package com.wizvera.wcrypto;

import com.kbcard.commonlib.core.net.response.ResultEnd;
import com.wizvera.provider.asn1.ASN1InputStream;
import com.wizvera.provider.asn1.ASN1ObjectIdentifier;
import com.wizvera.provider.asn1.ASN1OctetString;
import com.wizvera.provider.asn1.ASN1Sequence;
import com.wizvera.provider.asn1.ASN1String;
import com.wizvera.provider.asn1.x500.AttributeTypeAndValue;
import com.wizvera.provider.asn1.x500.RDN;
import com.wizvera.provider.asn1.x500.X500Name;
import com.wizvera.provider.asn1.x509.AccessDescription;
import com.wizvera.provider.asn1.x509.AuthorityInformationAccess;
import com.wizvera.provider.asn1.x509.Extension;
import com.wizvera.provider.asn1.x509.GeneralName;
import com.wizvera.provider.asn1.x509.PolicyInformation;
import com.wizvera.provider.asn1.x509.TBSCertificateStructure;
import com.wizvera.provider.asn1.x509.X509Extension;
import com.wizvera.provider.asn1.x509.X509Extensions;
import com.wizvera.provider.asn1.x509.X509Name;
import com.wizvera.provider.asn1.x509.X509ObjectIdentifiers;
import com.wizvera.wcrypto.key.WEcdsaPublicKey;
import com.wizvera.wcrypto.key.WPublicKey;
import com.wizvera.wcrypto.key.WRsaPublicKey;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.LinkedList;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class WCertificate {
    private TBSCertificateStructure c;
    private X509Certificate cert;

    public WCertificate(X509Certificate x509Certificate) throws WCryptoException {
        init(x509Certificate);
    }

    public WCertificate(byte[] bArr) throws WCryptoException {
        try {
            init((X509Certificate) CertificateFactory.getInstance("X.509", WizConstants.WIZ_PROVIDER).generateCertificate(new ByteArrayInputStream(bArr)));
        } catch (CertificateException e) {
            throw new WCryptoException(e);
        }
    }

    private String extractOcspUrls(AuthorityInformationAccess authorityInformationAccess) throws CertificateEncodingException {
        AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
        LinkedList linkedList = new LinkedList();
        for (AccessDescription accessDescription : accessDescriptions) {
            if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_ocsp)) {
                linkedList.add(accessDescription);
            }
        }
        int size = linkedList.size();
        new ArrayList(size);
        for (int i = 0; i < size; i++) {
            GeneralName accessLocation = ((AccessDescription) linkedList.get(i)).getAccessLocation();
            if (accessLocation.getTagNo() == 6) {
                return ((ASN1String) accessLocation.getName()).getString();
            }
        }
        return null;
    }

    private PublicKey getPublicKey(WPublicKey wPublicKey) {
        if (wPublicKey instanceof WRsaPublicKey) {
            return ((WRsaPublicKey) wPublicKey).getPublicKey();
        }
        if (wPublicKey instanceof WEcdsaPublicKey) {
            return ((WEcdsaPublicKey) wPublicKey).getPublicKey();
        }
        return null;
    }

    private void init(X509Certificate x509Certificate) throws WCryptoException {
        if (x509Certificate == null) {
            throw new NullPointerException("certificate is null");
        }
        this.cert = x509Certificate;
        try {
            this.c = TBSCertificateStructure.getInstance(new ASN1InputStream(this.cert.getTBSCertificate()).readObject());
        } catch (IOException e) {
            throw new WCryptoException(e);
        } catch (CertificateEncodingException e2) {
            throw new WCryptoException(e2);
        }
    }

    protected String[] getEntry(X500Principal x500Principal, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = new X500Name(x500Principal.getName("RFC2253")).getRDNs(aSN1ObjectIdentifier);
        String[] strArr = new String[rDNs.length];
        for (int i = 0; i < rDNs.length; i++) {
            for (AttributeTypeAndValue attributeTypeAndValue : rDNs[i].getTypesAndValues()) {
                strArr[i] = attributeTypeAndValue.getValue().toString();
            }
        }
        return strArr;
    }

    public String issuer() {
        return this.cert.getIssuerX500Principal().getName("RFC2253");
    }

    public String issuerValue(String str) {
        String[] issuerValues = issuerValues(str);
        if (issuerValues.length > 0) {
            return issuerValues[0];
        }
        return null;
    }

    public String[] issuerValues(String str) {
        return getEntry(this.cert.getIssuerX500Principal(), typeToOID(str));
    }

    public Date notAfter() {
        return this.cert.getNotAfter();
    }

    public Date notBefore() {
        return this.cert.getNotBefore();
    }

    public String ocspUrl() throws WCryptoException {
        byte[] extensionValue = this.cert.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue == null) {
            return null;
        }
        try {
            return extractOcspUrls(AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()));
        } catch (CertificateEncodingException e) {
            throw new WCryptoException(e);
        }
    }

    public String policyOID() {
        String[] policyOIDs = policyOIDs();
        if (policyOIDs.length > 0) {
            return policyOIDs[0];
        }
        return null;
    }

    public String[] policyOIDs() {
        String[] strArr;
        ASN1Sequence aSN1Sequence = (ASN1Sequence) X509Extension.convertValueToObject(this.c.getExtensions().getExtension(X509Extensions.CertificatePolicies));
        if (aSN1Sequence != null) {
            strArr = new String[aSN1Sequence.size()];
            for (int i = 0; i < aSN1Sequence.size(); i++) {
                strArr[i] = PolicyInformation.getInstance(aSN1Sequence.getObjectAt(i)).getPolicyIdentifier().getId();
            }
        } else {
            strArr = null;
        }
        return strArr == null ? new String[0] : strArr;
    }

    public WPublicKey publicKey() {
        return new WRsaPublicKey((RSAPublicKey) this.cert.getPublicKey());
    }

    public String serialNumberDecimal() {
        return this.cert.getSerialNumber().toString(10);
    }

    public String serialNumberHex() {
        return this.cert.getSerialNumber().toString(16);
    }

    public String sigAlgName() {
        return this.cert.getSigAlgName();
    }

    public String subject() {
        return this.cert.getSubjectX500Principal().getName("RFC2253");
    }

    public String subjectValue(String str) {
        String[] subjectValues = subjectValues(str);
        if (subjectValues.length > 0) {
            return subjectValues[0];
        }
        return null;
    }

    public String[] subjectValues(String str) {
        return getEntry(this.cert.getSubjectX500Principal(), typeToOID(str));
    }

    public byte[] toDer() throws WCryptoException {
        try {
            return this.cert.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new WCryptoException(e);
        }
    }

    protected ASN1ObjectIdentifier typeToOID(String str) {
        if (str.equalsIgnoreCase("CN")) {
            return X509Name.CN;
        }
        if (str.equalsIgnoreCase("OU")) {
            return X509Name.OU;
        }
        if (str.equalsIgnoreCase(ResultEnd.Name._O)) {
            return X509Name.O;
        }
        if (str.equalsIgnoreCase("C")) {
            return X509Name.C;
        }
        throw new IllegalArgumentException("CN, OU, O, C are only accepted. [" + str + "]");
    }

    public void verify(WPublicKey wPublicKey) throws WKeyException, WSignatureException, WCryptoException {
        try {
            this.cert.verify(getPublicKey(wPublicKey));
        } catch (InvalidKeyException e) {
            throw new WKeyException("invalid key", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new WCryptoException(e2);
        } catch (NoSuchProviderException e3) {
            throw new WSignatureException(e3);
        } catch (SignatureException e4) {
            throw new WSignatureException(e4);
        } catch (CertificateException e5) {
            throw new WCryptoException("invalid cert", e5);
        }
    }

    public int version() {
        return this.cert.getVersion();
    }

    public X509Certificate x509Certificate() {
        return this.cert;
    }
}
