package com.unboundid.util.ssl.cert;

import com.nimbusds.jose.util.X509CertUtils;
import com.unboundid.asn1.ASN1BigInteger;
import com.unboundid.asn1.ASN1BitString;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Exception;
import com.unboundid.asn1.ASN1GeneralizedTime;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.asn1.ASN1Set;
import com.unboundid.asn1.ASN1UTCTime;
import com.unboundid.asn1.ASN1UTF8String;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.schema.AttributeTypeDefinition;
import com.unboundid.ldap.sdk.schema.Schema;
import com.unboundid.util.Base64;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.OID;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes6.dex */
public final class X509Certificate implements Serializable {
    private static final byte TYPE_EXPLICIT_EXTENSIONS = -93;
    private static final byte TYPE_EXPLICIT_VERSION = -96;
    private static final byte TYPE_IMPLICIT_ISSUER_UNIQUE_ID = -127;
    private static final byte TYPE_IMPLICIT_SUBJECT_UNIQUE_ID = -126;
    private static final long serialVersionUID = -4680448103099282243L;
    private final DecodedPublicKey decodedPublicKey;
    private final ASN1BitString encodedPublicKey;
    private final List<X509CertificateExtension> extensions;
    private final DN issuerDN;
    private final ASN1BitString issuerUniqueID;
    private final long notAfter;
    private final long notBefore;
    private final String publicKeyAlgorithmName;
    private final OID publicKeyAlgorithmOID;
    private final ASN1Element publicKeyAlgorithmParameters;
    private final BigInteger serialNumber;
    private final String signatureAlgorithmName;
    private final OID signatureAlgorithmOID;
    private final ASN1Element signatureAlgorithmParameters;
    private final ASN1BitString signatureValue;
    private final DN subjectDN;
    private final ASN1BitString subjectUniqueID;
    private final X509CertificateVersion version;
    private final byte[] x509CertificateBytes;

    /* compiled from: ProGuard */
    /* loaded from: classes6.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f43722a;

        static {
            int[] iArr = new int[PublicKeyAlgorithmIdentifier.values().length];
            f43722a = iArr;
            try {
                iArr[PublicKeyAlgorithmIdentifier.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f43722a[PublicKeyAlgorithmIdentifier.EC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public X509Certificate(X509CertificateVersion x509CertificateVersion, BigInteger bigInteger, OID oid, ASN1Element aSN1Element, ASN1BitString aSN1BitString, DN dn2, long j11, long j12, DN dn3, OID oid2, ASN1Element aSN1Element2, ASN1BitString aSN1BitString2, DecodedPublicKey decodedPublicKey, ASN1BitString aSN1BitString3, ASN1BitString aSN1BitString4, X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        this.version = x509CertificateVersion;
        this.serialNumber = bigInteger;
        this.signatureAlgorithmOID = oid;
        this.signatureAlgorithmParameters = aSN1Element;
        this.signatureValue = aSN1BitString;
        this.issuerDN = dn2;
        this.notBefore = j11;
        this.notAfter = j12;
        this.subjectDN = dn3;
        this.publicKeyAlgorithmOID = oid2;
        this.publicKeyAlgorithmParameters = aSN1Element2;
        this.encodedPublicKey = aSN1BitString2;
        this.decodedPublicKey = decodedPublicKey;
        this.issuerUniqueID = aSN1BitString3;
        this.subjectUniqueID = aSN1BitString4;
        this.extensions = StaticUtils.toList(x509CertificateExtensionArr);
        SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(oid);
        if (forOID == null) {
            this.signatureAlgorithmName = null;
        } else {
            this.signatureAlgorithmName = forOID.getUserFriendlyName();
        }
        PublicKeyAlgorithmIdentifier forOID2 = PublicKeyAlgorithmIdentifier.forOID(oid2);
        if (forOID2 == null) {
            this.publicKeyAlgorithmName = null;
        } else {
            this.publicKeyAlgorithmName = forOID2.getName();
        }
        this.x509CertificateBytes = encode().encode();
    }

    public X509Certificate(byte[] bArr) throws CertException {
        int i11;
        DecodedPublicKey rSAPublicKey;
        this.x509CertificateBytes = bArr;
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(bArr).elements();
            if (elements.length != 3) {
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_UNEXPECTED_SEQUENCE_ELEMENT_COUNT.c(Integer.valueOf(elements.length)));
            }
            try {
                ASN1Element[] elements2 = ASN1Sequence.decodeAsSequence(elements[0]).elements();
                try {
                    if ((elements2[0].getType() & 255) == 160) {
                        X509CertificateVersion valueOf = X509CertificateVersion.valueOf(ASN1Integer.decodeAsInteger(elements2[0].getValue()).intValue());
                        this.version = valueOf;
                        if (valueOf == null) {
                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_UNSUPPORTED_VERSION.c(valueOf));
                        }
                        i11 = 1;
                    } else {
                        this.version = X509CertificateVersion.V1;
                        i11 = 0;
                    }
                    int i12 = i11 + 1;
                    try {
                        this.serialNumber = elements2[i11].decodeAsBigInteger().getBigIntegerValue();
                        int i13 = i12 + 1;
                        try {
                            ASN1Element[] elements3 = elements2[i12].decodeAsSequence().elements();
                            OID oid = elements3[0].decodeAsObjectIdentifier().getOID();
                            this.signatureAlgorithmOID = oid;
                            ASN1BitString aSN1BitString = null;
                            if (elements3.length > 1) {
                                this.signatureAlgorithmParameters = elements3[1];
                            } else {
                                this.signatureAlgorithmParameters = null;
                            }
                            SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(oid);
                            if (forOID == null) {
                                this.signatureAlgorithmName = null;
                            } else {
                                this.signatureAlgorithmName = forOID.getUserFriendlyName();
                            }
                            int i14 = i13 + 1;
                            try {
                                this.issuerDN = decodeName(elements2[i13]);
                                int i15 = i14 + 1;
                                try {
                                    ASN1Element[] elements4 = elements2[i14].decodeAsSequence().elements();
                                    byte type = elements4[0].getType();
                                    if (type == 23) {
                                        this.notBefore = decodeUTCTime(elements4[0]);
                                    } else {
                                        if (type != 24) {
                                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_NOT_BEFORE_UNEXPECTED_TYPE.c(StaticUtils.toHex(elements4[0].getType()), StaticUtils.toHex((byte) 23), StaticUtils.toHex((byte) 24)));
                                        }
                                        this.notBefore = elements4[0].decodeAsGeneralizedTime().getTime();
                                    }
                                    byte type2 = elements4[1].getType();
                                    if (type2 == 23) {
                                        this.notAfter = decodeUTCTime(elements4[1]);
                                    } else {
                                        if (type2 != 24) {
                                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_NOT_AFTER_UNEXPECTED_TYPE.c(StaticUtils.toHex(elements4[0].getType()), StaticUtils.toHex((byte) 23), StaticUtils.toHex((byte) 24)));
                                        }
                                        this.notAfter = elements4[1].decodeAsGeneralizedTime().getTime();
                                    }
                                    int i16 = i15 + 1;
                                    try {
                                        this.subjectDN = decodeName(elements2[i15]);
                                        try {
                                            ASN1Element[] elements5 = elements2[i16].decodeAsSequence().elements();
                                            ASN1Element[] elements6 = elements5[0].decodeAsSequence().elements();
                                            OID oid2 = elements6[0].decodeAsObjectIdentifier().getOID();
                                            this.publicKeyAlgorithmOID = oid2;
                                            if (elements6.length > 1) {
                                                this.publicKeyAlgorithmParameters = elements6[1];
                                            } else {
                                                this.publicKeyAlgorithmParameters = null;
                                            }
                                            ASN1BitString decodeAsBitString = elements5[1].decodeAsBitString();
                                            this.encodedPublicKey = decodeAsBitString;
                                            PublicKeyAlgorithmIdentifier forOID2 = PublicKeyAlgorithmIdentifier.forOID(oid2);
                                            if (forOID2 == null) {
                                                this.publicKeyAlgorithmName = null;
                                                this.decodedPublicKey = null;
                                            } else {
                                                this.publicKeyAlgorithmName = forOID2.getName();
                                                int i17 = a.f43722a[forOID2.ordinal()];
                                                if (i17 != 1) {
                                                    if (i17 == 2) {
                                                        try {
                                                            rSAPublicKey = new EllipticCurvePublicKey(decodeAsBitString);
                                                        } catch (Exception e11) {
                                                            Debug.debugException(e11);
                                                        }
                                                    }
                                                    rSAPublicKey = null;
                                                } else {
                                                    try {
                                                        rSAPublicKey = new RSAPublicKey(decodeAsBitString);
                                                    } catch (Exception e12) {
                                                        Debug.debugException(e12);
                                                    }
                                                }
                                                this.decodedPublicKey = rSAPublicKey;
                                            }
                                            ArrayList arrayList = new ArrayList(10);
                                            ASN1BitString aSN1BitString2 = null;
                                            for (int i18 = i16 + 1; i18 < elements2.length; i18++) {
                                                byte type3 = elements2[i18].getType();
                                                if (type3 == -127) {
                                                    try {
                                                        aSN1BitString = elements2[i18].decodeAsBitString();
                                                    } catch (Exception e13) {
                                                        Debug.debugException(e13);
                                                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_UNIQUE_ID.c(StaticUtils.getExceptionMessage(e13)), e13);
                                                    }
                                                } else if (type3 == -126) {
                                                    try {
                                                        aSN1BitString2 = elements2[i18].decodeAsBitString();
                                                    } catch (Exception e14) {
                                                        Debug.debugException(e14);
                                                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_UNIQUE_ID.c(StaticUtils.getExceptionMessage(e14)), e14);
                                                    }
                                                } else if (type3 != -93) {
                                                    continue;
                                                } else {
                                                    try {
                                                        for (ASN1Element aSN1Element : ASN1Sequence.decodeAsSequence(elements2[i18].getValue()).elements()) {
                                                            arrayList.add(X509CertificateExtension.decode(aSN1Element));
                                                        }
                                                    } catch (Exception e15) {
                                                        Debug.debugException(e15);
                                                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_EXTENSION.c(StaticUtils.getExceptionMessage(e15)), e15);
                                                    }
                                                }
                                            }
                                            this.issuerUniqueID = aSN1BitString;
                                            this.subjectUniqueID = aSN1BitString2;
                                            this.extensions = Collections.unmodifiableList(arrayList);
                                            try {
                                                OID oid3 = elements[1].decodeAsSequence().elements()[0].decodeAsObjectIdentifier().getOID();
                                                if (!oid3.equals(this.signatureAlgorithmOID)) {
                                                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_SIG_ALG_MISMATCH.c(this.signatureAlgorithmOID.toString(), oid3.toString()));
                                                }
                                                try {
                                                    this.signatureValue = elements[2].decodeAsBitString();
                                                } catch (Exception e16) {
                                                    Debug.debugException(e16);
                                                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SIG_VALUE.c(StaticUtils.getExceptionMessage(e16)), e16);
                                                }
                                            } catch (CertException e17) {
                                                Debug.debugException(e17);
                                                throw e17;
                                            } catch (Exception e18) {
                                                Debug.debugException(e18);
                                                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SIG_ALG.c(StaticUtils.getExceptionMessage(e18)), e18);
                                            }
                                        } catch (Exception e19) {
                                            Debug.debugException(e19);
                                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_PUBLIC_KEY_INFO.c(StaticUtils.getExceptionMessage(e19)), e19);
                                        }
                                    } catch (Exception e21) {
                                        Debug.debugException(e21);
                                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_DN.c(StaticUtils.getExceptionMessage(e21)), e21);
                                    }
                                } catch (CertException e22) {
                                    Debug.debugException(e22);
                                    throw e22;
                                } catch (Exception e23) {
                                    Debug.debugException(e23);
                                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_COULD_NOT_PARSE_VALIDITY.c(StaticUtils.getExceptionMessage(e23)), e23);
                                }
                            } catch (Exception e24) {
                                Debug.debugException(e24);
                                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_DN.c(StaticUtils.getExceptionMessage(e24)), e24);
                            }
                        } catch (Exception e25) {
                            Debug.debugException(e25);
                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SIG_ALG.c(StaticUtils.getExceptionMessage(e25)), e25);
                        }
                    } catch (Exception e26) {
                        Debug.debugException(e26);
                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_SERIAL_NUMBER.c(StaticUtils.getExceptionMessage(e26)), e26);
                    }
                } catch (CertException e27) {
                    Debug.debugException(e27);
                    throw e27;
                } catch (Exception e28) {
                    Debug.debugException(e28);
                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_VERSION.c(StaticUtils.getExceptionMessage(e28)), e28);
                }
            } catch (Exception e29) {
                Debug.debugException(e29);
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_FIRST_ELEMENT_NOT_SEQUENCE.c(StaticUtils.getExceptionMessage(e29)), e29);
            }
        } catch (Exception e31) {
            Debug.debugException(e31);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_NOT_SEQUENCE.c(StaticUtils.getExceptionMessage(e31)), e31);
        }
    }

    public static DN decodeName(ASN1Element aSN1Element) throws CertException {
        Schema schema;
        try {
            schema = Schema.getDefaultStandardSchema();
        } catch (Exception e11) {
            Debug.debugException(e11);
            schema = null;
        }
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(aSN1Element).elements();
            ArrayList arrayList = new ArrayList(elements.length);
            for (int i11 = 0; i11 < elements.length; i11++) {
                try {
                    ASN1Element[] elements2 = elements[i11].decodeAsSet().elements();
                    String[] strArr = new String[elements2.length];
                    byte[][] bArr = new byte[elements2.length];
                    for (int i12 = 0; i12 < elements2.length; i12++) {
                        ASN1Element[] elements3 = ASN1Sequence.decodeAsSequence(elements2[i12]).elements();
                        OID oid = elements3[0].decodeAsObjectIdentifier().getOID();
                        AttributeTypeDefinition attributeType = schema.getAttributeType(oid.toString());
                        if (attributeType == null) {
                            strArr[i12] = oid.toString();
                        } else {
                            strArr[i12] = attributeType.getNameOrOID().toUpperCase();
                        }
                        bArr[i12] = elements3[1].decodeAsOctetString().getValue();
                    }
                    arrayList.add(new RDN(strArr, bArr, schema));
                } catch (Exception e12) {
                    Debug.debugException(e12);
                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_CANNOT_PARSE_NAME_SEQUENCE_ELEMENT.c(Integer.valueOf(i11), StaticUtils.getExceptionMessage(e12)), e12);
                }
            }
            Collections.reverse(arrayList);
            return new DN(arrayList);
        } catch (Exception e13) {
            Debug.debugException(e13);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_DECODE_NAME_NOT_SEQUENCE.c(StaticUtils.getExceptionMessage(e13)), e13);
        }
    }

    private static long decodeUTCTime(ASN1Element aSN1Element) throws ASN1Exception {
        long time = ASN1UTCTime.decodeAsUTCTime(aSN1Element).getTime();
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(time);
        int i11 = gregorianCalendar.get(1);
        if (i11 < 1949) {
            gregorianCalendar.set(1, i11 + 100);
        } else if (i11 > 2050) {
            gregorianCalendar.set(1, i11 - 100);
        }
        return gregorianCalendar.getTimeInMillis();
    }

    public static ASN1Element encodeName(DN dn2) throws CertException {
        try {
            Schema defaultStandardSchema = Schema.getDefaultStandardSchema();
            RDN[] rDNs = dn2.getRDNs();
            ArrayList arrayList = new ArrayList(rDNs.length);
            for (int length = rDNs.length - 1; length >= 0; length--) {
                RDN rdn = rDNs[length];
                String[] attributeNames = rdn.getAttributeNames();
                String[] attributeValues = rdn.getAttributeValues();
                ArrayList arrayList2 = new ArrayList(attributeNames.length);
                for (int i11 = 0; i11 < attributeNames.length; i11++) {
                    AttributeTypeDefinition attributeType = defaultStandardSchema.getAttributeType(attributeNames[i11]);
                    if (attributeType == null) {
                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_ENCODE_NAME_UNKNOWN_ATTR_TYPE.c(String.valueOf(dn2), attributeNames[i11]));
                    }
                    try {
                        arrayList2.add(new ASN1Sequence(new ASN1ObjectIdentifier(attributeType.getOID()), new ASN1UTF8String(attributeValues[i11])));
                    } catch (Exception e11) {
                        Debug.debugException(e11);
                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_ENCODE_NAME_ERROR.c(String.valueOf(dn2), StaticUtils.getExceptionMessage(e11)), e11);
                    }
                }
                arrayList.add(new ASN1Set(arrayList2));
            }
            return new ASN1Sequence(arrayList);
        } catch (Exception e12) {
            Debug.debugException(e12);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_ENCODE_NAME_CANNOT_GET_SCHEMA.c(String.valueOf(dn2), StaticUtils.getExceptionMessage(e12)), e12);
        }
    }

    public static ASN1Sequence encodeValiditySequence(long j11, long j12) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(j11);
        int i11 = gregorianCalendar.get(1);
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.setTimeInMillis(j12);
        int i12 = gregorianCalendar2.get(1);
        return (i11 < 1950 || i11 > 2049 || i12 < 1950 || i12 > 2049) ? new ASN1Sequence(new ASN1GeneralizedTime(j11), new ASN1GeneralizedTime(j12)) : new ASN1Sequence(new ASN1UTCTime(j11), new ASN1UTCTime(j12));
    }

    public static X509Certificate generateIssuerSignedCertificate(SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, X509Certificate x509Certificate, PrivateKey privateKey, OID oid, ASN1Element aSN1Element, ASN1BitString aSN1BitString, DecodedPublicKey decodedPublicKey, DN dn2, long j11, long j12, X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-1").digest(aSN1BitString.getBytes());
            ASN1OctetString aSN1OctetString = null;
            for (X509CertificateExtension x509CertificateExtension : x509Certificate.extensions) {
                if (x509CertificateExtension instanceof SubjectKeyIdentifierExtension) {
                    aSN1OctetString = ((SubjectKeyIdentifierExtension) x509CertificateExtension).getKeyIdentifier();
                }
            }
            ArrayList arrayList = new ArrayList(10);
            arrayList.add(new SubjectKeyIdentifierExtension(false, new ASN1OctetString(digest)));
            if (aSN1OctetString == null) {
                arrayList.add(new AuthorityKeyIdentifierExtension(false, null, new b().b(x509Certificate.subjectDN).g(), x509Certificate.serialNumber));
            } else {
                arrayList.add(new AuthorityKeyIdentifierExtension(false, aSN1OctetString, null, null));
            }
            if (x509CertificateExtensionArr != null) {
                for (X509CertificateExtension x509CertificateExtension2 : x509CertificateExtensionArr) {
                    if (!x509CertificateExtension2.getOID().equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID) && !x509CertificateExtension2.getOID().equals(AuthorityKeyIdentifierExtension.AUTHORITY_KEY_IDENTIFIER_OID)) {
                        arrayList.add(x509CertificateExtension2);
                    }
                }
            }
            X509CertificateExtension[] x509CertificateExtensionArr2 = new X509CertificateExtension[arrayList.size()];
            arrayList.toArray(x509CertificateExtensionArr2);
            BigInteger generateSerialNumber = generateSerialNumber();
            return new X509Certificate(X509CertificateVersion.V3, generateSerialNumber, signatureAlgorithmIdentifier.getOID(), null, generateSignature(signatureAlgorithmIdentifier, privateKey, generateSerialNumber, x509Certificate.subjectDN, j11, j12, dn2, oid, aSN1Element, aSN1BitString, x509CertificateExtensionArr2), x509Certificate.subjectDN, j11, j12, dn2, oid, aSN1Element, aSN1BitString, decodedPublicKey, null, null, x509CertificateExtensionArr2);
        } catch (Exception e11) {
            Debug.debugException(e11);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_ISSUER_SIGNED_CANNOT_GENERATE_KEY_ID.c(StaticUtils.getExceptionMessage(e11)), e11);
        }
    }

    public static ObjectPair<X509Certificate, KeyPair> generateSelfSignedCertificate(SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, PublicKeyAlgorithmIdentifier publicKeyAlgorithmIdentifier, int i11, DN dn2, long j11, long j12, X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(publicKeyAlgorithmIdentifier.getName());
            try {
                keyPairGenerator.initialize(i11);
                try {
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    return new ObjectPair<>(generateSelfSignedCertificate(signatureAlgorithmIdentifier, generateKeyPair, dn2, j11, j12, x509CertificateExtensionArr), generateKeyPair);
                } catch (Exception e11) {
                    Debug.debugException(e11);
                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SELF_SIGNED_CANNOT_GENERATE_KEY_PAIR.c(Integer.valueOf(i11), publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e11)), e11);
                }
            } catch (Exception e12) {
                Debug.debugException(e12);
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SELF_SIGNED_INVALID_KEY_SIZE.c(Integer.valueOf(i11), publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e12)), e12);
            }
        } catch (Exception e13) {
            Debug.debugException(e13);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SELF_SIGNED_CANNOT_GET_KEY_GENERATOR.c(publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e13)), e13);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0088  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.unboundid.util.ssl.cert.X509Certificate generateSelfSignedCertificate(com.unboundid.util.ssl.cert.SignatureAlgorithmIdentifier r38, java.security.KeyPair r39, com.unboundid.ldap.sdk.DN r40, long r41, long r43, com.unboundid.util.ssl.cert.X509CertificateExtension... r45) throws com.unboundid.util.ssl.cert.CertException {
        /*
            Method dump skipped, instructions count: 257
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.unboundid.util.ssl.cert.X509Certificate.generateSelfSignedCertificate(com.unboundid.util.ssl.cert.SignatureAlgorithmIdentifier, java.security.KeyPair, com.unboundid.ldap.sdk.DN, long, long, com.unboundid.util.ssl.cert.X509CertificateExtension[]):com.unboundid.util.ssl.cert.X509Certificate");
    }

    private static BigInteger generateSerialNumber() {
        UUID randomUUID = UUID.randomUUID();
        return BigInteger.valueOf(randomUUID.getMostSignificantBits() & Long.MAX_VALUE).shiftLeft(64).add(BigInteger.valueOf(Long.MAX_VALUE & randomUUID.getLeastSignificantBits()));
    }

    private static ASN1BitString generateSignature(SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, PrivateKey privateKey, BigInteger bigInteger, DN dn2, long j11, long j12, DN dn3, OID oid, ASN1Element aSN1Element, ASN1BitString aSN1BitString, X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            Signature signature = Signature.getInstance(signatureAlgorithmIdentifier.getJavaName());
            try {
                signature.initSign(privateKey);
                try {
                    ArrayList arrayList = new ArrayList(8);
                    arrayList.add(new ASN1Element((byte) -96, new ASN1Integer(X509CertificateVersion.V3.getIntValue()).encode()));
                    arrayList.add(new ASN1BigInteger(bigInteger));
                    arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(signatureAlgorithmIdentifier.getOID())));
                    arrayList.add(encodeName(dn2));
                    arrayList.add(encodeValiditySequence(j11, j12));
                    arrayList.add(encodeName(dn3));
                    if (aSN1Element == null) {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid)), aSN1BitString));
                    } else {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid), aSN1Element), aSN1BitString));
                    }
                    ArrayList arrayList2 = new ArrayList(x509CertificateExtensionArr.length);
                    for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                        arrayList2.add(x509CertificateExtension.encode());
                    }
                    arrayList.add(new ASN1Element((byte) -93, new ASN1Sequence(arrayList2).encode()));
                    signature.update(new ASN1Sequence(arrayList).encode());
                    return new ASN1BitString(ASN1BitString.getBitsForBytes(signature.sign()));
                } catch (Exception e11) {
                    Debug.debugException(e11);
                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.c(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e11)), e11);
                }
            } catch (Exception e12) {
                Debug.debugException(e12);
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.c(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e12)), e12);
            }
        } catch (Exception e13) {
            Debug.debugException(e13);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.c(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e13)), e13);
        }
    }

    private byte[] getFingerprint(String str) throws CertException {
        try {
            return MessageDigest.getInstance(str).digest(this.x509CertificateBytes);
        } catch (Exception e11) {
            Debug.debugException(e11);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_CANNOT_COMPUTE_FINGERPRINT.c(str, StaticUtils.getExceptionMessage(e11)), e11);
        }
    }

    public ASN1Element encode() throws CertException {
        try {
            ArrayList arrayList = new ArrayList(10);
            X509CertificateVersion x509CertificateVersion = this.version;
            if (x509CertificateVersion != X509CertificateVersion.V1) {
                arrayList.add(new ASN1Element((byte) -96, new ASN1Integer(x509CertificateVersion.getIntValue()).encode()));
            }
            arrayList.add(new ASN1BigInteger(this.serialNumber));
            if (this.signatureAlgorithmParameters == null) {
                arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID)));
            } else {
                arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID), this.signatureAlgorithmParameters));
            }
            arrayList.add(encodeName(this.issuerDN));
            arrayList.add(encodeValiditySequence(this.notBefore, this.notAfter));
            arrayList.add(encodeName(this.subjectDN));
            if (this.publicKeyAlgorithmParameters == null) {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID)), this.encodedPublicKey));
            } else {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID), this.publicKeyAlgorithmParameters), this.encodedPublicKey));
            }
            ASN1BitString aSN1BitString = this.issuerUniqueID;
            if (aSN1BitString != null) {
                arrayList.add(new ASN1BitString((byte) -127, aSN1BitString.getBits()));
            }
            ASN1BitString aSN1BitString2 = this.subjectUniqueID;
            if (aSN1BitString2 != null) {
                arrayList.add(new ASN1BitString((byte) -126, aSN1BitString2.getBits()));
            }
            if (!this.extensions.isEmpty()) {
                ArrayList arrayList2 = new ArrayList(this.extensions.size());
                Iterator<X509CertificateExtension> it = this.extensions.iterator();
                while (it.hasNext()) {
                    arrayList2.add(it.next().encode());
                }
                arrayList.add(new ASN1Element((byte) -93, new ASN1Sequence(arrayList2).encode()));
            }
            ArrayList arrayList3 = new ArrayList(3);
            arrayList3.add(new ASN1Sequence(arrayList));
            if (this.signatureAlgorithmParameters == null) {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID)));
            } else {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID), this.signatureAlgorithmParameters));
            }
            arrayList3.add(this.signatureValue);
            return new ASN1Sequence(arrayList3);
        } catch (Exception e11) {
            Debug.debugException(e11);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_ENCODE_ERROR.c(toString(), StaticUtils.getExceptionMessage(e11)), e11);
        }
    }

    public DecodedPublicKey getDecodedPublicKey() {
        return this.decodedPublicKey;
    }

    public ASN1BitString getEncodedPublicKey() {
        return this.encodedPublicKey;
    }

    public List<X509CertificateExtension> getExtensions() {
        return this.extensions;
    }

    public DN getIssuerDN() {
        return this.issuerDN;
    }

    public ASN1BitString getIssuerUniqueID() {
        return this.issuerUniqueID;
    }

    public Date getNotAfterDate() {
        return new Date(this.notAfter);
    }

    public long getNotAfterTime() {
        return this.notAfter;
    }

    public Date getNotBeforeDate() {
        return new Date(this.notBefore);
    }

    public long getNotBeforeTime() {
        return this.notBefore;
    }

    public String getPublicKeyAlgorithmName() {
        return this.publicKeyAlgorithmName;
    }

    public String getPublicKeyAlgorithmNameOrOID() {
        String str = this.publicKeyAlgorithmName;
        return str != null ? str : this.publicKeyAlgorithmOID.toString();
    }

    public OID getPublicKeyAlgorithmOID() {
        return this.publicKeyAlgorithmOID;
    }

    public ASN1Element getPublicKeyAlgorithmParameters() {
        return this.publicKeyAlgorithmParameters;
    }

    public byte[] getSHA1Fingerprint() throws CertException {
        return getFingerprint("SHA-1");
    }

    public byte[] getSHA256Fingerprint() throws CertException {
        return getFingerprint("SHA-256");
    }

    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public String getSignatureAlgorithmName() {
        return this.signatureAlgorithmName;
    }

    public String getSignatureAlgorithmNameOrOID() {
        String str = this.signatureAlgorithmName;
        return str != null ? str : this.signatureAlgorithmOID.toString();
    }

    public OID getSignatureAlgorithmOID() {
        return this.signatureAlgorithmOID;
    }

    public ASN1Element getSignatureAlgorithmParameters() {
        return this.signatureAlgorithmParameters;
    }

    public ASN1BitString getSignatureValue() {
        return this.signatureValue;
    }

    public DN getSubjectDN() {
        return this.subjectDN;
    }

    public ASN1BitString getSubjectUniqueID() {
        return this.subjectUniqueID;
    }

    public X509CertificateVersion getVersion() {
        return this.version;
    }

    public byte[] getX509CertificateBytes() {
        return this.x509CertificateBytes;
    }

    public boolean isIssuerFor(X509Certificate x509Certificate) {
        return isIssuerFor(x509Certificate, null);
    }

    public boolean isIssuerFor(X509Certificate x509Certificate, StringBuilder sb2) {
        byte[] bArr;
        boolean z11;
        if (!x509Certificate.issuerDN.equals(this.subjectDN)) {
            if (sb2 != null) {
                sb2.append(com.unboundid.util.ssl.cert.a.INFO_CERT_IS_ISSUER_FOR_DN_MISMATCH.c(this.subjectDN, x509Certificate.subjectDN, this.issuerDN));
            }
            return false;
        }
        Iterator<X509CertificateExtension> it = x509Certificate.extensions.iterator();
        while (true) {
            if (!it.hasNext()) {
                bArr = null;
                break;
            }
            X509CertificateExtension next = it.next();
            if (next instanceof AuthorityKeyIdentifierExtension) {
                AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = (AuthorityKeyIdentifierExtension) next;
                if (authorityKeyIdentifierExtension.getKeyIdentifier() != null) {
                    bArr = authorityKeyIdentifierExtension.getKeyIdentifier().getValue();
                    break;
                }
            }
        }
        if (bArr != null) {
            Iterator<X509CertificateExtension> it2 = this.extensions.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    z11 = false;
                    break;
                }
                X509CertificateExtension next2 = it2.next();
                if (next2 instanceof SubjectKeyIdentifierExtension) {
                    z11 = Arrays.equals(bArr, ((SubjectKeyIdentifierExtension) next2).getKeyIdentifier().getValue());
                    break;
                }
            }
            if (!z11) {
                if (sb2 != null) {
                    sb2.append(com.unboundid.util.ssl.cert.a.INFO_CERT_IS_ISSUER_FOR_KEY_ID_MISMATCH.c(this.subjectDN, x509Certificate.subjectDN));
                }
                return false;
            }
        }
        return true;
    }

    public boolean isSelfSigned() {
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = null;
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = null;
        for (X509CertificateExtension x509CertificateExtension : this.extensions) {
            if (x509CertificateExtension instanceof AuthorityKeyIdentifierExtension) {
                authorityKeyIdentifierExtension = (AuthorityKeyIdentifierExtension) x509CertificateExtension;
            } else if (x509CertificateExtension instanceof SubjectKeyIdentifierExtension) {
                subjectKeyIdentifierExtension = (SubjectKeyIdentifierExtension) x509CertificateExtension;
            }
        }
        return (authorityKeyIdentifierExtension == null || subjectKeyIdentifierExtension == null) ? this.subjectDN.equals(this.issuerDN) : authorityKeyIdentifierExtension.getKeyIdentifier() != null && Arrays.equals(authorityKeyIdentifierExtension.getKeyIdentifier().getValue(), subjectKeyIdentifierExtension.getKeyIdentifier().getValue());
    }

    public boolean isWithinValidityWindow() {
        return isWithinValidityWindow(System.currentTimeMillis());
    }

    public boolean isWithinValidityWindow(long j11) {
        return j11 >= this.notBefore && j11 <= this.notAfter;
    }

    public boolean isWithinValidityWindow(Date date) {
        return isWithinValidityWindow(date.getTime());
    }

    public Certificate toCertificate() throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.x509CertificateBytes));
    }

    public List<String> toPEM() {
        ArrayList arrayList = new ArrayList(10);
        arrayList.add(X509CertUtils.PEM_BEGIN_MARKER);
        arrayList.addAll(StaticUtils.wrapLine(Base64.encode(this.x509CertificateBytes), 64));
        arrayList.add(X509CertUtils.PEM_END_MARKER);
        return Collections.unmodifiableList(arrayList);
    }

    public String toPEMString() {
        StringBuilder sb2 = new StringBuilder();
        sb2.append(X509CertUtils.PEM_BEGIN_MARKER);
        sb2.append(StaticUtils.EOL);
        Iterator<String> it = StaticUtils.wrapLine(Base64.encode(this.x509CertificateBytes), 64).iterator();
        while (it.hasNext()) {
            sb2.append(it.next());
            sb2.append(StaticUtils.EOL);
        }
        sb2.append(X509CertUtils.PEM_END_MARKER);
        sb2.append(StaticUtils.EOL);
        return sb2.toString();
    }

    public String toString() {
        StringBuilder sb2 = new StringBuilder();
        toString(sb2);
        return sb2.toString();
    }

    public void toString(StringBuilder sb2) {
        sb2.append("X509Certificate(version='");
        sb2.append(this.version.getName());
        sb2.append("', serialNumber='");
        StaticUtils.toHex(this.serialNumber.toByteArray(), ":", sb2);
        sb2.append("', signatureAlgorithmOID='");
        sb2.append(this.signatureAlgorithmOID.toString());
        sb2.append('\'');
        if (this.signatureAlgorithmName != null) {
            sb2.append(", signatureAlgorithmName='");
            sb2.append(this.signatureAlgorithmName);
            sb2.append('\'');
        }
        sb2.append(", issuerDN='");
        sb2.append(this.issuerDN.toString());
        sb2.append("', notBefore='");
        sb2.append(StaticUtils.encodeGeneralizedTime(this.notBefore));
        sb2.append("', notAfter='");
        sb2.append(StaticUtils.encodeGeneralizedTime(this.notAfter));
        sb2.append("', subjectDN='");
        sb2.append(this.subjectDN.toString());
        sb2.append("', publicKeyAlgorithmOID='");
        sb2.append(this.publicKeyAlgorithmOID.toString());
        sb2.append('\'');
        if (this.publicKeyAlgorithmName != null) {
            sb2.append(", publicKeyAlgorithmName='");
            sb2.append(this.publicKeyAlgorithmName);
            sb2.append('\'');
        }
        sb2.append(", subjectPublicKey=");
        DecodedPublicKey decodedPublicKey = this.decodedPublicKey;
        if (decodedPublicKey == null) {
            sb2.append('\'');
            try {
                StaticUtils.toHex(this.encodedPublicKey.getBytes(), ":", sb2);
            } catch (Exception e11) {
                Debug.debugException(e11);
                this.encodedPublicKey.toString(sb2);
            }
            sb2.append('\'');
        } else {
            decodedPublicKey.toString(sb2);
            if (this.decodedPublicKey instanceof EllipticCurvePublicKey) {
                try {
                    OID oid = this.publicKeyAlgorithmParameters.decodeAsObjectIdentifier().getOID();
                    sb2.append(", ellipticCurvePublicKeyParameters=namedCurve='");
                    sb2.append(NamedCurve.getNameOrOID(oid));
                    sb2.append('\'');
                } catch (Exception e12) {
                    Debug.debugException(e12);
                }
            }
        }
        if (this.issuerUniqueID != null) {
            sb2.append(", issuerUniqueID='");
            sb2.append(this.issuerUniqueID.toString());
            sb2.append('\'');
        }
        if (this.subjectUniqueID != null) {
            sb2.append(", subjectUniqueID='");
            sb2.append(this.subjectUniqueID.toString());
            sb2.append('\'');
        }
        if (!this.extensions.isEmpty()) {
            sb2.append(", extensions={");
            Iterator<X509CertificateExtension> it = this.extensions.iterator();
            while (it.hasNext()) {
                it.next().toString(sb2);
                if (it.hasNext()) {
                    sb2.append(", ");
                }
            }
            sb2.append('}');
        }
        sb2.append(", signatureValue='");
        try {
            StaticUtils.toHex(this.signatureValue.getBytes(), ":", sb2);
        } catch (Exception e13) {
            Debug.debugException(e13);
            sb2.append(this.signatureValue.toString());
        }
        sb2.append("')");
    }

    public void verifySignature(X509Certificate x509Certificate) throws CertException {
        if (x509Certificate == null) {
            if (!isSelfSigned()) {
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_ISSUER_CERT_NOT_PROVIDED.b());
            }
            x509Certificate = this;
        }
        try {
            PublicKey publicKey = x509Certificate.toCertificate().getPublicKey();
            try {
                SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(this.signatureAlgorithmOID);
                Signature signature = Signature.getInstance(forOID.getJavaName());
                try {
                    signature.initVerify(publicKey);
                    try {
                        signature.update(ASN1Sequence.decodeAsSequence(this.x509CertificateBytes).elements()[0].encode());
                        try {
                            if (signature.verify(this.signatureValue.getBytes())) {
                            } else {
                                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_NOT_VALID.c(this.subjectDN));
                            }
                        } catch (CertException e11) {
                            Debug.debugException(e11);
                            throw e11;
                        } catch (Exception e12) {
                            Debug.debugException(e12);
                            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_ERROR.c(this.subjectDN, StaticUtils.getExceptionMessage(e12)), e12);
                        }
                    } catch (Exception e13) {
                        Debug.debugException(e13);
                        throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.c(forOID.getJavaName(), StaticUtils.getExceptionMessage(e13)), e13);
                    }
                } catch (Exception e14) {
                    Debug.debugException(e14);
                    throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_CANNOT_INIT_SIGNATURE_VERIFIER.c(forOID.getJavaName(), StaticUtils.getExceptionMessage(e14)), e14);
                }
            } catch (Exception e15) {
                Debug.debugException(e15);
                throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_SIGNATURE_VERIFIER.c(getSignatureAlgorithmNameOrOID(), StaticUtils.getExceptionMessage(e15)), e15);
            }
        } catch (Exception e16) {
            Debug.debugException(e16);
            throw new CertException(com.unboundid.util.ssl.cert.a.ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_PUBLIC_KEY.c(StaticUtils.getExceptionMessage(e16)), e16);
        }
    }
}
