package iaik.smime;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.cms.DebugCMS;
import iaik.cms.IssuerAndSerialNumber;
import iaik.smime.ess.utils.ESSUtil;
import iaik.utils.CryptoUtils;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.SubjectAltName;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Array;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: classes.dex */
public class TrustVerifier {

    /* renamed from: a, reason: collision with root package name */
    private static boolean f3584a;
    protected PrintWriter debugWriter_;
    protected Hashtable trustedCerts_ = new Hashtable(20);

    /* renamed from: b, reason: collision with root package name */
    private Hashtable f3585b = new Hashtable(20);

    /* renamed from: c, reason: collision with root package name */
    private Hashtable f3586c = new Hashtable(20);

    static {
        boolean z = false;
        f3584a = false;
        if (DebugCMS.getDebugMode() && f3584a) {
            z = true;
        }
        f3584a = z;
    }

    public TrustVerifier() {
        if (f3584a) {
            setDebugStream(System.out);
        }
    }

    private static void a(X509Certificate x509Certificate, Object obj, Hashtable hashtable) {
        X509Certificate[] x509CertificateArr;
        if (obj != null) {
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) hashtable.get(obj);
            if (x509CertificateArr2 == null || x509CertificateArr2.length <= 0) {
                x509CertificateArr = new X509Certificate[]{x509Certificate};
            } else {
                if (a(x509CertificateArr2, x509Certificate)) {
                    return;
                }
                x509CertificateArr = (X509Certificate[]) a(x509CertificateArr2, x509CertificateArr2.length + 1);
                x509CertificateArr[x509CertificateArr.length - 1] = x509Certificate;
            }
            hashtable.put(obj, x509CertificateArr);
        }
    }

    private void a(String str) {
        if (this.debugWriter_ != null) {
            this.debugWriter_.println(new StringBuffer("TrustVerifier: ").append(str).toString());
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        try {
            BasicConstraints basicConstraints = (BasicConstraints) x509Certificate.getExtension(BasicConstraints.oid);
            if (basicConstraints != null) {
                if (basicConstraints.ca()) {
                    return true;
                }
            }
        } catch (X509ExtensionInitException e) {
        }
        if (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return false;
        }
        try {
            x509Certificate.verify();
            return true;
        } catch (Exception e2) {
            return false;
        }
    }

    private boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        String stringBuffer = str == null ? "" : new StringBuffer("(").append(str).append(") ").toString();
        a(new StringBuffer(String.valueOf(stringBuffer)).append("Verifying ").append(x509Certificate.getSubjectDN()).toString());
        x509Certificate.checkValidity();
        if (isTrustedCertificate(x509Certificate)) {
            a(new StringBuffer(String.valueOf(stringBuffer)).append(" Cert is trusted, done.").toString());
            return true;
        }
        if (x509Certificate2 != null) {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            if (CryptoUtils.equalsBlock(x509Certificate.getSignature(), x509Certificate2.getSignature()) && !x509Certificate.equals(x509Certificate2)) {
                throw new CertificateException(new StringBuffer("Cert ").append(x509Certificate.getSubjectDN()).append(" and ").append(x509Certificate2.getSubjectDN()).append(" have same signature value!").toString());
            }
        }
        return false;
    }

    private static boolean a(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate2.equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private static Object[] a(Object[] objArr, int i) {
        Object[] objArr2 = (Object[]) Array.newInstance(objArr.getClass().getComponentType(), i);
        System.arraycopy(objArr, 0, objArr2, 0, Math.min(i, objArr.length));
        return objArr2;
    }

    private static void b(X509Certificate x509Certificate, Object obj, Hashtable hashtable) {
        int i;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) hashtable.get(obj);
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return;
        }
        int length = x509CertificateArr.length;
        if (length == 1) {
            if (x509CertificateArr[0].equals(x509Certificate)) {
                hashtable.remove(obj);
                return;
            }
            return;
        }
        for (int i2 = 0; i2 < length; i2++) {
            if (x509CertificateArr[i2].equals(x509Certificate)) {
                x509CertificateArr[i2] = null;
                X509Certificate[] x509CertificateArr2 = new X509Certificate[length - 1];
                int i3 = 0;
                int i4 = 0;
                while (i3 < length) {
                    if (x509CertificateArr[i3] != null) {
                        i = i4 + 1;
                        x509CertificateArr2[i4] = x509CertificateArr[i3];
                    } else {
                        i = i4;
                    }
                    i3++;
                    i4 = i;
                }
                hashtable.put(obj, x509CertificateArr2);
                return;
            }
        }
    }

    public static Enumeration getEmailAddresses(X509Certificate x509Certificate) {
        Vector vector = new Vector();
        String[] rDNs = ((Name) x509Certificate.getSubjectDN()).getRDNs(ObjectID.emailAddress);
        if (rDNs != null) {
            for (String str : rDNs) {
                vector.addElement(str.toLowerCase());
            }
        }
        try {
            SubjectAltName subjectAltName = (SubjectAltName) x509Certificate.getExtension(SubjectAltName.oid);
            if (subjectAltName != null) {
                Enumeration names = subjectAltName.getGeneralNames().getNames();
                while (names.hasMoreElements()) {
                    GeneralName generalName = (GeneralName) names.nextElement();
                    if (generalName.getType() == 1) {
                        vector.addElement(((String) generalName.getName()).toLowerCase());
                    }
                }
            }
        } catch (Exception e) {
        }
        return vector.elements();
    }

    public void addTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("Cannot add a null certificate!");
        }
        this.trustedCerts_.put(new IssuerAndSerialNumber(x509Certificate), x509Certificate);
        a(x509Certificate, x509Certificate.getSubjectDN(), this.f3585b);
        Enumeration emailAddresses = getEmailAddresses(x509Certificate);
        while (emailAddresses.hasMoreElements()) {
            a(x509Certificate, ESSUtil.parseAddress((String) emailAddresses.nextElement()), this.f3586c);
        }
    }

    public boolean checkEMail(String str, X509Certificate x509Certificate) {
        SubjectAltName subjectAltName;
        GeneralNames generalNames;
        String parseAddress = ESSUtil.parseAddress(str);
        String rdn = ((Name) x509Certificate.getSubjectDN()).getRDN(ObjectID.emailAddress);
        if (rdn != null) {
            if (parseAddress.equalsIgnoreCase(rdn)) {
                a("Email addresses correct!");
                return true;
            }
            a("Email addresses do not match!");
            return false;
        }
        try {
            subjectAltName = (SubjectAltName) x509Certificate.getExtension(SubjectAltName.oid);
        } catch (Exception e) {
            subjectAltName = null;
        }
        if (subjectAltName != null && (generalNames = subjectAltName.getGeneralNames()) != null) {
            Enumeration names = generalNames.getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 1) {
                    String str2 = (String) generalName.getName();
                    if (parseAddress.equalsIgnoreCase(str2)) {
                        a("Email addresses correct!");
                        return true;
                    }
                    rdn = str2;
                }
            }
        }
        if (rdn != null) {
            a("Email addresses do not match!");
            return false;
        }
        if (a(x509Certificate)) {
            a("Ca cert must not contain an email!");
            return true;
        }
        a("Missing email in certificate!");
        return false;
    }

    public X509Certificate[] getCertificates(String str) {
        X509Certificate[] x509CertificateArr = str != null ? (X509Certificate[]) this.f3586c.get(ESSUtil.parseAddress(str).toLowerCase()) : null;
        return x509CertificateArr == null ? new X509Certificate[0] : x509CertificateArr;
    }

    public X509Certificate[] getCertificates(Principal principal) {
        X509Certificate[] x509CertificateArr = principal != null ? (X509Certificate[]) this.f3585b.get(principal) : null;
        return x509CertificateArr == null ? new X509Certificate[0] : x509CertificateArr;
    }

    public Enumeration getTrustedCertificates() {
        return this.trustedCerts_.elements();
    }

    public X509Certificate getTrustedIssuerCert(X509Certificate x509Certificate) {
        int length;
        if (x509Certificate == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) this.f3585b.get(x509Certificate.getIssuerDN());
        if (x509CertificateArr != null && (length = x509CertificateArr.length) > 0) {
            if (length == 1) {
                return x509CertificateArr[0];
            }
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                try {
                    x509Certificate2.checkValidity();
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return x509Certificate2;
                } catch (Exception e) {
                }
            }
        }
        return null;
    }

    public X509Certificate[] getTrustedIssuerCerts(X509Certificate x509Certificate) {
        X509Certificate[] x509CertificateArr = x509Certificate != null ? (X509Certificate[]) this.f3585b.get(x509Certificate.getIssuerDN()) : null;
        return x509CertificateArr == null ? new X509Certificate[0] : x509CertificateArr;
    }

    public boolean isTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("Cannot check null certificate!");
        }
        X509Certificate x509Certificate2 = (X509Certificate) this.trustedCerts_.get(new IssuerAndSerialNumber(x509Certificate));
        return x509Certificate2 != null && x509Certificate2.equals(x509Certificate);
    }

    public boolean removeTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            boolean z = this.trustedCerts_.remove(new IssuerAndSerialNumber(x509Certificate)) != null;
            if (z) {
                b(x509Certificate, x509Certificate.getSubjectDN(), this.f3585b);
                Enumeration emailAddresses = getEmailAddresses(x509Certificate);
                while (emailAddresses.hasMoreElements()) {
                    b(x509Certificate, ESSUtil.parseAddress((String) emailAddresses.nextElement()), this.f3586c);
                }
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    public void setDebugStream(OutputStream outputStream) {
        if (outputStream == null) {
            this.debugWriter_ = null;
        } else {
            this.debugWriter_ = new PrintWriter(outputStream, true);
        }
    }

    public int size() {
        return this.trustedCerts_.size();
    }

    public void verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        verifyCertificateChain(x509CertificateArr, null);
    }

    public void verifyCertificateChain(X509Certificate[] x509CertificateArr, String str) {
        int i = 0;
        if (x509CertificateArr == null) {
            throw new NullPointerException("Cannot verify null cert chain!");
        }
        String stringBuffer = str == null ? "" : new StringBuffer("(").append(str).append(") ").toString();
        try {
            int length = x509CertificateArr.length;
            for (int i2 = 0; i2 < length - 1; i2++) {
                if (a(x509CertificateArr[i2], x509CertificateArr[i2 + 1], str)) {
                    a(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                    return;
                }
            }
            X509Certificate x509Certificate = x509CertificateArr[length - 1];
            if (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                X509Certificate[] trustedIssuerCerts = getTrustedIssuerCerts(x509Certificate);
                if (trustedIssuerCerts.length > 0) {
                    a(new StringBuffer(String.valueOf(stringBuffer)).append("Found issuers.").toString());
                }
                while (true) {
                    int i3 = i;
                    if (i3 >= trustedIssuerCerts.length) {
                        break;
                    }
                    a(new StringBuffer(String.valueOf(stringBuffer)).append("Checking against issuer cert ").append(trustedIssuerCerts[0].getSubjectDN()).append("...").toString());
                    try {
                    } catch (Exception e) {
                        a(new StringBuffer(String.valueOf(stringBuffer)).append("Verification failed for issuer cert ").append(trustedIssuerCerts[0].getSubjectDN()).append(e.toString()).toString());
                        if (i3 == trustedIssuerCerts.length - 1) {
                            throw e;
                        }
                    }
                    if (a(x509Certificate, trustedIssuerCerts[i3], str)) {
                        a(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                    } else {
                        if (trustedIssuerCerts[i3] != null && isTrustedCertificate(trustedIssuerCerts[i3])) {
                            a(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                        }
                        i = i3 + 1;
                    }
                    return;
                }
            }
            if (a(x509Certificate, x509Certificate, str)) {
                a(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                return;
            }
            if (size() != 0) {
                a(new StringBuffer(String.valueOf(stringBuffer)).append("No trusted certificate found, rejected.").toString());
                throw new CertificateException("No trusted certificate found, rejected.");
            }
            a(new StringBuffer(String.valueOf(stringBuffer)).append("No trusted certificate found, OK anyway.").toString());
        } catch (Exception e2) {
            String stringBuffer2 = new StringBuffer("Error verifying certificate chain: ").append(e2).toString();
            a(new StringBuffer(String.valueOf(stringBuffer)).append(stringBuffer2).toString());
            throw new CertificateException(stringBuffer2);
        }
    }

    public boolean verifyChain(X509Certificate[] x509CertificateArr) {
        return verifyChain(x509CertificateArr, null);
    }

    public boolean verifyChain(X509Certificate[] x509CertificateArr, String str) {
        try {
            verifyCertificateChain(x509CertificateArr, str);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }
}
