package hu.microsec.authenticator.util;

import android.content.Context;
import hu.microsec.authenticator.MainApplication;
import hu.microsec.authenticator.MscCertificateVerifier;
import hu.microsec.authenticator.R;
import hu.microsec.authenticator.util.CrlVerifier;
import hu.microsec.authenticator.util.OcspVerifier;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.spongycastle.asn1.x509.AccessDescription;
import org.spongycastle.asn1.x509.AuthorityInformationAccess;
import org.spongycastle.asn1.x509.GeneralName;

/* loaded from: classes.dex */
public class CertificateUtil {
    private static final int CERT_PATH_MAX_LENGHT = 4;
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateUtil.class);
    private static final String OID_AIA = "1.3.6.1.5.5.7.1.1";

    /* loaded from: classes.dex */
    public enum AIA_OIDS {
        OCSP_URI(OCSPObjectIdentifiers.pkix_ocsp, 6),
        ISSUER_CERT_URI("1.3.6.1.5.5.7.48.2", 6);

        public final String oid;
        public final int type;

        AIA_OIDS(String str, int i) {
            this.oid = str;
            this.type = i;
        }
    }

    public static String convertToPem(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return "-----BEGIN CERTIFICATE-----\r\n" + new String(Base64.encodeBase64(x509Certificate.getEncoded(), true)) + "-----END CERTIFICATE-----\r\n";
    }

    public static final X509Certificate convertX509Cert(javax.security.cert.X509Certificate x509Certificate) throws javax.security.cert.CertificateEncodingException, CertificateException {
        if (x509Certificate == null) {
            return null;
        }
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
    }

    public static final String extractStringFromAIA(X509Certificate x509Certificate, AIA_OIDS aia_oids) throws Exception {
        ByteArrayInputStream byteArrayInputStream;
        ASN1InputStream aSN1InputStream;
        ByteArrayInputStream byteArrayInputStream2 = null;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            try {
                LOGGER.debug("CERT SN= " + x509Certificate.getSerialNumber().toString(16));
                byteArrayInputStream = new ByteArrayInputStream(x509Certificate.getExtensionValue(OID_AIA));
                try {
                    aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
                } catch (Exception e) {
                    e = e;
                    byteArrayInputStream2 = byteArrayInputStream;
                } catch (Throwable th) {
                    th = th;
                    byteArrayInputStream2 = byteArrayInputStream;
                }
            } catch (Exception e2) {
                e = e2;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            for (AccessDescription accessDescription : AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(aSN1InputStream.readObject()).getOctets()).getAccessDescriptions()) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation != null && aia_oids.oid.equals(accessDescription.getAccessMethod().getId()) && aia_oids.type == accessLocation.getTagNo()) {
                    DERIA5String dERIA5String = (DERIA5String) accessLocation.getName();
                    LOGGER.debug("URI for " + aia_oids.oid + " : " + dERIA5String.getString());
                    String string = dERIA5String.getString();
                    IOUtils.closeQuietly((InputStream) byteArrayInputStream);
                    IOUtils.closeQuietly((InputStream) aSN1InputStream);
                    return string;
                }
            }
            IOUtils.closeQuietly((InputStream) byteArrayInputStream);
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            return null;
        } catch (Exception e3) {
            e = e3;
            aSN1InputStream2 = aSN1InputStream;
            byteArrayInputStream2 = byteArrayInputStream;
            LOGGER.error("Failed to get URI for " + aia_oids.name(), (Throwable) e);
            throw e;
        } catch (Throwable th3) {
            th = th3;
            aSN1InputStream2 = aSN1InputStream;
            byteArrayInputStream2 = byteArrayInputStream;
            IOUtils.closeQuietly((InputStream) byteArrayInputStream2);
            IOUtils.closeQuietly((InputStream) aSN1InputStream2);
            throw th;
        }
    }

    public static final X509Certificate getCertificate(String str) throws Exception {
        FileInputStream fileInputStream = null;
        File file = null;
        do {
            try {
                try {
                    File file2 = file;
                    file = new File(MainApplication.APP_EXT_DIR, System.currentTimeMillis() + ".cert");
                    try {
                    } catch (Exception e) {
                        e = e;
                    }
                } catch (Throwable th) {
                    th = th;
                }
            } catch (Exception e2) {
                e = e2;
            }
        } while (file.exists());
        LOGGER.debug("Cert file to save: {}", file.getAbsolutePath());
        FileUtils.copyURLToFile(new URL(str), file);
        FileInputStream fileInputStream2 = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream2);
            LOGGER.debug("Cert file {} deleted: {} ", file.getAbsolutePath(), Boolean.valueOf(file.delete()));
            IOUtils.closeQuietly((InputStream) fileInputStream2);
            return x509Certificate;
        } catch (Exception e3) {
            e = e3;
            fileInputStream = fileInputStream2;
            LOGGER.error("Failed to load certificate from {}", str);
            throw e;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = fileInputStream2;
            IOUtils.closeQuietly((InputStream) fileInputStream);
            throw th;
        }
    }

    public static final String getCertificateTypeName(Context context, CertificateType certificateType) {
        if (certificateType == null) {
            return null;
        }
        switch (certificateType) {
            case AUTHENTICATION:
                return context.getString(R.string.cert_type_auth);
            case ENCRYPTION:
                return context.getString(R.string.cert_type_encryption);
            case OTHER:
                return context.getString(R.string.cert_type_other);
            case SIGNING:
                return context.getString(R.string.cert_type_signing);
            default:
                return null;
        }
    }

    public static byte[] getFingerprint(Certificate certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        return MessageDigest.getInstance("SHA-1").digest(certificate.getEncoded());
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }

    public static final List<X509Certificate> loadCertificateChain(X509Certificate x509Certificate) throws Exception {
        X509Certificate x509Certificate2 = x509Certificate;
        try {
            ArrayList arrayList = new ArrayList();
            while (!isSelfSigned(x509Certificate2)) {
                if (arrayList.size() >= 4) {
                    throw new CertificateException("Certificate chain length exceeds limit 4");
                }
                x509Certificate2 = getCertificate(extractStringFromAIA(x509Certificate2, AIA_OIDS.ISSUER_CERT_URI));
                arrayList.add(x509Certificate2);
            }
            return arrayList;
        } catch (Exception e) {
            LOGGER.error("Failed to load certificate chain");
            throw e;
        }
    }

    public static final boolean validateCertPath(X509Certificate x509Certificate, Date date) {
        LOGGER.debug("CHAIN #0 sdn: " + x509Certificate.getSubjectDN().toString());
        LOGGER.debug("CHAIN #0 idn: " + x509Certificate.getIssuerDN().toString());
        int i = 1;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            for (X509Certificate x509Certificate2 : loadCertificateChain(x509Certificate)) {
                if (isSelfSigned(x509Certificate2)) {
                    LOGGER.debug("CHAIN #" + i + " root");
                    arrayList2.add(x509Certificate2);
                } else {
                    LOGGER.debug("CHAIN #" + i + " intermediate");
                    arrayList.add(x509Certificate2);
                }
                LOGGER.debug("CHAIN #" + i + " sdn: " + x509Certificate2.getSubjectDN().toString());
                LOGGER.debug("CHAIN #" + i + " idn: " + x509Certificate2.getIssuerDN().toString());
                i++;
            }
            boolean verify = new MscCertificateVerifier(arrayList2, arrayList).verify(x509Certificate, date);
            LOGGER.info("CERT valid: " + verify);
            return verify;
        } catch (Exception e) {
            LOGGER.warn("Validation failed", (Throwable) e);
            return false;
        }
    }

    public static Boolean verify(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        LOGGER.info("OCSP verification...");
        try {
            return Boolean.valueOf(OcspVerifier.verify(x509Certificate, x509Certificate2));
        } catch (OcspVerifier.OcspVerificationException e) {
            LOGGER.error("OCSP verification failed", (Throwable) e);
            LOGGER.info("CRL verification...");
            try {
                return Boolean.valueOf(CrlVerifier.verify(x509Certificate2));
            } catch (CrlVerifier.CrlVerificationException e2) {
                LOGGER.error("CRL verification failed", (Throwable) e2);
                return null;
            }
        }
    }
}
