package cn.esa.topesa;

import android.text.TextUtils;
import androidx.annotation.Keep;
import cn.a.a.a.h0;
import cn.a.a.a.j1;
import cn.a.a.a.n1;
import cn.a.a.a.r1;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.interfaces.DHKey;
import l1.z;

@Keep
/* loaded from: classes.dex */
public final class Certificate {
    private static final Map<String, String> _extendedKeyUsageMap;
    private static d keyMgr;
    private static f licMgr;
    private X509Certificate cert;

    static {
        HashMap hashMap = new HashMap();
        _extendedKeyUsageMap = hashMap;
        keyMgr = d.c();
        licMgr = f.a();
        hashMap.clear();
        hashMap.put(TCA.serverAuth, "serverAuth");
        hashMap.put(TCA.clientAuth, "clientAuth");
        hashMap.put(TCA.codeSigning, "codeSigning");
        hashMap.put(TCA.emailProtection, "emailProtection");
        hashMap.put(TCA.ipsecEndSystem, "ipsecEndSystem");
        hashMap.put(TCA.ipsecTunnel, "ipsecTunnel");
        hashMap.put(TCA.ipsecUser, "ipsecUser");
        hashMap.put(TCA.timeStamping, "timeStamping");
        hashMap.put(TCA.OCSPSigning, "OCSPSigning");
        hashMap.put(TCA.dvcs, "dvcs");
        hashMap.put(TCA.sbgpCertAAServerAuth, "sbgpCertAAServerAuth");
        hashMap.put(TCA.scvpResponder, "scvpResponder");
        hashMap.put(TCA.eapOverPPP, "eapOverPPP");
        hashMap.put(TCA.eapOverLAN, "eapOverLAN");
        hashMap.put(TCA.scvpServer, "scvpServer");
        hashMap.put(TCA.scvpClient, "scvpClient");
        hashMap.put(TCA.ipsecIKE, "ipsecIKE");
        hashMap.put(TCA.capwapAC, "capwapAC");
        hashMap.put(TCA.capwapWTP, "capwapWTP");
        hashMap.put(TCA.smartcardlogon, "smartcardlogon");
    }

    public Certificate(String str) throws CertApiException {
        init(n.o(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll("\r", "").replaceAll("\n", "")));
    }

    public Certificate(byte[] bArr) throws CertApiException {
        init(bArr);
    }

    private boolean checkHashAlg(String str) throws CertApiException {
        if (str.equalsIgnoreCase(TCA.SM3) && publicKeyAlg().equals("RSA")) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
        }
        if ((str.equalsIgnoreCase(TCA.SHA256) || str.equalsIgnoreCase(TCA.SHA1)) && publicKeyAlg().equals(TCA.SM2)) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
        }
        if (str.equals(TCA.SHA256)) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
        }
        return true;
    }

    private n1 convSymmAlg(String str) throws CertApiException {
        if (str.equalsIgnoreCase("AES")) {
            return cn.a.a.c.a.f2999e;
        }
        if (str.equalsIgnoreCase(TCA.SM4)) {
            return l1.d.f20627v;
        }
        if (!str.equalsIgnoreCase(TCA.DES) && !str.equalsIgnoreCase("3DES")) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
        }
        return cn.a.a.c.a.f2995a;
    }

    private String[] crlUrls() throws CertApiException {
        byte[] extensionValue = this.cert.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return new String[0];
        }
        try {
            i0.c h9 = i0.c.h(r1.n(((h0) new j1(extensionValue).m()).m()));
            if (h9 == null) {
                return null;
            }
            i0.h[] i9 = h9.i();
            if (i9.length == 0) {
                return new String[0];
            }
            ArrayList arrayList = new ArrayList();
            for (i0.h hVar : i9) {
                i0.i j9 = hVar.j();
                if (j9.k() == 0) {
                    i0.j[] j10 = i0.k.i(j9.l()).j();
                    if (j10.length == 0) {
                        return new String[0];
                    }
                    for (i0.j jVar : j10) {
                        if (jVar.i() == 6) {
                            arrayList.add(jVar.j().toString());
                        }
                    }
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (IOException e9) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e9);
        }
    }

    private int doKeyUsage() {
        boolean[] keyUsage = this.cert.getKeyUsage();
        if (keyUsage == null) {
            return 0;
        }
        int length = keyUsage.length;
        boolean[] zArr = new boolean[length];
        for (int i9 = 0; i9 < keyUsage.length; i9++) {
            zArr[i9] = keyUsage[(keyUsage.length - i9) - 1];
        }
        int i10 = 0;
        for (int i11 = 0; i11 < length; i11++) {
            if (zArr[i11]) {
                int i12 = i11 - 1;
                if (i12 < 0) {
                    i12 = 0;
                }
                i10 |= 1 << i12;
            }
        }
        return i10;
    }

    private byte[] doSign(byte[] bArr, String str, d1.b bVar, boolean z8, boolean z9, boolean z10) throws CertApiException {
        ArrayList arrayList;
        try {
            z g9 = n.g(this.cert, bVar, str, z10);
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(g9);
            if (z8) {
                arrayList = new ArrayList();
                arrayList.add(new k0.b(this.cert.getEncoded()));
            } else {
                arrayList = null;
            }
            return n.f(bArr, arrayList2, arrayList, null, z9).d().e("DER");
        } catch (cn.a.a.c.e e9) {
            throw new CertApiException(TCAErrCode.ERR_GENERATE_ENVELOPDATA, e9);
        } catch (cn.a.a.g.h e10) {
            throw new CertApiException(TCAErrCode.ERR_OPERATORCREATION, e10);
        } catch (IOException e11) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e11);
        } catch (RuntimeException e12) {
            throw new CertApiException(Integer.parseInt(e12.getMessage()));
        } catch (CertificateEncodingException e13) {
            throw new CertApiException(TCAErrCode.ERR_CERT_ENCODING, e13);
        }
    }

    private void init(byte[] bArr) throws CertApiException {
        X509Certificate e9 = n.e(bArr);
        this.cert = e9;
        if (!licMgr.d(e9)) {
            throw new CertApiException(TCAErrCode.ERR_CERT_UNLIC);
        }
    }

    public void changePin(String str, String str2) throws CertApiException {
        h hVar = (h) keyMgr.e(this.cert);
        if (l.f(this.cert, str)) {
            if (!hVar.a(str)) {
                throw new CertApiException(TCAErrCode.ERR_NEED_VERIFY_PIN);
            }
            l.c(this.cert, str);
        }
        try {
            hVar.a(n.k(n.p(str.getBytes("utf-8"))), n.k(n.p(str2.getBytes("utf-8"))));
            l.c(this.cert, str2);
        } catch (Exception e9) {
            e9.printStackTrace();
        }
    }

    public String crlUrl() throws CertApiException {
        String[] crlUrls = crlUrls();
        if (crlUrls == null || crlUrls.length == 0) {
            return null;
        }
        return crlUrls[0];
    }

    public byte[] decryptRaw(byte[] bArr) throws CertApiException {
        return ((h) keyMgr.e(this.cert)).a(bArr);
    }

    public void delete() throws CertApiException {
        ((h) keyMgr.e(this.cert)).c();
    }

    public byte[] encryptP7(byte[] bArr) throws CertApiException {
        return encryptP7(bArr, publicKeyAlg().equalsIgnoreCase(TCA.SM2) ? TCA.SM4 : "3DES");
    }

    public byte[] encryptP7(byte[] bArr, String str) throws CertApiException {
        if (str.equalsIgnoreCase(TCA.SM1)) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_ALGPARAMET);
        }
        try {
            return l1.i.a(bArr, this.cert, v1.a.b(convSymmAlg(str)), false).b().f();
        } catch (cn.a.a.c.e e9) {
            throw new CertApiException(TCAErrCode.ERR_GENERATE_ENVELOPDATA, e9);
        } catch (CertificateEncodingException e10) {
            throw new CertApiException(TCAErrCode.ERR_CERT_ENCODING, e10);
        }
    }

    public byte[] encryptRaw(byte[] bArr) throws CertApiException {
        if (publicKeyAlg().equalsIgnoreCase("RSA") && bArr.length > (publicKeySize() / 8) - 11) {
            throw new CertApiException(TCAErrCode.ERR_PLAIN_RUNAWAY);
        }
        cn.b.c.d.a m9 = this.cert.getPublicKey().getAlgorithm().equalsIgnoreCase("RSA") ? n.m() : n.j();
        try {
            m9.c(1, this.cert.getPublicKey());
            return m9.f(bArr);
        } catch (InvalidKeyException e9) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e9);
        } catch (BadPaddingException e10) {
            throw new CertApiException(TCAErrCode.ERR_BAD_PADDING, e10);
        } catch (IllegalBlockSizeException e11) {
            throw new CertApiException(TCAErrCode.ERR_ILLEGAL_BLOCK, e11);
        }
    }

    public String[] extededKeyUsage() throws CertApiException {
        try {
            List<String> extendedKeyUsage = this.cert.getExtendedKeyUsage();
            if (extendedKeyUsage != null && extendedKeyUsage.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (String str : extendedKeyUsage) {
                    Map<String, String> map = _extendedKeyUsageMap;
                    if (map.get(str) != null) {
                        arrayList.add(map.get(str));
                    }
                }
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            return new String[0];
        } catch (CertificateParsingException e9) {
            throw new CertApiException(TCAErrCode.ERR_CERT_PARSINGERR, e9);
        }
    }

    public String issuer() {
        return this.cert.getIssuerDN().toString();
    }

    public String[] keyUsage() {
        int doKeyUsage = doKeyUsage();
        if (doKeyUsage == 0) {
            return new String[0];
        }
        ArrayList arrayList = new ArrayList();
        if ((doKeyUsage & 128) != 0) {
            arrayList.add("digitalSignature");
        }
        int i9 = doKeyUsage & 64;
        if (i9 != 0) {
            arrayList.add("nonRepudiation");
        }
        if ((doKeyUsage & 32) != 0) {
            arrayList.add("keyEncipherment");
        }
        if ((doKeyUsage & 16) != 0) {
            arrayList.add("dataEncipherment");
        }
        if ((doKeyUsage & 8) != 0) {
            arrayList.add("keyAgreement");
        }
        if ((doKeyUsage & 4) != 0) {
            arrayList.add("keyCertSign");
        }
        if ((doKeyUsage & 2) != 0) {
            arrayList.add("cRLSign");
        }
        if ((doKeyUsage & 1) != 0) {
            arrayList.add("encipherOnly");
        }
        if ((doKeyUsage & 32768) != 0) {
            arrayList.add("decipherOnly");
        }
        if (i9 != 0) {
            arrayList.add("contentCommitment");
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public Date notAfter() {
        return this.cert.getNotAfter();
    }

    public Date notBefore() {
        return this.cert.getNotBefore();
    }

    public String publicKeyAlg() {
        return this.cert.getPublicKey().getAlgorithm();
    }

    public int publicKeySize() {
        PublicKey publicKey = this.cert.getPublicKey();
        return publicKey instanceof RSAKey ? ((RSAKey) publicKey).getModulus().bitLength() : publicKey instanceof DSAKey ? ((DSAKey) publicKey).getParams().getP().bitLength() : publicKey instanceof DHKey ? ((DHKey) publicKey).getParams().getP().bitLength() : TCA.SM2.equals(publicKey.getAlgorithm()) ? 256 : -1;
    }

    public String serialNumber() {
        return g1.d.d(this.cert.getSerialNumber().toByteArray()).toUpperCase();
    }

    public String signAlg() {
        return this.cert.getSigAlgName();
    }

    public String signLogondata(String str) throws CertApiException {
        try {
            return n.n(signP7(("LOGONDATA:" + str).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e9) {
            throw new CertApiException(TCAErrCode.ERR_STR_ENCODING, e9);
        }
    }

    public byte[] signP7(byte[] bArr) throws CertApiException {
        return signP7(bArr, true);
    }

    public byte[] signP7(byte[] bArr, boolean z8) throws CertApiException {
        return signP7(bArr, z8, publicKeyAlg().equalsIgnoreCase("RSA") ? TCA.SHA1 : TCA.SM3);
    }

    public byte[] signP7(byte[] bArr, boolean z8, String str) throws CertApiException {
        checkHashAlg(str);
        return doSign(bArr, str, new g((h) keyMgr.e(this.cert), str), true, z8, !a.a().h("signQ7") ? false : publicKeyAlg().equalsIgnoreCase(TCA.SM2));
    }

    public byte[] signRaw(byte[] bArr) throws CertApiException {
        return signRaw(bArr, publicKeyAlg().equalsIgnoreCase("RSA") ? TCA.SHA1 : TCA.SM3);
    }

    public byte[] signRaw(byte[] bArr, String str) throws CertApiException {
        if (TextUtils.isEmpty(str) || bArr == null) {
            throw new CertApiException(TCAErrCode.ERR_PARAMETER);
        }
        checkHashAlg(str);
        g gVar = new g((h) keyMgr.e(this.cert), str);
        try {
            gVar.b().write(bArr);
            return gVar.c();
        } catch (IOException e9) {
            throw new CertApiException(TCAErrCode.ERR_STREAM, e9);
        } catch (RuntimeException e10) {
            throw new CertApiException(Integer.parseInt(e10.getMessage()));
        }
    }

    public String subject() {
        return this.cert.getSubjectDN().toString();
    }

    public String toBase64() throws CertApiException {
        try {
            return n.n(this.cert.getEncoded());
        } catch (CertificateEncodingException e9) {
            throw new CertApiException(TCAErrCode.ERR_ENCODECERT, e9);
        }
    }

    public boolean verify() throws CertApiException {
        return verify(new Date());
    }

    public boolean verify(Date date) throws CertApiException {
        try {
            this.cert.checkValidity(date);
            return true;
        } catch (CertificateExpiredException e9) {
            throw new CertApiException(TCAErrCode.ERR_CERT_EXCEPTION, e9);
        } catch (CertificateNotYetValidException e10) {
            throw new CertApiException(TCAErrCode.ERR_CERT_NOTYETVALID, e10);
        }
    }

    public boolean verifyPin(String str) throws CertApiException {
        if (!l.f(this.cert, str)) {
            return true;
        }
        boolean a9 = ((h) keyMgr.e(this.cert)).a(str);
        if (a9) {
            l.c(this.cert, str);
        }
        return a9;
    }

    public boolean verifyRaw(byte[] bArr, byte[] bArr2) throws CertApiException {
        if (bArr == null || bArr2 == null) {
            throw new CertApiException(TCAErrCode.ERR_PARAMETER);
        }
        return verifyRaw(bArr, bArr2, publicKeyAlg().equalsIgnoreCase("RSA") ? TCA.SHA1 : TCA.SM3);
    }

    public boolean verifyRaw(byte[] bArr, byte[] bArr2, String str) throws CertApiException {
        if (bArr == null || bArr2 == null || TextUtils.isEmpty(str)) {
            throw new CertApiException(TCAErrCode.ERR_PARAMETER);
        }
        checkHashAlg(str);
        PublicKey publicKey = this.cert.getPublicKey();
        try {
            if (publicKeyAlg().equals(TCA.SM2)) {
                cn.b.c.d.o a9 = n.a();
                a9.c(publicKey);
                return a9.e(bArr, bArr2);
            }
            cn.a.a.e.b.l i9 = n.i(str);
            i9.b(publicKey);
            return i9.c(bArr, bArr2);
        } catch (InvalidKeyException e9) {
            throw new CertApiException(TCAErrCode.ERR_INVALID_KEY, e9);
        } catch (SignatureException e10) {
            throw new CertApiException(TCAErrCode.ERR_CERT_SIGNATRUE, e10);
        }
    }
}
