package org.jscep.client;

import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class CertStoreInspector {
    private static final int DATA_ENCIPHERMENT = 3;
    private static final int DIGITAL_SIGNATURE = 0;
    private static final int KEY_ENCIPHERMENT = 2;
    private static final int KEY_USAGE_LENGTH = 9;
    private static final Logger LOGGER = LoggerFactory.getLogger(CertStoreInspector.class);
    private final X509Certificate encrypter;
    private final X509Certificate issuer;
    private final X509Certificate verifier;

    private CertStoreInspector(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3) {
        this.verifier = x509Certificate;
        this.encrypter = x509Certificate2;
        this.issuer = x509Certificate3;
    }

    private static X509Certificate getCaCertificate(CertStore certStore) throws CertStoreException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setBasicConstraints(0);
        Collection<? extends Certificate> certificates = certStore.getCertificates(x509CertSelector);
        if (certificates.size() <= 0) {
            throw new RuntimeException("No suitable certificate for verification");
        }
        LOGGER.debug("Found {} certificate(s) with basicConstraints", Integer.valueOf(certificates.size()));
        return (X509Certificate) certificates.iterator().next();
    }

    public static CertStoreInspector inspect(CertStore certStore) {
        try {
            Collection<? extends Certificate> certificates = certStore.getCertificates(null);
            LOGGER.debug("CertStore contains {} certificate(s):", Integer.valueOf(certificates.size()));
            int i = 0;
            Iterator<? extends Certificate> it = certificates.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                i++;
                LOGGER.debug("{}. '[issuer={}; serial={}; subject={}]'", Integer.valueOf(i), x509Certificate.getIssuerDN(), x509Certificate.getSerialNumber(), x509Certificate.getSubjectDN());
                LOGGER.debug("basic constraints: {}", Integer.valueOf(x509Certificate.getBasicConstraints()));
                int i2 = 0;
                for (boolean z : x509Certificate.getKeyUsage()) {
                    i2++;
                    LOGGER.debug("{}. key usage bit: {}", Integer.valueOf(i2), Boolean.valueOf(z));
                }
            }
            X509Certificate selectEncryptionCertificate = selectEncryptionCertificate(certStore);
            LOGGER.debug("Using [issuer={}; serial={}; subject={}] for message encryption", selectEncryptionCertificate.getIssuerDN(), selectEncryptionCertificate.getSerialNumber(), selectEncryptionCertificate.getSubjectDN());
            X509Certificate selectSigner = selectSigner(certStore);
            LOGGER.debug("Using [issuer={}; serial={}; subject={}] for message verification", selectSigner.getIssuerDN(), selectSigner.getSerialNumber(), selectSigner.getSubjectDN());
            X509Certificate selectIssuer = selectIssuer(certStore);
            LOGGER.debug("Using [issuer={}; serial={}]; subject={} for issuer", selectIssuer.getIssuerDN(), selectIssuer.getSerialNumber(), selectIssuer.getSubjectDN());
            return new CertStoreInspector(selectSigner, selectEncryptionCertificate, selectIssuer);
        } catch (CertStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private static X509Certificate selectEncryptionCertificate(CertStore certStore) throws CertStoreException {
        LOGGER.debug("Selecting encryption certificate");
        boolean[] zArr = new boolean[9];
        zArr[2] = true;
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setKeyUsage(zArr);
        LOGGER.debug("Selecting certificate with keyEncipherment keyUsage");
        Collection<? extends Certificate> certificates = certStore.getCertificates(x509CertSelector);
        if (certificates.size() > 0) {
            LOGGER.debug("Found {} certificate(s) with keyEncipherment keyUsage", Integer.valueOf(certificates.size()));
            return (X509Certificate) certificates.iterator().next();
        }
        LOGGER.debug("No certificates found.  Selecting certificate with dataEncipherment keyUsage");
        boolean[] zArr2 = new boolean[9];
        zArr2[3] = true;
        x509CertSelector.setKeyUsage(zArr2);
        Collection<? extends Certificate> certificates2 = certStore.getCertificates(x509CertSelector);
        if (certificates2.size() > 0) {
            LOGGER.debug("Found {} certificate(s) with dataEncipherment keyUsage", Integer.valueOf(certificates2.size()));
            return (X509Certificate) certificates2.iterator().next();
        }
        LOGGER.debug("No certificates found.  Falling back to CA certificate");
        return getCaCertificate(certStore);
    }

    private static X509Certificate selectIssuer(CertStore certStore) throws CertStoreException {
        LOGGER.debug("Selecting issuer certificate");
        LOGGER.debug("Selecting certificate with basicConstraints");
        return getCaCertificate(certStore);
    }

    private static X509Certificate selectSigner(CertStore certStore) throws CertStoreException {
        LOGGER.debug("Selecting verifier certificate");
        boolean[] zArr = new boolean[9];
        zArr[0] = true;
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setKeyUsage(zArr);
        LOGGER.debug("Selecting certificate with digitalSignature keyUsage");
        Collection<? extends Certificate> certificates = certStore.getCertificates(x509CertSelector);
        if (certificates.size() > 0) {
            LOGGER.debug("Found {} certificate(s) with digitalSignature keyUsage", Integer.valueOf(certificates.size()));
            return (X509Certificate) certificates.iterator().next();
        }
        LOGGER.debug("No certificates found.  Falling back to CA certificate");
        return getCaCertificate(certStore);
    }

    public X509Certificate getIssuer() {
        return this.issuer;
    }

    public X509Certificate getRecipient() {
        return this.encrypter;
    }

    public X509Certificate getSigner() {
        return this.verifier;
    }
}
