package com.kbstar.kbsign.x509;

import com.kbstar.kbbank.implementation.common.constant.KBSignConstant;
import com.kbstar.kbsign.jwt.Berry;
import com.kbstar.kbsign.jwt.InvalidPINsignException;
import com.kbstar.kbsign.jwt.PINsignExpiredException;
import com.kbstar.kbsign.jwt.PINsignNotYetValidException;
import com.wizvera.provider.asn1.x509.X509Name;
import com.wizvera.wcrypto.WBase64;
import com.wizvera.wcrypto.WCertificate;
import com.wizvera.wcrypto.WCryptoException;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;

/* loaded from: classes4.dex */
public class X509Berry implements Berry {
    private static final String LOG_TAG = "X509Berry";
    X509Certificate x509cert;

    public X509Berry(String str) throws InvalidPINsignException {
        this.x509cert = toX509Certificate(str);
    }

    public X509Berry(X509Certificate x509Certificate) {
        this.x509cert = x509Certificate;
    }

    public static X509Certificate toX509Certificate(String str) throws InvalidPINsignException {
        try {
            return (X509Certificate) CertificateFactory.getInstance(KBSignConstant.KBSignCertType.X509).generateCertificate(new ByteArrayInputStream(WBase64.decode(str)));
        } catch (CertificateException e) {
            throw new InvalidPINsignException(e.getMessage());
        }
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public void checkValidity() throws PINsignNotYetValidException, PINsignExpiredException {
        Date date = new Date();
        if (getNotBefore().compareTo(date) > 0) {
            throw new PINsignNotYetValidException("not yet valid");
        }
        if (getExpirationTime().compareTo(date) < 0) {
            throw new PINsignExpiredException("expired");
        }
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getAlias() {
        String format = String.format("%s-%s-%s", X509Util.getSubjectDnValue(this.x509cert, X509Name.UID), X509Util.getSubjectDnValue(this.x509cert, X509Name.OU), X509Util.getSubjectDnValue(this.x509cert, X509Name.O));
        return format.isEmpty() ? "unknown_alias" : format;
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getEncoded() {
        try {
            return WBase64.encode(this.x509cert.getEncoded());
        } catch (CertificateEncodingException unused) {
            return "";
        }
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public Date getExpirationTime() {
        return this.x509cert.getNotAfter();
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public Date getIssuedAt() {
        return this.x509cert.getNotBefore();
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getIssuer() {
        return this.x509cert.getIssuerX500Principal().getName("RFC2253");
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public Date getNotBefore() {
        return this.x509cert.getNotBefore();
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getPolicyOID() {
        try {
            return new WCertificate(this.x509cert).policyOID();
        } catch (WCryptoException unused) {
            return null;
        }
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public List<String> getPolicyOIDs() {
        try {
            return Arrays.asList(new WCertificate(this.x509cert).policyOIDs());
        } catch (WCryptoException unused) {
            return new ArrayList();
        }
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getProfile() {
        return X509Util.getSubjectDnValue(this.x509cert, X509Name.OU);
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public RSAPublicKey getPublicKey() {
        return (RSAPublicKey) this.x509cert.getPublicKey();
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getSerialNumber() {
        return this.x509cert.getSerialNumber().toString(16);
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getSubject() {
        return this.x509cert.getSubjectDN().toString();
    }

    @Override // com.kbstar.kbsign.jwt.Berry
    public String getUid() {
        return X509Util.getSubjectDnValue(this.x509cert, X509Name.UID);
    }

    public X509Certificate getX509cert() {
        return this.x509cert;
    }
}
