package cn.signit.pkcs.cert;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.bouncycastle.operator.ContentSigner;

/* loaded from: classes.dex */
public class X509CertSigner extends X509Signer {
    private X509Certificate[] certificatesChain;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private X509Certificate signCert;
    private ContentSigner signer;

    public X509CertSigner(String str) {
        super(str);
    }

    public X509CertSigner(String str, String str2) {
        super(str, str2);
    }

    public X509CertSigner(String str, String str2, SecureRandom secureRandom) {
        super(str, str2, secureRandom);
    }

    private String initCert(KeyStore keyStore) throws GeneralSecurityException, IOException {
        Enumeration<String> aliases = keyStore.aliases();
        String str = null;
        if (aliases != null) {
            while (aliases.hasMoreElements()) {
                str = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                if (certificateChain != null && certificateChain.length != 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                    if (matchUsage(x509Certificate.getKeyUsage(), 1)) {
                        try {
                            x509Certificate.checkValidity();
                            break;
                        } catch (CertificateException e) {
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
        if (str == null) {
            throw new GeneralSecurityException("None certificate for sign in this keystore");
        }
        X509Certificate[] x509CertificateArr = null;
        if (keyStore.isKeyEntry(str)) {
            Certificate[] certificateChain2 = keyStore.getCertificateChain(str);
            for (int i = 0; i < certificateChain2.length; i++) {
                if (!(certificateChain2[i] instanceof X509Certificate)) {
                    throw new GeneralSecurityException("Certificate[" + i + "] in chain '" + str + "' is not a X509Certificate.");
                }
            }
            x509CertificateArr = new X509Certificate[certificateChain2.length];
            for (int i2 = 0; i2 < certificateChain2.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateChain2[i2];
            }
        } else {
            if (!keyStore.isCertificateEntry(str)) {
                throw new GeneralSecurityException(str + " is unknown to this keystore");
            }
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate instanceof X509Certificate) {
                x509CertificateArr = new X509Certificate[]{(X509Certificate) certificate};
            }
        }
        this.certificatesChain = x509CertificateArr;
        return str;
    }

    private static boolean matchUsage(boolean[] zArr, int i) {
        if (i == 0 || zArr == null) {
            return true;
        }
        for (int i2 = 0; i2 < Math.min(zArr.length, 32); i2++) {
            if (((1 << i2) & i) != 0 && !zArr[i2]) {
                return false;
            }
        }
        return true;
    }

    public X509Certificate[] getCertificatesChain() {
        return this.certificatesChain;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X509Certificate getSignCert() {
        return this.signCert;
    }

    public ContentSigner getSigner() {
        return this.signer;
    }

    public X509CertSigner load(KeyStore keyStore, String str) throws Exception {
        String initCert = initCert(keyStore);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(initCert, str.toCharArray());
        this.privateKey = privateKey;
        this.publicKey = keyStore.getCertificate(initCert).getPublicKey();
        this.signCert = (X509Certificate) keyStore.getCertificate(initCert);
        if (privateKey == null) {
            throw new GeneralSecurityException(initCert + " could not be accessed");
        }
        this.signer = getSigner(privateKey);
        return this;
    }
}
