package org.apache.harmony.security.provider.cert;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.apache.harmony.security.internal.nls.Messages;
import org.apache.harmony.security.utils.AlgNameMapper;
import org.apache.harmony.security.x509.Certificate;
import org.apache.harmony.security.x509.Extension;
import org.apache.harmony.security.x509.Extensions;
import org.apache.harmony.security.x509.TBSCertificate;
import org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl;

/* loaded from: classes2.dex */
public class X509CertImpl extends X509Certificate {
    public static final long serialVersionUID = 2972248729446736154L;
    public final Certificate certificate;
    public volatile byte[] encoding;
    public final Extensions extensions;
    public X500Principal issuer;
    public long notAfter;
    public long notBefore;
    public boolean nullSigAlgParams;
    public PublicKey publicKey;
    public BigInteger serialNumber;
    public String sigAlgName;
    public String sigAlgOID;
    public byte[] sigAlgParams;
    public byte[] signature;
    public X500Principal subject;
    public final TBSCertificate tbsCert;
    public byte[] tbsCertificate;

    public X509CertImpl(InputStream inputStream) throws CertificateException {
        this.notBefore = -1L;
        try {
            this.certificate = (Certificate) Certificate.ASN1.decode(inputStream);
            this.tbsCert = this.certificate.getTbsCertificate();
            this.extensions = this.tbsCert.getExtensions();
        } catch (IOException e) {
            throw new CertificateException(e);
        }
    }

    public X509CertImpl(Certificate certificate) {
        this.notBefore = -1L;
        this.certificate = certificate;
        this.tbsCert = certificate.getTbsCertificate();
        this.extensions = this.tbsCert.getExtensions();
    }

    public X509CertImpl(byte[] bArr) throws IOException {
        this((Certificate) Certificate.ASN1.decode(bArr));
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        if (this.notBefore == -1) {
            this.notBefore = this.tbsCert.getValidity().getNotBefore().getTime();
            this.notAfter = this.tbsCert.getValidity().getNotAfter().getTime();
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis < this.notBefore) {
            throw new CertificateNotYetValidException();
        }
        if (currentTimeMillis > this.notAfter) {
            throw new CertificateExpiredException();
        }
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (this.notBefore == -1) {
            this.notBefore = this.tbsCert.getValidity().getNotBefore().getTime();
            this.notAfter = this.tbsCert.getValidity().getNotAfter().getTime();
        }
        long time = date.getTime();
        if (time < this.notBefore) {
            throw new CertificateNotYetValidException("current time: " + date + ", validation time: " + new Date(this.notBefore));
        }
        if (time <= this.notAfter) {
            return;
        }
        throw new CertificateExpiredException("current time: " + date + ", expiration time: " + new Date(this.notAfter));
    }

    public void fastVerify(PublicKey publicKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new InvalidKeyException(Messages.getString("security.15C1"));
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        String sigAlgName = getSigAlgName();
        if ("MD2withRSA".equalsIgnoreCase(sigAlgName) || "MD2withRSAEncryption".equalsIgnoreCase(sigAlgName) || "1.2.840.113549.1.1.2".equalsIgnoreCase(sigAlgName) || "MD2/RSA".equalsIgnoreCase(sigAlgName)) {
            throw new NoSuchAlgorithmException(sigAlgName);
        }
        int indexOf = sigAlgName.indexOf("with");
        String str = sigAlgName.substring(indexOf + 4) + "-" + sigAlgName.substring(0, indexOf);
        if (this.tbsCertificate == null) {
            this.tbsCertificate = this.tbsCert.getEncoded();
        }
        if (!OpenSSLSocketImpl.verifySignature(this.tbsCertificate, this.certificate.getSignatureValue(), str, rSAPublicKey)) {
            throw new SignatureException(Messages.getString("security.15C"));
        }
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        if (this.extensions == null) {
            return Integer.MAX_VALUE;
        }
        return this.extensions.valueOfBasicConstrains();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (this.extensions == null) {
            return null;
        }
        return this.extensions.getCriticalExtensions();
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        if (this.encoding == null) {
            this.encoding = this.certificate.getEncoded();
        }
        byte[] bArr = new byte[this.encoding.length];
        System.arraycopy(this.encoding, 0, bArr, 0, this.encoding.length);
        return bArr;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        if (this.extensions == null) {
            return null;
        }
        try {
            return this.extensions.valueOfExtendedKeyUsage();
        } catch (IOException e) {
            throw new CertificateParsingException(e);
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        Extension extensionByOID;
        if (this.extensions == null || (extensionByOID = this.extensions.getExtensionByOID(str)) == null) {
            return null;
        }
        return extensionByOID.getRawExtnValue();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        if (this.extensions == null) {
            return null;
        }
        try {
            return this.extensions.valueOfIssuerAlternativeName();
        } catch (IOException e) {
            throw new CertificateParsingException(e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        if (this.issuer == null) {
            this.issuer = this.tbsCert.getIssuer().getX500Principal();
        }
        return this.issuer;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        return this.tbsCert.getIssuerUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        if (this.issuer == null) {
            this.issuer = this.tbsCert.getIssuer().getX500Principal();
        }
        return this.issuer;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        if (this.extensions == null) {
            return null;
        }
        return this.extensions.valueOfKeyUsage();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (this.extensions == null) {
            return null;
        }
        return this.extensions.getNonCriticalExtensions();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        if (this.notBefore == -1) {
            this.notBefore = this.tbsCert.getValidity().getNotBefore().getTime();
            this.notAfter = this.tbsCert.getValidity().getNotAfter().getTime();
        }
        return new Date(this.notAfter);
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        if (this.notBefore == -1) {
            this.notBefore = this.tbsCert.getValidity().getNotBefore().getTime();
            this.notAfter = this.tbsCert.getValidity().getNotAfter().getTime();
        }
        return new Date(this.notBefore);
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        if (this.publicKey == null) {
            this.publicKey = this.tbsCert.getSubjectPublicKeyInfo().getPublicKey();
        }
        return this.publicKey;
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        if (this.serialNumber == null) {
            this.serialNumber = this.tbsCert.getSerialNumber();
        }
        return this.serialNumber;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        if (this.sigAlgOID == null) {
            this.sigAlgOID = this.tbsCert.getSignature().getAlgorithm();
            this.sigAlgName = AlgNameMapper.map2AlgName(this.sigAlgOID);
            if (this.sigAlgName == null) {
                this.sigAlgName = this.sigAlgOID;
            }
        }
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        if (this.sigAlgOID == null) {
            this.sigAlgOID = this.tbsCert.getSignature().getAlgorithm();
            this.sigAlgName = AlgNameMapper.map2AlgName(this.sigAlgOID);
            if (this.sigAlgName == null) {
                this.sigAlgName = this.sigAlgOID;
            }
        }
        return this.sigAlgOID;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        if (this.nullSigAlgParams) {
            return null;
        }
        if (this.sigAlgParams == null) {
            this.sigAlgParams = this.tbsCert.getSignature().getParameters();
            if (this.sigAlgParams == null) {
                this.nullSigAlgParams = true;
                return null;
            }
        }
        return this.sigAlgParams;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        if (this.signature == null) {
            this.signature = this.certificate.getSignatureValue();
        }
        byte[] bArr = new byte[this.signature.length];
        System.arraycopy(this.signature, 0, bArr, 0, this.signature.length);
        return bArr;
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        if (this.extensions == null) {
            return null;
        }
        try {
            return this.extensions.valueOfSubjectAlternativeName();
        } catch (IOException e) {
            throw new CertificateParsingException(e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        if (this.subject == null) {
            this.subject = this.tbsCert.getSubject().getX500Principal();
        }
        return this.subject;
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        return this.tbsCert.getSubjectUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        if (this.subject == null) {
            this.subject = this.tbsCert.getSubject().getX500Principal();
        }
        return this.subject;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        if (this.tbsCertificate == null) {
            this.tbsCertificate = this.tbsCert.getEncoded();
        }
        byte[] bArr = new byte[this.tbsCertificate.length];
        System.arraycopy(this.tbsCertificate, 0, bArr, 0, this.tbsCertificate.length);
        return bArr;
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.tbsCert.getVersion() + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (this.extensions == null) {
            return false;
        }
        return this.extensions.hasUnsupportedCritical();
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return this.certificate.toString();
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (getSigAlgName().endsWith("withRSA")) {
            fastVerify(publicKey);
            return;
        }
        Signature signature = Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        if (this.tbsCertificate == null) {
            this.tbsCertificate = this.tbsCert.getEncoded();
        }
        signature.update(this.tbsCertificate, 0, this.tbsCertificate.length);
        if (!signature.verify(this.certificate.getSignatureValue())) {
            throw new SignatureException(Messages.getString("security.15C"));
        }
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (getSigAlgName().endsWith("withRSA")) {
            fastVerify(publicKey);
            return;
        }
        Signature signature = Signature.getInstance(getSigAlgName(), str);
        signature.initVerify(publicKey);
        if (this.tbsCertificate == null) {
            this.tbsCertificate = this.tbsCert.getEncoded();
        }
        signature.update(this.tbsCertificate, 0, this.tbsCertificate.length);
        if (!signature.verify(this.certificate.getSignatureValue())) {
            throw new SignatureException(Messages.getString("security.15C"));
        }
    }
}
