package com.sg.openews.api.key.impl;

import com.kica.security.asn1.ASN1Encodable;
import com.kica.security.asn1.ASN1Object;
import com.kica.security.asn1.ASN1Sequence;
import com.kica.security.asn1.ASN1TaggedObject;
import com.kica.security.asn1.DERBitString;
import com.kica.security.asn1.DERObjectIdentifier;
import com.kica.security.asn1.DEROctetString;
import com.kica.security.asn1.DERPrintableString;
import com.kica.security.asn1.DERSequence;
import com.kica.security.asn1.crmf.AttributeTypeAndValue;
import com.kica.security.asn1.kisa.KISAObjectIdentifiers;
import com.kica.security.asn1.vid.HashContent;
import com.kica.security.asn1.vid.IdentityData;
import com.kica.security.asn1.vid.VID;
import com.kica.security.asn1.x509.AuthorityKeyIdentifier;
import com.kica.security.asn1.x509.PolicyInformation;
import com.kica.security.asn1.x509.X509Extensions;
import com.kica.security.provider.X509CertParser;
import com.kica.security.util.OID;
import com.kica.security.util.StreamParsingException;
import com.kica.security.x509.extension.X509ExtensionUtil;
import com.sg.openews.api.exception.SGCertificateException;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGCertificateExtension;
import com.sg.openews.api.stream.PEMOutputStream;
import com.sg.openews.common.util.Base64;
import com.sg.openews.common.util.ByteUtils;
import com.sg.openews.common.util.TimeUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import signgate.core.javax.crypto.MessageDigest;

/* loaded from: classes7.dex */
public class NPKICertificate implements SGCertificate {
    public byte[] encodedBytes;
    public X509Certificate x509Cert;
    public NPKICertificateExtension sgCertExtension = null;
    public boolean mpki = false;

    public NPKICertificate(X509Certificate x509Certificate) throws SGCertificateException {
        this.encodedBytes = null;
        this.x509Cert = x509Certificate;
        try {
            this.encodedBytes = x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new SGCertificateException("sg.certificate.failCertificateDecoding", e);
        }
    }

    public NPKICertificate(byte[] bArr) throws SGCertificateException {
        this.x509Cert = null;
        this.encodedBytes = null;
        X509CertParser x509CertParser = new X509CertParser();
        x509CertParser.engineInit(new ByteArrayInputStream(bArr));
        try {
            X509Certificate x509Certificate = (X509Certificate) x509CertParser.engineRead();
            this.x509Cert = x509Certificate;
            this.encodedBytes = x509Certificate.getEncoded();
        } catch (StreamParsingException e) {
            throw new SGCertificateException("sg.certificate.failCertificateDecoding", e);
        } catch (CertificateEncodingException e2) {
            throw new SGCertificateException("sg.certificate.failCertificateDecoding", e2);
        }
    }

    private String generatePEM(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PEMOutputStream pEMOutputStream = new PEMOutputStream(byteArrayOutputStream, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
        try {
            pEMOutputStream.write(bArr);
            pEMOutputStream.flush();
            return byteArrayOutputStream.toString();
        } catch (IOException e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    private byte[] getExtensionBytes(DERObjectIdentifier dERObjectIdentifier) {
        return getExtensionBytes(dERObjectIdentifier.getId());
    }

    private byte[] getExtensionBytes(String str) {
        byte[] extensionValue = this.x509Cert.getExtensionValue(str);
        if (extensionValue == null) {
            throw new IllegalArgumentException("the extension value is not existed in certificate: " + str);
        }
        try {
            return DEROctetString.getInstance(ASN1Object.fromByteArray(extensionValue)).getOctets();
        } catch (IOException e) {
            throw new IllegalArgumentException("unknown extension data in certificate: " + e.getMessage());
        }
    }

    private ASN1Encodable getExtensionObject(DERObjectIdentifier dERObjectIdentifier) {
        try {
            return ASN1Object.fromByteArray(getExtensionBytes(dERObjectIdentifier.getId()));
        } catch (IOException e) {
            throw new IllegalArgumentException("unknown extension data(" + dERObjectIdentifier.getId() + ") in certificate: " + e.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean checkValidity() {
        try {
            this.x509Cert.checkValidity();
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
            return false;
        }
    }

    public DERObjectIdentifier getCertSubjectAltNameOid() throws SGCertificateException, IOException {
        try {
            ArrayList arrayList = new ArrayList(X509ExtensionUtil.getSubjectAlternativeNames(this.x509Cert));
            DERObjectIdentifier dERObjectIdentifier = null;
            for (int i = 0; i < arrayList.size(); i++) {
                List list = (List) arrayList.get(i);
                if (((Integer) list.get(0)).intValue() == 0) {
                    dERObjectIdentifier = DERObjectIdentifier.getInstance(((ASN1Sequence) list.get(1)).getObjectAt(0));
                }
            }
            if (dERObjectIdentifier != null) {
                return dERObjectIdentifier;
            }
            throw new SGCertificateException("The certificate does not have a SubjectAltName OID.");
        } catch (CertificateParsingException e) {
            throw new SGCertificateException(e);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public byte[] getCertVID() throws SGCertificateException, IOException {
        try {
            ArrayList arrayList = new ArrayList(X509ExtensionUtil.getSubjectAlternativeNames(this.x509Cert));
            IdentityData identityData = null;
            for (int i = 0; i < arrayList.size(); i++) {
                List list = (List) arrayList.get(i);
                if (((Integer) list.get(0)).intValue() == 0) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) list.get(1);
                    if (DERObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).equals(KISAObjectIdentifiers.id_kisa_identifyData)) {
                        ASN1TaggedObject aSN1TaggedObject = ASN1TaggedObject.getInstance(aSN1Sequence.getObjectAt(1));
                        if (aSN1TaggedObject.getTagNo() == 0) {
                            identityData = IdentityData.getInstance(aSN1TaggedObject.getObject());
                        }
                    }
                }
            }
            if (identityData == null) {
                throw new SGCertificateException("Error_0033: 인증서에서 VID를 얻을수 없습니다.");
            }
            AttributeTypeAndValue[] userInfo = identityData.getUserInfo();
            if (userInfo == null) {
                throw new SGCertificateException("Error_0033: 인증서에서 VID를 얻을수 없습니다.");
            }
            VID vid = null;
            for (int i2 = 0; i2 < userInfo.length; i2++) {
                if (userInfo[i2].getType().equals(KISAObjectIdentifiers.id_VID)) {
                    vid = VID.getInstance(userInfo[i2].getValue());
                }
            }
            if (vid != null) {
                return vid.getEncoded();
            }
            return null;
        } catch (CertificateParsingException e) {
            throw new SGCertificateException(e);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public byte[] getCertVirtualID() throws SGCertificateException, IOException {
        try {
            ArrayList arrayList = new ArrayList(X509ExtensionUtil.getSubjectAlternativeNames(this.x509Cert));
            IdentityData identityData = null;
            for (int i = 0; i < arrayList.size(); i++) {
                List list = (List) arrayList.get(i);
                if (((Integer) list.get(0)).intValue() == 0) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) list.get(1);
                    if (DERObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).equals(KISAObjectIdentifiers.id_kisa_identifyData)) {
                        ASN1TaggedObject aSN1TaggedObject = ASN1TaggedObject.getInstance(aSN1Sequence.getObjectAt(1));
                        if (aSN1TaggedObject.getTagNo() == 0) {
                            identityData = IdentityData.getInstance(aSN1TaggedObject.getObject());
                        }
                    }
                }
            }
            if (identityData == null) {
                throw new SGCertificateException("Error_0033: 인증서에서 VID를 얻을수 없습니다.");
            }
            AttributeTypeAndValue[] userInfo = identityData.getUserInfo();
            if (userInfo == null) {
                throw new SGCertificateException("Error_0033: 인증서에서 VID를 얻을수 없습니다.");
            }
            VID vid = null;
            for (int i2 = 0; i2 < userInfo.length; i2++) {
                if (userInfo[i2].getType().equals(KISAObjectIdentifiers.id_VID)) {
                    vid = VID.getInstance(userInfo[i2].getValue());
                }
            }
            if (vid == null) {
                return null;
            }
            if (vid.getVirtualID() != null) {
                return vid.getVirtualID().getEncoded();
            }
            throw new SGCertificateException("Error_0034: 인증서에 VID 내 VirtualID 가 없습니다.");
        } catch (CertificateParsingException e) {
            throw new SGCertificateException(e);
        }
    }

    public byte[] getDer() {
        return this.encodedBytes;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public byte[] getEncoded() {
        return this.encodedBytes;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getEndDate() {
        return TimeUtil.getTime(this.x509Cert.getNotAfter());
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public SGCertificateExtension getExtension() {
        if (this.sgCertExtension == null) {
            this.sgCertExtension = new NPKICertificateExtension(this.x509Cert);
        }
        return this.sgCertExtension;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getIssuerDN() {
        return this.x509Cert.getIssuerDN().getName();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getKeyAlgorithm() {
        return getPublicKey().getAlgorithm();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean[] getKeyUsage() {
        return this.x509Cert.getKeyUsage();
    }

    public String[] getPolicyIdentifier() {
        ASN1Sequence dERSequence = DERSequence.getInstance(getExtensionObject(X509Extensions.CertificatePolicies));
        String[] strArr = new String[dERSequence.size()];
        for (int i = 0; i < dERSequence.size(); i++) {
            strArr[i] = PolicyInformation.getInstance(dERSequence.getObjectAt(i)).getPolicyIdentifier().getId();
        }
        return strArr;
    }

    public String getPolicyOid() {
        return getPolicyIdentifier()[0];
    }

    public PublicKey getPublicKey() {
        return this.x509Cert.getPublicKey();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSerialNumber() {
        return this.x509Cert.getSerialNumber().toString();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSigAlgName() {
        return this.x509Cert.getSigAlgName();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getStartDate() {
        return TimeUtil.getTime(this.x509Cert.getNotBefore());
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSubjectDN() {
        return this.x509Cert.getSubjectDN().getName();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getType() {
        return "NPKI";
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public int getVersion() {
        return this.x509Cert.getVersion();
    }

    public X509Certificate getX509Cert() {
        return this.x509Cert;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public X509Certificate getX509Certificate() {
        return this.x509Cert;
    }

    public boolean isRFC3280Cert() {
        AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(getExtensionObject(X509Extensions.AuthorityKeyIdentifier));
        return (authorityKeyIdentifier.getAuthorityCertIssuer() == null || authorityKeyIdentifier.getAuthorityCertSerialNumber() == null) ? false : true;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String toString() {
        return generatePEM(this.encodedBytes);
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean validatePolicy(String str) throws SGCertificateException {
        for (String str2 : getPolicyIdentifier()) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean validatePolicy(String[] strArr) throws SGCertificateException {
        String policyOid = getPolicyOid();
        for (String str : strArr) {
            if (policyOid.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, String str2) throws SGCertificateException {
        try {
            try {
                validateUser(str, Base64.decode(str2), null, getCertSubjectAltNameOid());
            } catch (IOException e) {
                throw new SGCertificateException(String.valueOf(e.getMessage()) + " Failed to get SubjectAltName oid");
            }
        } catch (Exception e2) {
            throw new SGCertificateException("sg.common.invalidBase64", new Object[]{e2.getClass().getSimpleName()}, e2);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, String str2, DERObjectIdentifier dERObjectIdentifier) throws SGCertificateException {
        try {
            byte[] decode = Base64.decode(str2);
            if (dERObjectIdentifier == null) {
                try {
                    dERObjectIdentifier = getCertSubjectAltNameOid();
                } catch (IOException e) {
                    throw new SGCertificateException(String.valueOf(e.getMessage()) + " Failed to get SubjectAltName oid");
                }
            }
            validateUser(str, decode, null, dERObjectIdentifier);
        } catch (Exception e2) {
            throw new SGCertificateException("sg.common.invalidBase64", new Object[]{e2.getClass().getSimpleName()}, e2);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, String str2, String str3) throws SGCertificateException {
        try {
            byte[] decode = Base64.decode(str2);
            if (str3 == null) {
                throw new SGCertificateException("Not allow oid : null");
            }
            try {
                validateUser(str, decode, null, (str3.equals("") || str3.length() == 0) ? getCertSubjectAltNameOid() : new DERObjectIdentifier(str3));
            } catch (IOException e) {
                throw new SGCertificateException(String.valueOf(e.getMessage()) + " Failed to get SubjectAltName oid");
            }
        } catch (Exception e2) {
            throw new SGCertificateException("sg.common.invalidBase64", new Object[]{e2.getClass().getSimpleName()}, e2);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, byte[] bArr, String str2) throws SGCertificateException {
        if (bArr == null) {
            throw new SGCertificateException("sg.certificate.invalidRandom");
        }
        try {
            ArrayList arrayList = new ArrayList(X509ExtensionUtil.getSubjectAlternativeNames(this.x509Cert));
            VID vid = null;
            boolean z2 = false;
            IdentityData identityData = null;
            for (int i = 0; i < arrayList.size(); i++) {
                List list = (List) arrayList.get(i);
                if (((Integer) list.get(0)).intValue() == 0) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) list.get(1);
                    if (DERObjectIdentifier.getInstance(aSN1Sequence.getObjectAt(0)).equals(KISAObjectIdentifiers.id_kisa_identifyData)) {
                        ASN1TaggedObject aSN1TaggedObject = ASN1TaggedObject.getInstance(aSN1Sequence.getObjectAt(1));
                        if (aSN1TaggedObject.getTagNo() == 0) {
                            identityData = IdentityData.getInstance(aSN1TaggedObject.getObject());
                        }
                    }
                }
            }
            if (identityData == null) {
                throw new SGCertificateException("sg.certificate.noVid");
            }
            if (str2 != null && str2 != "" && !str2.equals(identityData.getRealName().getString())) {
                throw new SGCertificateException("sg.certificate.invalidName");
            }
            AttributeTypeAndValue[] userInfo = identityData.getUserInfo();
            if (userInfo == null) {
                throw new SGCertificateException("sg.certificate.noVid");
            }
            int i2 = 0;
            while (true) {
                if (i2 >= userInfo.length) {
                    break;
                }
                if (userInfo[i2].getType().equals(KISAObjectIdentifiers.id_VID)) {
                    vid = VID.getInstance(userInfo[i2].getValue());
                }
                if (vid == null) {
                    throw new SGCertificateException("sg.certificate.noVid");
                }
                byte[] dEREncoded = new HashContent(new DERPrintableString(str), new DERBitString(bArr)).getDEREncoded();
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(OID.getAlgName(vid.getHashAlg().getObjectId().getId()), "SignGATE_advance");
                    messageDigest.update(dEREncoded);
                    byte[] digest = messageDigest.digest();
                    messageDigest.reset();
                    messageDigest.update(digest);
                    if (ByteUtils.equals(messageDigest.digest(), vid.getVirtualID().getOctets())) {
                        z2 = true;
                        break;
                    }
                    i2++;
                } catch (NoSuchAlgorithmException e) {
                    throw new SGCertificateException("sg.certificate.invalidHashAlg", new Object[]{OID.getAlgName(vid.getHashAlg().getObjectId().getId())}, e);
                } catch (NoSuchProviderException e2) {
                    throw new SGCertificateException("sg.common.noSuchProvider", e2);
                }
            }
            if (!z2) {
                throw new SGCertificateException("sg.certificate.failVerifyHash");
            }
        } catch (CertificateParsingException e3) {
            throw new SGCertificateException(e3);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:49:0x003a, code lost:
    
        if (r3 == false) goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x003c, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x0115, code lost:
    
        throw new com.sg.openews.api.exception.SGCertificateException("sg.certificate.failVerifyHash");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void validateUser(java.lang.String r10, byte[] r11, java.lang.String r12, com.kica.security.asn1.DERObjectIdentifier r13) throws com.sg.openews.api.exception.SGCertificateException {
        /*
            Method dump skipped, instructions count: 357
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sg.openews.api.key.impl.NPKICertificate.validateUser(java.lang.String, byte[], java.lang.String, com.kica.security.asn1.DERObjectIdentifier):void");
    }

    public boolean verify(PublicKey publicKey) throws SGCertificateException {
        try {
            this.x509Cert.verify(publicKey);
            return true;
        } catch (InvalidKeyException e) {
            throw new SGCertificateException("sg.certificate.verifyFail", new Object[]{"InvalidKeyException"}, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SGCertificateException("sg.certificate.verifyFail", new Object[]{"NoSuchAlgorithmException"}, e2);
        } catch (NoSuchProviderException e3) {
            throw new SGCertificateException("sg.certificate.verifyFail", new Object[]{"NoSuchProviderException"}, e3);
        } catch (SignatureException e4) {
            throw new SGCertificateException("sg.certificate.verifyFail", new Object[]{"SignatureException"}, e4);
        } catch (CertificateException e5) {
            throw new SGCertificateException("sg.certificate.verifyFail", new Object[]{"CertificateException"}, e5);
        }
    }
}
