package net.netca.pki;

import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import org.apache.http.protocol.HTTP;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/NetcaJCrypto.jar1111:net/netca/pki/Certificate.class
 */
/* loaded from: input_file:lib/algo_net.jar:lib/NetcaJCrypto.jar1111:net/netca/pki/Certificate.class */
public class Certificate implements Cloneable {
    long hCert;
    private byte[] der;
    private String pem;
    private int version;
    private int ku;
    private Date revtime;
    private int reason;
    private byte[] revtimevalue;
    public static final int ATTRIBUTE_VERSION = 2;
    public static final int ATTRIBUTE_SIGNALGO = 3;
    public static final int ATTRIBUTE_PUBKEYALGO = 4;
    public static final int ATTRIBUTE_PUBKEYBITS = 5;
    public static final int ATTRIBUTE_KEYUSAGE = 6;
    public static final int ATTRIBUTE_HAS_PRIVKEY = 7;
    public static final int ATTRIBUTE_ISSUER = 8;
    public static final int ATTRIBUTE_ISSUER_DISPLAY_NAME = 9;
    public static final int ATTRIBUTE_ISSUER_C = 10;
    public static final int ATTRIBUTE_ISSUER_O = 11;
    public static final int ATTRIBUTE_ISSUER_OU = 12;
    public static final int ATTRIBUTE_ISSUER_CN = 13;
    public static final int ATTRIBUTE_ISSUER_EMAIL = 14;
    public static final int ATTRIBUTE_SUBJECT = 15;
    public static final int ATTRIBUTE_SUBJECT_DISPLAY_NAME = 16;
    public static final int ATTRIBUTE_SUBJECT_C = 17;
    public static final int ATTRIBUTE_SUBJECT_O = 18;
    public static final int ATTRIBUTE_SUBJECT_OU = 19;
    public static final int ATTRIBUTE_SUBJECT_CN = 20;
    public static final int ATTRIBUTE_SUBJECT_EMAIL = 21;
    public static final int ATTRIBUTE_EX_FRIENDLY_NAME = 22;
    public static final int ATTRIBUTE_EX_NAME = 23;
    public static final int ATTRIBUTE_EX_ORGANIZATION = 24;
    public static final int ATTRIBUTE_EX_DEPARTMENT = 25;
    public static final int ATTRIBUTE_EX_EMAIL = 26;
    public static final int ATTRIBUTE_GET_KEYPAIR_HADNLE_NEED_PWD = 27;
    public static final int ATTRIBUTE_PREVCERT_THUMBPRINT = 29;
    public static final int ATTRIBUTE_VALIDITY_START = 30;
    public static final int ATTRIBUTE_VALIDITY_END = 31;
    public static final int ATTRIBUTE_SN_DEC = 32;
    public static final int ATTRIBUTE_SN_HEX = 33;
    public static final int ATTRIBUTE_IN_VALIDITY = 34;
    public static final int ATTRIBUTE_PRIVATE_ISCSP = 35;
    public static final int ATTRIBUTE_UPN = 36;
    public static final int ATTRIBUTE_ISSUER_ST = 37;
    public static final int ATTRIBUTE_ISSUER_L = 38;
    public static final int ATTRIBUTE_SUBJECT_ST = 39;
    public static final int ATTRIBUTE_SUBJECT_L = 40;
    public static final int ATTRIBUTE_EX_DEVICE_TYPE = 41;
    public static final int ATTRIBUTE_EX_DEVICE_SN = 42;
    public static final int ATTRIBUTE_PUBKEY_ECCCURVE = 43;
    public static final int PURPOSE_ENCRYPT = 1;
    public static final int PURPOSE_SIGN = 2;
    public static final int PURPOSE_KEYAGREEMENT = 4;
    public static final int PURPOSE_VERIFY_OLD_DATA = 268435458;
    public static final int CERT_VERSION_V1 = 0;
    public static final int CERT_VERSION_V2 = 1;
    public static final int CERT_VERSION_V3 = 2;
    public static final int SEARCH_KEYPAIR_FLAG_DEVICE = 268435456;
    public static final int SEARCH_KEYPAIR_FLAG_LOCAL_MACHINE = 536870912;
    public static final int SEARCH_KEYPAIR_FLAG_CURRENT_USER = 1073741824;
    public static final int CERT_STATUS_UNREVOKED = 1;
    public static final int STATUS_UNDETERMINED = -1;
    public static final int STATUS_STATUS_REVOKED = 0;
    public static final int STATUS_VERIFY_FLAG_VERIFY_REVOKE = 1;
    public static final int STATUS_VERIFY_FLAG_ONLINE = 2;
    public static final int STATUS_VERIFY_FLAG_VERIFY_CACERT_REVOKE = 4;
    public static final int STATUS_VERIFY_FLAG_VERIFY_OCSP = 16;
    public static final int STATUS_VERIFY_FLAG_VERIFY_CRL = 32;
    public static final int KEYUSAGE_DIGITALSIGNATURE = 1;
    public static final int KEYUSAGE_NONREPUDIATION = 2;
    public static final int KEYUSAGE_CONTENTCOMMITMENT = 2;
    public static final int KEYUSAGE_KEYENCIPHERMENT = 4;
    public static final int KEYUSAGE_DATAENCIPHERMENT = 8;
    public static final int KEYUSAGE_KEYAGREEMENT = 16;
    public static final int KEYUSAGE_KEYCERTSIGN = 32;
    public static final int KEYUSAGE_CRLSIGN = 64;
    public static final int KEYUSAGE_ENCIPHERONLY = 128;
    public static final int KEYUSAGE_DECIPHERONLY = 256;

    static {
        System.loadLibrary("NetcaJCrypto");
    }

    private static native long newCert(byte[] bArr, int i, int i2);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static native void freeCert(long j);

    private static native byte[] getDEREncode(long j);

    private static native byte[] getPEMEncode(long j);

    private static native long dupCert(long j);

    private static native byte[] getStringAttribute(long j, int i);

    private static native long getIntegerAttribute(long j, int i);

    private static native void setStringAttribute(long j, int i, byte[] bArr);

    private static native byte[] findExtension(long j, byte[] bArr);

    private static native boolean hasExtension(long j, byte[] bArr);

    private static native boolean isExtensionCrical(long j, byte[] bArr);

    private static native long getPublicKey(long j, int i);

    private static native long getDefaultCertificate(int i);

    private static native void setDefault(long j, int i) throws PkiException;

    private static native long getKeyPair(long j, int i, int i2, byte[] bArr);

    private native int verifyCert(int i, byte[] bArr);

    private static native long[] buildCertPath(long j);

    private native int verifyWithCrl(byte[] bArr, byte[] bArr2);

    private native int verifyWithOcsp(byte[] bArr, long j);

    private native void setKeypair(long j, long j2);

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate(long j) throws PkiException {
        this.hCert = 0L;
        if (j == 0) {
            throw new PkiException("Bad Cert Encode");
        }
        init(j);
    }

    public Certificate(byte[] bArr, int i, int i2) throws PkiException {
        this.hCert = 0L;
        long newCert = newCert(bArr, i, i2);
        if (newCert == 0) {
            throw new PkiException("Bad Cert Encode");
        }
        init(newCert);
    }

    public Certificate(byte[] bArr) throws PkiException {
        this(bArr, 0, bArr.length);
    }

    public Certificate(String str) throws PkiException {
        this.hCert = 0L;
        try {
            byte[] bytes = str.getBytes(HTTP.ASCII);
            long newCert = newCert(bytes, 0, bytes.length);
            if (newCert == 0) {
                throw new PkiException("Bad Cert Encode");
            }
            init(newCert);
        } catch (Exception e) {
            throw new PkiException("Bad Cert Encode");
        }
    }

    public Certificate(X509Certificate x509Certificate) throws PkiException {
        this.hCert = 0L;
        try {
            byte[] encoded = x509Certificate.getEncoded();
            long newCert = newCert(encoded, 0, encoded.length);
            if (newCert == 0) {
                throw new PkiException("Bad Cert Encode");
            }
            init(newCert);
        } catch (Exception e) {
            throw new PkiException("Bad Cert");
        }
    }

    private void init(long j) throws PkiException {
        try {
            this.version = (int) getIntegerAttribute(j, 2);
            this.der = getDEREncode(j);
            try {
                this.pem = new String(getPEMEncode(j), HTTP.ASCII);
                this.ku = (int) getIntegerAttribute(j, 6);
                this.hCert = j;
            } catch (Exception e) {
                throw new PkiException("PEM Encode Fail");
            }
        } catch (PkiException e2) {
            freeCert(j);
            throw e2;
        }
    }

    public void free() {
        if (this.hCert != 0) {
            freeCert(this.hCert);
            this.hCert = 0L;
        }
    }

    public Object clone() {
        long dupCert = dupCert(this.hCert);
        if (dupCert == 0) {
            return null;
        }
        try {
            return new Certificate(dupCert);
        } catch (Exception e) {
            freeCert(dupCert);
            return null;
        }
    }

    public byte[] derEncode() {
        return this.der;
    }

    public String pemEncode() {
        return this.pem;
    }

    public int getVersion() {
        return this.version;
    }

    public int getSignAlgorithm() throws PkiException {
        return (int) getIntegerAttribute(3);
    }

    public int getPublicKeyAlgorithm() throws PkiException {
        return (int) getIntegerAttribute(4);
    }

    public int getPublicKeyBits() throws PkiException {
        return (int) getIntegerAttribute(5);
    }

    public int getPublicKeyEccCurve() throws PkiException {
        return (int) getIntegerAttribute(43);
    }

    public int getKeyUsage() {
        return this.ku;
    }

    public boolean hasPrivateKey() {
        try {
            return getIntegerAttribute(7) != 0;
        } catch (PkiException e) {
            return false;
        }
    }

    public String getIssuer() throws PkiException {
        return getAttribute(8);
    }

    public String getSubject() throws PkiException {
        return getAttribute(15);
    }

    public long getIntegerAttribute(int i) throws PkiException {
        return getIntegerAttribute(this.hCert, i);
    }

    public String getAttribute(int i) throws PkiException {
        try {
            return new String(getStringAttribute(this.hCert, i), "UTF-8");
        } catch (Exception e) {
            throw new PkiException("获取的数据编码不对");
        }
    }

    public void setAttribute(int i, String str) throws PkiException {
        try {
            setStringAttribute(this.hCert, i, str.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new PkiException("UTF-8编码出错");
        }
    }

    public String[] getMultipleValueAttribute(int i) throws PkiException {
        return getMultipleValueAttribute(getStringAttribute(this.hCert, i));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] getMultipleValueAttribute(byte[] bArr) throws PkiException {
        int GetStringArrayCount = GetStringArrayCount(bArr);
        if (GetStringArrayCount == 0) {
            return new String[0];
        }
        int[] GetStringArrayLengthArray = GetStringArrayLengthArray(bArr, GetStringArrayCount);
        int i = 0;
        String[] strArr = new String[GetStringArrayCount];
        for (int i2 = 0; i2 < GetStringArrayCount; i2++) {
            if (GetStringArrayLengthArray[i2] == 0) {
                strArr[i2] = "";
            } else {
                byte[] bArr2 = new byte[GetStringArrayLengthArray[i2]];
                int i3 = 0;
                while (i3 < GetStringArrayLengthArray[i2]) {
                    bArr2[i3] = bArr[i];
                    i3++;
                    i++;
                }
                try {
                    strArr[i2] = new String(bArr2, "UTF-8");
                } catch (Exception e) {
                    throw new PkiException("获取的数据编码不对");
                }
            }
            i++;
        }
        return strArr;
    }

    private static int GetStringArrayCount(byte[] bArr) {
        byte b = 1;
        int i = 0;
        for (byte b2 : bArr) {
            if (b2 == 0) {
                if (b == 0) {
                    break;
                }
                i++;
            }
            b = b2;
        }
        return i;
    }

    private static int[] GetStringArrayLengthArray(byte[] bArr, int i) {
        byte b;
        int i2 = 0;
        int i3 = 0;
        int[] iArr = new int[i];
        for (int i4 = 0; i4 < i; i4++) {
            do {
                b = bArr[i2];
                i2++;
            } while (b != 0);
            iArr[i4] = (i2 - i3) - 1;
            i3 = i2;
        }
        return iArr;
    }

    public Date getValidityStart() throws PkiException {
        return Util.UTCTimeDecode(getStringAttribute(this.hCert, 30));
    }

    public Date getValidityEnd() throws PkiException {
        return Util.UTCTimeDecode(getStringAttribute(this.hCert, 31));
    }

    public byte[] getExtensionValue(String str) throws PkiException {
        try {
            return findExtension(this.hCert, str.getBytes(HTTP.ASCII));
        } catch (UnsupportedEncodingException e) {
            throw new PkiException("OID编码出错");
        }
    }

    public boolean hasExtension(String str) {
        try {
            return hasExtension(this.hCert, str.getBytes(HTTP.ASCII));
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isExtensionCrical(String str) throws PkiException {
        try {
            return isExtensionCrical(this.hCert, str.getBytes(HTTP.ASCII));
        } catch (UnsupportedEncodingException e) {
            throw new PkiException("OID编码出错");
        }
    }

    public boolean needPwd() {
        try {
            return getIntegerAttribute(27) != 0;
        } catch (Exception e) {
            return false;
        }
    }

    public PublicKey getPublicKey(int i) {
        long publicKey = getPublicKey(this.hCert, i);
        if (publicKey == 0) {
            return null;
        }
        try {
            return new PublicKey(publicKey);
        } catch (Exception e) {
            PublicKey.freePublicKey(publicKey);
            return null;
        }
    }

    public static Certificate getDefaultCertificate(boolean z, int i) {
        if (!z) {
            i |= 32768;
        }
        long defaultCertificate = getDefaultCertificate(i);
        if (defaultCertificate == 0) {
            return null;
        }
        try {
            return new Certificate(defaultCertificate);
        } catch (Exception e) {
            freeCert(defaultCertificate);
            return null;
        }
    }

    public void setDefaultCertificate(boolean z, int i) throws PkiException {
        if (!z) {
            i |= 32768;
        }
        setDefault(this.hCert, i);
    }

    public KeyPair getKeyPair(int i, int i2, String str) {
        byte[] bytes;
        if (str == null) {
            bytes = (byte[]) null;
        } else {
            try {
                bytes = str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                return null;
            }
        }
        long keyPair = getKeyPair(this.hCert, i, i2, bytes);
        if (keyPair == 0) {
            return null;
        }
        try {
            return new KeyPair(keyPair);
        } catch (Exception e2) {
            KeyPair.freeKeyPair(keyPair);
            return null;
        }
    }

    public int verify(int i, Date date) throws PkiException {
        int verifyCert = verifyCert(i, date == null ? (byte[]) null : GetTimeString(date));
        if (verifyCert == 0) {
            this.revtime = Util.UTCTimeDecode(this.revtimevalue);
        }
        return verifyCert;
    }

    public int verify(int i) throws PkiException {
        return verify(i, null);
    }

    public RevokeInfo getRevokeInfo() {
        return new RevokeInfo(this.revtime, this.reason);
    }

    public Certificate[] buildCertPath() throws PkiException {
        long[] buildCertPath = buildCertPath(this.hCert);
        if (buildCertPath == null) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[buildCertPath.length];
        for (int i = 0; i < buildCertPath.length; i++) {
            try {
                certificateArr[i] = new Certificate(buildCertPath[i]);
            } catch (Exception e) {
                for (int i2 = 0; i2 < buildCertPath.length; i2++) {
                    if (certificateArr[i2] != null) {
                        certificateArr[i2].free();
                    } else {
                        freeCert(buildCertPath[i2]);
                    }
                }
                return null;
            }
        }
        return certificateArr;
    }

    public int verifyWithCrl(byte[] bArr, Date date) throws PkiException {
        int verifyWithCrl = verifyWithCrl(bArr, date == null ? (byte[]) null : GetTimeString(date));
        if (verifyWithCrl == 0) {
            this.revtime = Util.UTCTimeDecode(this.revtimevalue);
        }
        return verifyWithCrl;
    }

    public int verifyWithCrl(byte[] bArr) throws PkiException {
        return verifyWithCrl(bArr, (Date) null);
    }

    public int verifyWithOcsp(String str, Certificate certificate) throws PkiException {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            int verifyWithOcsp = certificate == null ? verifyWithOcsp(bytes, 0L) : verifyWithOcsp(bytes, certificate.hCert);
            if (verifyWithOcsp == 0) {
                this.revtime = Util.UTCTimeDecode(this.revtimevalue);
            }
            return verifyWithOcsp;
        } catch (UnsupportedEncodingException e) {
            throw new PkiException("UTF-8编码出错");
        }
    }

    public X509Certificate toX509Certificate() {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.der));
        } catch (Exception e) {
            return null;
        }
    }

    private byte[] GetTimeString(Date date) {
        byte[] bArr = new byte[15];
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeZone(TimeZone.getTimeZone("UTC"));
        calendar.setTime(date);
        Fill(calendar.get(1), 4, bArr, 0);
        Fill(calendar.get(2), 2, bArr, 4);
        Fill(calendar.get(5), 2, bArr, 6);
        Fill(calendar.get(11), 2, bArr, 8);
        Fill(calendar.get(12), 2, bArr, 10);
        Fill(calendar.get(13), 2, bArr, 12);
        bArr[14] = 90;
        return bArr;
    }

    private void Fill(int i, int i2, byte[] bArr, int i3) {
        String valueOf = String.valueOf(i);
        int length = i2 - valueOf.length();
        for (int i4 = 0; i4 < length; i4++) {
            bArr[i4 + i3] = 48;
        }
        char[] charArray = valueOf.toCharArray();
        for (int i5 = 0; i5 < charArray.length; i5++) {
            bArr[i5 + i3 + length] = (byte) charArray[i5];
        }
    }

    private String GetDNItem(int i) {
        try {
            String[] multipleValueAttribute = getMultipleValueAttribute(i);
            if (multipleValueAttribute.length > 0) {
                return multipleValueAttribute[0];
            }
            return null;
        } catch (PkiException e) {
            return null;
        }
    }

    public String getIssuerC() {
        return GetDNItem(10);
    }

    public String getIssuerST() {
        return GetDNItem(37);
    }

    public String getIssuerL() {
        return GetDNItem(38);
    }

    public String getIssuerO() {
        return GetDNItem(11);
    }

    public String getIssuerOU() {
        return GetDNItem(12);
    }

    public String getIssuerCN() {
        return GetDNItem(13);
    }

    public String getIssuerEmail() {
        return GetDNItem(14);
    }

    public String getSubjectC() {
        return GetDNItem(17);
    }

    public String getSubjectST() {
        return GetDNItem(39);
    }

    public String getSubjectL() {
        return GetDNItem(40);
    }

    public String getSubjectO() {
        return GetDNItem(18);
    }

    public String getSubjectOU() {
        return GetDNItem(19);
    }

    public String getSubjectCN() {
        return GetDNItem(20);
    }

    public String getSubjectEmail() {
        return GetDNItem(21);
    }

    public String getSerialNumber() throws PkiException {
        return getAttribute(33);
    }

    public boolean isInValidity() {
        try {
            return getIntegerAttribute(34) != 0;
        } catch (Exception e) {
            return false;
        }
    }

    public byte[] computeThumbprint(int i) throws PkiException {
        Hash hash = null;
        try {
            hash = new Hash(i);
            hash.update(this.der);
            byte[] doFinal = hash.doFinal();
            if (hash != null) {
                hash.free();
            }
            return doFinal;
        } catch (Throwable th) {
            if (hash != null) {
                hash.free();
            }
            throw th;
        }
    }

    public void setKeyPair(KeyPair keyPair) throws PkiException {
        if (keyPair == null) {
            throw new PkiException("KeyPair is null");
        }
        setKeypair(this.hCert, keyPair.hKeyPair);
    }
}
