package cn.eseals.certificate;

import cn.eseals.bbf.data.Base64;
import cn.eseals.certificate.CertExtensions;
import cn.eseals.certificate.extensions.AuthorityKeyIdentifier;
import cn.eseals.certificate.extensions.BasicConstraints;
import cn.eseals.certificate.extensions.ExtendedKeyUsage;
import cn.eseals.certificate.extensions.KeyUsage;
import cn.eseals.certificate.extensions.SubjectKeyIdentifier;
import cn.eseals.crypto.ICertificateStore;
import cn.eseals.crypto.ICryptoProvider;
import cn.eseals.crypto.IPrivateKey;
import cn.eseals.crypto.ISignature;
import cn.eseals.data.BitArray;
import cn.eseals.data.DerInputStream;
import cn.eseals.data.DerOutputStream;
import cn.eseals.data.DerValue;
import cn.eseals.data.ObjectIdentifier;
import cn.eseals.data.ex.DerEncoding;
import cn.eseals.data.ex.DerMember;
import cn.eseals.data.ex.DerObject;
import cn.eseals.security.spec.CommonAlgorithmId;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

@DerObject
/* loaded from: input_file:cn/eseals/certificate/CommonCertificate.class */
public final class CommonCertificate extends X509Certificate {
    private static final long serialVersionUID = 3088460711558689627L;
    public static final int V1 = 0;
    public static final int V2 = 1;
    public static final int V3 = 2;
    public static final long YR_2050 = 2524636800000L;
    private CommonAlgorithmId alg;
    private byte[] encoded;
    private CertificateExtensions extensions;
    private X509Principal issuer;
    private BitArray issuerUniqueID;
    private Date notAfter;
    private Date notBefore;
    private CommonPublicKey pubKey;
    private byte[] rawInfo;
    private BigInteger serial;
    private byte[] sigAlgParams;
    private byte[] signature;
    private X509Principal subject;
    private BitArray subjectUniqueID;
    private int version;

    @Deprecated
    public static CommonCertificate createCertificate(ICertificateStore iCertificateStore, CommonPublicKey commonPublicKey, int i, String str, byte[] bArr, int i2) throws Exception {
        return createCertificate(iCertificateStore, commonPublicKey, i, str, bArr, i2, (CertExtensions.Extension[]) null);
    }

    public static CommonCertificate createCertificate(ICertificateStore iCertificateStore, CertificateInfo certificateInfo) throws Exception {
        String str;
        String algorithm = certificateInfo.getPublicKey().getAlgorithm();
        if (!algorithm.equals(iCertificateStore.getKey(0).getAlgorithm())) {
            throw new Exception("根证书（" + iCertificateStore.getKey(0).getAlgorithm() + "）和请求的证书（" + algorithm + "）算法不一致。");
        }
        if (algorithm.equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            str = "SM3withSM2";
        } else {
            if (!algorithm.equals("RSA")) {
                throw new Exception("不支持的算法：" + algorithm);
            }
            str = CommonAlgorithmId.ALGORITHM_SHA1WITHRSA;
        }
        CommonCertificate commonCertificate = new CommonCertificate(iCertificateStore.getCertificate(0));
        byte[] subjectKeyIdentifier = commonCertificate.getSubjectKeyIdentifier();
        if (subjectKeyIdentifier != null) {
            certificateInfo.addCertificateExtension(new AuthorityKeyIdentifier.AuthorityKeyIdentifierExtension(new AuthorityKeyIdentifier(subjectKeyIdentifier)));
        }
        CommonCertificate commonCertificate2 = new CommonCertificate();
        commonCertificate2.version = 2;
        commonCertificate2.serial = certificateInfo.getSerial();
        commonCertificate2.pubKey = certificateInfo.getPublicKey();
        commonCertificate2.subject = certificateInfo.getSubject();
        commonCertificate2.issuer = commonCertificate.issuer;
        commonCertificate2.alg = new CommonAlgorithmId(str);
        commonCertificate2.notAfter = certificateInfo.getNotAfter();
        commonCertificate2.notBefore = certificateInfo.getNotBefore();
        commonCertificate2.extensions = new CertificateExtensions(certificateInfo.getExtensions());
        ISignature createSigner = iCertificateStore.getProvider().createSigner(str);
        createSigner.initSign(iCertificateStore.getKey(0));
        createSigner.update(commonCertificate2.getRawInfo());
        commonCertificate2.signature = createSigner.sign();
        return commonCertificate2;
    }

    @Deprecated
    public static CommonCertificate createCertificate(ICertificateStore iCertificateStore, CommonPublicKey commonPublicKey, int i, String str, byte[] bArr, int i2, CertExtensions.Extension[] extensionArr) throws Exception {
        CertificateInfo certificateInfo = new CertificateInfo();
        certificateInfo.setPublicKey(commonPublicKey);
        certificateInfo.setValidYears(i2);
        certificateInfo.setSerial(bArr);
        certificateInfo.setSubject(str);
        certificateInfo.addCertificateExtension(new KeyUsage((byte) i));
        certificateInfo.addCertificateExtension(new ExtendedKeyUsage(ExtendedKeyUsage.EXT_USAGE_CLIENT_AUTH, ExtendedKeyUsage.EXT_USAGE_EMAIL_PROTECTION));
        if (extensionArr != null) {
            for (CertExtensions.Extension extension : extensionArr) {
                certificateInfo.addCertificateExtension(new Extension(extension));
            }
        }
        return createCertificate(iCertificateStore, certificateInfo);
    }

    @Deprecated
    public static ICertificateStore createCertificate(ICertificateStore iCertificateStore, int i, String str, byte[] bArr, int i2) throws Exception {
        return createCertificate(iCertificateStore, i, str, bArr, i2, (CertExtensions.Extension[]) null);
    }

    @Deprecated
    public static ICertificateStore createCertificate(ICertificateStore iCertificateStore, int i, String str, byte[] bArr, int i2, CertExtensions.Extension[] extensionArr) throws Exception {
        String algorithm = iCertificateStore.getKey(0).getAlgorithm();
        ICertificateStore openStore = iCertificateStore.getProvider().openStore("temp");
        IPrivateKey newKey = openStore.newKey(algorithm);
        openStore.setCertificate(newKey, createCertificate(iCertificateStore, new CommonPublicKey(new DerValue(newKey.getPublicKey())), i, str, bArr, i2, extensionArr).getEncoded());
        return openStore;
    }

    public static ICertificateStore createStore(ICertificateStore iCertificateStore, CertificateInfo certificateInfo) throws Exception {
        String algorithm = iCertificateStore.getKey(0).getAlgorithm();
        ICertificateStore openStore = iCertificateStore.getProvider().openStore("temp");
        IPrivateKey newKey = openStore.newKey(algorithm);
        certificateInfo.setPublicKey(newKey.getPublicKey());
        openStore.setCertificate(newKey, createCertificate(iCertificateStore, certificateInfo).getEncoded());
        return openStore;
    }

    @Deprecated
    public static ICertificateStore createCertificate(ICertificateStore iCertificateStore, String str, int i, String str2, byte[] bArr, int i2) throws Exception {
        ICertificateStore openStore = iCertificateStore.getProvider().openStore("temp");
        IPrivateKey newKey = openStore.newKey(str);
        openStore.setCertificate(newKey, createCertificate(iCertificateStore, new CommonPublicKey(new DerValue(newKey.getPublicKey())), i, str2, bArr, i2).getEncoded());
        return openStore;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Deprecated
    public static <T> T createCertificate(ICertificateStore iCertificateStore, CertReqPKCS10 certReqPKCS10, byte[] bArr, int i, CertExtensions.Extension[] extensionArr, Class<T> cls) throws Exception {
        byte b = 240;
        HashMap hashMap = new HashMap();
        PKCS10Attribute attribute = certReqPKCS10.getAttributes().getAttribute(ObjectIdentifier.getIndentifier("CertificateExtensions").toString());
        if (attribute != null) {
            DerValue derValue = new DerValue(attribute.getAttributeValue());
            if (derValue.tag != 49) {
                throw new Exception("invalid request extensions.");
            }
            Iterator<CertExtensions.Extension> it = new CertExtensions(derValue.data).iterator();
            while (it.hasNext()) {
                CertExtensions.Extension next = it.next();
                if (next.oid.equals("2.5.29.15")) {
                    b = ((byte[]) DerEncoding.decode(next.value, byte[].class))[0];
                } else {
                    hashMap.put(next.oid, next);
                }
            }
        }
        if (extensionArr != null) {
            for (CertExtensions.Extension extension : extensionArr) {
                hashMap.put(extension.oid, extension);
            }
        }
        T t = (T) createCertificate(iCertificateStore, certReqPKCS10.getPublicKey(), b, certReqPKCS10.getSubjectName().toString(), bArr, i, (CertExtensions.Extension[]) hashMap.values().toArray(new CertExtensions.Extension[0]));
        if (cls.equals(CommonCertificate.class) || cls.equals(X509Certificate.class)) {
            return t;
        }
        if (cls.equals(PKCS7Certificate.class)) {
            return (T) new PKCS7Certificate(t, new CommonCertificate(iCertificateStore.getCertificate(0)));
        }
        throw new Exception("不支持的返回类型：" + cls);
    }

    @Deprecated
    public static CommonCertificate createCertificate(ICryptoProvider iCryptoProvider, CertReqPKCS10 certReqPKCS10, Principal principal, BigInteger bigInteger, Date date, Date date2, IPrivateKey iPrivateKey) throws Exception {
        String str;
        String algorithm = certReqPKCS10.getPublicKey().getAlgorithm();
        if (algorithm.equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            str = "SM3withSM2";
        } else {
            if (!algorithm.equals("RSA")) {
                throw new Exception("不支持的算法：" + algorithm);
            }
            str = CommonAlgorithmId.ALGORITHM_SHA1WITHRSA;
        }
        CommonCertificate commonCertificate = new CommonCertificate();
        commonCertificate.version = 2;
        commonCertificate.serial = bigInteger;
        commonCertificate.pubKey = certReqPKCS10.getPublicKey();
        commonCertificate.subject = certReqPKCS10.getSubjectName();
        commonCertificate.issuer = (X509Principal) principal;
        commonCertificate.alg = new CommonAlgorithmId(str);
        commonCertificate.notBefore = date;
        commonCertificate.notAfter = date2;
        PKCS10Attribute attribute = certReqPKCS10.getAttributes().getAttribute(ObjectIdentifier.getIndentifier("CertificateExtensions").toString());
        if (attribute != null) {
            commonCertificate.extensions = new CertificateExtensions(new DerInputStream(attribute.getAttributeValue()));
        } else {
            commonCertificate.extensions = new CertificateExtensions();
        }
        ISignature createSigner = iCryptoProvider.createSigner(str);
        createSigner.initSign(iPrivateKey);
        createSigner.update(commonCertificate.getRawInfo());
        commonCertificate.signature = createSigner.sign();
        return commonCertificate;
    }

    @Deprecated
    public static ICertificateStore createRoot(ICryptoProvider iCryptoProvider, String str, String str2, byte[] bArr, int i) throws Exception {
        return createRoot(iCryptoProvider, str, str2, bArr, i, null);
    }

    public static ICertificateStore createRoot(ICryptoProvider iCryptoProvider, String str, CertificateInfo certificateInfo) throws Exception {
        String str2;
        if (str.equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            str2 = "SM3withSM2";
        } else {
            if (!str.equals("RSA")) {
                throw new Exception("不支持的算法：" + str);
            }
            str2 = CommonAlgorithmId.ALGORITHM_SHA1WITHRSA;
        }
        ICertificateStore openStore = iCryptoProvider.openStore("temp");
        IPrivateKey newKey = openStore.newKey(str);
        byte[] publicKey = newKey.getPublicKey();
        CommonCertificate commonCertificate = new CommonCertificate();
        commonCertificate.version = 2;
        commonCertificate.serial = certificateInfo.getSerial();
        commonCertificate.pubKey = new CommonPublicKey(new DerValue(publicKey));
        commonCertificate.subject = certificateInfo.getSubject();
        commonCertificate.issuer = commonCertificate.subject;
        commonCertificate.alg = new CommonAlgorithmId(str2);
        commonCertificate.notBefore = certificateInfo.getNotBefore();
        commonCertificate.notAfter = certificateInfo.getNotAfter();
        if (certificateInfo.getExtension("2.5.29.19") == null) {
            certificateInfo.addCertificateExtension(new BasicConstraints.BasicConstraintsExtension(4));
        }
        if (certificateInfo.getExtension("2.5.29.15") == null) {
            certificateInfo.addCertificateExtension(new KeyUsage((byte) 15));
        }
        certificateInfo.addCertificateExtension(SubjectKeyIdentifier.create(commonCertificate.pubKey.getKeyIdentifier()));
        commonCertificate.extensions = new CertificateExtensions(certificateInfo.getExtensions());
        ISignature createSigner = iCryptoProvider.createSigner(str2);
        createSigner.initSign(newKey);
        createSigner.update(commonCertificate.getRawInfo());
        commonCertificate.signature = createSigner.sign();
        openStore.setCertificate(newKey, commonCertificate.getEncoded());
        return openStore;
    }

    @Deprecated
    public static ICertificateStore createRoot(ICryptoProvider iCryptoProvider, String str, String str2, byte[] bArr, int i, CertExtensions.Extension[] extensionArr) throws Exception {
        String str3;
        if (str.equals(CommonAlgorithmId.ALGORITHM_SM2)) {
            str3 = "SM3withSM2";
        } else {
            if (!str.equals("RSA")) {
                throw new Exception("不支持的算法：" + str);
            }
            str3 = CommonAlgorithmId.ALGORITHM_SHA1WITHRSA;
        }
        ICertificateStore openStore = iCryptoProvider.openStore("temp");
        IPrivateKey newKey = openStore.newKey(str);
        byte[] publicKey = newKey.getPublicKey();
        CommonCertificate commonCertificate = new CommonCertificate();
        commonCertificate.version = 2;
        commonCertificate.serial = new BigInteger(bArr);
        commonCertificate.pubKey = new CommonPublicKey(new DerValue(publicKey));
        commonCertificate.subject = new X509Principal(str2);
        commonCertificate.issuer = commonCertificate.subject;
        commonCertificate.alg = new CommonAlgorithmId(str3);
        Calendar calendar = Calendar.getInstance();
        commonCertificate.notBefore = calendar.getTime();
        calendar.add(1, i);
        commonCertificate.notAfter = calendar.getTime();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicConstraints.BasicConstraintsExtension(4));
        arrayList.add(new KeyUsage((byte) 15));
        arrayList.add(SubjectKeyIdentifier.create(commonCertificate.pubKey.getKeyIdentifier()));
        if (extensionArr != null) {
            for (CertExtensions.Extension extension : extensionArr) {
                arrayList.add(new Extension(extension));
            }
        }
        commonCertificate.extensions = new CertificateExtensions(arrayList);
        ISignature createSigner = iCryptoProvider.createSigner(str3);
        createSigner.initSign(newKey);
        createSigner.update(commonCertificate.getRawInfo());
        commonCertificate.signature = createSigner.sign();
        openStore.setCertificate(newKey, commonCertificate.getEncoded());
        return openStore;
    }

    private CommonCertificate() {
    }

    public CommonCertificate(byte[] bArr) throws Exception {
        parse(new DerValue(bArr));
        this.encoded = bArr;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (this.notAfter == null || this.notBefore == null || this.notBefore.after(date)) {
            throw new CertificateNotYetValidException();
        }
        if (this.notAfter.before(date)) {
            throw new CertificateExpiredException();
        }
    }

    private void constructValidity(DerValue derValue) throws Exception {
        if (derValue.tag != 48) {
            throw new Exception("Invalid encoded CertificateValidity, starting sequence tag missing.");
        }
        if (derValue.data.available() == 0) {
            throw new Exception("No data encoded for CertificateValidity");
        }
        DerValue[] sequence = new DerInputStream(derValue.toByteArray()).getSequence(2);
        if (sequence.length != 2) {
            throw new Exception("Invalid encoding for CertificateValidity");
        }
        if (sequence[0].tag == 23) {
            this.notBefore = derValue.data.getUTCTime();
        } else {
            if (sequence[0].tag != 24) {
                throw new Exception("Invalid encoding for CertificateValidity");
            }
            this.notBefore = derValue.data.getGeneralizedTime();
        }
        if (sequence[1].tag == 23) {
            this.notAfter = derValue.data.getUTCTime();
        } else {
            if (sequence[1].tag != 24) {
                throw new Exception("Invalid encoding for CertificateValidity");
            }
            this.notAfter = derValue.data.getGeneralizedTime();
        }
    }

    private void emit(DerOutputStream derOutputStream) throws Exception {
        DerOutputStream derOutputStream2 = new DerOutputStream();
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.putInteger(this.version);
        derOutputStream2.write((byte) -96, derOutputStream3);
        derOutputStream2.putInteger(this.serial);
        this.alg.encode(derOutputStream2);
        derOutputStream2.write(this.issuer.getEncoded());
        encodeValidity(derOutputStream2);
        derOutputStream2.write(this.subject.getEncoded());
        derOutputStream2.write(this.pubKey.getEncoded());
        if (this.issuerUniqueID != null) {
            derOutputStream2.putUnalignedBitString(this.issuerUniqueID);
        }
        if (this.subjectUniqueID != null) {
            derOutputStream2.putUnalignedBitString(this.subjectUniqueID);
        }
        if (this.extensions != null) {
            byte[] encode = DerEncoding.encode(this.extensions);
            encode[0] = DerValue.createTag(Byte.MIN_VALUE, true, (byte) 3);
            derOutputStream2.write(encode);
        }
        derOutputStream.write((byte) 48, derOutputStream2);
    }

    private void encodeValidity(DerOutputStream derOutputStream) throws Exception {
        if (this.notBefore == null || this.notAfter == null) {
            throw new Exception("CertAttrSet:CertificateValidity: null values to encode.\n");
        }
        DerOutputStream derOutputStream2 = new DerOutputStream();
        if (this.notBefore.getTime() < YR_2050) {
            derOutputStream2.putUTCTime(this.notBefore);
        } else {
            derOutputStream2.putGeneralizedTime(this.notBefore);
        }
        if (this.notAfter.getTime() < YR_2050) {
            derOutputStream2.putUTCTime(this.notAfter);
        } else {
            derOutputStream2.putGeneralizedTime(this.notAfter);
        }
        DerOutputStream derOutputStream3 = new DerOutputStream();
        derOutputStream3.write((byte) 48, derOutputStream2);
        derOutputStream.write(derOutputStream3.toByteArray());
        derOutputStream3.close();
    }

    public ObjectIdentifier getAlgorithmOID() {
        return this.alg.getAlgorithmOID();
    }

    public CommonAlgorithmId getSignatureAlgorithm() {
        return this.alg;
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        try {
            BasicConstraints.BasicConstraintsExtension basicConstraintsExtension = (BasicConstraints.BasicConstraintsExtension) this.extensions.getExtension(BasicConstraints.BasicConstraintsExtension.class);
            if (basicConstraintsExtension == null || !basicConstraintsExtension.getObject().isCaBoolean()) {
                return -1;
            }
            return basicConstraintsExtension.getObject().getPathLengthConstraints();
        } catch (Exception e) {
            return -1;
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return this.extensions.getCriticalExtensionOIDs();
    }

    @Override // java.security.cert.Certificate
    @DerMember
    public byte[] getEncoded() throws CertificateEncodingException {
        if (this.encoded == null) {
            try {
                DerOutputStream derOutputStream = new DerOutputStream();
                DerOutputStream derOutputStream2 = new DerOutputStream();
                derOutputStream2.write(getRawInfo());
                this.alg.encode(derOutputStream2);
                derOutputStream2.putBitString(this.signature);
                derOutputStream.write((byte) 48, derOutputStream2);
                this.encoded = derOutputStream.toByteArray();
                derOutputStream.close();
            } catch (Exception e) {
                throw new CertificateEncodingException(e.getMessage(), e);
            }
        }
        return Arrays.copyOf(this.encoded, this.encoded.length);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        return this.extensions.getExtensionValue(str);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return this.issuer;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        return this.issuerUniqueID.toBooleanArray();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        return this.issuer.getX500Principal();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        byte[] extensionValue = getExtensionValue("2.5.29.15");
        if (extensionValue == null) {
            return new boolean[]{true, true, true, true};
        }
        try {
            DerValue derValue = new DerValue(extensionValue);
            if (derValue.tag == 4) {
                derValue = new DerValue(derValue.getOctetString());
            }
            return derValue.getUnalignedBitString().toBooleanArray();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return this.extensions.getNonCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.notAfter;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.notBefore;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.pubKey;
    }

    public byte[] getRawInfo() throws Exception {
        if (this.rawInfo == null) {
            DerOutputStream derOutputStream = new DerOutputStream();
            emit(derOutputStream);
            this.rawInfo = derOutputStream.toByteArray();
        }
        return this.rawInfo;
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.serial;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.alg.getAlgorithm();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.alg.getAlgorithmOID().toString();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return this.sigAlgParams;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.signature;
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return this.subject;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        return this.subjectUniqueID.toBooleanArray();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        return this.subject.getX500Principal();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return getRawInfo();
        } catch (Exception e) {
            throw new CertificateEncodingException(e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.version;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        return false;
    }

    private void parse(DerValue derValue) throws Exception {
        DerValue[] derValueArr = {derValue.data.getDerValue(), derValue.data.getDerValue(), derValue.data.getDerValue()};
        if (derValue.data.available() != 0) {
            throw new Exception("signed overrun, bytes = " + derValue.data.available());
        }
        if (derValueArr[0].tag != 48) {
            throw new Exception("signed fields invalid");
        }
        this.rawInfo = derValueArr[0].toByteArray();
        this.alg = new CommonAlgorithmId(derValueArr[1]);
        this.signature = derValueArr[2].getBitString();
        DerValue derValue2 = derValueArr[0];
        if (derValue2.tag != 48) {
            throw new Exception("signed fields invalid");
        }
        DerInputStream derInputStream = derValue2.data;
        DerValue derValue3 = derInputStream.getDerValue();
        if (derValue3.isContextSpecific((byte) 0)) {
            this.version = 0;
            if (derValue3.isConstructed()) {
                DerValue derValue4 = derValue3.data.getDerValue();
                this.version = derValue4.getInteger();
                if (derValue4.data.available() != 0) {
                    throw new Exception("X.509 version, bad format");
                }
            }
            derValue3 = derInputStream.getDerValue();
        }
        this.serial = derValue3.getBigInteger();
        if (derValue3.data.available() != 0) {
            throw new Exception("Excess SerialNumber data");
        }
        if (!new CommonAlgorithmId(derInputStream.getDerValue()).equals(this.alg)) {
            throw new Exception("All algorithm settings must be the same.");
        }
        this.issuer = new X509Principal(derInputStream.getDerValue().toByteArray());
        constructValidity(derInputStream.getDerValue());
        this.subject = new X509Principal(derInputStream.getDerValue().toByteArray());
        this.pubKey = new CommonPublicKey(derInputStream.getDerValue());
        if (derInputStream.available() != 0) {
            if (this.version == 0) {
                throw new Exception("No more data allowed for version 1 certificate");
            }
            DerValue derValue5 = derInputStream.getDerValue();
            if (derValue5.isContextSpecific((byte) 1)) {
                this.issuerUniqueID = derValue5.getUnalignedBitString(true);
                if (derInputStream.available() == 0) {
                    return;
                } else {
                    derValue5 = derInputStream.getDerValue();
                }
            }
            if (derValue5.isContextSpecific((byte) 2)) {
                this.subjectUniqueID = derValue5.getUnalignedBitString(true);
                if (derInputStream.available() == 0) {
                    return;
                } else {
                    derValue5 = derInputStream.getDerValue();
                }
            }
            if (this.version != 2) {
                throw new Exception("Extensions not allowed in v2 certificate");
            }
            if (derValue5.isConstructed() && derValue5.isContextSpecific((byte) 3)) {
                this.extensions = new CertificateExtensions(derValue5.data);
            }
        }
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        try {
            return "-----BEGIN CERTIFICATE-----\r\n" + Base64.encode(getEncoded()) + "\r\n-----END CERTIFICATE-----\r\n";
        } catch (Exception e) {
            return getClass().toString();
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        try {
            ISignature createSigner = ICryptoProvider.getInstance("default").createSigner(getSigAlgName());
            try {
                createSigner.initVerify(publicKey.getEncoded());
                createSigner.update(this.rawInfo);
                createSigner.verify(this.signature);
            } catch (Exception e) {
                throw new SignatureException("Signature verify failed.", e);
            }
        } catch (Exception e2) {
            throw new NoSuchAlgorithmException("不支持的算法类型：" + getSigAlgName(), e2);
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey);
    }

    @Override // java.security.cert.Certificate
    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof Certificate)) {
            return false;
        }
        try {
            return Arrays.equals(getEncoded(), ((Certificate) obj).getEncoded());
        } catch (CertificateEncodingException e) {
            return false;
        }
    }

    @Override // java.security.cert.Certificate
    public int hashCode() {
        try {
            return Arrays.hashCode(getEncoded());
        } catch (CertificateEncodingException e) {
            return getSubjectDN().hashCode() ^ getIssuerDN().hashCode();
        }
    }

    public ISignature createVerifier(ICryptoProvider iCryptoProvider) throws Exception {
        ISignature createSigner = iCryptoProvider.createSigner(getSigAlgName());
        createSigner.initVerify(getPublicKey().getEncoded());
        return createSigner;
    }

    public void verify(Date date, CertificateAuthority certificateAuthority) throws Exception {
        if (date.before(this.notBefore)) {
            throw new Exception("操作时证书尚未生效。");
        }
        if (date.after(this.notAfter)) {
            throw new Exception("操作时证书已经失效。");
        }
        verifyIssuer(certificateAuthority);
        verifyCrl(certificateAuthority, date);
    }

    private void verifyCrl(CertificateAuthority certificateAuthority, Date date) throws Exception {
        byte[] bArr = null;
        List<String> crlDistributionPoints = getCrlDistributionPoints();
        if (crlDistributionPoints == null || crlDistributionPoints.size() == 0) {
            bArr = certificateAuthority.fetchCRL(null);
        } else {
            Iterator<String> it = crlDistributionPoints.iterator();
            while (it.hasNext()) {
                try {
                    bArr = certificateAuthority.fetchCRL(it.next());
                } catch (Exception e) {
                }
                if (bArr != null) {
                    break;
                }
            }
        }
        if (bArr != null) {
            SignedCertificateRevocationList signedCertificateRevocationList = (SignedCertificateRevocationList) DerEncoding.decode(bArr, SignedCertificateRevocationList.class);
            signedCertificateRevocationList.verify(certificateAuthority);
            if (!signedCertificateRevocationList.verify(getSerialNumber(), date)) {
                throw new Exception("证书在使用时已被吊销。");
            }
            return;
        }
        Date certificateRevocationTime = certificateAuthority.getCertificateRevocationTime(this.issuer.getName(), this.serial);
        if (certificateRevocationTime != null && certificateRevocationTime.before(date)) {
            throw new Exception("该证书已被吊销。");
        }
    }

    public List<String> getCrlDistributionPoints() {
        byte[] extensionValue = getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return null;
        }
        try {
            List decodeList = DerEncoding.decodeList(extensionValue, cn.eseals.certificate.extensions.CrlDistributionPoint.class);
            ArrayList arrayList = new ArrayList();
            Iterator it = decodeList.iterator();
            while (it.hasNext()) {
                ((cn.eseals.certificate.extensions.CrlDistributionPoint) it.next()).getDistributionURLs(arrayList);
            }
            return arrayList;
        } catch (Exception e) {
            throw new RuntimeException("不合理的吊销列表分发点信息。", e);
        }
    }

    private void verifyIssuer(CertificateAuthority certificateAuthority) throws Exception {
        List<byte[]> list = null;
        byte[] extensionValue = getExtensionValue("2.5.29.35");
        if (extensionValue == null || !(certificateAuthority instanceof CertificateAuthority2)) {
            list = certificateAuthority.getIssuer(this.issuer.getName());
        } else {
            byte[] issuer = ((CertificateAuthority2) certificateAuthority).getIssuer(this.issuer, (AuthorityKeyIdentifier) DerEncoding.decode(extensionValue, AuthorityKeyIdentifier.class));
            if (issuer != null) {
                list = new ArrayList(1);
                list.add(issuer);
            }
        }
        if (list == null || list.size() == 0) {
            throw new Exception("无法找到该证书的颁发机构证书。");
        }
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            try {
                verify(new CommonCertificate(it.next()).getPublicKey());
                return;
            } catch (Exception e) {
            }
        }
        throw new Exception("并非有效证书，其颁发机构签名验证失败。");
    }

    public byte[] getSubjectKeyIdentifier() throws Exception {
        SubjectKeyIdentifier subjectKeyIdentifier = (SubjectKeyIdentifier) this.extensions.getExtension(SubjectKeyIdentifier.class);
        if (subjectKeyIdentifier == null) {
            return null;
        }
        return subjectKeyIdentifier.getObject();
    }

    public boolean matchKeyIdentifier(AuthorityKeyIdentifier authorityKeyIdentifier) {
        if (authorityKeyIdentifier == null) {
            return true;
        }
        try {
            byte[] subjectKeyIdentifier = getSubjectKeyIdentifier();
            if (subjectKeyIdentifier == null) {
                return false;
            }
            return Arrays.equals(subjectKeyIdentifier, authorityKeyIdentifier.getKeyIdentifier());
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public AuthorityKeyIdentifier getAuthorityKeyIdentifier() throws Exception {
        AuthorityKeyIdentifier.AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = (AuthorityKeyIdentifier.AuthorityKeyIdentifierExtension) this.extensions.getExtension(AuthorityKeyIdentifier.AuthorityKeyIdentifierExtension.class);
        if (authorityKeyIdentifierExtension == null) {
            return null;
        }
        return authorityKeyIdentifierExtension.getObject();
    }

    public <T> T getExtension(String str, Class<T> cls) throws Exception {
        return (T) this.extensions.getExtension(str, cls);
    }

    public <T> T getExtension(String str) throws Exception {
        return (T) this.extensions.getExtension(str);
    }

    public <T> T getExtension(Class<T> cls) throws Exception {
        return (T) this.extensions.getExtension(cls);
    }
}
