package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCSObjectIdentifiers;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.algorithm.common.X9ObjectIdentifiers;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.org.bouncycastle.asn1.ASN1InputStream;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1Object;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.sadk.org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.BasicConstraints;
import cfca.sadk.org.bouncycastle.asn1.x509.CRLDistPoint;
import cfca.sadk.org.bouncycastle.asn1.x509.Certificate;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.Extensions;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.X509Extension;
import cfca.sadk.org.bouncycastle.crypto.params.RSAKeyParameters;
import cfca.sadk.org.bouncycastle.crypto.util.PublicKeyFactory;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
import cfca.sadk.signature.rsa.RSASignUtil;
import cfca.sadk.signature.sm2.SM2SignUtil;
import cfca.sadk.system.global.HexCharacter;
import cfca.sadk.util.Base64;
import cfca.sadk.util.KeyUtil;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Date;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509Cert.class */
public class X509Cert {
    protected Certificate cert;
    private final String head = "-----BEGIN CERTIFICATE-----";
    private final String end = "-----END CERTIFICATE-----";
    private Extensions extensions = null;

    public X509Cert(byte[] bArr) throws PKIException {
        initCert(parseCertData(bArr));
    }

    public X509Cert(InputStream inputStream) throws PKIException {
        try {
            try {
                int available = inputStream.available();
                byte[] bArr = new byte[available];
                int read = inputStream.read(bArr);
                while (read < available) {
                    byte[] bArr2 = new byte[available - read];
                    int read2 = inputStream.read(bArr2);
                    System.arraycopy(bArr2, 0, bArr, read, read2);
                    read += read2;
                }
                initCert(parseCertData(bArr));
            } catch (IOException e) {
                throw new PKIException(PKIException.INIT_CERT, PKIException.INIT_CERT_DES, e);
            }
        } finally {
            try {
                inputStream.close();
            } catch (IOException e2) {
                e2.printStackTrace();
            }
        }
    }

    public X509Cert(String str) throws PKIException {
        byte[] bArr = null;
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                int available = fileInputStream.available();
                bArr = new byte[available];
                int read = fileInputStream.read(bArr);
                while (read < available) {
                    byte[] bArr2 = new byte[available - read];
                    int read2 = fileInputStream.read(bArr2);
                    System.arraycopy(bArr2, 0, bArr, read, read2);
                    read += read2;
                }
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            } catch (FileNotFoundException e2) {
                e2.printStackTrace();
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    e3.printStackTrace();
                }
            } catch (IOException e4) {
                throw new PKIException(PKIException.INIT_CERT, PKIException.INIT_CERT_DES, e4);
            }
            initCert(parseCertData(bArr));
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (IOException e5) {
                e5.printStackTrace();
            }
            throw th;
        }
    }

    public X509Cert(Certificate certificate) {
        this.cert = certificate;
    }

    private byte[] parseCertData(byte[] bArr) throws PKIException {
        try {
            int length = "-----BEGIN CERTIFICATE-----".length();
            int length2 = "-----END CERTIFICATE-----".length();
            byte[] bArr2 = new byte[length];
            byte[] bArr3 = new byte[length2];
            System.arraycopy(bArr, 0, bArr2, 0, length);
            boolean equals = Arrays.equals(bArr2, "-----BEGIN CERTIFICATE-----".getBytes());
            if (equals) {
                bArr = ASN1Parser.deleteCRLF(bArr);
            }
            int length3 = bArr.length;
            System.arraycopy(bArr, length3 - length2, bArr3, 0, length2);
            boolean equals2 = Arrays.equals(bArr3, "-----END CERTIFICATE-----".getBytes());
            if (!equals && !equals2) {
                return ASN1Parser.isBase64Compatability(bArr) ? Base64.decode(bArr) : bArr;
            }
            if (equals && equals2) {
                byte[] bArr4 = new byte[length3 - length];
                System.arraycopy(bArr, length, bArr4, 0, bArr4.length);
                byte[] bArr5 = new byte[bArr4.length - length2];
                System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
                return ASN1Parser.isBase64Compatability(bArr5) ? Base64.decode(bArr5) : bArr5;
            }
            if (!equals && equals2) {
                byte[] bArr6 = new byte[length3 - length2];
                System.arraycopy(bArr, 0, bArr6, 0, bArr6.length);
                return ASN1Parser.isBase64Compatability(bArr6) ? Base64.decode(bArr6) : bArr6;
            }
            if (!equals || equals2) {
                return bArr;
            }
            byte[] bArr7 = new byte[length3 - length];
            System.arraycopy(bArr, length, bArr7, 0, bArr7.length);
            return ASN1Parser.isBase64Compatability(bArr7) ? Base64.decode(bArr7) : bArr7;
        } catch (Exception e) {
            throw new PKIException(PKIException.INIT_CERT, PKIException.INIT_CERT_DES, e);
        }
    }

    private void initCert(byte[] bArr) throws PKIException {
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                this.cert = Certificate.getInstance((ASN1Sequence) aSN1InputStream.readObject());
                if (aSN1InputStream != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (IOException e) {
                        throw new PKIException(e.getMessage());
                    }
                }
            } catch (Exception e2) {
                throw new PKIException(PKIException.INIT_CERT, PKIException.INIT_CERT_DES, e2);
            } catch (Throwable th) {
                throw new PKIException(PKIException.INIT_CERT, PKIException.INIT_CERT_DES);
            }
        } catch (Throwable th2) {
            if (aSN1InputStream != null) {
                try {
                    aSN1InputStream.close();
                } catch (IOException e3) {
                    throw new PKIException(e3.getMessage());
                }
            }
            throw th2;
        }
    }

    public Certificate getCertStructure() {
        return this.cert;
    }

    public byte[] getEncoded() throws PKIException {
        try {
            return ASN1Parser.parseDERObj2Bytes(this.cert);
        } catch (Exception e) {
            throw new PKIException(PKIException.ENCODED_CERT, PKIException.ENCODED_CERT_DES, e);
        }
    }

    public ASN1Integer getVersion() {
        return this.cert.getVersion();
    }

    public String getIssuer() {
        return new X500Name(CFCAStyle.INSTANCE, this.cert.getIssuer()).toString();
    }

    public String getIssuer(X500NameStyle x500NameStyle) {
        return new X500Name(x500NameStyle, this.cert.getIssuer()).toString();
    }

    public X500Name getIssuerX500Name() {
        return this.cert.getIssuer();
    }

    public String getSubject() {
        return new X500Name(CFCAStyle.INSTANCE, this.cert.getSubject()).toString();
    }

    public String getSubject(X500NameStyle x500NameStyle) {
        return new X500Name(x500NameStyle, this.cert.getSubject()).toString();
    }

    public X500Name getSubjectX500Name() {
        return this.cert.getSubject();
    }

    public Date getNotBefore() {
        return this.cert.getStartDate().getDate();
    }

    public Date getNotAfter() {
        return this.cert.getEndDate().getDate();
    }

    public BigInteger getSerialNumber() {
        return this.cert.getSerialNumber().getPositiveValue();
    }

    public String getStringSerialNumber() {
        byte[] byteArray = this.cert.getSerialNumber().getPositiveValue().toByteArray();
        if (byteArray == null) {
            return "";
        }
        int length = byteArray.length;
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i != length; i++) {
            int i2 = byteArray[i] & 255;
            stringBuffer.append(HexCharacter.DIGITS.charAt(i2 >>> 4));
            stringBuffer.append(HexCharacter.DIGITS.charAt(i2 & 15));
        }
        return stringBuffer.toString();
    }

    public String getSignatureAlgName() {
        ASN1ObjectIdentifier algorithm = this.cert.getSignatureAlgorithm().getAlgorithm();
        return !Mechanism.OIDALGMap.containsKey(algorithm) ? getSignatureAlgOID() : (String) Mechanism.OIDALGMap.get(algorithm);
    }

    private String getSignatureAlgOID() {
        return this.cert.getSignatureAlgorithm().getAlgorithm().getId();
    }

    public PublicKey getPublicKey() throws PKIException {
        PublicKey rSAPublicKey;
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.cert.getSubjectPublicKeyInfo();
        if (X9ObjectIdentifiers.sm3WithSM2Encryption.equals(this.cert.getSignatureAlgorithm().getAlgorithm())) {
            rSAPublicKey = getSM2PublicKey(subjectPublicKeyInfo);
        } else {
            if (!PKCSObjectIdentifiers.rsaEncryption.toString().equals(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().toString())) {
                throw new PKIException(PKIException.SPKI_KEY, PKIException.SPKI_KEY_DES);
            }
            rSAPublicKey = getRSAPublicKey(subjectPublicKeyInfo);
        }
        return rSAPublicKey;
    }

    private PublicKey getRSAPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws PKIException {
        try {
            return new BCRSAPublicKey((RSAKeyParameters) PublicKeyFactory.createKey(subjectPublicKeyInfo));
        } catch (Exception e) {
            throw new PKIException(PKIException.SPKI_KEY, PKIException.SPKI_KEY_DES, e);
        }
    }

    private PublicKey getSM2PublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) throws PKIException {
        byte[] bytes = subjectPublicKeyInfo.getPublicKeyData().getBytes();
        if (bytes.length != 65) {
            throw new PKIException(PKIException.SPKI_KEY, PKIException.SPKI_KEY_DES);
        }
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[32];
        System.arraycopy(bytes, 1, bArr, 0, 32);
        System.arraycopy(bytes, 33, bArr2, 0, 32);
        return KeyUtil.getSM2PublicKey(bArr, bArr2);
    }

    public boolean verify(PublicKey publicKey) throws PKIException {
        String str;
        ASN1ObjectIdentifier algorithm = this.cert.getSignatureAlgorithm().getAlgorithm();
        if (algorithm.equals(X9ObjectIdentifiers.sm3WithSM2Encryption)) {
            return SM2SignUtil.verify(getTBSCertificate(), null, getSignature(), publicKey);
        }
        if (algorithm.equals(PKCSObjectIdentifiers.md5WithRSAEncryption)) {
            str = Mechanism.MD5;
        } else if (algorithm.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
            str = Mechanism.SHA1;
        } else if (algorithm.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
            str = Mechanism.SHA256;
        } else {
            if (!algorithm.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, new StringBuffer().append(PKIException.NONSUPPORT_SIGALG_DES).append(":").append(algorithm.getId()).toString());
            }
            str = Mechanism.SHA512;
        }
        return RSASignUtil.verifySign(str, publicKey, getTBSCertificate(), getSignature());
    }

    public byte[] getPublicKeyData() throws PKIException {
        return this.cert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    }

    public byte[] getTBSCertificate() throws PKIException {
        try {
            return ASN1Parser.parseDERObj2Bytes(this.cert.getTBSCertificate().toASN1Primitive());
        } catch (Exception e) {
            throw new PKIException(PKIException.TBSCERT_BYTES, PKIException.TBSCERT_BYTES_DES, e);
        }
    }

    public byte[] getSignature() {
        return this.cert.getSignatureAlgorithm().getAlgorithm().equals(X9ObjectIdentifiers.sm3WithSM2Encryption) ? this.cert.getSignature().getBytes() : this.cert.getSignature().getBytes();
    }

    public SubjectKeyIdentifier getSubjectKeyIdentifier() throws PKIException {
        try {
            ASN1Object extensionData = getExtensionData(Extension.subjectKeyIdentifier);
            if (extensionData == null) {
                return null;
            }
            return SubjectKeyIdentifier.getInstance(extensionData);
        } catch (Exception e) {
            throw new PKIException(PKIException.CONSTRUCT_SUBJECT_KEY_IDENTIFIER_ERR, PKIException.CONSTRUCT_SUBJECT_KEY_IDENTIFIER_ERR_DES, e);
        }
    }

    public AuthorityKeyIdentifier getAuthorityKeyIdentifier() throws PKIException {
        try {
            ASN1Object extensionData = getExtensionData(Extension.authorityKeyIdentifier);
            if (extensionData == null) {
                return null;
            }
            return AuthorityKeyIdentifier.getInstance((ASN1Sequence) extensionData);
        } catch (Exception e) {
            throw new PKIException(PKIException.CONSTRUCT_AUTHORITY_KEY_IDENTIFIER_ERR, PKIException.CONSTRUCT_AUTHORITY_KEY_IDENTIFIER_ERR_DES, e);
        }
    }

    public ASN1Object getExtensionData(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
        return ASN1Parser.parseBytes2DERObj(getExtensionByteData(aSN1ObjectIdentifier));
    }

    public Extensions getExtensionsData() {
        return this.cert.getTBSCertificate().getExtensions();
    }

    public byte[] getExtensionByteData(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
        Extension extension;
        this.extensions = this.cert.getTBSCertificate().getExtensions();
        if (this.extensions == null || (extension = this.extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return extension.getExtnValue().getOctets();
    }

    public CRLDistPoint getCRLDistributionPoints() throws PKIException {
        try {
            ASN1Object extensionData = getExtensionData(X509Extension.cRLDistributionPoints);
            if (extensionData == null) {
                return null;
            }
            return CRLDistPoint.getInstance((ASN1Sequence) extensionData);
        } catch (Exception e) {
            throw new PKIException(PKIException.CONSTRUCT_CRL_DIST_POINT_ERR, PKIException.CONSTRUCT_CRL_DIST_POINT_ERR_DES, e);
        }
    }

    private byte[] getSM2Signature() {
        byte[] bytes = this.cert.getSignature().getBytes();
        byte[] bArr = new byte[64];
        int i = 0;
        while (i < bytes.length && bytes[i] != 2) {
            i++;
        }
        if (i == bytes.length) {
            return null;
        }
        int i2 = i + 1;
        try {
            byte b = bytes[i2];
            if (b == 32) {
                System.arraycopy(bytes, i2 + 1, bArr, 0, 32);
                i2 += 32;
            } else if (b == 33) {
                System.arraycopy(bytes, i2 + 2, bArr, 0, 32);
                i2 += 33;
            }
            byte b2 = bytes[i2 + 2];
            if (b2 == 32) {
                System.arraycopy(bytes, i2 + 3, bArr, 32, 32);
            } else if (b2 == 33) {
                System.arraycopy(bytes, i2 + 4, bArr, 32, 32);
            }
            return bArr;
        } catch (Exception e) {
            return null;
        }
    }

    public BasicConstraints getBasicConstraints() throws PKIException {
        try {
            ASN1Object extensionData = getExtensionData(X509Extension.basicConstraints);
            if (extensionData == null) {
                return null;
            }
            return BasicConstraints.getInstance((ASN1Sequence) extensionData);
        } catch (Exception e) {
            throw new PKIException(PKIException.CONSTRUCT_BASIC_CONSTRAINTS_ERR, PKIException.CONSTRUCT_BASIC_CONSTRAINTS_ERR_DES, e);
        }
    }
}
