package com.initech.core.x509;

import com.initech.asn1.ASN1Exception;
import com.initech.asn1.ASN1OID;
import com.initech.asn1.DEREncoder;
import com.initech.asn1.useful.AlgorithmID;
import com.initech.asn1.useful.AnotherName;
import com.initech.asn1.useful.GeneralName;
import com.initech.asn1.useful.GeneralNames;
import com.initech.asn1.useful.Name;
import com.initech.asn1.useful.PublicKeyInfo;
import com.initech.core.INISAFECore;
import com.initech.core.crypto.INIMessageDigest;
import com.initech.core.crypto.INISignature;
import com.initech.core.exception.INICoreException;
import com.initech.core.util.Base64Util;
import com.initech.core.util.LogUtil;
import com.initech.core.wrapper.util.ArrayComparator;
import com.initech.core.wrapper.util.Hex;
import com.initech.cpv.CertPathValidateResult;
import com.initech.cpv.crl.manager.CRLManager;
import com.initech.cpv.exception.UndeterminedCertStatusException;
import com.initech.cpv.manager.CertStatusManager;
import com.initech.cpv.manager.CertStatusManagerParameters;
import com.initech.cpv.manager.impl.CRLCertStatusManagerParameters;
import com.initech.cpv.manager.impl.OCSPGDCertStatusManagerParameters;
import com.initech.cpv.manager.impl.OPPRACertStatusManagerParameters;
import com.initech.cpv.manager.impl.VFSVRCertStatusManagerParameters;
import com.initech.cpv.wrapper.CPVWrapper;
import com.initech.provider.crypto.InitechProvider;
import com.initech.x509.X509CRLImpl;
import com.initech.x509.extensions.AccessDescription;
import com.initech.x509.extensions.AuthorityInfoAccess;
import com.initech.x509.extensions.AuthorityKeyIdentifier;
import com.initech.x509.extensions.CRLDistPoints;
import com.initech.x509.extensions.CertificatePolicies;
import com.initech.x509.extensions.DistPoint;
import com.initech.x509.extensions.ExtKeyUsage;
import com.initech.x509.extensions.PolicyInfo;
import com.initech.x509.extensions.SubjectAltName;
import com.initech.x509.extensions.SubjectKeyIdentifier;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Properties;
import java.util.Vector;

/* loaded from: classes.dex */
public class x509CertificateInfo {
    private static String CERTIFICATE_POLICY_OID = null;
    public static final String PEM_BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    public static final String PEM_END_CERTIFICATE = "-----END CERTIFICATE-----";
    public static StringBuffer sbufOid;
    public static StringBuffer sbufTxt;
    private static String useroid;
    public static String x509Extnull;
    private ASN1OID oid = null;
    private VIDUserInfo uinfo = null;
    private VID vid = null;
    private AlgorithmID hashAlgId = null;
    private String idn = null;
    private byte[] vidRandom = null;
    private byte[] twiceHash = null;
    private byte[] hashedData = null;

    static {
        InitechProvider.addAsProvider();
        if (INISAFECore.changeMode && InitechProvider.mode) {
            try {
                InitechProvider.changeMode();
            } catch (NoSuchMethodError e) {
                System.out.println("");
                System.out.println("[Checklist]");
                System.out.println("Must apply over version 4.0.4 of INISAFE Crypto.");
                System.out.println("Must use over version 1.4 of JDK/JRE.");
                System.out.println("");
            }
        }
        CERTIFICATE_POLICY_OID = CertificatePolicies.OID;
        useroid = null;
        sbufTxt = new StringBuffer();
        sbufOid = new StringBuffer();
        x509Extnull = "";
    }

    public static String X509CertificateToStr(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        return new String(Base64Util.encode(x509Certificate.getEncoded(), false));
    }

    public static String binraryCert(String str) throws Exception {
        try {
            INISAFECore.CoreLogger(4, "pemCert: " + str);
            return (str.indexOf("-----BEGIN CERTIFICATE-----") <= -1 || str.indexOf("-----END CERTIFICATE-----") <= -1) ? str : str.substring("-----BEGIN CERTIFICATE-----".length(), str.indexOf("-----END CERTIFICATE-----"));
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "Pem type인증서를 바이너리로 바꾸는중 에러가 발생하였습니다.");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new Exception("an error occurred during converting the PEM certificate into binary format.");
        }
    }

    public static Hashtable checkCertStatus(String str, String[] strArr, String[] strArr2, String str2, X509Certificate x509Certificate, String str3, String str4, String str5) throws INICoreException {
        CertStatusManager certStatusManager;
        CertStatusManagerParameters certStatusManagerParameters;
        Hashtable hashtable = new Hashtable();
        int i = 0;
        while (i < strArr.length) {
            String str6 = strArr[i];
            String str7 = i < strArr2.length ? strArr2[i] : strArr2[strArr2.length - 1];
            try {
                if (str6.equals("CRL")) {
                    CRLManager.setStoreManagerConfigPath(str7);
                    certStatusManagerParameters = new CRLCertStatusManagerParameters();
                    certStatusManager = CertStatusManager.getInstance(str6, certStatusManagerParameters);
                } else if (str6.equals("VFSVR")) {
                    CertStatusManagerParameters vFSVRCertStatusManagerParameters = new VFSVRCertStatusManagerParameters(str7);
                    certStatusManager = CertStatusManager.getInstance(str6, vFSVRCertStatusManagerParameters);
                    certStatusManagerParameters = vFSVRCertStatusManagerParameters;
                } else if (str6.equals("OCSPCD")) {
                    certStatusManagerParameters = new CRLCertStatusManagerParameters();
                    certStatusManager = CertStatusManager.getInstance(str6, certStatusManagerParameters);
                } else if (str6.equals("OPPRA")) {
                    if (str2 == null || str2.equals("")) {
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. 해당 정책 설정에서 CertOIDs 옵션이 빠져있거나, OID.ini 파일 내용에 문제가 있습니다.");
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. OPPRA 기능을 사용하기 위해서는 반드시!!! CertOIDs 옵션을 추가해주시거나 OID.ini 파일 내용을 확인 후 올바르게 수정해주세요.");
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. [_shttp_client_cert_policy_text_]값을 가져오지 못해서 디폴트 값으로 처리됩니다.");
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. 디폴트로 처리되는 OID 대상은 아래와 같습니다.");
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. [1.2.410.200005.1.1.5], [1.2.410.200004.5.1.1.7], [1.2.410.200004.5.4.1.2], [1.2.410.200005.1.1.2], [1.2.410.200005.1.1.1], [1.2.410.200004.5.1.1.5], [1.2.410.200004.5.4.1.1], [1.2.410.200005.1.1.6.8]");
                        INISAFECore.CoreLogger(3, "OPPRA CertPolicy, 9. 제출하신 인증서의 oid값은 [" + getCertOID(x509Certificate) + "]입니다.");
                        CertStatusManagerParameters oPPRACertStatusManagerParameters = new OPPRACertStatusManagerParameters(str7);
                        certStatusManager = CertStatusManager.getInstance(str6, oPPRACertStatusManagerParameters);
                        certStatusManagerParameters = oPPRACertStatusManagerParameters;
                    } else {
                        str2 = str2.substring(1, 3);
                        if (str2 == null || str2.equals("")) {
                            INISAFECore.CoreLogger(1, "OPPRA CertPolicy, 9. OID.ini 파일에서 인증서 정책 코드(Policy Code)가 설정되어 있지 않습니다. 정책 코드를 추가 후에 다시 진행해주세요.");
                            hashtable.put("RETURN_CODE", "940");
                            hashtable.put("RETURN_MSG", "9. OID.ini 파일에서 인증서 정책 코드(Policy Code)가 설정되어 있지 않습니다. 정책 코드를 추가 후에 다시 진행해주세요.");
                            return hashtable;
                        }
                        INISAFECore.CoreLogger(4, "OPPRA CertPolicy, 9. 제출하신 인증서는 [" + str2 + "] 입니다.");
                        CertStatusManagerParameters oPPRACertStatusManagerParameters2 = new OPPRACertStatusManagerParameters(str7);
                        certStatusManager = CertStatusManager.getInstance(str6, str2, oPPRACertStatusManagerParameters2);
                        certStatusManagerParameters = oPPRACertStatusManagerParameters2;
                    }
                } else {
                    if (!str6.equals("OCSPGD")) {
                        INISAFECore.CoreLogger(1, "verifycert, 9. 인증서 상태 검증에 실패했습니다. [" + str6 + "] 는 지원하지 않는 인증서 상태 검증 제공자 입니다.");
                        INICoreException iNICoreException = new INICoreException();
                        iNICoreException.setErrorCode("940");
                        throw iNICoreException;
                    }
                    CertStatusManagerParameters oCSPGDCertStatusManagerParameters = new OCSPGDCertStatusManagerParameters(str7);
                    certStatusManager = CertStatusManager.getInstance(str6, oCSPGDCertStatusManagerParameters);
                    certStatusManagerParameters = oCSPGDCertStatusManagerParameters;
                }
                certStatusManager.setClientInfo(str3, str4);
                certStatusManager.setCertificate(x509Certificate);
                if (certStatusManager.isUsable()) {
                    try {
                        if (certStatusManager.isValid()) {
                            INISAFECore.CoreLogger(3, "verifycert, 9. " + str6 + " 로 인증서 상태(유효성) 검증에 성공했습니다. 유효한 인증서 입니다.");
                            hashtable.put("RETURN_CODE", "000");
                            hashtable.put("SCS", str6);
                            if (!str6.equals("OCSPGD") || certStatusManagerParameters == null || !OCSPGDCertStatusManagerParameters.dbQuery || OCSPGDCertStatusManagerParameters.certRegURL == null || str5 != null) {
                                HashMap resultInfo = certStatusManager.getResultInfo();
                                hashtable.put("RETURN_CODE", "000");
                                hashtable.put("INFO", resultInfo);
                                return hashtable;
                            }
                            INISAFECore.CoreLogger(3, "verifycert, 9. " + str6 + " 에 의해 타행/타기관 인증서 등록 페이지로 이동합니다.(redirect)");
                            hashtable.put("RETURN_CODE", "500");
                            hashtable.put("RETURN_MSG", "9. " + str6 + " 에 의해 타행/타기관 인증서 등록 페이지로 이동합니다.(redirect)");
                            hashtable.put("REDIRECT_URL", OCSPGDCertStatusManagerParameters.certRegURL);
                            return hashtable;
                        }
                        String errorMessage = certStatusManager.getErrorMessage();
                        if (errorMessage == null || errorMessage.equals("")) {
                            if (certStatusManager.isInefficacy()) {
                                INISAFECore.CoreLogger(3, "verifycert, 9. 인증서가 효력 정지되어 현재는 사용할 수 없습니다. 처리 Provider : " + str6);
                                hashtable.put("RETURN_CODE", "939");
                                hashtable.put("RETURN_MSG", "verifycert, 9. 인증서가 효력 정지되어 현재는 사용할 수 없습니다. 처리 Provider : " + str6);
                                return hashtable;
                            }
                            INISAFECore.CoreLogger(1, "verifycert, 9. 인증서가 폐기 되어 더이상 사용할 수 없습니다. 처리 Provider : " + str6);
                            hashtable.put("RETURN_CODE", "938");
                            hashtable.put("RETURN_MSG", "verifycert, 9. 인증서가 폐기 되어 더이상 사용할 수 없습니다. 처리 Provider : " + str6);
                            return hashtable;
                        }
                        INISAFECore.CoreLogger(1, "verifycert, 9. " + errorMessage);
                    } catch (UndeterminedCertStatusException e) {
                        if (i >= strArr.length - 1) {
                            INISAFECore.CoreLogger(1, "verifycert, 9. " + str6 + " 로 현재 인증서 상태 검증에 실패 했습니다.");
                            INISAFECore.CoreLogger(1, "verifycert, >> 상세 정보 : " + e.toString());
                            Exception causeException = e.getCauseException();
                            if (causeException != null) {
                                INISAFECore.CoreLogger(1, "verifycert, >> 원인 정보 : " + causeException.toString());
                            }
                            hashtable.put("RETURN_CODE", "940");
                            return hashtable;
                        }
                        INISAFECore.CoreLogger(1, "verifycert, 9. " + str6 + " 로 현재 인증서 상태 검증에 실패하여 다음 Provider 로 처리를 넘깁니다. 요약 정보 : " + e.getMessage());
                        INISAFECore.CoreLogger(1, "verifycert, >> 상세 정보 : " + e.toString());
                        Exception causeException2 = e.getCauseException();
                        if (causeException2 != null) {
                            INISAFECore.CoreLogger(1, "verifycert, >> 원인 정보 : " + causeException2.toString());
                        }
                    } catch (Exception e2) {
                        INISAFECore.CoreLogger(1, "verifycert, 9. " + str6 + " 로 현재 인증서 상태를 검증하는 도중 오류가 발생했습니다.");
                        INISAFECore.CoreLogger(1, "verifycert, >> 상세 정보 : " + e2);
                        hashtable.put("RETURN_CODE", "940");
                        hashtable.put("RETURN_MSG", "verifycert, 9. " + str6 + " 로 현재 인증서 상태를 검증하는 도중 오류가 발생했습니다.");
                        return hashtable;
                    }
                } else {
                    if (i >= strArr.length - 1) {
                        INISAFECore.CoreLogger(1, "verifycert, 9. " + str6 + " 로는 현재 인증서 상태를 검증할 수 없습니다. 사유 : (" + certStatusManager.getErrorMessage() + ")");
                        INISAFECore.CoreLogger(1, "verifycert, 9. 현재 설정된 모든 Provider 로 상태를 검증할 수 없는 인증서이므로 오류로 처리합니다. 사유 : (" + certStatusManager.getErrorMessage() + ")");
                        hashtable.put("RETURN_CODE", "940");
                        return hashtable;
                    }
                    INISAFECore.CoreLogger(3, "verifycert, 9. " + str6 + " 로는 현재 인증서 상태를 검증할 수 없어 다음 Provider 로 처리를 넘깁니다. 사유 : (" + certStatusManager.getErrorMessage() + ")");
                }
                i++;
            } catch (Exception e3) {
                INISAFECore.CoreLogger(1, "verifycert, 9. 인증서 상태 검증을 위한 CSC Provider 초기화에 실패했습니다. 상세 오류 : " + e3.toString());
                hashtable.put("RETURN_CODE", "940");
                hashtable.put("RETURN_MSG", "9. 인증서 상태 검증을 위한 CSC Provider 초기화에 실패했습니다. 상세 오류 : " + e3.toString());
                return hashtable;
            }
        }
        return hashtable;
    }

    public static String getAuthorityInfoAccess(X509Certificate x509Certificate) {
        String generalName;
        try {
            com.initech.x509.X509CertImpl x509CertImpl = new com.initech.x509.X509CertImpl(x509Certificate.getEncoded());
            if (x509CertImpl.getExtensionValue(AuthorityInfoAccess.OID) != null) {
                try {
                    Enumeration elements = new AuthorityInfoAccess(x509CertImpl.getExtensionValue(AuthorityInfoAccess.OID)).elements();
                    while (elements.hasMoreElements()) {
                        AccessDescription accessDescription = (AccessDescription) elements.nextElement();
                        if (accessDescription.getMethod().equals("1.3.6.1.5.5.7.48.1")) {
                            generalName = accessDescription.getName().toString();
                            break;
                        }
                    }
                } catch (ASN1Exception e) {
                    e.printStackTrace();
                    return null;
                }
            }
            generalName = null;
            return generalName;
        } catch (CertificateEncodingException e2) {
            e2.printStackTrace();
            return null;
        } catch (CertificateException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    public static byte[] getAuthorityKeyIdentifierKeyID(X509Certificate x509Certificate) {
        try {
            return new AuthorityKeyIdentifier(x509Certificate.getExtensionValue(AuthorityKeyIdentifier.OID)).getKID();
        } catch (Exception e) {
            return null;
        }
    }

    public static String getCRLDistPoints(X509Certificate x509Certificate) {
        GeneralNames fullName;
        String str = "";
        try {
            CRLDistPoints cRLDistPoints = new CRLDistPoints(x509Certificate.getExtensionValue(CRLDistPoints.OID));
            if (cRLDistPoints == null || cRLDistPoints.equals("")) {
                return null;
            }
            Enumeration elements = cRLDistPoints.elements();
            while (elements.hasMoreElements() && (fullName = ((DistPoint) elements.nextElement()).getFullName()) != null) {
                Enumeration elements2 = fullName.elements();
                if (elements2.hasMoreElements()) {
                    str = ((GeneralName) elements2.nextElement()).toString();
                }
            }
            return str;
        } catch (Exception e) {
            return null;
        }
    }

    public static String getCertOID(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(CertificatePolicies.OID);
        if (extensionValue == null || extensionValue.length == 0) {
            return null;
        }
        try {
            Enumeration elements = new CertificatePolicies(extensionValue).elements();
            if (elements.hasMoreElements()) {
                useroid = ((PolicyInfo) elements.nextElement()).getPolicyID().getName().trim();
                return useroid;
            }
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "인증서에서 OID값을 읽는 중 오류가 발생했습니다.");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
        }
        return null;
    }

    public static String[] getCertOIDs(X509Certificate x509Certificate) {
        byte[] extensionValue;
        Vector vector = new Vector();
        if (x509Certificate == null || (extensionValue = x509Certificate.getExtensionValue(CertificatePolicies.OID)) == null || extensionValue.length == 0) {
            return null;
        }
        try {
            Enumeration elements = new CertificatePolicies(extensionValue).elements();
            while (elements.hasMoreElements()) {
                vector.addElement(((PolicyInfo) elements.nextElement()).getPolicyID().getName().trim());
            }
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "인증서에서 OID값을 읽는 중 오류가 발생했습니다.");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
        }
        return (String[]) vector.toArray(new String[0]);
    }

    public static String getCertificatePolicy(X509Certificate x509Certificate) throws Exception {
        PolicyInfo policyInfo = null;
        CertificatePolicies certificatePolicies = new CertificatePolicies(x509Certificate.getExtensionValue(CERTIFICATE_POLICY_OID));
        for (ASN1OID asn1oid : certificatePolicies.getPolicyIDs()) {
            policyInfo = certificatePolicies.getPolicy(asn1oid);
        }
        if (policyInfo != null) {
            return policyInfo.getPolicyID().get();
        }
        INISAFECore.CoreLogger(1, "인증서 정책(policy)을 가져오는 중 오류가 발생했습니다.");
        throw new Exception("an error occurred during loading a certificate policy.");
    }

    public static StringBuffer getKeyUsageOID() {
        return sbufOid;
    }

    public static StringBuffer getKeyUsageText() {
        return sbufTxt;
    }

    public static byte[] getSimplePublicKeyInfo(X509Certificate x509Certificate) {
        try {
            return new PublicKeyInfo(x509Certificate.getPublicKey().getEncoded()).getPublicKeyAsByteArray();
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "인증서에서 공개키 정보를 읽는 중 오류가 발생했습니다.(코스콤 포맷의 공개키 정보)");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            return null;
        }
    }

    public static String getSubjectDN(X509Certificate x509Certificate) {
        try {
            return ((Name) x509Certificate.getSubjectDN()).get("CN")[0];
        } catch (Exception e) {
            return null;
        }
    }

    public static byte[] getSubjectKeyIdentifierKeyID(X509Certificate x509Certificate) {
        try {
            return new SubjectKeyIdentifier(x509Certificate.getExtensionValue(SubjectKeyIdentifier.OID)).getKID();
        } catch (Exception e) {
            return null;
        }
    }

    public static void getX509ExtensionInfo(X509Certificate x509Certificate, HashMap hashMap) throws Exception {
        int i = 0;
        byte[] extensionValue = x509Certificate.getExtensionValue(ExtKeyUsage.OID);
        if (extensionValue == null) {
            x509Extnull = null;
            return;
        }
        try {
            ExtKeyUsage extKeyUsage = new ExtKeyUsage(extensionValue);
            sbufTxt = new StringBuffer();
            sbufOid = new StringBuffer();
            String[] strArr = (String[]) hashMap.keySet().toArray(new String[0]);
            while (true) {
                int i2 = i;
                if (i2 >= strArr.length) {
                    return;
                }
                if (extKeyUsage.isProperUsage(strArr[i2])) {
                    if (sbufTxt.length() > 0) {
                        sbufTxt.append(',');
                        sbufOid.append(',');
                    }
                    sbufTxt.append((String) hashMap.get(strArr[i2]));
                    sbufOid.append(strArr[i2]);
                }
                i = i2 + 1;
            }
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "제출된 인증서에서  확장 키 용도(extKeyUsage)을 추출하는 도중 오류가 발생했습니다.");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new Exception("an error occurred during extracting extKeyUsage from the user certificate." + e.toString());
        }
    }

    public static String getx509ExtensionObj() {
        return x509Extnull;
    }

    private byte[] hashTwice(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        messageDigest.update(bArr);
        messageDigest.update(messageDigest.digest());
        return messageDigest.digest();
    }

    private byte[] hashTwice(byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        MessageDigest messageDigest = MessageDigest.getInstance(str, "Initech");
        messageDigest.update(bArr);
        messageDigest.update(messageDigest.digest());
        return messageDigest.digest();
    }

    public static boolean isHSMCert(X509Certificate x509Certificate) throws INICoreException {
        ExtKeyUsage extKeyUsage;
        if (x509Certificate == null) {
            return false;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(ExtKeyUsage.OID);
        if (extensionValue == null) {
            INISAFECore.CoreLogger(1, "Extended key usage(2.5.29.37)값이 존재하지 않습니다.");
            return false;
        }
        try {
            extKeyUsage = new ExtKeyUsage(extensionValue);
        } catch (Exception e) {
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            extKeyUsage = null;
        }
        return extKeyUsage.isProperUsage(ExtKeyUsage.KISA_HSM);
    }

    public static X509CRL loadCertCRL(FileInputStream fileInputStream) throws Exception {
        try {
            return (X509CRLImpl) CertificateFactory.getInstance("X.509", "Initech").generateCRL(fileInputStream);
        } catch (NoSuchProviderException e) {
            INISAFECore.CoreLogger(1, "provider를 찾을 수 없습니다. (provider: Initech)");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new NoSuchProviderException("NoSuchProviderException : " + e);
        } catch (CRLException e2) {
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e2);
            throw new CRLException("CRLException : " + e2);
        } catch (CertificateException e3) {
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e3);
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e3);
            throw new CertificateException("CertificateException : " + e3);
        }
    }

    public static X509Certificate loadCertFromURL(String str) throws MalformedURLException, IOException {
        INISAFECore.CoreLogger(4, "urlStr: " + str);
        InputStream inputStream = new URL(str).openConnection().getInputStream();
        try {
            try {
                int available = inputStream.available();
                if (available > Integer.MAX_VALUE || available < Integer.MIN_VALUE) {
                    throw new IOException();
                }
                byte[] bArr = new byte[available];
                inputStream.read(bArr);
                inputStream.close();
                try {
                    return loadCertificate(new String(bArr));
                } catch (Exception e) {
                    INISAFECore.CoreLogger(1, "URL을 통해 인증서를 읽는 중 오류가 발생했습니다. urlStr=[" + str + "]");
                    LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
                    return null;
                }
            } catch (Exception e2) {
                throw new IOException();
            }
        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e3) {
                }
            }
        }
    }

    public static X509Certificate loadCertificate(InputStream inputStream) throws Exception {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "Initech").generateCertificate(inputStream);
        } catch (NoSuchProviderException e) {
            INISAFECore.CoreLogger(1, "provider를 찾을 수 없습니다. (provider: Initech)");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new NoSuchProviderException("NoSuchProviderException : " + e.toString());
        } catch (CertificateException e2) {
            INISAFECore.CoreLogger(1, "X509형식의 인증서로 변환 중 오류가 발생했습니다");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e2);
            throw new CertificateException("CertificateException : " + e2.toString());
        }
    }

    public static X509Certificate loadCertificate(String str) throws Exception {
        return loadCertificate(str.getBytes());
    }

    public static X509Certificate loadCertificate(byte[] bArr) throws Exception {
        String str = new String(bArr);
        if (str.startsWith("-----BEGIN CERTIFICATE-----")) {
            try {
                bArr = Base64Util.decode(str.substring("-----BEGIN CERTIFICATE-----".length(), str.indexOf("-----END CERTIFICATE-----")).getBytes());
                return loadCertificate(new ByteArrayInputStream(bArr));
            } catch (IOException e) {
                INISAFECore.CoreLogger(1, "바이너리 인증서 값을 Base64 인코딩 중 오류가 발생했습니다. certData=[" + Hex.dumpHex(bArr) + "]");
                LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
                throw new IOException("IOException : " + e);
            }
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", INISAFECore.getProviderName()).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e2) {
            INISAFECore.CoreLogger(1, "X509형식의 인증서로 변환 중 오류가 발생했습니다. certData=[" + Hex.dumpHex(bArr) + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e2);
            throw new Exception(e2);
        }
    }

    public static X509Certificate loadCertificateFromFile(String str) throws Exception {
        FileInputStream fileInputStream;
        Throwable th;
        X509Certificate x509Certificate = null;
        if (str == null) {
            throw new Exception("certPath is null");
        }
        try {
            fileInputStream = new FileInputStream(str);
            try {
                x509Certificate = loadCertificate(fileInputStream);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e) {
                    }
                }
            } catch (Exception e2) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e3) {
                    }
                }
                return x509Certificate;
            } catch (Throwable th2) {
                th = th2;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e4) {
                    }
                }
                throw th;
            }
        } catch (Exception e5) {
            fileInputStream = null;
        } catch (Throwable th3) {
            fileInputStream = null;
            th = th3;
        }
        return x509Certificate;
    }

    public static boolean validate(X509Certificate x509Certificate, String str, String str2) throws INICoreException {
        try {
            return CPVWrapper.getInstance(str, str2).validate(x509Certificate) != null;
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, " CertPathValidator Exception : cert path validation is fail. ");
            INISAFECore.CoreLogger(1, "Cert: [" + x509Certificate + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new INICoreException(" CertPathValidator Exception : cert path validation is fail. ");
        }
    }

    public static boolean validate(X509Certificate x509Certificate, String str, String str2, String str3) throws INICoreException {
        try {
            return CPVWrapper.getInstance(str, str2).validate(x509Certificate, str3) != null;
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, " CertPathValidator Exception : cert path validation is fail. ");
            INISAFECore.CoreLogger(1, "Cert: [" + x509Certificate + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new INICoreException(" CertPathValidator Exception : cert path validation is fail. ");
        }
    }

    public static boolean validate(X509Certificate x509Certificate, Properties properties, String str) throws INICoreException {
        try {
            CertPathValidateResult validate = new CPVWrapper(properties, str).validate(x509Certificate);
            String x509Certificate2 = validate.getTrustAnchorCert() != null ? validate.getTrustAnchorCert().toString() : "Not Exists.";
            String prettyDump = validate.getPublicKey() != null ? Hex.prettyDump(validate.getPublicKey().getEncoded(), 48, ' ') : "Not Exists.";
            String policyNode = validate.getPolicyTree() != null ? validate.getPolicyTree().toString() : "Not Exists.";
            INISAFECore.CoreLogger(3, "Trust Anchor : " + x509Certificate2);
            INISAFECore.CoreLogger(3, "Target Certificate's Public Key : " + prettyDump);
            INISAFECore.CoreLogger(3, "Valid Policy Tree : " + policyNode);
            return true;
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, " CertPathValidator Exception : cert path validation is fail. ");
            INISAFECore.CoreLogger(1, "Cert: [" + x509Certificate + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            return false;
        }
    }

    public static boolean validate(X509Certificate x509Certificate, Properties properties, String str, String str2) throws INICoreException {
        try {
            CertPathValidateResult validate = new CPVWrapper(properties, str).validate(x509Certificate, str2);
            String x509Certificate2 = validate.getTrustAnchorCert() != null ? validate.getTrustAnchorCert().toString() : "Not Exists.";
            String prettyDump = validate.getPublicKey() != null ? Hex.prettyDump(validate.getPublicKey().getEncoded(), 48, ' ') : "Not Exists.";
            String policyNode = validate.getPolicyTree() != null ? validate.getPolicyTree().toString() : "Not Exists.";
            INISAFECore.CoreLogger(3, "Trust Anchor : " + x509Certificate2);
            INISAFECore.CoreLogger(3, "Target Certificate's Public Key : " + prettyDump);
            INISAFECore.CoreLogger(3, "Valid Policy Tree : " + policyNode);
            return true;
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, " CertPathValidator Exception : cert path validation is fail. ");
            INISAFECore.CoreLogger(1, "Cert: [" + x509Certificate + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            return false;
        }
    }

    public static boolean verifyCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        try {
            String sigAlgName = x509Certificate2.getSigAlgName();
            int indexOf = sigAlgName.indexOf("with");
            return new INISignature().doVerify(x509Certificate2.getPublicKey(), x509Certificate2.getTBSCertificate(), x509Certificate2.getSignature(), indexOf >= 0 ? sigAlgName.substring(0, indexOf) : "SHA1");
        } catch (Exception e) {
            INISAFECore.CoreLogger(1, "CA인증서로 입력받은 인증서를 검증하는 중 오류가 발생했습니다.");
            INISAFECore.CoreLogger(1, "CA인증서 정보=[" + x509Certificate.getSubjectDN().toString() + "]");
            INISAFECore.CoreLogger(1, "검증받을 인증서 정보=[" + x509Certificate2.getSubjectDN().toString() + "]");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw new Exception(e);
        }
    }

    public static boolean verifyServerCert(X509Certificate x509Certificate, String str) throws Exception {
        String str2 = "";
        try {
            byte[] doDigest = new INIMessageDigest().doDigest(((Name) x509Certificate.getIssuerDN()).getEncoded(), "MD5");
            for (int i = 3; i >= 0; i--) {
                str2 = str2 + Hex.dumpHex(doDigest[i]);
            }
            String lowerCase = str2.toLowerCase();
            if (!new File(str + File.separatorChar + "CACert" + File.separatorChar + lowerCase + ".0").canRead()) {
                INISAFECore.CoreLogger(1, "filePath: " + str + File.separatorChar + "CACert" + File.separatorChar + lowerCase + ".0");
                INISAFECore.CoreLogger(1, "인증서 파일을 읽을 수 없습니다.");
                throw new Exception("[" + str + "] the file does not exist or cannot read it. ");
            }
            Date date = new Date(System.currentTimeMillis());
            Date notBefore = x509Certificate.getNotBefore();
            Date notAfter = x509Certificate.getNotAfter();
            if (!notBefore.before(date) || !notAfter.after(date)) {
                INISAFECore.CoreLogger(4, "만료된 인증서 이거나 유효하지 않은 인증서 입니다.");
                return false;
            }
            INISAFECore.CoreLogger(4, "유효한 인증서 입니다.");
            loadCertificateFromFile(lowerCase);
            String sigAlgName = x509Certificate.getSigAlgName();
            int indexOf = sigAlgName.indexOf("with");
            return new INISignature().doVerify(x509Certificate.getPublicKey(), x509Certificate.getTBSCertificate(), x509Certificate.getSignature(), indexOf >= 0 ? sigAlgName.substring(0, indexOf) : "SHA1");
        } catch (Exception e) {
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
            throw e;
        }
    }

    public boolean checkOID(X509Certificate x509Certificate, Properties properties) throws INICoreException, Exception {
        if (x509Certificate == null) {
            INISAFECore.CoreLogger(1, "인증서 값이 존재하지 않습니다.");
            throw new INICoreException("certificate does not exist.");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(CertificatePolicies.OID);
        if (extensionValue == null || extensionValue.length < 1) {
            INISAFECore.CoreLogger(1, "Certificate Policies(2.5.29.32)값이 존재하지 않습니다.");
            throw new INICoreException();
        }
        Enumeration elements = new CertificatePolicies(extensionValue).elements();
        while (elements.hasMoreElements()) {
            this.oid = ((PolicyInfo) elements.nextElement()).getPolicyID();
            useroid = this.oid.getName().trim();
            if (!properties.containsValue(useroid) && !properties.containsKey(useroid)) {
            }
            return true;
        }
        return false;
    }

    public boolean checkVID(X509Certificate x509Certificate, String str, byte[] bArr) throws INICoreException, Exception {
        boolean z;
        if (x509Certificate == null) {
            INISAFECore.CoreLogger(1, "인증서 값이 존재하지 않습니다.");
            throw new INICoreException("certificate does not exist.");
        }
        if (str == null || bArr == null || str.equals("")) {
            INISAFECore.CoreLogger(1, "주민등록 번호나  본인확인용 랜덤값이 존재하지 않습니다.");
            throw new INICoreException("the identification or a random value for checking id does not exist.");
        }
        this.idn = str;
        this.vidRandom = Base64Util.decode(bArr);
        byte[] extensionValue = x509Certificate.getExtensionValue(SubjectAltName.OID);
        if (extensionValue == null) {
            INISAFECore.CoreLogger(1, "인증서 내에 SubjectAlternativeName(vid확인 용)값이 존재하지 않습니다.");
            throw new INICoreException("SubjectAlternativeName for checking VID does not exist in the certificate.");
        }
        Enumeration elements = new SubjectAltName(extensionValue).elements();
        while (true) {
            if (!elements.hasMoreElements()) {
                z = false;
                break;
            }
            GeneralName generalName = (GeneralName) elements.nextElement();
            if (generalName.getType() == 0) {
                AnotherName anotherName = (AnotherName) generalName.getGeneralNameInterface();
                if (anotherName.getOID().equals("1.2.410.200004.10.1.1")) {
                    byte[] bytes = anotherName.getBytes();
                    IdentifyData identifyData = new IdentifyData();
                    try {
                        identifyData.decode(bytes);
                        this.uinfo = identifyData.getUserInfo();
                        if (this.uinfo == null) {
                            throw new INICoreException("ASN1 Decode exception occured");
                        }
                        this.vid = this.uinfo.getVID();
                        if (this.vid == null) {
                            throw new INICoreException("ASN1 Decode exception occured");
                        }
                        this.hashAlgId = this.vid.getHashAlgorithmID();
                        if (this.hashAlgId == null) {
                            throw new INICoreException("ASN1 Decode exception occured");
                        }
                        this.hashedData = this.vid.getHashedData();
                        if (this.hashedData == null) {
                            throw new INICoreException("ASN1 Decode exception occured");
                        }
                        z = true;
                    } catch (ASN1Exception e) {
                        INISAFECore.CoreLogger(1, "ASN1 Decode exception occured");
                        LogUtil.writeStackTrace(INISAFECore.CoreLogger, e);
                        throw new INICoreException("ASN1 Decode exception occured");
                    }
                }
            }
        }
        if (this.uinfo == null || this.vid == null) {
            throw new INICoreException("an error occurred during the VID validation.");
        }
        if (!z) {
            INISAFECore.CoreLogger(1, "This Certificate is existed SubjectAlternativeName extension but not existed extension for verification of  your identication");
            throw new INICoreException("This Certificate is existed SubjectAlternativeName extension but not existed extension for verification of  your identication");
        }
        DEREncoder dEREncoder = new DEREncoder();
        VID vid = new VID();
        vid.setIDNAndRandom(this.idn, this.vidRandom);
        try {
            vid.encode(dEREncoder);
            this.twiceHash = hashTwice(dEREncoder.toByteArray(), getVIDHashAlgorithm());
            return this.hashedData != null && ArrayComparator.equals(this.hashedData, this.twiceHash);
        } catch (Exception e2) {
            INISAFECore.CoreLogger(1, "ASN1 Encode exception occured");
            LogUtil.writeStackTrace(INISAFECore.CoreLogger, e2);
            throw new INICoreException("ASN1 Encode exception occured");
        }
    }

    public String getCertOID() {
        return useroid;
    }

    public String getIDNumber() {
        return this.idn;
    }

    public byte[] getTwiceHash() {
        return this.twiceHash;
    }

    public byte[] getVID() {
        return this.hashedData;
    }

    public String getVIDHashAlgorithm() {
        return this.hashAlgId.getAlgName();
    }

    public byte[] getVIDRandom() {
        return this.vidRandom;
    }
}
