package a.a.a.a.a;

import com.b.a.b.c;
import com.faba5.android.utils.l.e;
import com.faba5.android.utils.p.v;
import iaik.logging.TransactionId;
import iaik.pki.DefaultPKIConfiguration;
import iaik.pki.DefaultPKIProfile;
import iaik.pki.GenericCertStoreParameters;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.PKIResult;
import iaik.pki.pathconstruction.ConstructionResult;
import iaik.pki.pathvalidation.ValidationResult;
import iaik.pki.pathvalidation.ValidationResultInvalid;
import iaik.pki.revocation.RevocationStatus;
import iaik.pki.revocation.RevocationStatusUnknown;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.DefaultTrustStoreProfile;
import iaik.pki.store.truststore.TrustStore;
import iaik.pki.store.truststore.TrustStoreFactory;
import iaik.security.provider.IAIK;
import iaik.x509.X509Certificate;
import java.util.Date;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final e f10a = e.a((Class<?>) b.class);

    /* renamed from: b, reason: collision with root package name */
    private static boolean f11b = true;

    /* renamed from: c, reason: collision with root package name */
    private static a.a.a.a.a.a.a f12c = null;

    /* renamed from: d, reason: collision with root package name */
    private final com.b.a.b.b<a.a.a.a.a.a, EnumC0000b> f13d = c.a().a(60, TimeUnit.MINUTES).o();

    /* loaded from: classes.dex */
    private static class a {

        /* renamed from: a, reason: collision with root package name */
        private static final b f18a;

        static {
            try {
                f18a = new b();
            } catch (Exception e) {
                throw new ExceptionInInitializerError(e);
            }
        }
    }

    /* renamed from: a.a.a.a.a.b$b, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public enum EnumC0000b {
        TRUSTED,
        UNTRUSTED_INVALID_KEYUSAGE,
        UNTRUSTED_NO_VALID_CERTCHAIN,
        UNTRUSTED_REVOCATION_STATUS_UNKNOWN,
        UNTRUSTED_REVOKED,
        UNTRUSTED_REVOCATION_STATUS_ON_HOLD,
        UNTRUSTED_CHAIN_PROBLEM,
        UNTRUSTED_EXTENSIONS_PROBLEM,
        UNTRUSTED_OUTSIDE_VALIDITY_PERIOD,
        UNTRUSTED
    }

    protected b() {
        IAIK.addAsProvider();
    }

    public static b a() {
        return a.f18a;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public EnumC0000b b(Date date, X509Certificate x509Certificate, boolean[] zArr, boolean z, TransactionId transactionId) {
        Date date2 = date == null ? new Date() : date;
        if (f12c == null) {
            f10a.a((Object) ("No valid cert store provided! Aborting. transactionId: " + transactionId));
            return EnumC0000b.UNTRUSTED;
        }
        Set<X509Certificate> b2 = f12c.b();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) b2.toArray(new X509Certificate[b2.size()]);
        DefaultPKIConfiguration defaultPKIConfiguration = new DefaultPKIConfiguration(new CertStoreParameters[]{new GenericCertStoreParameters("certstore-01", false, "memory")});
        try {
            PKIFactory pKIFactory = PKIFactory.getInstance();
            pKIFactory.configure(defaultPKIConfiguration, transactionId);
            DefaultTrustStoreProfile defaultTrustStoreProfile = new DefaultTrustStoreProfile("truststore-01", "memory", null);
            TrustStore trustStoreFactory = TrustStoreFactory.getInstance(defaultTrustStoreProfile, transactionId);
            for (X509Certificate x509Certificate2 : f12c.a()) {
                trustStoreFactory.addCertificate(x509Certificate2, transactionId);
                pKIFactory.getCertInfoStore().getWriteableCertStore(transactionId).storeCertificate(x509Certificate2, transactionId);
            }
            DefaultPKIProfile defaultPKIProfile = new DefaultPKIProfile(defaultTrustStoreProfile);
            defaultPKIProfile.setTrustStoreProfile(defaultTrustStoreProfile);
            defaultPKIProfile.setNameConstraintsProcessing(true);
            defaultPKIProfile.setRevocationChecking(f11b && !z);
            PKIResult validateCertificate = pKIFactory.getPKIModule(defaultPKIProfile).validateCertificate(date2, x509Certificate, x509CertificateArr, zArr, transactionId);
            if (validateCertificate.isCertificateValid()) {
                return EnumC0000b.TRUSTED;
            }
            ValidationResult validationResult = validateCertificate.getValidationResult();
            ConstructionResult constructionResult = validateCertificate.getConstructionResult();
            if (!validateCertificate.isKeyUsageValid()) {
                f10a.a((Object) ("Certificate key usage invalid! transactionId: " + transactionId));
                return EnumC0000b.UNTRUSTED_INVALID_KEYUSAGE;
            }
            if (constructionResult.getChainsCount() == 0) {
                f10a.a((Object) ("No valid certificate chains found. transactionId: " + transactionId));
                return EnumC0000b.UNTRUSTED_NO_VALID_CERTCHAIN;
            }
            if (z) {
                return EnumC0000b.TRUSTED;
            }
            if (!validationResult.getValidationResult().equals(ValidationResult.INVALID)) {
                f10a.a((Object) ("Revocation information inconsistent. Validation result valid but certificate not trusted. transactionId: " + transactionId));
                return EnumC0000b.UNTRUSTED;
            }
            ValidationResultInvalid validationResultInvalid = (ValidationResultInvalid) validationResult;
            String failedReason = validationResultInvalid.getFailedReason();
            if (v.a(failedReason, ValidationResultInvalid.REVOCATION_FAILED)) {
                RevocationStatus certificateStatus = validationResultInvalid.getCertificateStatus();
                System.out.println(certificateStatus);
                return certificateStatus.getStatusCode().equals(RevocationStatus.REVOKED) ? EnumC0000b.UNTRUSTED_REVOKED : ((RevocationStatusUnknown) certificateStatus).getUnknownReason().equals("CertificateOnHold") ? EnumC0000b.UNTRUSTED_REVOCATION_STATUS_ON_HOLD : EnumC0000b.UNTRUSTED_REVOCATION_STATUS_UNKNOWN;
            }
            if (v.a(failedReason, ValidationResultInvalid.CHAINING_FAILED)) {
                return EnumC0000b.UNTRUSTED_CHAIN_PROBLEM;
            }
            if (v.a(failedReason, ValidationResultInvalid.EXTENSION_PROCESSING_FAILED)) {
                return EnumC0000b.UNTRUSTED_EXTENSIONS_PROBLEM;
            }
            if (!v.a(failedReason, ValidationResultInvalid.CERTIFICATE_NOT_YET_VALID) && !v.a(failedReason, ValidationResultInvalid.CERTIFICATE_EXPIRED)) {
                f10a.a((Object) ("Unexpected certificate invalid reason code: " + failedReason + " for transactionId: " + transactionId));
                return EnumC0000b.UNTRUSTED;
            }
            return EnumC0000b.UNTRUSTED_OUTSIDE_VALIDITY_PERIOD;
        } catch (PKIException e) {
            f10a.a("failed to validateCertificate with transactionId: " + transactionId, e);
            return EnumC0000b.UNTRUSTED;
        }
    }

    public EnumC0000b a(final Date date, final X509Certificate x509Certificate, final boolean[] zArr, final boolean z, final TransactionId transactionId) {
        try {
            return this.f13d.a(new a.a.a.a.a.a(x509Certificate, date, zArr, z), new Callable<EnumC0000b>() { // from class: a.a.a.a.a.b.1
                @Override // java.util.concurrent.Callable
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public EnumC0000b call() {
                    return b.this.b(date, x509Certificate, zArr, z, transactionId);
                }
            });
        } catch (ExecutionException e) {
            f10a.a("failed to validate transactionId: " + transactionId, e);
            return EnumC0000b.UNTRUSTED;
        }
    }

    public void a(a.a.a.a.a.a.a aVar) {
        f12c = aVar;
    }

    public void a(boolean z) {
        f11b = z;
    }
}
