package at.rundquadrat.android.r2mail2;

import at.rundquadrat.android.r2mail2.KeyServer;
import at.rundquadrat.android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org2.bouncycastle.asn1.ASN1InputStream;
import org2.bouncycastle.asn1.ASN1OctetString;
import org2.bouncycastle.asn1.ASN1Sequence;
import org2.bouncycastle.asn1.DERIA5String;
import org2.bouncycastle.asn1.x500.RDN;
import org2.bouncycastle.asn1.x500.style.BCStyle;
import org2.bouncycastle.asn1.x500.style.IETFUtils;
import org2.bouncycastle.asn1.x509.AccessDescription;
import org2.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org2.bouncycastle.asn1.x509.BasicConstraints;
import org2.bouncycastle.asn1.x509.CRLDistPoint;
import org2.bouncycastle.asn1.x509.DistributionPoint;
import org2.bouncycastle.asn1.x509.DistributionPointName;
import org2.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org2.bouncycastle.asn1.x509.GeneralName;
import org2.bouncycastle.asn1.x509.GeneralNames;
import org2.bouncycastle.asn1.x509.KeyPurposeId;
import org2.bouncycastle.asn1.x509.KeyUsage;
import org2.bouncycastle.asn1.x509.X509Extension;
import org2.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org2.bouncycastle.util.Arrays;
import org2.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org2.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import org2.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: classes.dex */
public class FullX509Certificate extends X509Certificate {
    private String EntrustPublicKey;
    private String MSPublicKey;
    private List<String> RFC822Email;
    private List<String> aiaUri;
    private String authorityKeyIdentifier;
    private X509Certificate certificate;
    private List<String> commonNames;
    private List<String> crlDistributionPoints;
    private ExtendedKeyUsage extKeyUsage;
    private boolean isCA;
    private boolean isSelfsigned;
    private boolean isValid;
    private String issuer;
    private boolean[] keyUsage;
    private List<String> ocspUri;
    private int pathLenghtConstraints;
    private String pemString;
    private List<String> subjAltNameDNS;
    private String subject;
    private List<String> subjectEmail;
    private String subjectKeyIdentifier;

    public FullX509Certificate(InputStream inputStream) throws CertificateException, UnsupportedEncodingException {
        this((X509Certificate) CertificateFactory.getInstance(KeyServer.KeyType.X509).generateCertificate(inputStream));
    }

    public FullX509Certificate(String str) throws CertificateException, UnsupportedEncodingException {
        this((X509Certificate) CertificateFactory.getInstance(KeyServer.KeyType.X509).generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8"))));
    }

    public FullX509Certificate(Certificate certificate) throws CertificateException, UnsupportedEncodingException {
        this(certificate.getEncoded());
    }

    public FullX509Certificate(X509Certificate x509Certificate) {
        this.certificate = null;
        this.subjectKeyIdentifier = null;
        this.authorityKeyIdentifier = null;
        this.isCA = false;
        this.isSelfsigned = false;
        this.isValid = false;
        this.pathLenghtConstraints = -1;
        this.ocspUri = new ArrayList();
        this.aiaUri = new ArrayList();
        this.crlDistributionPoints = new ArrayList();
        this.RFC822Email = new ArrayList();
        this.subjectEmail = new ArrayList();
        this.issuer = null;
        this.subject = null;
        this.pemString = null;
        this.keyUsage = null;
        this.extKeyUsage = null;
        this.commonNames = new ArrayList();
        this.subjAltNameDNS = new ArrayList();
        this.EntrustPublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq\nK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe\nsYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX\nMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT\nXTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/\nHoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH\n4QIDAQAB";
        this.MSPublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQK9wXDmO/JOGyifl3he\nMOqiqY0lX/j+lUyjt/6doiA+fFGim6KPYDJr0UJkee6sdslU2vLrnIYcj5+EZrPF\na3piI9YdPN4PAZLolsS/LWaammgmmdA6LL8MtVgmwUbnCj44liypKDmo7EmDQuOE\nD7uabFVhrIJ8oWAtd0zpmbRkO5pQHDEIJBSfqeeRKxjmPZhjFGBYBWWfHTdSh/en\n75QCxhvTv1VFs4mAvzrsVJROrv2nem10Tq8YzJYJKCEAV5BgaTe7SxIHPFb/W/uk\nZgoIptKBVlfvtjteFoF3BNr2vq6Alf6wzX/WpxpyXDzKvPAIoyIwswaFybMgdxOF\n3wIDAQAB";
        if (x509Certificate == null) {
            return;
        }
        this.certificate = x509Certificate;
        try {
            this.pemString = "-----BEGIN CERTIFICATE-----\n" + Base64.encodeBase64String(x509Certificate.getEncoded()) + "-----END CERTIFICATE-----\n";
        } catch (CertificateEncodingException e) {
        }
        byte[] bArr = (byte[]) null;
        try {
            bArr = x509Certificate.getExtensionValue(X509Extension.subjectKeyIdentifier.getId());
        } catch (Exception e2) {
        }
        if (bArr != null) {
            try {
                this.subjectKeyIdentifier = getHex(new SubjectKeyIdentifierStructure(bArr).getKeyIdentifier());
            } catch (IOException e3) {
            }
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.authorityKeyIdentifier.getId());
        if (extensionValue != null) {
            try {
                this.authorityKeyIdentifier = getHex(new AuthorityKeyIdentifierStructure(extensionValue).getKeyIdentifier());
            } catch (IOException e4) {
            }
        }
        try {
            verify(getPublicKey());
            this.isSelfsigned = true;
        } catch (Exception e5) {
            this.isSelfsigned = false;
        }
        byte[] extensionValue2 = x509Certificate.getExtensionValue(X509Extension.basicConstraints.getId());
        if (extensionValue2 != null) {
            try {
                BasicConstraints basicConstraints = new BasicConstraints((ASN1Sequence) X509ExtensionUtil.fromExtensionValue(extensionValue2));
                if (basicConstraints.isCA()) {
                    this.isCA = true;
                    if (basicConstraints.getPathLenConstraint() != null) {
                        this.pathLenghtConstraints = basicConstraints.getPathLenConstraint().intValue();
                    }
                } else {
                    this.isCA = false;
                }
            } catch (IOException e6) {
            }
        } else if (this.isSelfsigned && x509Certificate.getVersion() < 3) {
            this.isCA = true;
        } else if (this.isSelfsigned && (Arrays.areEqual(getPublicKey().getEncoded(), Base64.decodeBase64(this.EntrustPublicKey)) || Arrays.areEqual(getPublicKey().getEncoded(), Base64.decodeBase64(this.MSPublicKey)))) {
            this.isCA = true;
        } else {
            this.isCA = false;
        }
        byte[] extensionValue3 = x509Certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId());
        if (extensionValue3 != null && extensionValue3.length != 0) {
            try {
                try {
                    for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue3).readObject()).getOctets()).readObject()).getAccessDescriptions()) {
                        GeneralName accessLocation = accessDescription.getAccessLocation();
                        if (accessLocation.getTagNo() == 6) {
                            if (accessDescription.getAccessMethod().equals(AccessDescription.id_ad_caIssuers)) {
                                this.aiaUri.add(((DERIA5String) accessLocation.getName()).getString());
                            } else if (accessDescription.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                                this.ocspUri.add(((DERIA5String) accessLocation.getName()).getString());
                            }
                        }
                    }
                } catch (IOException e7) {
                }
            } catch (IOException e8) {
            }
        }
        byte[] extensionValue4 = x509Certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue4 != null && extensionValue4.length != 0) {
            try {
                try {
                    for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue4).readObject()).getOctets()).readObject()).getDistributionPoints()) {
                        DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                        if (distributionPoint2.getType() == 0) {
                            GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                            for (int i = 0; i < names.length; i++) {
                                if (names[i].getTagNo() == 6) {
                                    this.crlDistributionPoints.add(((DERIA5String) names[i].getName()).getString());
                                }
                            }
                        }
                    }
                } catch (IOException e9) {
                }
            } catch (IOException e10) {
            }
        }
        try {
            for (List list : X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate)) {
                switch (((Integer) list.get(0)).intValue()) {
                    case 1:
                        this.RFC822Email.add(((String) list.get(1)).toLowerCase());
                        break;
                    case 2:
                    case 7:
                        this.subjAltNameDNS.add(((String) list.get(1)).toLowerCase());
                        break;
                    case 6:
                        this.subjAltNameDNS.add(new URI((String) list.get(1)).getHost().toLowerCase());
                        break;
                }
            }
        } catch (CertificateParsingException e11) {
        } catch (Exception e12) {
        }
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            for (RDN rdn : jcaX509CertificateHolder.getSubject().getRDNs(BCStyle.E)) {
                this.subjectEmail.add(IETFUtils.valueToString(rdn.getFirst().getValue()).toLowerCase());
            }
            try {
                try {
                    try {
                        x509Certificate.checkValidity();
                        this.isValid = true;
                    } catch (Exception e13) {
                        this.isValid = false;
                    }
                } catch (CertificateNotYetValidException e14) {
                    this.isValid = false;
                }
            } catch (CertificateExpiredException e15) {
                this.isValid = false;
            }
            this.subject = BCStyle.INSTANCE.toString(jcaX509CertificateHolder.getSubject());
            for (RDN rdn2 : jcaX509CertificateHolder.getSubject().getRDNs(BCStyle.CN)) {
                this.commonNames.add(IETFUtils.valueToString(rdn2.getFirst().getValue()).toLowerCase());
            }
            this.issuer = BCStyle.INSTANCE.toString(jcaX509CertificateHolder.getIssuer());
        } catch (CertificateEncodingException e16) {
        }
        this.keyUsage = x509Certificate.getKeyUsage();
        if (this.keyUsage == null) {
            byte[] extensionValue5 = x509Certificate.getExtensionValue(X509Extension.keyUsage.getId());
            if (extensionValue5 != null && extensionValue5.length != 0) {
                try {
                    try {
                        int intValue = KeyUsage.getInstance(new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue5).readObject()).getOctets()).readObject()).intValue();
                        this.keyUsage = new boolean[8];
                        if ((intValue & 128) == 128) {
                            this.keyUsage[0] = true;
                        } else {
                            this.keyUsage[0] = false;
                        }
                        if ((intValue & 64) == 64) {
                            this.keyUsage[1] = true;
                        } else {
                            this.keyUsage[1] = false;
                        }
                        if ((intValue & 32) == 32) {
                            this.keyUsage[2] = true;
                        } else {
                            this.keyUsage[2] = false;
                        }
                        if ((intValue & 16) == 16) {
                            this.keyUsage[3] = true;
                        } else {
                            this.keyUsage[3] = false;
                        }
                        if ((intValue & 8) == 8) {
                            this.keyUsage[4] = true;
                        } else {
                            this.keyUsage[4] = false;
                        }
                        if ((intValue & 4) == 4) {
                            this.keyUsage[5] = true;
                        } else {
                            this.keyUsage[5] = false;
                        }
                        if ((intValue & 2) == 2) {
                            this.keyUsage[6] = true;
                        } else {
                            this.keyUsage[6] = false;
                        }
                        if ((intValue & 1) == 1) {
                            this.keyUsage[7] = true;
                        } else {
                            this.keyUsage[7] = false;
                        }
                        if ((32768 & intValue) == 32768) {
                            this.keyUsage[8] = true;
                        } else {
                            this.keyUsage[8] = false;
                        }
                    } catch (IOException e17) {
                    }
                } catch (IOException e18) {
                }
            }
            byte[] extensionValue6 = x509Certificate.getExtensionValue(X509Extension.extendedKeyUsage.getId());
            if (extensionValue6 == null || extensionValue6.length == 0) {
                return;
            }
            try {
                try {
                    this.extKeyUsage = ExtendedKeyUsage.getInstance(new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue6).readObject()).getOctets()).readObject());
                } catch (IOException e19) {
                }
            } catch (IOException e20) {
            }
        }
    }

    public FullX509Certificate(byte[] bArr) throws CertificateException, UnsupportedEncodingException {
        this("-----BEGIN CERTIFICATE-----\n" + Base64.encodeBase64String(bArr) + "-----END CERTIFICATE-----\n");
    }

    public static String encodeCert(X509Certificate x509Certificate) {
        try {
            return "-----BEGIN CERTIFICATE-----\n" + Base64.encodeBase64String(x509Certificate.getEncoded()) + "-----END CERTIFICATE-----\n";
        } catch (CertificateEncodingException e) {
            return "";
        }
    }

    private String getHex(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append("0123456789ABCDEF".charAt((b & 240) >> 4)).append("0123456789ABCDEF".charAt(b & 15));
        }
        return sb.toString();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        this.certificate.checkValidity();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        this.certificate.checkValidity(date);
    }

    public boolean extKeyUsageHasPurpose(KeyPurposeId keyPurposeId) {
        if (this.extKeyUsage != null) {
            return this.extKeyUsage.hasKeyPurposeId(keyPurposeId);
        }
        return false;
    }

    public List<String> getAllEmail() {
        ArrayList arrayList = new ArrayList(this.RFC822Email);
        for (String str : this.subjectEmail) {
            if (!this.RFC822Email.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    public List<String> getAuthorityInformationAccess() {
        return this.aiaUri;
    }

    public String getAuthorityKeyIdentifier() {
        return this.authorityKeyIdentifier;
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        return this.certificate.getBasicConstraints();
    }

    public List<String> getCNs() {
        return this.commonNames;
    }

    public List<String> getCRLDistributionPoints() {
        return this.crlDistributionPoints;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getCriticalExtensionOIDs() {
        return this.certificate.getCriticalExtensionOIDs();
    }

    public List<String> getDNSNames() {
        return this.subjAltNameDNS;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        return this.certificate.getEncoded();
    }

    @Override // java.security.cert.X509Certificate
    public List<String> getExtendedKeyUsage() {
        try {
            return this.certificate.getExtendedKeyUsage();
        } catch (CertificateParsingException e) {
            return null;
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        return this.certificate.getExtensionValue(str);
    }

    public String getIssuer() {
        return this.issuer;
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return this.certificate.getIssuerDN();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        return this.certificate.getIssuerUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return this.keyUsage;
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getNonCriticalExtensionOIDs() {
        return this.certificate.getNonCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.certificate.getNotAfter();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.certificate.getNotBefore();
    }

    public List<String> getOCSP() {
        return this.ocspUri;
    }

    public int getPathLengthConstrainds() {
        return this.pathLenghtConstraints;
    }

    public String getPemString() {
        return this.pemString;
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.certificate.getPublicKey();
    }

    public List<String> getRFC822Email() {
        return this.RFC822Email;
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.certificate.getSigAlgName();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.certificate.getSigAlgOID();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return this.certificate.getSigAlgParams();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.certificate.getSignature();
    }

    public String getSubject() {
        return this.subject;
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return this.certificate.getSubjectDN();
    }

    public List<String> getSubjectEmail() {
        return this.subjectEmail;
    }

    public String getSubjectKeyIdentifier() {
        return this.subjectKeyIdentifier;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        return this.certificate.getSubjectUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        return this.certificate.getTBSCertificate();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.certificate.getVersion();
    }

    public boolean hasExtKeyUsage() {
        return this.extKeyUsage == null;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        return this.certificate.hasUnsupportedCriticalExtension();
    }

    public boolean isCA() {
        return this.isCA;
    }

    public boolean isSelfSigned() {
        return this.isSelfsigned;
    }

    public boolean isSigneBy(FullX509Certificate fullX509Certificate) {
        try {
            verify(fullX509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean isValid() {
        return this.isValid;
    }

    public String toBase64String() throws CertificateEncodingException {
        return "-----BEGIN CERTIFICATE-----\n" + Base64.encodeBase64String(this.certificate.getEncoded()) + "-----END CERTIFICATE-----\n";
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return this.certificate.toString();
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        byte[] tBSCertificate = this.certificate.getTBSCertificate();
        signature.update(tBSCertificate, 0, tBSCertificate.length);
        if (!signature.verify(this.certificate.getSignature())) {
            throw new SignatureException("Signature was not verified");
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = Signature.getInstance(getSigAlgName(), str);
        signature.initVerify(publicKey);
        byte[] tBSCertificate = this.certificate.getTBSCertificate();
        signature.update(tBSCertificate, 0, tBSCertificate.length);
        if (!signature.verify(this.certificate.getSignature())) {
            throw new SignatureException("Signature was not verified");
        }
    }
}
