package net.netca.pki.crypto.android.interfaces.a;

import android.content.Context;
import android.text.TextUtils;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.netca.pki.Certificate;
import net.netca.pki.PkiException;
import net.netca.pki.PublicKey;
import net.netca.pki.a.a.b.h;
import net.netca.pki.crypto.android.constant.NetcaCertInfo;
import net.netca.pki.crypto.android.constant.NetcaPKIConst;
import net.netca.pki.crypto.android.exceptions.CertRevokedException;
import net.netca.pki.crypto.android.exceptions.UserCancelException;
import net.netca.pki.crypto.android.interfaces.CertInterface;

/* loaded from: classes3.dex */
public class b implements CertInterface {
    private ArrayList<net.netca.pki.a.a.b.h> a() {
        ArrayList<net.netca.pki.a.a.b.h> arrayList = new ArrayList<>();
        for (net.netca.pki.a.a.b.d dVar : net.netca.pki.a.a.b.b.j().d()) {
            if (dVar != null) {
                try {
                    List<Certificate> certs = dVar.getCerts();
                    Iterator<Certificate> it = certs.iterator();
                    while (it.hasNext()) {
                        arrayList.add(new net.netca.pki.a.a.b.h(it.next()));
                    }
                    net.netca.pki.a.a.m.i.a(certs);
                } catch (Exception e2) {
                    net.netca.pki.a.a.m.c.b("CertImpl", e2.getMessage());
                    e2.printStackTrace();
                }
            }
        }
        return arrayList;
    }

    private ArrayList<Certificate> a(String str) throws PkiException {
        Certificate certificate;
        ArrayList<Certificate> arrayList = new ArrayList<>();
        ArrayList<net.netca.pki.a.a.b.h> a = a();
        for (int i2 = 0; i2 < a.size(); i2++) {
            net.netca.pki.a.a.b.h hVar = a.get(i2);
            if (!hVar.g()) {
                if (str == null || str.equalsIgnoreCase("Both")) {
                    certificate = new Certificate(hVar.f());
                } else if (str.equalsIgnoreCase(NetcaPKIConst.Cert.CERT_TYPE_SIGN)) {
                    if (hVar.c() == h.a.Signature || hVar.c() == h.a.Both) {
                        certificate = new Certificate(hVar.f());
                    }
                } else if (str.equalsIgnoreCase(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT) && (hVar.c() == h.a.Encrypt || hVar.c() == h.a.Both)) {
                    certificate = new Certificate(hVar.f());
                }
                arrayList.add(certificate);
            }
        }
        return arrayList;
    }

    private Certificate a(List<Certificate> list, Context context) throws PkiException {
        if (list.isEmpty()) {
            return null;
        }
        if (list.size() == 1) {
            return list.get(0);
        }
        Certificate a = new net.netca.pki.a.a.m.p(context, list).a();
        if (a != null) {
            return a;
        }
        throw new UserCancelException("用户取消");
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public Certificate getCertFromDer(byte[] bArr) throws PkiException {
        return new Certificate(bArr);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public Certificate getCertFromString(String str) throws PkiException {
        return new Certificate(str);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public List<Certificate> getEncCertList() throws PkiException {
        return a(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public List<Certificate> getSignCertList() throws PkiException {
        return a(NetcaPKIConst.Cert.CERT_TYPE_SIGN);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public synchronized Certificate getSingleEncCert() throws PkiException {
        return a(a(NetcaPKIConst.Cert.CERT_TYPE_ENCRYPT), net.netca.pki.a.a.e.a.e().c());
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public synchronized Certificate getSingleSignCert() throws PkiException {
        return a(a(NetcaPKIConst.Cert.CERT_TYPE_SIGN), net.netca.pki.a.a.e.a.e().c());
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public boolean isSm2(Certificate certificate) throws PkiException {
        return certificate.match("Algorithm='SM2'");
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public NetcaCertInfo parseCertInfo(Certificate certificate) {
        return new NetcaCertInfo(certificate);
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public byte[] publicKeyEncrypt(Certificate certificate, byte[] bArr) throws PkiException {
        PublicKey publicKey;
        try {
            publicKey = certificate.getPublicKey(1);
            try {
                if (publicKey == null) {
                    throw net.netca.pki.a.a.m.n.a(-78);
                }
                byte[] encrypt = publicKey.encrypt(publicKey.isSM2() ? 64 : 16, bArr);
                net.netca.pki.a.a.m.i.a(publicKey);
                return encrypt;
            } catch (Throwable th) {
                th = th;
                net.netca.pki.a.a.m.i.a(publicKey);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            publicKey = null;
        }
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public byte[] verifyCertByCrl(Certificate certificate, String str) throws PkiException {
        if (TextUtils.isEmpty(str)) {
            str = certificate.getAttribute(56);
        }
        byte[] a = net.netca.pki.a.a.m.d.a(str, certificate);
        int verifyWithCrl = certificate.verifyWithCrl(a);
        if (verifyWithCrl == -2) {
            throw new CertRevokedException("CA证书已吊销");
        }
        if (verifyWithCrl == -1) {
            throw new PkiException("证书状态未知");
        }
        if (verifyWithCrl != 0) {
            return a;
        }
        throw new CertRevokedException("证书已吊销");
    }

    @Override // net.netca.pki.crypto.android.interfaces.CertInterface
    public byte[] verifyCertByOcsp(Certificate certificate, String str) throws PkiException {
        if (TextUtils.isEmpty(str)) {
            str = certificate.getAttribute(58);
        }
        byte[] b = net.netca.pki.a.a.m.d.b(str, certificate);
        int a = net.netca.pki.a.a.m.d.a(b);
        if (a == -2) {
            throw new CertRevokedException("CA证书已吊销");
        }
        if (a == -1) {
            throw new PkiException("证书状态未知");
        }
        if (a != 0) {
            return b;
        }
        throw new CertRevokedException("证书已吊销");
    }
}
