package com.sg.openews.api.key.impl;

import com.dreamsecurity.dsdid.didprops.proof.ProofPurpose;
import com.gpki.gpkiapi.cert.X509Certificate;
import com.gpki.gpkiapi.crypto.PublicKey;
import com.gpki.gpkiapi.exception.GpkiApiException;
import com.kica.android.fido.uaf.auth.crypto.CryptoConst;
import com.kica.security.KICAProvider;
import com.kica.security.asn1.ASN1Object;
import com.kica.security.asn1.ASN1Sequence;
import com.kica.security.asn1.DERInteger;
import com.kica.security.asn1.DERObjectIdentifier;
import com.kica.security.asn1.x509.SubjectPublicKeyInfo;
import com.sg.openews.api.exception.SGCertificateException;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.SGCertificateExtension;
import com.sg.openews.api.stream.PEMOutputStream;
import com.sg.openews.common.util.Base64;
import com.sg.openews.common.util.StringUtils;
import com.sg.openews.common.util.TimeUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import java.util.StringTokenizer;

/* loaded from: classes3.dex */
public class GPKICertificate implements SGCertificate {
    public static final DERObjectIdentifier id_kcdsa = new DERObjectIdentifier("1.2.410.200004.1.21");
    protected X509Certificate gpkiCert = null;
    private java.security.cert.X509Certificate x509Cert = null;
    private byte[] encodedBytes = null;
    private SGCertificateExtension sgCertExtension = null;
    protected boolean mpki = false;

    public GPKICertificate(byte[] bArr) throws SGCertificateException {
        doDecode(bArr);
    }

    private void doDecode(byte[] bArr) throws SGCertificateException {
        if (isDER(bArr)) {
            this.encodedBytes = bArr;
        } else {
            this.encodedBytes = Base64.decode(StringUtils.substring(StringUtils.delCRLF(new String(bArr)), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----"));
        }
        try {
            this.gpkiCert = new X509Certificate(this.encodedBytes);
            this.x509Cert = (java.security.cert.X509Certificate) CertificateFactory.getInstance(CryptoConst.CERT_X509, KICAProvider.PROVIDER_NAME).generateCertificate(new ByteArrayInputStream(this.encodedBytes));
        } catch (NoSuchProviderException e6) {
            throw new SGCertificateException(e6);
        } catch (CertificateException e7) {
            throw new SGCertificateException(e7);
        } catch (GpkiApiException e8) {
            throw new SGCertificateException("sg.certificate.failCertificateDecoding", (Exception) e8);
        }
    }

    private boolean isDER(byte[] bArr) {
        byte[] bArr2 = new byte[27];
        System.arraycopy(bArr, 0, bArr2, 0, 27);
        return !StringUtils.equalsBinData(bArr2, "-----BEGIN CERTIFICATE-----".getBytes());
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean checkValidity() {
        Date date = new Date();
        try {
            if (date.after(this.gpkiCert.getNotAfter())) {
                return false;
            }
            return !date.before(this.gpkiCert.getNotBefore());
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    @Deprecated
    public byte[] getCertVID() throws SGCertificateException, IOException {
        return null;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    @Deprecated
    public byte[] getCertVirtualID() throws SGCertificateException, IOException {
        return null;
    }

    public X509Certificate getCertificateObject() {
        return this.gpkiCert;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public byte[] getEncoded() {
        return this.encodedBytes;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getEndDate() {
        try {
            return TimeUtil.getTime(this.gpkiCert.getNotAfter());
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public SGCertificateExtension getExtension() {
        if (this.sgCertExtension == null) {
            this.sgCertExtension = new GPKICertificateExtension(this.x509Cert);
        }
        return this.sgCertExtension;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getIssuerDN() {
        try {
            return this.gpkiCert.getIssuerDN();
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getKeyAlgorithm() {
        return getPublicKey().getKeyAlg();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean[] getKeyUsage() {
        try {
            boolean[] zArr = new boolean[8];
            StringTokenizer stringTokenizer = new StringTokenizer(this.gpkiCert.getKeyUsage(), ",");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (trim.equals("digitalSignature")) {
                    zArr[0] = true;
                } else if (trim.equals("nonRepudiation")) {
                    zArr[1] = true;
                } else if (trim.equals("keyEncipherment")) {
                    zArr[2] = true;
                } else if (trim.equals("dataEncipherment")) {
                    zArr[3] = true;
                } else if (trim.equals(ProofPurpose.KEY_AGREEMENT)) {
                    zArr[4] = true;
                } else if (trim.equals("keyCertSign")) {
                    zArr[5] = true;
                } else if (trim.equals("cRLSign")) {
                    zArr[6] = true;
                } else if (trim.equals("encipherOnly")) {
                    zArr[7] = true;
                } else if (trim.equals("decipherOnly")) {
                    zArr[8] = true;
                }
            }
            return zArr;
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    public String getPEMString(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PEMOutputStream pEMOutputStream = new PEMOutputStream(byteArrayOutputStream, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
        try {
            pEMOutputStream.write(bArr);
            pEMOutputStream.flush();
            return byteArrayOutputStream.toString();
        } catch (IOException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    public PublicKey getPublicKey() {
        try {
            return this.gpkiCert.getSubjectPublicKeyInfo();
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    public KeySpec getPublicKeySpec() throws SGCertificateException {
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Object.fromByteArray(getPublicKey().getKey()));
            if (!subjectPublicKeyInfo.getAlgorithmId().getObjectId().equals(id_kcdsa)) {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(subjectPublicKeyInfo.getPublicKey());
                return new RSAPublicKeySpec(DERInteger.getInstance(aSN1Sequence.getObjectAt(0)).getValue(), DERInteger.getInstance(aSN1Sequence.getObjectAt(1)).getValue());
            }
            ASN1Sequence aSN1Sequence2 = ASN1Sequence.getInstance(subjectPublicKeyInfo.getAlgorithmId().getParameters());
            return new DSAPublicKeySpec(DERInteger.getInstance(subjectPublicKeyInfo.getPublicKey()).getValue(), DERInteger.getInstance(aSN1Sequence2.getObjectAt(0)).getValue(), DERInteger.getInstance(aSN1Sequence2.getObjectAt(1)).getValue(), DERInteger.getInstance(aSN1Sequence2.getObjectAt(2)).getValue());
        } catch (IOException e6) {
            throw new SGCertificateException(e6);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSerialNumber() {
        try {
            return this.gpkiCert.getSerialNumber().toString();
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSigAlgName() {
        return this.x509Cert.getSigAlgName();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getStartDate() {
        try {
            return TimeUtil.getTime(this.gpkiCert.getNotBefore());
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getSubjectDN() {
        try {
            return this.gpkiCert.getSubjectDN();
        } catch (GpkiApiException e6) {
            throw new IllegalStateException(e6.getMessage());
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String getType() {
        return "GPKI";
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public int getVersion() {
        return this.x509Cert.getVersion();
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public java.security.cert.X509Certificate getX509Certificate() {
        return this.x509Cert;
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public String toString() {
        return getPEMString(this.encodedBytes);
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean validatePolicy(String str) throws SGCertificateException {
        try {
            return this.gpkiCert.getCertPolicy().equals(str);
        } catch (GpkiApiException e6) {
            throw new SGCertificateException((Exception) e6);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public boolean validatePolicy(String[] strArr) throws SGCertificateException {
        try {
            String certPolicy = this.gpkiCert.getCertPolicy();
            for (String str : strArr) {
                if (certPolicy.equals(str)) {
                    return true;
                }
            }
            return false;
        } catch (GpkiApiException e6) {
            throw new SGCertificateException((Exception) e6);
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, String str2) throws SGCertificateException {
        try {
            validateUser(str, Base64.decode(str2), null);
        } catch (Exception unused) {
            throw new SGCertificateException("Error_0031 : random값 Base64 디코딩에 실패했습니다.");
        }
    }

    @Override // com.sg.openews.api.key.SGCertificate
    public void validateUser(String str, byte[] bArr, String str2) throws SGCertificateException {
        try {
            this.gpkiCert.verifyVID(str, bArr);
        } catch (GpkiApiException e6) {
            throw new SGCertificateException((Exception) e6);
        }
    }
}
