package by.avest.crypto.conscrypt.x509.x509at;

import by.avest.crypto.conscrypt.NativeCrypto;
import by.avest.crypto.conscrypt.OpenSSLBIOInputStream;
import by.avest.crypto.conscrypt.OpenSSLKey;
import by.avest.crypto.conscrypt.OpenSSLKeyHolder;
import by.avest.crypto.conscrypt.OpenSSLX509CertificateFactory;
import by.avest.crypto.conscrypt.Platform;
import by.avest.crypto.conscrypt.ref.OpenSSLContext;
import by.avest.crypto.conscrypt.ref.OpenSSLNativeResourceFinalizer;
import by.avest.crypto.conscrypt.ref.OpenSSLNativeResourceReaper;
import by.avest.crypto.conscrypt.x500.AvX500Principal;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class X509AttributeCertificate implements OpenSSLContext, AutoCloseable {
    private MyResourceFinalizer fin;
    private transient long mContext;
    private transient Integer mHashCode;

    /* loaded from: classes.dex */
    private static class MyResourceFinalizer extends OpenSSLNativeResourceFinalizer {
        public MyResourceFinalizer(X509AttributeCertificate x509AttributeCertificate) {
            super(x509AttributeCertificate);
        }

        @Override // by.avest.crypto.conscrypt.ref.OpenSSLNativeResourceFinalizer
        public void resourceFree(long j) throws Throwable {
            X509AttributeCertificate.free(j);
        }
    }

    public X509AttributeCertificate(long j) {
        this(j, true);
    }

    public X509AttributeCertificate(long j, boolean z) {
        OpenSSLNativeResourceReaper.reap();
        this.mContext = j;
        if (z) {
            this.fin = new MyResourceFinalizer(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void free(long j) {
        if (j != 0) {
            NativeCrypto.X509AT_free(j);
        }
    }

    public static X509AttributeCertificate fromX509DerInputStream(InputStream inputStream) throws OpenSSLX509CertificateFactory.ParsingException {
        OpenSSLBIOInputStream openSSLBIOInputStream = new OpenSSLBIOInputStream(inputStream, true);
        try {
            try {
                long d2i_X509AT_bio = NativeCrypto.d2i_X509AT_bio(openSSLBIOInputStream.getBioContext());
                if (d2i_X509AT_bio != 0) {
                    return new X509AttributeCertificate(d2i_X509AT_bio);
                }
                openSSLBIOInputStream.release();
                return null;
            } catch (Exception e) {
                throw new OpenSSLX509CertificateFactory.ParsingException(e);
            }
        } finally {
            openSSLBIOInputStream.release();
        }
    }

    public static X509AttributeCertificate fromX509PemInputStream(InputStream inputStream) throws OpenSSLX509CertificateFactory.ParsingException {
        OpenSSLBIOInputStream openSSLBIOInputStream = new OpenSSLBIOInputStream(inputStream, true);
        try {
            try {
                long PEM_read_bio_X509AT = NativeCrypto.PEM_read_bio_X509AT(openSSLBIOInputStream.getBioContext());
                if (PEM_read_bio_X509AT != 0) {
                    return new X509AttributeCertificate(PEM_read_bio_X509AT);
                }
                openSSLBIOInputStream.release();
                return null;
            } catch (Exception e) {
                throw new OpenSSLX509CertificateFactory.ParsingException(e);
            }
        } finally {
            openSSLBIOInputStream.release();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] getFirstAttributeValue_int(String str) throws CertificateException {
        int i;
        byte[] attributeDER = getAttributeDER(str);
        if (attributeDER == 0) {
            return null;
        }
        int i2 = 0;
        boolean z = false;
        boolean z2 = false;
        int i3 = 48;
        while (true) {
            int i4 = i2 + 1;
            if (attributeDER.length <= i4) {
                throw new CertificateException("Error parse der encoded Attribute");
            }
            if (attributeDER[i2] != i3) {
                throw new CertificateException("Error parse der encoded Attribute: expectd " + i3 + " recieved " + attributeDER[i2]);
            }
            int i5 = attributeDER[i4];
            if ((i5 & 128) == 0) {
                i = i4 + 1;
            } else {
                int i6 = i5 ^ 128;
                i = i4 + 1;
                int i7 = 0;
                int i8 = 0;
                while (i8 < i6) {
                    if (attributeDER.length <= i) {
                        throw new CertificateException("Error parse der encoded Attribute");
                    }
                    i7 = (i7 * 256) + attributeDER[i];
                    i8++;
                    i++;
                }
                i5 = i7;
            }
            int i9 = i + i5;
            if (i9 > attributeDER.length) {
                throw new CertificateException("Error parse der encoded Attribute");
            }
            if (z) {
                byte[] bArr = new byte[i5];
                System.arraycopy(attributeDER, i, bArr, 0, i5);
                return bArr;
            }
            if (!z2) {
                i9 = i;
            }
            if (i3 == 48) {
                z2 = true;
                i3 = 6;
            } else if (i3 == 6) {
                i3 = 49;
                z = true;
            }
            if (i5 == 0) {
                return null;
            }
            i2 = i9;
        }
    }

    private void verifyInternal(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = str == null ? Signature.getInstance(getSigAlgName()) : Signature.getInstance(getSigAlgName(), str);
        signature.initVerify(publicKey);
        signature.update(getTBSCertificate());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("signature did not verify");
        }
    }

    private void verifyOpenSSL(OpenSSLKey openSSLKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        try {
            NativeCrypto.X509AT_verify(this.mContext, openSSLKey.getNativeRef());
            openSSLKey.getNativeRef().dummyTouch();
            dummyTouch();
        } catch (RuntimeException e) {
            throw new CertificateException(e);
        }
    }

    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (getNotBefore().compareTo(date) > 0) {
            throw new CertificateNotYetValidException("Attribute Certificate not valid until " + getNotBefore().toString() + " (compared to " + date.toString() + ")");
        }
        if (getNotAfter().compareTo(date) >= 0) {
            return;
        }
        throw new CertificateExpiredException("Attribute Certificate expired at " + getNotAfter().toString() + " (compared to " + date.toString() + ")");
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        free(this.mContext);
        this.mContext = 0L;
        MyResourceFinalizer myResourceFinalizer = this.fin;
        if (myResourceFinalizer != null) {
            myResourceFinalizer.clearFinalizer();
        }
    }

    public void dummyTouch() {
        this.mContext = NativeCrypto.DUMMY_touch(this.mContext);
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof X509AttributeCertificate)) {
            return super.equals(obj);
        }
        boolean z = NativeCrypto.X509AT_cmp(this.mContext, ((X509AttributeCertificate) obj).mContext) == 0;
        dummyTouch();
        return z;
    }

    public byte[] getAttributeDER(String str) {
        return NativeCrypto.X509AT_get_attr_oid(this.mContext, str);
    }

    @Override // by.avest.crypto.conscrypt.ref.OpenSSLContext
    public long getContext() {
        return this.mContext;
    }

    public byte[] getEncoded() throws CertificateEncodingException {
        return NativeCrypto.i2d_X509AT(this.mContext);
    }

    public byte[] getExtensionValue(String str) {
        byte[] X509AT_get_ext_oid = NativeCrypto.X509AT_get_ext_oid(this.mContext, str);
        dummyTouch();
        return X509AT_get_ext_oid;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public String getFirstAttributeValueAsString(String str) throws CertificateException, UnsupportedEncodingException {
        byte[] firstAttributeValue_int = getFirstAttributeValue_int(str);
        if (firstAttributeValue_int == 0) {
            return null;
        }
        int i = 2;
        if (firstAttributeValue_int.length < 2) {
            return null;
        }
        if (firstAttributeValue_int[0] != 30) {
            throw new CertificateException("Only BMPString supported");
        }
        int i2 = firstAttributeValue_int[1];
        if ((i2 & 128) != 0) {
            int i3 = i2 ^ 128;
            int i4 = 0;
            int i5 = 2;
            int i6 = 0;
            while (i4 < i3) {
                if (firstAttributeValue_int.length <= i5) {
                    throw new CertificateException("Error parse der encoded Attribute");
                }
                i6 = (i6 * 256) + firstAttributeValue_int[i5];
                i4++;
                i5++;
            }
            i2 = i6;
            i = i5;
        }
        if (i + i2 > firstAttributeValue_int.length) {
            throw new CertificateException("Error parse der encoded Attribute");
        }
        byte[] bArr = new byte[i2];
        System.arraycopy(firstAttributeValue_int, i, bArr, 0, i2);
        return new String(bArr, "UTF-16");
    }

    public Principal getIssuerDN() {
        byte[] X509AT_get_issuer_name = NativeCrypto.X509AT_get_issuer_name(this.mContext);
        dummyTouch();
        if (X509AT_get_issuer_name == null) {
            return null;
        }
        return new X500Principal(X509AT_get_issuer_name);
    }

    public X500Principal getIssuerX500Principal() {
        byte[] X509AT_get_issuer_name = NativeCrypto.X509AT_get_issuer_name(this.mContext);
        dummyTouch();
        if (X509AT_get_issuer_name == null) {
            return null;
        }
        return new X500Principal(new AvX500Principal(X509AT_get_issuer_name).getReversedName());
    }

    public Date getNotAfter() {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.set(14, 0);
        NativeCrypto.ASN1_GENERALIZEDTIME_to_Calendar(NativeCrypto.X509AT_get_notAfter(this.mContext), calendar);
        dummyTouch();
        return calendar.getTime();
    }

    public Date getNotBefore() {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.set(14, 0);
        NativeCrypto.ASN1_GENERALIZEDTIME_to_Calendar(NativeCrypto.X509AT_get_notBefore(this.mContext), calendar);
        dummyTouch();
        return calendar.getTime();
    }

    public BigInteger getSerialNumber() {
        byte[] X509AT_get_serialNumber = NativeCrypto.X509AT_get_serialNumber(this.mContext);
        dummyTouch();
        return new BigInteger(X509AT_get_serialNumber);
    }

    public String getSigAlgName() {
        String sigAlgOID = getSigAlgOID();
        String oidToAlgorithmName = Platform.oidToAlgorithmName(sigAlgOID);
        return oidToAlgorithmName != null ? oidToAlgorithmName : sigAlgOID;
    }

    public String getSigAlgOID() {
        String str = NativeCrypto.get_X509_sig_alg_oid(this.mContext);
        dummyTouch();
        return str;
    }

    public byte[] getSignature() {
        byte[] bArr = NativeCrypto.get_X509AT_signature(this.mContext);
        dummyTouch();
        return bArr;
    }

    public byte[] getTBSCertificate() throws CertificateEncodingException {
        byte[] bArr = NativeCrypto.get_X509AT_cert_info_enc(this.mContext);
        dummyTouch();
        return bArr;
    }

    public int hashCode() {
        Integer num = this.mHashCode;
        if (num != null) {
            return num.intValue();
        }
        Integer valueOf = Integer.valueOf(super.hashCode());
        this.mHashCode = valueOf;
        return valueOf.intValue();
    }

    public String toString() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        long create_BIO_OutputStream = NativeCrypto.create_BIO_OutputStream(byteArrayOutputStream);
        try {
            NativeCrypto.X509AT_print_ex(create_BIO_OutputStream, this.mContext, 0L, 0L);
            dummyTouch();
            return byteArrayOutputStream.toString();
        } finally {
            NativeCrypto.BIO_free_all(create_BIO_OutputStream);
        }
    }

    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (publicKey instanceof OpenSSLKeyHolder) {
            verifyOpenSSL(((OpenSSLKeyHolder) publicKey).getOpenSSLKey());
        } else {
            verifyInternal(publicKey, null);
        }
    }
}
