package cn.org.bjca.gaia.assemb.cert;

import cn.org.bjca.gaia.asn1.ASN1Encoding;
import cn.org.bjca.gaia.asn1.ASN1InputStream;
import cn.org.bjca.gaia.asn1.ASN1ObjectIdentifier;
import cn.org.bjca.gaia.asn1.ASN1Sequence;
import cn.org.bjca.gaia.asn1.DERBitString;
import cn.org.bjca.gaia.asn1.gm.GMObjectIdentifiers;
import cn.org.bjca.gaia.asn1.pkcs.PKCSObjectIdentifiers;
import cn.org.bjca.gaia.asn1.x509.Certificate;
import cn.org.bjca.gaia.asn1.x509.Extension;
import cn.org.bjca.gaia.asn1.x509.Extensions;
import cn.org.bjca.gaia.asn1.x509.SubjectPublicKeyInfo;
import cn.org.bjca.gaia.asn1.x509.X509Name;
import cn.org.bjca.gaia.asn1.x9.X9ObjectIdentifiers;
import cn.org.bjca.gaia.assemb.base.GaiaProvider;
import cn.org.bjca.gaia.assemb.constant.AlgConstant;
import cn.org.bjca.gaia.assemb.exception.ErrorCode;
import cn.org.bjca.gaia.assemb.exception.PkiException;
import cn.org.bjca.gaia.assemb.extension.SelfDefExtension;
import cn.org.bjca.gaia.assemb.param.AlgPolicy;
import cn.org.bjca.gaia.assemb.param.BjcaKey;
import cn.org.bjca.gaia.assemb.param.SM3Param;
import cn.org.bjca.gaia.assemb.util.Base64Util;
import cn.org.bjca.gaia.assemb.util.KeyPairUtil;
import cn.org.bjca.gaia.util.encoders.Base64;
import cn.org.bjca.gaia.util.encoders.Hex;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Date;

/* loaded from: classes.dex */
public class BjcaCert {
    private final String CERT_END;
    private final String CERT_HEAD;
    private Certificate cert;
    private Extensions extensions;

    public BjcaCert(Certificate certificate) {
        this.CERT_HEAD = "-----BEGIN CERTIFICATE-----";
        this.CERT_END = "-----END CERTIFICATE-----";
        this.extensions = null;
        this.cert = certificate;
    }

    public BjcaCert(InputStream inputStream) {
        this.CERT_HEAD = "-----BEGIN CERTIFICATE-----";
        this.CERT_END = "-----END CERTIFICATE-----";
        this.cert = null;
        this.extensions = null;
        try {
            try {
                int available = inputStream.available();
                byte[] bArr = new byte[available];
                int read = inputStream.read(bArr);
                while (read < available) {
                    byte[] bArr2 = new byte[available - read];
                    int read2 = inputStream.read(bArr2);
                    System.arraycopy(bArr2, 0, bArr, read, read2);
                    read += read2;
                }
                byte[] parseCertData = parseCertData(bArr);
                try {
                    inputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
                initCert(parseCertData);
            } catch (Throwable th) {
                try {
                    inputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
                throw th;
            }
        } catch (IOException e3) {
            throw new PkiException(ErrorCode.Cert.INIT_CERT, ErrorCode.Cert.INIT_CERT_DES, e3);
        }
    }

    public BjcaCert(byte[] bArr) {
        this.CERT_HEAD = "-----BEGIN CERTIFICATE-----";
        this.CERT_END = "-----END CERTIFICATE-----";
        this.cert = null;
        this.extensions = null;
        initCert(parseCertData(bArr));
    }

    private byte[] getExtensionByteData(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extension extension;
        Extensions extensions = this.cert.getTBSCertificate().getExtensions();
        this.extensions = extensions;
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return extension.getExtnValue().getOctets();
    }

    private void getExtensionCritical(cn.org.bjca.gaia.assemb.extension.Extension extension) {
        extension.setCritical(this.extensions.getExtension(new ASN1ObjectIdentifier(extension.getOID())).isCritical());
    }

    private void initCert(byte[] bArr) {
        try {
            this.cert = Certificate.getInstance((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.INIT_CERT, ErrorCode.Cert.INIT_CERT, e);
        }
    }

    private byte[] parseCertData(byte[] bArr) {
        try {
            byte[] bArr2 = new byte[27];
            System.arraycopy(bArr, 0, bArr2, 0, 27);
            if (Base64Util.isBase64Encode(bArr)) {
                return Base64.decode(Base64Util.convertBase64(bArr));
            }
            if (!Arrays.equals(bArr2, "-----BEGIN CERTIFICATE-----".getBytes())) {
                return bArr;
            }
            int length = bArr.length - 27;
            byte[] bArr3 = new byte[length];
            System.arraycopy(bArr, 27, bArr3, 0, length);
            int i = length - 26;
            byte[] bArr4 = new byte[i];
            System.arraycopy(bArr3, 0, bArr4, 0, i);
            return Base64.decode(Base64Util.convertBase64(bArr4));
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.INIT_CERT, ErrorCode.Cert.INIT_CERT_DES, e);
        }
    }

    public String getCertType() {
        ASN1ObjectIdentifier algorithm = this.cert.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm();
        if (!X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
            return PKCSObjectIdentifiers.rsaEncryption.equals(algorithm) ? "RSA" : algorithm.getId();
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(this.cert.getSubjectPublicKeyInfo().getAlgorithm().getParameters());
        return (aSN1ObjectIdentifier == null || !aSN1ObjectIdentifier.equals(GMObjectIdentifiers.sm2p256v1)) ? "ECC" : "SM2";
    }

    public byte[] getEncoded() {
        try {
            return this.cert.getEncoded(ASN1Encoding.DER);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.ENCODED_CERT, ErrorCode.Cert.ENCODED_CERT_DES, e);
        }
    }

    public String getIssuer() {
        return new X509Name(true, this.cert.getIssuer().toString()).toString();
    }

    public byte[] getIssuerUniqueId() {
        DERBitString issuerUniqueId = this.cert.getTBSCertificate().getIssuerUniqueId();
        if (issuerUniqueId != null) {
            return issuerUniqueId.getBytes();
        }
        return null;
    }

    public Date getNotAfter() {
        return this.cert.getEndDate().getDate();
    }

    public Date getNotBefore() {
        return this.cert.getStartDate().getDate();
    }

    public BjcaKey getPublicKey() {
        return KeyPairUtil.subjectPubKeyInfo2Key(this.cert.getSubjectPublicKeyInfo());
    }

    public String getPublicKeyAlgorithmId() {
        return this.cert.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().getId();
    }

    public String getPublicKeyAlgorithmParameters() {
        try {
            return Hex.toHexString(((ASN1ObjectIdentifier) this.cert.getSubjectPublicKeyInfo().getAlgorithm().getParameters()).getEncoded());
        } catch (IOException e) {
            throw new PkiException(ErrorCode.Cert.GET_CERT_PUB_KEY_ALG, ErrorCode.Cert.GET_CERT_PUB_KEY_DES, e);
        }
    }

    public byte[] getPublicKeyData() {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = this.cert.getSubjectPublicKeyInfo();
            byte[] encoded = subjectPublicKeyInfo.getEncoded();
            return (X9ObjectIdentifiers.id_ecPublicKey.equals(subjectPublicKeyInfo.getAlgorithm().getAlgorithm()) && (aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(subjectPublicKeyInfo.getAlgorithm().getParameters())) != null && aSN1ObjectIdentifier.equals(GMObjectIdentifiers.sm2p256v1)) ? subjectPublicKeyInfo.getPublicKeyData().getBytes() : encoded;
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.GET_PUBLIC_KEY, ErrorCode.Cert.GET_PUBLIC_KEY_DES, e);
        }
    }

    public String getReverseIssuer() {
        return this.cert.getIssuer().toString();
    }

    public String getReverseSubject() {
        return this.cert.getSubject().toString();
    }

    public PublicKey getSecurityPublicKey() {
        return KeyPairUtil.convertPublicKey(getPublicKey());
    }

    public SelfDefExtension getSelfDefExtension(String str) {
        byte[] extensionByteData = getExtensionByteData(new ASN1ObjectIdentifier(str));
        if (extensionByteData == null) {
            return null;
        }
        SelfDefExtension selfDefExtension = new SelfDefExtension(str, extensionByteData);
        getExtensionCritical(selfDefExtension);
        return selfDefExtension;
    }

    public BigInteger getSerialNumber() {
        return this.cert.getSerialNumber().getValue();
    }

    public byte[] getSignature() {
        return this.cert.getSignature().getBytes();
    }

    public String getSignatureAlgName() {
        return AlgConstant.convertOidToAlgName(this.cert.getSignatureAlgorithm().getAlgorithm());
    }

    public String getSignatureAlgOID() {
        return this.cert.getSignatureAlgorithm().getAlgorithm().getId();
    }

    public String getStringSerialNumber() {
        return this.cert.getSerialNumber().getValue().toString(16);
    }

    public String getSubject() {
        return new X509Name(true, this.cert.getSubject().toString()).toString();
    }

    public byte[] getSubjectUniqueId() {
        DERBitString subjectUniqueId = this.cert.getTBSCertificate().getSubjectUniqueId();
        if (subjectUniqueId != null) {
            return subjectUniqueId.getBytes();
        }
        return null;
    }

    public int getVersion() {
        return this.cert.getVersionNumber();
    }

    public Certificate getX509CertStructure() {
        return this.cert;
    }

    public boolean validateCert(byte[] bArr, GaiaProvider gaiaProvider) {
        BjcaKey bjcaKey;
        AlgPolicy algPolicy;
        AlgPolicy algPolicy2;
        try {
            byte[] publicKeyData = new BjcaCert(bArr).getPublicKeyData();
            byte[] encoded = this.cert.getTBSCertificate().getEncoded();
            byte[] bytes = this.cert.getSignature().getBytes();
            String id = this.cert.getSignatureAlgorithm().getAlgorithm().getId();
            if (id.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
                algPolicy2 = new AlgPolicy("SHA1");
                algPolicy = new AlgPolicy("SHA1WithRSA");
                bjcaKey = new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            } else if (id.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                algPolicy2 = new AlgPolicy("SHA256");
                algPolicy = new AlgPolicy("SHA256WithRSA");
                bjcaKey = new BjcaKey(BjcaKey.RSA_PUB_KEY, publicKeyData);
            } else {
                if (!id.equals(GMObjectIdentifiers.sm2sign_with_sm3.getId())) {
                    throw new PkiException(ErrorCode.Cert.VILADATE_CERT, "验证证书失败 证书类型不支持");
                }
                AlgPolicy algPolicy3 = new AlgPolicy("SM3", new SM3Param(publicKeyData));
                AlgPolicy algPolicy4 = new AlgPolicy("SM3WithSM2");
                bjcaKey = new BjcaKey(BjcaKey.SM2_PUB_KEY, publicKeyData);
                algPolicy = algPolicy4;
                algPolicy2 = algPolicy3;
            }
            return gaiaProvider.verifySignHashedData(algPolicy, gaiaProvider.hash(algPolicy2, encoded), bytes, bjcaKey);
        } catch (Exception e) {
            throw new PkiException(ErrorCode.Cert.VILADATE_CERT, ErrorCode.Cert.VILADATE_CERT_DES, e);
        }
    }
}
