package iaik.pki.utils;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.store.certinfo.CertInfo;
import iaik.pki.store.certinfo.CertInfoStore;
import iaik.pki.store.certinfo.CertInfoStoreException;
import iaik.pki.store.certinfo.CertIssuer;
import iaik.utils.Util;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.AuthorityKeyIdentifier;
import iaik.x509.extensions.SubjectAltName;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class CertUtil {
    private static final int A = 65521;
    private static final int B = 3854;
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);

    private CertUtil() {
    }

    public static int adler32(byte[] bArr, int i, int i2) {
        int i3 = 1;
        int i4 = 0;
        int i5 = i2;
        while (i5 > 0) {
            int i6 = i5 <= B ? i5 : B;
            int i7 = i3;
            int i8 = i4;
            for (int i9 = 0; i9 < i6; i9++) {
                i7 += bArr[i + i9] & 255;
                i8 += i7;
            }
            int i10 = i7 % A;
            i4 = i8 % A;
            i5 -= i6;
            i += i6;
            i3 = i10;
        }
        return (i4 << 16) | i3;
    }

    public static CertIssuer checkIssuer(CertInfo certInfo, X509Certificate x509Certificate, boolean z, CertInfoStore certInfoStore, Date date, TransactionId transactionId) {
        CertIssuer certIssuer = null;
        try {
            if (!checkIssuer(certInfo.getCertificate(transactionId), x509Certificate, z, date, transactionId)) {
                return null;
            }
            certIssuer = certInfoStore.createCertIssuer(certInfo, 1, transactionId);
            certIssuer.setStatus(2);
            return certIssuer;
        } catch (CertInfoStoreException e) {
            return certIssuer;
        }
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:24:0x00fe -> B:19:0x005f). Please report as a decompilation issue!!! */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:28:0x00f2 -> B:19:0x005f). Please report as a decompilation issue!!! */
    public static boolean checkIssuer(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z, Date date, TransactionId transactionId) {
        boolean z2;
        if (log_.isDebugEnabled()) {
            log_.debug(transactionId, new StringBuffer("Checking ").append(date == null ? "" : "validity and").append(" key id for issuer \"").append(x509Certificate.getSubjectDN()).append(" (serial number: ").append(x509Certificate.getSerialNumber()).append(")\".").toString(), null);
        }
        if ((date == null ? 0 : checkValidity(x509Certificate, date, transactionId)) != 0) {
            return false;
        }
        try {
            AuthorityKeyIdentifier authorityKeyIdentifier = (AuthorityKeyIdentifier) x509Certificate2.getExtension(AuthorityKeyIdentifier.oid);
            if (authorityKeyIdentifier != null) {
                byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
                if (keyIdentifier == null) {
                    GeneralName[] names = authorityKeyIdentifier.getAuthorityCertIssuer().getNames(4);
                    if (names == null) {
                        log_.debug(transactionId, "Neither a KeyIdentifier nor a AuthorityCertIssuer included in AuthorityKeyIdentifier extension.", null);
                        z2 = false;
                    } else if (names.length != 1) {
                        log_.debug(transactionId, "More than one Directory Name included in AuthorityCertIssuer of AuthorityKeyIdentifier extension.", null);
                        z2 = false;
                    } else {
                        try {
                            try {
                                if (NameUtils.getNormalizedName((Name) names[0].getName()).equals(NameUtils.getNormalizedName((Name) x509Certificate.getSubjectDN()))) {
                                    BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
                                    if (authorityCertSerialNumber == null) {
                                        log_.debug(transactionId, "AuthorityCertIssuer but no AuthorityCertSerialNumber included in AuthorityKeyIdentifier extension.", null);
                                        z2 = false;
                                    } else if (authorityCertSerialNumber.equals(x509Certificate.getSerialNumber())) {
                                        log_.debug(transactionId, "AuthorityCertIssuer and AuthorityCertSerialNumber in AuthorityKeyIdentifier of certificate match SubjectDN and serial number of issuer certificate.", null);
                                        z2 = true;
                                    } else {
                                        log_.debug(transactionId, "AuthorityCertSerialNumber in AuthorityKeyIdentifier of certificate does not match serial number of issuer certificate.", null);
                                        z2 = false;
                                    }
                                } else {
                                    log_.debug(transactionId, "AuthorityCertIssuer in AuthorityKeyIdentifier of certificate does not match SubjectDN of issuer certificate.", null);
                                    z2 = false;
                                }
                            } catch (UtilsException e) {
                                log_.debug(transactionId, "Could not compare AuthorityCertIssuer in AuthorityKeyIdentifier extension of certificate with SubjectDN of issuer certificate.", null);
                                z2 = false;
                            }
                        } catch (ClassCastException e2) {
                            log_.debug(transactionId, "AuthorityCertIssuer in AuthorityKeyIdentifier extension is not a Directory Name.", null);
                            z2 = false;
                        }
                    }
                } else {
                    SubjectKeyIdentifier subjectKeyIdentifier = (SubjectKeyIdentifier) x509Certificate.getExtension(SubjectKeyIdentifier.oid);
                    if (subjectKeyIdentifier == null) {
                        log_.debug(transactionId, "Could not compare key identifiers. No SubjectKeyidentifier included in issuer certificate.", null);
                        z2 = false;
                    } else if (Arrays.equals(keyIdentifier, subjectKeyIdentifier.get())) {
                        log_.debug(transactionId, "Key Identifiers match.", null);
                        z2 = true;
                    } else {
                        log_.debug(transactionId, "Cert chaining invalid, key identifiers don't match.", null);
                        z2 = false;
                    }
                }
            } else if (z) {
                log_.debug(transactionId, "No AuthorityKeyIdentifier included, but certificate is self issued.", null);
                z2 = true;
            } else {
                log_.debug(transactionId, "Cert chaining invalid, no AuthorityKeyidentifier included.", null);
                z2 = false;
            }
            return z2;
        } catch (X509ExtensionInitException e3) {
            log_.info(transactionId, "CertIssuer: exception parsing extensions", e3);
            return false;
        }
    }

    public static Set checkIssuers(Set set, X509Certificate x509Certificate, boolean z, Date date, TransactionId transactionId) {
        HashSet hashSet = new HashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            CertIssuer certIssuer = (CertIssuer) it.next();
            try {
                if (checkIssuer(certIssuer.getCertificate(transactionId), x509Certificate, z, date, transactionId)) {
                    certIssuer.setStatus(2);
                    hashSet.add(certIssuer);
                }
            } catch (CertInfoStoreException e) {
            }
        }
        return hashSet;
    }

    public static Set checkIssuers(CertInfo[] certInfoArr, X509Certificate x509Certificate, boolean z, CertInfoStore certInfoStore, Date date, TransactionId transactionId) {
        HashSet hashSet = new HashSet();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= certInfoArr.length) {
                return hashSet;
            }
            CertIssuer checkIssuer = checkIssuer(certInfoArr[i2], x509Certificate, z, certInfoStore, date, transactionId);
            if (checkIssuer != null) {
                hashSet.add(checkIssuer);
            }
            i = i2 + 1;
        }
    }

    public static boolean checkPKIXChainNaming(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return NameUtils.getNormalizedName((Name) x509Certificate.getSubjectDN()).equals(NameUtils.getNormalizedName((Name) x509Certificate2.getIssuerDN()));
    }

    public static int checkValidity(java.security.cert.X509Certificate x509Certificate, Date date, TransactionId transactionId) {
        try {
            x509Certificate.checkValidity(date);
            log_.debug(transactionId, new StringBuffer("Certificate valid at ").append(date).append(".").toString(), null);
            return 0;
        } catch (CertificateExpiredException e) {
            log_.debug(transactionId, "Certificate expired.", null);
            return -1;
        } catch (CertificateNotYetValidException e2) {
            log_.debug(transactionId, "Certificate not yet valid.", null);
            return 1;
        }
    }

    public static byte[] getCRLId(X509CRL x509crl) {
        return makeIaikCRL(x509crl).getFingerprintSHA();
    }

    public static byte[] getCertId(java.security.cert.X509Certificate x509Certificate) {
        return makeIaikCertificate(x509Certificate).getFingerprintSHA();
    }

    public static Collection getEmailAddresses(java.security.cert.X509Certificate x509Certificate) {
        X509Certificate makeIaikCertificate = makeIaikCertificate(x509Certificate);
        HashSet hashSet = new HashSet();
        String[] rDNs = ((Name) makeIaikCertificate.getSubjectDN()).getRDNs(ObjectID.emailAddress);
        if (rDNs != null) {
            for (String str : rDNs) {
                hashSet.add(str.toLowerCase().trim());
            }
        }
        try {
            Enumeration names = ((SubjectAltName) makeIaikCertificate.getExtension(SubjectAltName.oid)).getGeneralNames().getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 1) {
                    hashSet.add(((String) generalName.getName()).toLowerCase().trim());
                }
            }
        } catch (Exception e) {
        }
        return hashSet;
    }

    public static V3Extension getExtension(X509Certificate x509Certificate, ObjectID objectID) {
        try {
            return x509Certificate.getExtension(objectID);
        } catch (X509ExtensionInitException e) {
            return null;
        }
    }

    public static String getFingerPrintSHA(X509Certificate x509Certificate) {
        byte[] fingerprintSHA = x509Certificate.getFingerprintSHA();
        return Util.toString(fingerprintSHA, 0, fingerprintSHA.length, "");
    }

    public static Enumeration getIssuerDNs(X509CRL x509crl) {
        return makeIaikCRL(x509crl).getIssuerDNs();
    }

    public static Name getName(GeneralNames generalNames) {
        if (generalNames == null) {
            return null;
        }
        Enumeration names = generalNames.getNames();
        while (names.hasMoreElements()) {
            GeneralName generalName = (GeneralName) names.nextElement();
            if (generalName.getType() == 4) {
                return (Name) generalName.getName();
            }
        }
        return null;
    }

    public static Name getSubjectDN(java.security.cert.X509Certificate x509Certificate) {
        return (Name) makeIaikCertificate(x509Certificate).getSubjectDN();
    }

    public static String getURL(GeneralNames generalNames) {
        if (generalNames == null) {
            return null;
        }
        Enumeration names = generalNames.getNames();
        while (names.hasMoreElements()) {
            GeneralName generalName = (GeneralName) names.nextElement();
            if (generalName.getType() == 6) {
                return (String) generalName.getName();
            }
        }
        return null;
    }

    public static List getURLs(GeneralNames generalNames) {
        ArrayList arrayList = new ArrayList();
        if (generalNames != null) {
            Enumeration names = generalNames.getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 6) {
                    String str = (String) generalName.getName();
                    if (!arrayList.contains(str)) {
                        arrayList.add(str);
                    }
                }
            }
        }
        return arrayList;
    }

    public static int hashCode(byte[] bArr) {
        int length = bArr.length;
        int length2 = bArr.length < 48 ? bArr.length : 48;
        for (int i = 0; i < length2; i++) {
            length = ((length >>> 25) | (length << 7)) ^ (bArr[i] & 255);
        }
        return length;
    }

    public static iaik.x509.X509CRL makeIaikCRL(X509CRL x509crl) {
        if (x509crl instanceof iaik.x509.X509CRL) {
            return (iaik.x509.X509CRL) x509crl;
        }
        try {
            return new iaik.x509.X509CRL(x509crl.getEncoded());
        } catch (CRLException e) {
            throw new RuntimeException(new StringBuffer("Could not parse certificate").append(e.getMessage()).toString());
        }
    }

    public static X509Certificate makeIaikCertificate(java.security.cert.X509Certificate x509Certificate) {
        if (x509Certificate instanceof X509Certificate) {
            return (X509Certificate) x509Certificate;
        }
        try {
            return new X509Certificate(x509Certificate.getEncoded());
        } catch (CertificateException e) {
            throw new RuntimeException(new StringBuffer("Could not parse certificate: ").append(e.getMessage()).toString());
        }
    }

    public static byte[] readStream(InputStream inputStream) {
        return Util.readStream(inputStream);
    }

    public static String toString(int i) {
        return Util.toString(i);
    }

    public static byte[] toUTF8(String str) {
        try {
            return str.getBytes("UTF8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(new StringBuffer("UTF8 encoding not found").append(e.getMessage()).toString());
        }
    }
}
