package com.koalii.cert;

import com.koalii.bc.asn1.ASN1InputStream;
import com.koalii.bc.asn1.DERBitString;
import com.koalii.bc.asn1.x509.X509CertificateStructure;
import com.koalii.bc.asn1.x509.X509Extensions;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;

/* loaded from: input_file:com/koalii/cert/X509CertVerifier.class */
public class X509CertVerifier {
    public static final int CertUsage_CA = 6;
    public static final int CertUsage_Sign = 192;
    public static final int CertUsage_Ency = 16;
    private ArrayList certChains = new ArrayList();

    public void reset() {
        this.certChains.clear();
    }

    public void addChain(X509Certificate[] x509CertificateArr) throws X509CertException {
        int checkCertChain = checkCertChain(x509CertificateArr);
        if (checkCertChain != 0) {
            throw new X509CertException(new StringBuffer("Illegal trsut cert chain ").append(checkCertChain).toString());
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate);
        }
        this.certChains.add(arrayList);
    }

    public String listCertChains() {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < this.certChains.size(); i++) {
            ArrayList arrayList = (ArrayList) this.certChains.get(i);
            int i2 = 0;
            while (i2 < arrayList.size()) {
                stringBuffer.append(((X509Certificate) arrayList.get(i2)).getSubjectDN());
                stringBuffer.append(i2 == arrayList.size() - 1 ? "" : " --> ");
                i2++;
            }
            stringBuffer.append("\n");
        }
        return stringBuffer.toString();
    }

    public void generateCertChain(X509Certificate[] x509CertificateArr) throws X509CertException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            int i2 = 0;
            while (i2 < arrayList.size() && !x509CertificateArr[i].equals((X509Certificate) arrayList.get(i2))) {
                i2++;
            }
            if (arrayList.size() == i2) {
                arrayList.add(x509CertificateArr[i]);
            }
        }
        this.certChains.clear();
        while (arrayList.size() > 0) {
            ArrayList arrayList2 = new ArrayList();
            X509Certificate x509Certificate = (X509Certificate) arrayList.get(0);
            X509Certificate x509Certificate2 = x509Certificate;
            arrayList2.add(x509Certificate);
            for (int i3 = 1; i3 < arrayList.size(); i3++) {
                X509Certificate x509Certificate3 = (X509Certificate) arrayList.get(i3);
                if (x509Certificate3.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                    if (verifyCertSignature(x509Certificate3, x509Certificate.getPublicKey()) == 0) {
                        arrayList2.add(0, x509Certificate3);
                        x509Certificate = x509Certificate3;
                    }
                } else if (x509Certificate3.getSubjectDN().equals(x509Certificate2.getIssuerDN()) && verifyCertSignature(x509Certificate2, x509Certificate3.getPublicKey()) == 0) {
                    arrayList2.add(x509Certificate3);
                    x509Certificate2 = x509Certificate3;
                }
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[arrayList2.size()];
            arrayList2.toArray(x509CertificateArr2);
            addChain(x509CertificateArr2);
            arrayList.remove(x509Certificate);
        }
    }

    public X509Certificate[] getCertChain(int i) {
        ArrayList arrayList = (ArrayList) this.certChains.get(i);
        X509Certificate[] x509CertificateArr = new X509Certificate[arrayList.size()];
        arrayList.toArray(x509CertificateArr);
        return x509CertificateArr;
    }

    public int getCertChainNum() {
        return this.certChains.size();
    }

    public int verifyCertTrust(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("input cert is null");
        }
        if (this.certChains.size() == 0) {
            return 6;
        }
        for (int i = 0; i < this.certChains.size(); i++) {
            X509Certificate x509Certificate2 = (X509Certificate) ((ArrayList) this.certChains.get(i)).get(0);
            if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                return verifyCertSignature(x509Certificate, x509Certificate2.getPublicKey());
            }
        }
        return 6;
    }

    public static int checkCertChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return -1;
        }
        int length = x509CertificateArr.length;
        for (int i = 0; i < length - 1; i++) {
            if (verifyCertValidity(x509CertificateArr[i]) != 0) {
                return 300 + i;
            }
            if (!x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i + 1].getSubjectDN())) {
                return 600 + i;
            }
            if (verifyCertSignature(x509CertificateArr[i], x509CertificateArr[i + 1].getPublicKey()) != 0) {
                return 900 + i;
            }
        }
        if (verifyCertValidity(x509CertificateArr[length - 1]) != 0) {
            return (300 + length) - 1;
        }
        return 0;
    }

    public static int verifyCertValidity(X509Certificate x509Certificate, Date date) {
        if (x509Certificate == null) {
            return -1;
        }
        try {
            x509Certificate.checkValidity(date);
            return 0;
        } catch (CertificateExpiredException e) {
            return 1;
        } catch (CertificateNotYetValidException e2) {
            return 2;
        }
    }

    public static int verifyCertValidity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return -1;
        }
        try {
            x509Certificate.checkValidity();
            return 0;
        } catch (CertificateExpiredException e) {
            return 1;
        } catch (CertificateNotYetValidException e2) {
            return 2;
        }
    }

    public static int verifyCertSignature(X509Certificate x509Certificate, PublicKey publicKey) {
        if (x509Certificate == null || publicKey == null) {
            return -1;
        }
        try {
            x509Certificate.verify(publicKey);
            return 0;
        } catch (InvalidKeyException e) {
            return 3;
        } catch (NoSuchAlgorithmException e2) {
            return 4;
        } catch (NoSuchProviderException e3) {
            return 5;
        } catch (SignatureException e4) {
            return 1;
        } catch (CertificateException e5) {
            return 2;
        }
    }

    public static int verifyCertUsage(X509Certificate x509Certificate, int i) {
        try {
            return (DERBitString.getInstance(new ASN1InputStream(X509CertificateStructure.getInstance(new ASN1InputStream(x509Certificate.getEncoded()).readObject()).getTBSCertificate().getExtensions().getExtension(X509Extensions.KeyUsage).getValue().getOctets()).readObject()).intValue() & i) == i ? 0 : -2;
        } catch (Exception e) {
            return -1;
        }
    }
}
