package com.dreamsecurity.jcaos.x509;

import com.dreamsecurity.crypto.AlgorithmException;
import com.dreamsecurity.java.security.cert.CertificateExpiredException;
import com.dreamsecurity.java.security.cert.CertificateNotYetValidException;
import com.dreamsecurity.java.text.ParseException;
import com.dreamsecurity.java.util.ArrayList;
import com.dreamsecurity.jcaos.asn1.ASN1InputStream;
import com.dreamsecurity.jcaos.asn1.ASN1Sequence;
import com.dreamsecurity.jcaos.asn1.DEREncodable;
import com.dreamsecurity.jcaos.asn1.DERGeneralizedTime;
import com.dreamsecurity.jcaos.asn1.DERInteger;
import com.dreamsecurity.jcaos.asn1.DEROctetString;
import com.dreamsecurity.jcaos.asn1.DERUTCTime;
import com.dreamsecurity.jcaos.asn1.vid.HashContent;
import com.dreamsecurity.jcaos.asn1.vid.IdentifyData;
import com.dreamsecurity.jcaos.asn1.vid.VID;
import com.dreamsecurity.jcaos.asn1.x509.AnotherName;
import com.dreamsecurity.jcaos.asn1.x509.AttributeTypeAndValue;
import com.dreamsecurity.jcaos.asn1.x509.BasicConstraints;
import com.dreamsecurity.jcaos.asn1.x509.Certificate;
import com.dreamsecurity.jcaos.asn1.x509.ExtKeyUsageSyntax;
import com.dreamsecurity.jcaos.asn1.x509.Extension;
import com.dreamsecurity.jcaos.asn1.x509.Extensions;
import com.dreamsecurity.jcaos.asn1.x509.GeneralNames;
import com.dreamsecurity.jcaos.asn1.x509.KeyUsage;
import com.dreamsecurity.jcaos.asn1.x509.PolicyConstraints;
import com.dreamsecurity.jcaos.crypto.MessageDigest;
import com.dreamsecurity.jcaos.crypto.PublicKey;
import com.dreamsecurity.jcaos.crypto.Signature;
import com.dreamsecurity.jcaos.exception.IdentifyException;
import com.dreamsecurity.jcaos.exception.NoSuchAlgorithmException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.exception.VerifyException;
import com.dreamsecurity.jcaos.resources.Resource;
import com.dreamsecurity.jcaos.util.DateUtil;
import com.dreamsecurity.jcaos.util.LogUtil;
import com.dreamsecurity.jcaos.util.encoders.Base64;
import com.dreamsecurity.jcaos.util.encoders.PEM;
import com.dreamsecurity.math.BigInteger;
import com.google.android.material.motion.MotionUtils;
import java.io.IOException;
import java.util.Date;

/* loaded from: classes3.dex */
public class X509Certificate {
    public Certificate _cert;

    public X509Certificate(Certificate certificate) {
        this._cert = certificate;
    }

    public X509Certificate(byte[] bArr) throws IOException, IllegalArgumentException {
        this._cert = null;
        byte b = bArr[0];
        if (b == 48) {
            this._cert = Certificate.getInstance(new ASN1InputStream(bArr).readObject());
        } else if (b == 77) {
            this._cert = Certificate.getInstance(new ASN1InputStream(Base64.decode(bArr)).readObject());
        } else {
            if (b != 45) {
                throw new IllegalArgumentException(Resource.getErrMsg(Resource.ERR_UNKNOWN_CERT_ENCODING));
            }
            this._cert = Certificate.getInstance(new ASN1InputStream(PEM.decode(bArr)).readObject());
        }
    }

    public static X509Certificate getInstance(String str) throws IOException, IllegalArgumentException {
        return new X509Certificate(str.getBytes());
    }

    public static X509Certificate getInstance(byte[] bArr) throws IOException, IllegalArgumentException {
        return new X509Certificate(bArr);
    }

    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException, ParseException {
        LogUtil.append("   +- 유효기간 확인");
        Date notBefore = getNotBefore();
        Date notAfter = getNotAfter();
        Date date = new Date();
        LogUtil.append(new StringBuffer("    +- 시작일자 : ").append(DateUtil.date2str(notBefore)).append(" < 현재시간 : ").append(DateUtil.date2str(date)).append(" < 만료일자 : ").append(DateUtil.date2str(notAfter)).toString());
        if (date.getTime() > notAfter.getTime()) {
            throw new CertificateExpiredException(new StringBuffer().append(Resource.getErrMsg(Resource.ERR_CUR_DATE)).append(DateUtil.date2str(date)).append(", ").append(Resource.getErrMsg(Resource.ERR_EXPIRED_DATE)).append(DateUtil.date2str(notAfter)).toString());
        }
        if (date.getTime() < notBefore.getTime()) {
            throw new CertificateNotYetValidException(new StringBuffer().append(Resource.getErrMsg(Resource.ERR_CUR_DATE)).append(DateUtil.date2str(date)).append(", ").append(Resource.getErrMsg(Resource.ERR_VALID_DATE)).append(DateUtil.date2str(notBefore)).toString());
        }
        LogUtil.append("   +- 성공 ...");
    }

    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException, ParseException {
        this._cert.getTbsCertificate().getValidity();
        Date notBefore = getNotBefore();
        Date notAfter = getNotAfter();
        if (date.getTime() > notAfter.getTime()) {
            throw new CertificateExpiredException(new StringBuffer().append(Resource.getErrMsg(Resource.ERR_CUR_DATE)).append(DateUtil.date2str(date)).append(", ").append(Resource.getErrMsg(Resource.ERR_EXPIRED_DATE)).append(DateUtil.date2str(notAfter)).toString());
        }
        if (date.getTime() < notBefore.getTime()) {
            throw new CertificateNotYetValidException(new StringBuffer().append(Resource.getErrMsg(Resource.ERR_CUR_DATE)).append(DateUtil.date2str(date)).append(", ").append(Resource.getErrMsg(Resource.ERR_VALID_DATE)).append(DateUtil.date2str(notBefore)).toString());
        }
    }

    public X509InformationAccess getAuthorityInformationAccess() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.AuthorityInfoAccess);
        if (extension == null) {
            return null;
        }
        return new X509InformationAccess(extension.getExtnValue().getOctets());
    }

    public X509AuthorityKeyIdentifier getAuthorityKeyIdentifier() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.AuthoritykeyIdentifier);
        if (extension == null) {
            return null;
        }
        return new X509AuthorityKeyIdentifier(extension.getExtnValue().getOctets());
    }

    public int getBasicConstraints() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.BasicConstraints);
        if (extension == null) {
            return -1;
        }
        BasicConstraints basicConstraints = BasicConstraints.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        if (!basicConstraints.getCA().isTrue()) {
            return -1;
        }
        DERInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
        if (pathLenConstraint == null) {
            return Integer.MAX_VALUE;
        }
        return pathLenConstraint.getValue().intValue();
    }

    public X509CRLDistributionPoints getCRLDistributionPoints() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.CRLDistributionPoints);
        if (extension == null) {
            return null;
        }
        return new X509CRLDistributionPoints(extension.getExtnValue().getOctets());
    }

    public X509CertificatePolicies getCertificatePolicies() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.CertificatePolicies);
        if (extension == null) {
            return null;
        }
        return new X509CertificatePolicies(extension.getExtnValue().getOctets());
    }

    public byte[] getEncoded() throws IOException {
        return this._cert.getEncoded();
    }

    public ArrayList getExtendedKeyUsage() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.ExtKeyUsage);
        if (extension == null) {
            return null;
        }
        ExtKeyUsageSyntax extKeyUsageSyntax = ExtKeyUsageSyntax.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < extKeyUsageSyntax.size(); i++) {
            arrayList.add(extKeyUsageSyntax.get(i).getId());
        }
        return arrayList;
    }

    public ArrayList getIssuerAlternativeNames() throws ParsingException, IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.IssuerAltName);
        if (extension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        GeneralNames generalNames = GeneralNames.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        for (int i = 0; i < generalNames.size(); i++) {
            arrayList.add(new X509GeneralName(generalNames.get(i)));
        }
        return arrayList;
    }

    public X500Principal getIssuerDN() throws IOException, ParsingException {
        return X500Principal.getInstance(this._cert.getTbsCertificate().getIssuer());
    }

    public boolean[] getKeyUsage() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.KeyUsage);
        if (extension == null) {
            return null;
        }
        boolean[] zArr = new boolean[9];
        byte[] bytes = KeyUsage.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject()).getBytes();
        if ((bytes[0] & 128) == 128) {
            zArr[0] = true;
        } else {
            zArr[0] = false;
        }
        byte b = bytes[0];
        if ((b & 64) == 64) {
            zArr[1] = true;
        } else {
            zArr[1] = false;
        }
        if ((b & 32) == 32) {
            zArr[2] = true;
        } else {
            zArr[2] = false;
        }
        if ((b & 16) == 16) {
            zArr[3] = true;
        } else {
            zArr[3] = false;
        }
        if ((b & 8) == 8) {
            zArr[4] = true;
        } else {
            zArr[4] = false;
        }
        if ((b & 4) == 4) {
            zArr[5] = true;
        } else {
            zArr[5] = false;
        }
        if ((b & 2) == 2) {
            zArr[6] = true;
        } else {
            zArr[6] = false;
        }
        if ((b & 1) == 1) {
            zArr[7] = true;
        } else {
            zArr[7] = false;
        }
        if (bytes.length == 1) {
            zArr[8] = false;
        } else if ((bytes[1] & 128) == 128) {
            zArr[8] = true;
        } else {
            zArr[8] = false;
        }
        return zArr;
    }

    public Date getNotAfter() throws ParseException {
        DEREncodable time = this._cert.getTbsCertificate().getValidity().getNotAfter().getTime();
        return time instanceof DERUTCTime ? DERUTCTime.getInstance(time).getAdjustedDate() : DERGeneralizedTime.getInstance(time).getDate();
    }

    public Date getNotBefore() throws ParseException {
        DEREncodable time = this._cert.getTbsCertificate().getValidity().getNotBefore().getTime();
        return time instanceof DERUTCTime ? DERUTCTime.getInstance(time).getAdjustedDate() : DERGeneralizedTime.getInstance(time).getDate();
    }

    public int[] getPolicyConstraints() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.PolicyConstraints);
        if (extension == null) {
            return null;
        }
        PolicyConstraints policyConstraints = PolicyConstraints.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        int[] iArr = new int[2];
        if (policyConstraints.getRequireExplicitPolicy() != null) {
            iArr[0] = policyConstraints.getRequireExplicitPolicy().getValue().intValue();
        } else {
            iArr[0] = -1;
        }
        if (policyConstraints.getInhibitPolicyMapping() != null) {
            iArr[1] = policyConstraints.getInhibitPolicyMapping().getValue().intValue();
        } else {
            iArr[1] = -1;
        }
        return iArr;
    }

    public PublicKey getPublicKey() throws IOException {
        return PublicKey.getInstance(this._cert.getTbsCertificate().getSubjectPublicKeyInfo().getDEREncoded());
    }

    public BigInteger getSerialNumber() {
        return this._cert.getTbsCertificate().getSerialNumber().getValue();
    }

    public String getSigAlgName() {
        return this._cert.getSignatureAlgorithm().getString();
    }

    public byte[] getSignature() {
        return this._cert.getSignatureValue().getBytes();
    }

    public ArrayList getSubjectAlternativeName() throws ParsingException, IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.SubjectAltName);
        if (extension == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        GeneralNames generalNames = GeneralNames.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        for (int i = 0; i < generalNames.size(); i++) {
            arrayList.add(new X509GeneralName(generalNames.get(i)));
        }
        return arrayList;
    }

    public X500Principal getSubjectDN() throws IOException, ParsingException {
        return X500Principal.getInstance(this._cert.getTbsCertificate().getSubject());
    }

    public byte[] getSubjectKeyIdentifier() throws IOException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.SubjectkeyIdentifier);
        if (extension == null) {
            return null;
        }
        return DEROctetString.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject()).getOctets();
    }

    public byte[] getTBSCertificate() {
        return this._cert.getTbsCertificate().getDEREncoded();
    }

    public int getVersion() {
        return this._cert.getTbsCertificate().getVersion().getValue().intValue() + 1;
    }

    public void verify(PublicKey publicKey) throws AlgorithmException, VerifyException, NoSuchAlgorithmException, IOException {
        LogUtil.append("   +- 전자서명 검증");
        String string = this._cert.getSignatureAlgorithm().getString();
        byte[] dEREncoded = this._cert.getTbsCertificate().getDEREncoded();
        byte[] bytes = this._cert.getSignatureValue().getBytes();
        LogUtil.append(new StringBuffer("    +- 서명 알고리즘 : ").append(string).toString());
        LogUtil.append(new StringBuffer("    +- 원본 (길이 : ").append(dEREncoded.length).append(MotionUtils.EASING_TYPE_FORMAT_END).toString());
        LogUtil.append("       ", dEREncoded);
        LogUtil.append(new StringBuffer("    +- 서명값 (길이 : ").append(bytes.length).append(MotionUtils.EASING_TYPE_FORMAT_END).toString());
        LogUtil.append("       ", bytes);
        Signature signature = Signature.getInstance(string);
        signature.initVerify(publicKey);
        signature.verify(dEREncoded, bytes);
    }

    public void verifyVID(String str, byte[] bArr) throws IOException, ParsingException, IdentifyException, AlgorithmException, NoSuchAlgorithmException {
        Extension extension = this._cert.getTbsCertificate().getExtensions().get(Extensions.SubjectAltName);
        if (extension == null) {
            throw new ParsingException(Resource.getErrMsg(Resource.ERR_SUB_ALT_NAME_NOT_EXIST));
        }
        GeneralNames generalNames = GeneralNames.getInstance(new ASN1InputStream(extension.getExtnValue().getOctets()).readObject());
        for (int i = 0; i < generalNames.size(); i++) {
            if (generalNames.get(i).getName() instanceof AnotherName) {
                AnotherName anotherName = AnotherName.getInstance(generalNames.get(i).getName());
                if (anotherName.getTypeId().getId().equals("1.2.410.200004.10.1.1")) {
                    ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(IdentifyData.getInstance(anotherName.getValue()).getUserInfo());
                    for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                        AttributeTypeAndValue attributeTypeAndValue = AttributeTypeAndValue.getInstance(aSN1Sequence.getObjectAt(i2));
                        if (attributeTypeAndValue.getType().getId().equals("1.2.410.200004.10.1.1.1")) {
                            VID vid = VID.getInstance(attributeTypeAndValue.getValue());
                            MessageDigest messageDigest = MessageDigest.getInstance(vid.getHashAlg().getString());
                            if (!MessageDigest.isEqual(vid.getVirtualID().getOctets(), messageDigest.digest(messageDigest.digest(new HashContent(str, bArr).getDEREncoded())))) {
                                throw new IdentifyException(Resource.getErrMsg(Resource.ERR_FAILED_IDENTIFY_USER));
                            }
                            return;
                        }
                    }
                    throw new ParsingException(Resource.getErrMsg(Resource.ERR_VID_NOT_EXIST));
                }
            }
        }
        throw new ParsingException(Resource.getErrMsg(Resource.ERR_IDENTIFY_DATA_NOT_EXIST));
    }
}
