package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.org.bouncycastle.asn1.x509.CRLDistPoint;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import cfca.sadk.org.bouncycastle.util.encoders.Hex;
import cfca.sadk.system.SADKDebugger;
import cfca.sadk.system.logging.LoggerManager;
import java.security.PublicKey;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CertVerifier.class */
public final class X509CertVerifier {
    private static Map<String, PublicKey> validTrustCerts = new ConcurrentHashMap();
    private static final int maxTrustCerts = 20000;

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    public static void updateTrustCertsMap(java.lang.String r5) throws cfca.sadk.algorithm.common.PKIException {
        /*
            cfca.org.slf4j.Logger r0 = cfca.sadk.system.logging.LoggerManager.debugLogger
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto L36
            cfca.org.slf4j.Logger r0 = cfca.sadk.system.logging.LoggerManager.debugLogger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "updateTrustCertsMap[trustCertPath]>>>>>>Running: trustCert="
            java.lang.StringBuilder r1 = r1.append(r2)
            java.util.Map<java.lang.String, java.security.PublicKey> r2 = cfca.sadk.x509.certificate.X509CertVerifier.validTrustCerts
            int r2 = r2.size()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r2 = ", trustCerPath="
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.debug(r1)
        L36:
            r0 = 0
            r6 = r0
            cfca.sadk.x509.certificate.X509Cert r0 = new cfca.sadk.x509.certificate.X509Cert     // Catch: java.lang.Exception -> L44
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: java.lang.Exception -> L44
            r6 = r0
            goto L7b
        L44:
            r7 = move-exception
            cfca.org.slf4j.Logger r0 = cfca.sadk.system.logging.LoggerManager.exceptionLogger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "updateTrustCertsMap[trustCertPath]<<<<<<Failure: trustCertPath="
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.error(r1)
            cfca.sadk.algorithm.common.PKIException r0 = new cfca.sadk.algorithm.common.PKIException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "updateTrustCertsMap Failure with invalid content trustCertPath="
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r5
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            throw r0
        L7b:
            r0 = r6
            updateTrustCertsMap(r0)     // Catch: java.lang.Throwable -> L85
            r0 = jsr -> L8b
        L82:
            goto Lbc
        L85:
            r8 = move-exception
            r0 = jsr -> L8b
        L89:
            r1 = r8
            throw r1
        L8b:
            r9 = r0
            cfca.org.slf4j.Logger r0 = cfca.sadk.system.logging.LoggerManager.debugLogger
            boolean r0 = r0.isDebugEnabled()
            if (r0 == 0) goto Lba
            cfca.org.slf4j.Logger r0 = cfca.sadk.system.logging.LoggerManager.debugLogger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "updateTrustCertsMap[trustCertPath]<<<<<<Finished: trustCert="
            java.lang.StringBuilder r1 = r1.append(r2)
            java.util.Map<java.lang.String, java.security.PublicKey> r2 = cfca.sadk.x509.certificate.X509CertVerifier.validTrustCerts
            int r2 = r2.size()
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.debug(r1)
        Lba:
            ret r9
        Lbc:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: cfca.sadk.x509.certificate.X509CertVerifier.updateTrustCertsMap(java.lang.String):void");
    }

    public static void updateTrustCertsMap(X509Cert[] x509CertArr) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMap[X509Certs]>>>>>>Running: trustCert=" + validTrustCerts.size());
        }
        if (x509CertArr != null) {
            for (X509Cert x509Cert : x509CertArr) {
                updateTrustCertsMap(x509Cert);
            }
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMap[X509Certs]<<<<<<Finished: trustCert=" + validTrustCerts.size());
        }
    }

    public static void updateTrustCertsMap(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("updateTrustCertsMap[X509Cert]>>>>>>Running: trustCert=" + validTrustCerts.size());
            stringBuffer.append(SADKDebugger.dump(x509Cert));
        }
        if (isValidAlgorithm(x509Cert)) {
            updateTrustCertsMapBySubjectName(x509Cert);
            updateTrustCertsMapByKeyIdentifier(x509Cert);
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMap[X509Cert]<<<<<<Finished: trustCerts=" + validTrustCerts.size());
        }
    }

    public static void clearTrustCertsMap() {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("clearTrustCertsMap>>>>>>Running: trustCerts=" + validTrustCerts.size());
        }
        validTrustCerts.clear();
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("clearTrustCertsMap<<<<<<Finished: trustCerts=" + validTrustCerts.size());
        }
    }

    public static boolean validateCertSign(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("validateCertSign>>>>>>Running: cert=" + x509Cert);
        }
        try {
            if (x509Cert == null) {
                throw new PKIException("validateCertSign Failure: null not allowed for parameter@cert");
            }
            PublicKey findTrustPublicKey = findTrustPublicKey(x509Cert);
            if (findTrustPublicKey == null) {
                throw new PKIException("validateCertSign Failure: can not get the user issuer's cert");
            }
            boolean verify = x509Cert.verify(findTrustPublicKey);
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("validateCertSign<<<<<<Finished: verifyResult=" + verify);
            }
            return verify;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("validateCertSign<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("validateCertSign<<<<<<Failure", th);
            throw new PKIException("validateCertSign Failure: " + th.getMessage(), th);
        }
    }

    public static boolean verifyCertDate(X509Cert x509Cert) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verifyCertDate>>>>>>Running: cert=" + x509Cert);
        }
        if (x509Cert == null) {
            throw new SecurityException("verifyCertDate Failure: null not allowed for parameter@cert");
        }
        Date date = new Date();
        boolean z = true;
        if (date.before(x509Cert.getNotBefore()) || date.after(x509Cert.getNotAfter())) {
            z = false;
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verifyCertDate<<<<<<Finished: okay=" + z);
        }
        return z;
    }

    public static boolean verifyCertByCRLOutLine(X509Cert x509Cert, String str) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verifyCertByCRLOutLine>>>>>>Running: crlPath=" + str + ",cert=" + x509Cert);
        }
        if (x509Cert == null) {
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("verifyCertByCRLOutLine<<<<<<Finished: Required parameter cert");
            }
            throw new PKIException("verifyCertByCRLOutLine Failure: Required parameter cert");
        }
        try {
            boolean z = !new X509CRLFile(str, false).isRevoke(x509Cert.getSerialNumber());
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("verifyCertByCRLOutLine<<<<<<Finished: isValid=" + z);
            }
            return z;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("verifyCertByCRLOutLine<<<<<<Failure: decodedX509CRLFile ", th);
            throw new PKIException("verifyCertByCRLOutLine Failure when decoded X509CRLFile: " + th.getMessage(), th);
        }
    }

    public static String getCRLPointName(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("getCRLPointName>>>>>>Running: cert=" + x509Cert);
        }
        try {
            CRLDistPoint cRLDistributionPoints = x509Cert.getCRLDistributionPoints();
            if (cRLDistributionPoints == null || cRLDistributionPoints.getDistributionPoints() == null) {
                throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_NOPOINT);
            }
            int length = cRLDistributionPoints.getDistributionPoints().length;
            String str = null;
            for (int i = 0; i < length; i++) {
                String distributionPointName = cRLDistributionPoints.getDistributionPoints()[i].getDistributionPoint().toString();
                if (distributionPointName.indexOf("ldap://") != -1) {
                    str = distributionPointName;
                }
            }
            if (str == null) {
                throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_DES);
            }
            if (LoggerManager.debugLogger.isDebugEnabled()) {
                LoggerManager.debugLogger.debug("getCRLPointName<<<<<<Finished: crl=" + str);
            }
            return str;
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("getCRLPointName<<<<<<Failure", e);
            throw e;
        } catch (Throwable th) {
            LoggerManager.exceptionLogger.error("getCRLPointName<<<<<<Failure", th);
            throw new PKIException("getCRLPointName Failure", th);
        }
    }

    public static boolean verifyCertByLDAP(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("verifyCertByLDAP>>>>>>Running: cert=" + x509Cert);
        }
        try {
            String cRLPointName = getCRLPointName(x509Cert);
            if (cRLPointName == null) {
                throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_NOPOINT);
            }
            String substring = cRLPointName.substring(cRLPointName.indexOf("ldap://") + 7, cRLPointName.length());
            int indexOf = substring.indexOf(":");
            String substring2 = substring.substring(0, indexOf);
            String substring3 = substring.substring(indexOf + 1, substring.length());
            int indexOf2 = substring3.indexOf("/");
            String substring4 = substring3.substring(0, indexOf2);
            String substring5 = substring3.substring(indexOf2 + 1, substring3.length());
            try {
                X509CRL downloadCRL = downloadCRL(substring2, substring4, substring5.substring(0, substring5.indexOf("?")), substring5.substring(substring5.indexOf("=") + 1, substring5.indexOf(",")));
                if (downloadCRL == null) {
                    throw new PKIException(CertKitException.API_CRL_DOWNLOAD_ERR, CertKitException.API_CRL_DOWNLOAD_ERR_DES);
                }
                boolean z = !downloadCRL.isRevoke(x509Cert.getSerialNumber());
                if (LoggerManager.debugLogger.isDebugEnabled()) {
                    LoggerManager.debugLogger.debug("verifyCertByLDAP<<<<<<Finished: passed=" + z);
                }
                return z;
            } catch (Throwable th) {
                throw new PKIException(CertKitException.API_CRL_DOWNLOAD_ERR, CertKitException.API_CRL_DOWNLOAD_ERR_DES, th);
            }
        } catch (PKIException e) {
            LoggerManager.exceptionLogger.error("verifyCertByLDAP<<<<<<Failure", e);
            throw e;
        } catch (Throwable th2) {
            LoggerManager.exceptionLogger.error("verifyCertByLDAP<<<<<<Failure", th2);
            throw new PKIException("verifyCertByLDAP Failure", th2);
        }
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    private static cfca.sadk.x509.certificate.X509CRL downloadCRL(java.lang.String r6, java.lang.String r7, java.lang.String r8, java.lang.String r9) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 572
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cfca.sadk.x509.certificate.X509CertVerifier.downloadCRL(java.lang.String, java.lang.String, java.lang.String, java.lang.String):cfca.sadk.x509.certificate.X509CRL");
    }

    private static boolean isValidAlgorithm(X509Cert x509Cert) {
        boolean z;
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("isValidAlgorithm::>>>>>>Running: trustCert=" + SADKDebugger.dump(x509Cert));
        }
        boolean z2 = false;
        if (x509Cert != null) {
            try {
                if (!"1.2.156.10197.1.501".equals(x509Cert.getSignatureAlgorithmOID())) {
                    if (!"1.2.840.113549.1.1.1".equals(x509Cert.getPublicKeyAlgorithmOID())) {
                        z = false;
                        z2 = z;
                    }
                }
                z = true;
                z2 = z;
            } catch (Exception e) {
                z2 = false;
                LoggerManager.exceptionLogger.error("isValidAlgorithm::<<<<<<Failure: " + SADKDebugger.dump(x509Cert), e);
            }
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("isValidAlgorithm::<<<<<<Finished: isValid=" + z2);
        }
        return z2;
    }

    private static void updateTrustCertsMapBySubjectName(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMapBySubjectName::>>>>>>Running: trustCerts=" + validTrustCerts.size());
        }
        if (x509Cert != null) {
            if (validTrustCerts.size() > maxTrustCerts) {
                LoggerManager.exceptionLogger.error("updateTrustCertsMapBySubjectName::<<<<<<Failure: validTrustCerts exceed maxTrustCerts=20000");
                throw new PKIException("updateTrustCertsMap Failure with validTrustCerts exceed maxTrustCerts=20000");
            }
            try {
                validTrustCerts.put(x509Cert.getSubject(), x509Cert.getPublicKey());
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("updateTrustCertsMapBySubjectName::<<<<<<Failure: " + SADKDebugger.dump(x509Cert), e);
            }
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMapBySubjectName::<<<<<<Finished: trustCert=" + validTrustCerts.size());
        }
    }

    private static void updateTrustCertsMapByKeyIdentifier(X509Cert x509Cert) throws PKIException {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMapByKeyIdentifier::>>>>>>Running: trustCerts=" + validTrustCerts.size());
        }
        if (x509Cert != null) {
            if (validTrustCerts.size() > maxTrustCerts) {
                LoggerManager.exceptionLogger.error("updateTrustCertsMapByKeyIdentifier::<<<<<<Failure: validTrustCerts exceed maxTrustCerts=20000");
                throw new PKIException("updateTrustCertsMap Failure with validTrustCerts exceed maxTrustCerts=20000");
            }
            try {
                SubjectKeyIdentifier subjectKeyIdentifier = x509Cert.getSubjectKeyIdentifier();
                if (subjectKeyIdentifier != null) {
                    validTrustCerts.put(Hex.toHexString(subjectKeyIdentifier.getKeyIdentifier()), x509Cert.getPublicKey());
                }
            } catch (Exception e) {
                LoggerManager.exceptionLogger.error("updateTrustCertsMapByKeyIdentifier::<<<<<<Failure: " + SADKDebugger.dump(x509Cert), e);
            }
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("updateTrustCertsMapByKeyIdentifier::<<<<<<Finished: trustCert=" + validTrustCerts.size());
        }
    }

    private static PublicKey findTrustPublicKey(X509Cert x509Cert) {
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("findTrustPublicKey::>>>>>>Running: cert=" + SADKDebugger.dump(x509Cert));
        }
        PublicKey publicKey = null;
        try {
            if (x509Cert.getAuthorityKeyIdentifier() != null) {
                publicKey = validTrustCerts.get(Hex.toHexString(x509Cert.getAuthorityKeyIdentifier().getKeyIdentifier()));
            }
        } catch (Exception e) {
            LoggerManager.exceptionLogger.error("findTrustPublicKey::<<<<<<Failure find AuthorityKeyIdentifier: " + SADKDebugger.dump(x509Cert), e);
        }
        if (publicKey == null) {
            publicKey = validTrustCerts.get(x509Cert.getIssuer());
        }
        if (LoggerManager.debugLogger.isDebugEnabled()) {
            LoggerManager.debugLogger.debug("findTrustPublicKey::<<<<<<Finished: PublicKey=" + ((Object) SADKDebugger.dump(publicKey)));
        }
        return publicKey;
    }
}
