1 : 2;
            } catch (Exception unused) {
                return 2;
            }
        }
        if (isCACert()) {
            return 3;
        }
        String[] extKeyUsage = getExtKeyUsage();
        if (extKeyUsage != null) {
            for (int i = 0; i < extKeyUsage.length; i++) {
                if (extKeyUsage[i].equals(ExtKeyUsageExtension.OCSPSIGNING_OID)) {
                    return 5;
                }
                if (extKeyUsage[i].equals(ExtKeyUsageExtension.TIMESTAMPING_OID)) {
                    return 4;
                }
                if (extKeyUsage[i].equals(ExtKeyUsageExtension.CODESIGNING_OID)) {
                    return 12;
                }
                if (extKeyUsage[i].equals(ExtKeyUsageExtension.SERVERAUTH_OID)) {
                    return 10;
                }
            }
        }
        String stringExtension = getStringExtension("1.3.6.1.4.1.18760.1.12.12.2");
        if (stringExtension != null) {
            if (stringExtension.equals("001")) {
                return 6;
            }
            if (stringExtension.equals("003")) {
                return 8;
            }
            if (stringExtension.equals("004")) {
                return 9;
            }
        }
        String[] dns = getDNS();
        if (dns != null && dns.length > 0) {
            return 10;
        }
        String[] ip = getIP();
        if (ip == null || ip.length <= 0) {
            return getCertClass(encode);
        }
        return 10;
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getDNS() {
        ArrayList arrayList = new ArrayList();
        getDNSInSubjectAltName(arrayList);
        if (arrayList.size() == 0) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getEmail() {
        ArrayList arrayList = new ArrayList();
        getEmailInSubjectAltName(arrayList);
        getAttribute(arrayList, this.cert.getSubject(), X500Name.EMAILADDRESS_OID);
        if (arrayList.size() == 0) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getExtKeyUsage() {
        Extension extension = getExtension(Extension.EXTKEYUSAGE_OID);
        if (extension == null) {
            return null;
        }
        ExtKeyUsageExtension extKeyUsageExtension = (ExtKeyUsageExtension) extension.getExtensionObject();
        int size = extKeyUsageExtension.size();
        String[] strArr = new String[size];
        for (int i = 0; i < size; i++) {
            strArr[i] = extKeyUsageExtension.get(i);
        }
        return strArr;
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getIP() {
        ArrayList arrayList = new ArrayList();
        getIPInSubjectAltName(arrayList);
        if (arrayList.size() == 0) {
            return null;
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getIssuer() {
        return this.cert.getIssuer().getLdapName();
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getIssuerC() {
        return getAttributeString(this.cert.getIssuer(), X500Name.COUNTRYNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getIssuerCN() {
        return getAttributeStringArray(this.cert.getIssuer(), X500Name.COMMONNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getIssuerL() {
        return getAttributeString(this.cert.getIssuer(), X500Name.LOCALITYNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getIssuerO() {
        return getAttributeString(this.cert.getIssuer(), X500Name.ORGANIZATIONNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getIssuerOU() {
        return getAttributeStringArray(this.cert.getIssuer(), X500Name.ORGANIZATIONUNITNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getIssuerST() {
        return getAttributeString(this.cert.getIssuer(), X500Name.STATEORPROVINCENAME_OID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getJCEPrivateKey() {
        return this.privateKey;
    }

    @Override // net.netca.pki.global.X509Certificate
    public int getKeyUsage() {
        return this.ku;
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getL() {
        return getAttributeString(this.cert.getSubject(), X500Name.LOCALITYNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getO() {
        return getAttributeString(this.cert.getSubject(), X500Name.ORGANIZATIONNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String[] getOU() {
        return getAttributeStringArray(this.cert.getSubject(), X500Name.ORGANIZATIONUNITNAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public void getPrivateKey(String str) {
        if (this.certAndPrivateKey == null || this.privateKey == null) {
            this.privateKey = this.pki.getPrivateKey(derEncode(), str);
            this.certAndPrivateKey = new X509CertificateAndPrivateKey(this.cert, new JCESigner(this.privateKey), new JCEPrivateKeyDecrypter(this.privateKey));
        }
    }

    @Override // net.netca.pki.global.X509Certificate
    public int getPublicKeyBits() {
        BigInteger modulus;
        ASN1Object param;
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.cert.getSubjectPublicKeyInfo();
        AlgorithmIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm();
        String oid = algorithm.getOid();
        if (oid.equals(AlgorithmIdentifier.RSAEncrypt_OID) || oid.equals(AlgorithmIdentifier.RSAES_OAEP_OID) || oid.equals(AlgorithmIdentifier.RSASSA_PSS_OID)) {
            modulus = ((RSAPublicKey) subjectPublicKeyInfo.getPublicKey()).getModulus();
        } else {
            if (!oid.equals(AlgorithmIdentifier.DSA_OID) || !algorithm.hasParam()) {
                if ((!oid.equals(AlgorithmIdentifier.ECPubKey_OID) && !oid.equals(AlgorithmIdentifier.ECMQV_OID) && !oid.equals(AlgorithmIdentifier.ECDH_OID)) || (param = algorithm.getParam()) == null) {
                    return -1;
                }
                String string = ((ObjectIdentifier) param.to(ObjectIdentifierType.getInstance())).getString();
                if (string.equals(AlgorithmIdentifier.SM2Curve_OID) || string.equals("1.2.840.10045.3.1.7")) {
                    return 256;
                }
                if (string.equals("1.3.132.0.34")) {
                    return Function.USE_VARARGS;
                }
                if (string.equals("1.3.132.0.35")) {
                    return 521;
                }
                return string.equals("1.3.132.0.33") ? 224 : -1;
            }
            modulus = ((DSAPublicKey) subjectPublicKeyInfo.getPublicKey()).getP();
        }
        return modulus.bitLength();
    }

    @Override // net.netca.pki.global.X509Certificate
    public int getPublicKeyType() {
        return this.publicKeyType;
    }

    @Override // net.netca.pki.global.X509Certificate
    public RevokeInfo getRevokeInfo() {
        return this.revokeInfo;
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getST() {
        return getAttributeString(this.cert.getSubject(), X500Name.STATEORPROVINCENAME_OID);
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getSerialNumber() {
        return Hex.encode(true, this.cert.getSerialNumber());
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getStringExtension(String str) {
        Extension extension = getExtension(str);
        if (extension == null) {
            return null;
        }
        byte[] extensionValue = extension.getExtensionValue();
        ChoiceType choiceType = new ChoiceType();
        choiceType.add("printable", PrintableStringType.getInstance());
        choiceType.add("ia5", IA5StringType.getInstance());
        choiceType.add("visible", VisibleStringType.getInstance());
        choiceType.add("bmp", BMPStringType.getInstance());
        choiceType.add("utf8", UTF8StringType.getInstance());
        ASN1Object decode = ASN1Object.decode(extensionValue, choiceType);
        if (decode instanceof PrintableString) {
            return ((PrintableString) decode).getString();
        }
        if (decode instanceof IA5String) {
            return ((IA5String) decode).getString();
        }
        if (decode instanceof VisibleString) {
            return ((VisibleString) decode).getString();
        }
        if (decode instanceof BMPString) {
            return ((BMPString) decode).getString();
        }
        if (decode instanceof UTF8String) {
            return ((UTF8String) decode).getString();
        }
        throw new u("unknown type");
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getSubject() {
        return this.cert.getSubject().getLdapName();
    }

    @Override // net.netca.pki.global.X509Certificate
    public byte[] getSubjectPublicKeyIdentifier() {
        Extension extension = getExtension(Extension.SUBJECT_KEYIDENTIFIER_OID);
        if (extension == null) {
            return null;
        }
        return ((OctetStringExtension) extension.getExtensionObject()).getValue();
    }

    @Override // net.netca.pki.global.X509Certificate
    public String getUPN() {
        ArrayList arrayList = new ArrayList();
        getUPNInSubjectAltName(arrayList);
        if (arrayList.size() == 0) {
            return null;
        }
        return arrayList.get(0);
    }

    @Override // net.netca.pki.global.X509Certificate
    public Date getValidityEnd() {
        return this.cert.getNotAfter();
    }

    @Override // net.netca.pki.global.X509Certificate
    public Date getValidityStart() {
        return this.cert.getNotBefore();
    }

    @Override // net.netca.pki.global.X509Certificate
    public IPrivateKeyDecrypt newPrivateKeyDecryptObject() {
        if ((this.ku & 12) == 0) {
            throw new u("not enc cert");
        }
        String publicKeyEncryptAlgo = this.pki.getPublicKeyEncryptAlgo(this.publicKeyType);
        if (publicKeyEncryptAlgo == null) {
            throw new u("getPublicKeyEncryptAlgo fail");
        }
        String publicKeyEncryptAlgorithmName = getPublicKeyEncryptAlgorithmName(publicKeyEncryptAlgo);
        if (this.privateKey != null) {
            return new JCEPrivateKeyDecrypt(publicKeyEncryptAlgorithmName, this.privateKey);
        }
        throw new u("no private key");
    }

    @Override // net.netca.pki.global.X509Certificate
    public IPublicKeyEncrypt newPublicKeyEncryptObject() {
        if ((this.ku & 12) == 0) {
            throw new u("not enc cert");
        }
        if (!isInValidity()) {
            throw new u("not in validity");
        }
        String publicKeyEncryptAlgo = this.pki.getPublicKeyEncryptAlgo(this.publicKeyType);
        if (publicKeyEncryptAlgo == null) {
            return null;
        }
        String publicKeyEncryptAlgorithmName = getPublicKeyEncryptAlgorithmName(publicKeyEncryptAlgo);
        if (publicKeyEncryptAlgorithmName == null) {
            throw new u("getPublicKeyEncryptAlgorithmName fail");
        }
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(this.cert.getSubjectPublicKeyInfo().getASN1Object().encode());
        String keyType = getKeyType(this.publicKeyType);
        if (keyType == null) {
            throw new u("get public key type fail");
        }
        try {
            java.security.PublicKey generatePublic = KeyFactory.getInstance(keyType).generatePublic(x509EncodedKeySpec);
            Cipher cipher = Cipher.getInstance(publicKeyEncryptAlgorithmName);
            cipher.init(1, generatePublic);
            return new JCEPublicKeyEncrypt(cipher);
        } catch (InvalidKeyException e) {
            if ("SM2/ECB/NoPadding".equals(publicKeyEncryptAlgorithmName)) {
                return createSM2Encrypt();
            }
            throw new u(e);
        } catch (NoSuchAlgorithmException e2) {
            if ("SM2/ECB/NoPadding".equals(publicKeyEncryptAlgorithmName)) {
                return createSM2Encrypt();
            }
            throw new u(e2);
        } catch (InvalidKeySpecException e3) {
            if ("SM2/ECB/NoPadding".equals(publicKeyEncryptAlgorithmName)) {
                return createSM2Encrypt();
            }
            throw new u(e3);
        } catch (NoSuchPaddingException e4) {
            if ("SM2/ECB/NoPadding".equals(publicKeyEncryptAlgorithmName)) {
                return createSM2Encrypt();
            }
            throw new u(e4);
        }
    }

    @Override // net.netca.pki.global.X509Certificate
    public ISign newSignObject() {
        if ((this.ku & 99) == 0) {
            throw new u("not sign cert");
        }
        if (!isInValidity()) {
            throw new u("cert not in validity");
        }
        AlgorithmIdentifier signatureAlgo = this.pki.getSignatureAlgo(this.publicKeyType);
        if (signatureAlgo == null) {
            throw new u("getSignatureAlgo fail");
        }
        String signatureAlgorithmName = getSignatureAlgorithmName(signatureAlgo.getOid());
        if (this.privateKey != null) {
            return new JCESign(signatureAlgorithmName, this.privateKey);
        }
        throw new u("no private key");
    }

    @Override // net.netca.pki.global.X509Certificate
    public IVerify newVerifyObject() {
        return newVerifyObject(this.pki.getSignatureAlgo(this.publicKeyType), !this.pki.isVerifyValidity());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IVerify newVerifyObject(AlgorithmIdentifier algorithmIdentifier, boolean z) {
        String str;
        if (algorithmIdentifier == null) {
            return null;
        }
        if ((this.ku & 99) == 0) {
            throw new u("not sign cert");
        }
        if (!z && !isInValidity()) {
            throw new u("cert not in validity");
        }
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(this.cert.getSubjectPublicKeyInfo().getASN1Object().encode());
        String keyType = getKeyType(this.publicKeyType);
        if (keyType == null) {
            throw new u("unkown public key type");
        }
        try {
            str = getSignatureAlgorithmName(algorithmIdentifier.getOid());
            try {
                java.security.PublicKey generatePublic = KeyFactory.getInstance(keyType).generatePublic(x509EncodedKeySpec);
                Signature signature = Signature.getInstance(str);
                signature.initVerify(generatePublic);
                return new JCEVerify(signature);
            } catch (InvalidKeyException e) {
                e = e;
                if ("SM3withSM2".equals(str)) {
                    return createSM2Verify();
                }
                throw new u(e);
            } catch (NoSuchAlgorithmException e2) {
                e = e2;
                if ("SM3withSM2".equals(str)) {
                    return createSM2Verify();
                }
                throw new u(e);
            } catch (InvalidKeySpecException e3) {
                e = e3;
                if ("SM3withSM2".equals(str)) {
                    return createSM2Verify();
                }
                throw new u(e);
            }
        } catch (InvalidKeyException e4) {
            e = e4;
            str = null;
        } catch (NoSuchAlgorithmException e5) {
            e = e5;
            str = null;
        } catch (InvalidKeySpecException e6) {
            e = e6;
            str = null;
        }
    }

    @Override // net.netca.pki.global.X509Certificate
    public String pemEncode() {
        return this.cert.pemEncode();
    }

    @Override // net.netca.pki.global.X509Certificate
    public int verify(int i) {
        if ((i & 1) != 0) {
            throw new UnsupportedException("unsupport verify revoke");
        }
        X509Certificate[] buildCertPath = buildCertPath();
        X509CertificatePathValidator x509CertificatePathValidator = new X509CertificatePathValidator();
        x509CertificatePathValidator.setVerifier(new JCEVerifier());
        x509CertificatePathValidator.addExtensionProcessor(this.pki.getIgnoreExtension());
        net.netca.pki.encoding.asn1.pki.X509Certificate[] x509CertificateArr = new net.netca.pki.encoding.asn1.pki.X509Certificate[buildCertPath.length];
        for (int i2 = 0; i2 < buildCertPath.length; i2++) {
            x509CertificateArr[i2] = new net.netca.pki.encoding.asn1.pki.X509Certificate(buildCertPath[i2].derEncode());
        }
        x509CertificatePathValidator.verify(x509CertificateArr);
        return 1;
    }
}
