package com.dayside.fido.uaf.util;

import com.dayside.fido.uaf.auth.common.AuthException;
import com.dayside.fido.uaf.auth.crypto.CryptoConst;
import com.dayside.fido.uaf.auth.crypto.CryptoHelper;
import com.xshield.dc;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;

/* loaded from: classes2.dex */
public class ETRICertPathValidator {
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static boolean checkCRL(X509Certificate x509Certificate) throws AuthException {
        try {
            Iterator<String> it = getCrlDPs(x509Certificate).iterator();
            while (it.hasNext()) {
                if (downloadCRL(it.next()).isRevoked(x509Certificate)) {
                    return false;
                }
            }
            return true;
        } catch (Exception unused) {
            throw new AuthException(dc.m911(772867579) + x509Certificate.getSubjectX500Principal());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static X509CRL downloadCRL(String str) throws AuthException {
        if (!str.startsWith("http://") && !str.startsWith("https://") && !str.startsWith("ftp://")) {
            return null;
        }
        try {
            InputStream openStream = new URL(str).openStream();
            try {
                return (X509CRL) CertificateFactory.getInstance(CryptoConst.CERT_X509).generateCRL(openStream);
            } finally {
                openStream.close();
            }
        } catch (Exception e) {
            throw new AuthException(e.getMessage());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static List<String> getCrlDPs(X509Certificate x509Certificate) throws AuthException {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue(dc.m914(501824122));
        if (extensionValue == null) {
            return arrayList;
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensionValue));
        try {
            try {
                ASN1Primitive readObject = aSN1InputStream.readObject();
                try {
                    aSN1InputStream.close();
                } catch (IOException unused) {
                }
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) readObject).getOctets()));
                ASN1Primitive aSN1Primitive = null;
                try {
                    aSN1Primitive = aSN1InputStream2.readObject();
                } catch (IOException e) {
                    e.printStackTrace();
                }
                for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(aSN1Primitive).getDistributionPoints()) {
                    DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                    if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                        GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                        for (int i = 0; i < names.length; i++) {
                            if (names[i].getTagNo() == 6) {
                                arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                            }
                        }
                    }
                }
                return arrayList;
            } catch (Throwable th) {
                try {
                    aSN1InputStream.close();
                } catch (IOException unused2) {
                }
                throw th;
            }
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new AuthException(e2.getMessage());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static boolean isSelfSigned(X509Certificate x509Certificate) throws AuthException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException unused) {
            return false;
        } catch (NoSuchAlgorithmException e) {
            throw new AuthException(e.getMessage());
        } catch (NoSuchProviderException e2) {
            throw new AuthException(e2.getMessage());
        } catch (CertificateException e3) {
            throw new AuthException(e3.getMessage());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public boolean validate(List<String> list, byte[][] bArr) throws AuthException {
        String m920 = dc.m920(1059499902);
        if (list == null) {
            throw new AuthException("strRootCerts is null");
        }
        if (bArr == null) {
            throw new AuthException("certs is null");
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < list.size(); i++) {
            hashSet.add(new TrustAnchor(CryptoHelper.getX509Certificate(Base64Helper.decode(list.get(i))), null));
        }
        X509Certificate x509Certificate = CryptoHelper.getX509Certificate(bArr[0]);
        HashSet hashSet2 = new HashSet();
        for (byte[] bArr2 : bArr) {
            hashSet2.add(CryptoHelper.getX509Certificate(bArr2));
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        try {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            try {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), m920));
                try {
                    PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", m920).build(pKIXBuilderParameters);
                    return (pKIXCertPathBuilderResult == null || pKIXCertPathBuilderResult.getTrustAnchor() == null) ? false : true;
                } catch (InvalidAlgorithmParameterException e) {
                    e.printStackTrace();
                    throw new AuthException(e.getMessage());
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                    throw new AuthException(e2.getMessage());
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                    throw new AuthException(e3.getMessage());
                } catch (CertPathBuilderException unused) {
                    return false;
                }
            } catch (InvalidAlgorithmParameterException e4) {
                e4.printStackTrace();
                throw new AuthException(e4.getMessage());
            } catch (NoSuchAlgorithmException e5) {
                e5.printStackTrace();
                throw new AuthException(e5.getMessage());
            } catch (NoSuchProviderException e6) {
                e6.printStackTrace();
                throw new AuthException(e6.getMessage());
            }
        } catch (InvalidAlgorithmParameterException e7) {
            e7.printStackTrace();
            throw new AuthException(e7.getMessage());
        }
    }
}
