package cn.unitid.easypki.util;

import a.a.h.a.b.a.d2;
import a.a.h.a.b.a.f1;
import a.a.h.a.b.a.i1;
import a.a.h.a.b.a.j3.u;
import a.a.h.a.b.a.k3.g;
import a.a.h.a.b.a.m;
import a.a.h.a.b.a.o1;
import a.a.h.a.b.a.r;
import a.a.h.a.b.a.v;
import a.a.h.a.b.a.w;
import a.a.h.a.b.a.z1;
import a.a.h.a.b.d.t.n;
import a.a.h.a.b.e.b.a.a.b;
import a.a.h.a.b.g.a.i;
import cn.unitid.easypki.provider.asymmetric.sm2.SM2BCPublicKey;
import cn.unitid.easypki.provider.identifier.EPAlgorithmIdentifier;
import cn.unitid.easypki.security.EPMessageDigest;
import cn.unitid.easypki.security.RSASignature;
import cn.unitid.easypki.security.SM2Signature;
import cn.unitid.easypki.security.ec.ECDomainParametersHelper;
import cn.unitid.mcm.sdk.business.Algorithm;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class CertificateUtil {
    private static u buildSM2SubjectPublicKeyInfo(i iVar) {
        return new u(EPAlgorithmIdentifier.SM2_PUBLIC_KEY_ALGORITHM, ((r) new g(ECDomainParametersHelper.getECCurve().a(iVar.l().l(), iVar.m().l()), false).toASN1Primitive()).getOctets());
    }

    public static byte[] getAuthorityKeyIdentifier(String str) throws IOException, CertificateException {
        return getAuthorityKeyIdentifier(CertificateConverter.fromBase64(str));
    }

    public static byte[] getAuthorityKeyIdentifier(X509Certificate x509Certificate) throws IOException {
        return getSubjectOrAuthorityKeyIdentifier(x509Certificate, "2.5.29.35");
    }

    public static byte[] getFingerprint(String str, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("x509Certificate must not be null.");
        }
        EPMessageDigest ePMessageDigest = EPMessageDigest.getInstance(str);
        ePMessageDigest.update(x509Certificate.getEncoded());
        return ePMessageDigest.digest();
    }

    public static String getIdentityCode(X509Certificate x509Certificate, String str) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            throw new NullPointerException("未查询到证书扩展：" + str);
        }
        try {
            f1 f1Var = (f1) ((z1) v.a(extensionValue)).c(1);
            if ("1.2.156.10260.4.1.3".equals(str)) {
                return ((i1) v.a(f1Var.getOctets())).e();
            }
            if ("1.2.156.10260.4.1.1".equals(str)) {
                return ((i1) ((d2) v.a(f1Var.getOctets())).l()).e();
            }
            throw new Exception("不支持的身份标识OID：" + str);
        } catch (Exception e2) {
            throw new IOException("解析OID：" + str + "异常，错误：" + e2.getMessage(), e2);
        }
    }

    public static byte[] getKeyIdentifier(u uVar) throws IOException {
        try {
            return new f1(sha1Digest(uVar.i().l())).getOctets();
        } catch (Exception e2) {
            throw new IOException("failed to get subject key identifier", e2);
        }
    }

    public static byte[] getKeyIdentifier(PublicKey publicKey) throws IOException {
        try {
            return new f1(sha1Digest(getSubjectPublicKeyInfo(publicKey).i().l())).getOctets();
        } catch (Exception e2) {
            throw new IOException("failed to get subject key identifier", e2);
        }
    }

    public static byte[] getSubjectKeyIdentifier(String str) throws IOException, CertificateException {
        return getSubjectKeyIdentifier(CertificateConverter.fromBase64(str));
    }

    public static byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) throws IOException {
        try {
            return getSubjectOrAuthorityKeyIdentifier(x509Certificate, "2.5.29.14");
        } catch (Exception unused) {
            return getKeyIdentifier(x509Certificate.getPublicKey());
        }
    }

    public static byte[] getSubjectOrAuthorityKeyIdentifier(X509Certificate x509Certificate, String str) throws IOException {
        f1 f1Var;
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        int length = extensionValue.length;
        if (length == 24) {
            f1Var = (f1) v.a(((r) v.a(extensionValue)).getOctets());
        } else if (length == 26) {
            f1Var = (f1) ((o1) ((z1) v.a(((r) v.a(extensionValue)).getOctets())).c(0)).l();
        } else if (length == 31) {
            f1Var = (f1) v.a(((f1) ((z1) v.a(extensionValue)).c(1)).getOctets());
        } else if (length != 33) {
            try {
                f1Var = (f1) ((o1) ((z1) v.a(extensionValue)).c(0)).l();
            } catch (ClassCastException unused) {
                f1Var = (f1) ((o1) ((z1) v.a(((r) v.a(extensionValue)).getOctets())).c(0)).l();
            }
        } else {
            f1Var = (f1) ((o1) ((z1) v.a(((f1) ((z1) v.a(extensionValue)).c(1)).getOctets())).c(0)).l();
        }
        return f1Var.getOctets();
    }

    public static u getSubjectPublicKeyInfo(PublicKey publicKey) throws InvalidKeyException {
        i q;
        try {
            if (!Algorithm.SM2.equals(publicKey.getAlgorithm()) && !EPAlgorithmIdentifier.SM2_ALGORITHM_OID.equals(publicKey.getAlgorithm())) {
                return u.getInstance((w) new m(publicKey.getEncoded()).readObject());
            }
            if (publicKey instanceof SM2BCPublicKey) {
                q = ((SM2BCPublicKey) publicKey).getQ();
            } else {
                if (!(publicKey instanceof b)) {
                    throw new InvalidKeyException("unsupported sm2 public key: " + publicKey.getClass().getName());
                }
                q = ((b) publicKey).getQ();
            }
            return buildSM2SubjectPublicKeyInfo(q);
        } catch (Exception e2) {
            throw new InvalidKeyException("fail to get subject public key info,cause:" + e2.getMessage());
        }
    }

    private static byte[] sha1Digest(byte[] bArr) {
        n nVar = new n();
        byte[] bArr2 = new byte[nVar.getDigestSize()];
        nVar.update(bArr, 0, bArr.length);
        nVar.doFinal(bArr2, 0);
        return bArr2;
    }

    public static boolean validateCertificateChain(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (x509Certificate == null) {
            throw new NullPointerException("entityCertificate is null");
        }
        if (x509Certificate2 == null) {
            throw new NullPointerException("issuerCertificate is null");
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if ("1.2.156.10197.1.501".equals(sigAlgOID)) {
            try {
                SM2Signature sM2Signature = new SM2Signature();
                sM2Signature.initVerify(x509Certificate2);
                sM2Signature.update(x509Certificate.getTBSCertificate());
                return sM2Signature.verify(x509Certificate.getSignature());
            } catch (Exception e2) {
                throw new CertificateException("验证证书链失败，错误原因:" + e2.getMessage());
            }
        }
        if (!EPAlgorithmIdentifier.SHA1_WITH_RSA_ENCRYPTION_ALGORITHM_OID.equals(sigAlgOID) && !EPAlgorithmIdentifier.SHA256_WITH_RSA_ENCRYPTION_ALGORITHM_OID.equals(sigAlgOID)) {
            throw new CertificateException("证书签名算法不支持:" + x509Certificate.getSigAlgOID());
        }
        try {
            RSASignature rSASignature = new RSASignature(x509Certificate.getSigAlgName());
            rSASignature.initVerify(x509Certificate2);
            rSASignature.update(x509Certificate.getTBSCertificate());
            return rSASignature.verify(x509Certificate.getSignature());
        } catch (Exception e3) {
            throw new CertificateException("验证证书链失败，错误原因:" + e3.getMessage());
        }
    }
}
