package hu.microsec.authenticator;

import hu.microsec.authenticator.util.CertificateUtil;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.jscep.client.verification.CertificateVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
public class MscCertificateVerifier implements CertificateVerifier {
    private static final Logger LOGGER = LoggerFactory.getLogger(MscCertificateVerifier.class);
    private List<X509Certificate> intermediateList;
    private List<X509Certificate> rootList;

    public MscCertificateVerifier(List<X509Certificate> list, List<X509Certificate> list2) {
        this.rootList = list;
        this.intermediateList = list2;
    }

    @Override // org.jscep.client.verification.CertificateVerifier
    public boolean verify(X509Certificate x509Certificate) {
        return verify(x509Certificate, null);
    }

    public boolean verify(X509Certificate x509Certificate, Date date) {
        byte[] fingerprint;
        if (date != null) {
            LOGGER.debug("verify cert: DATE: {}", date);
        }
        LOGGER.debug("verify cert: {}", x509Certificate.getSubjectDN());
        try {
            HashSet hashSet = new HashSet();
            Iterator<X509Certificate> it = this.rootList.iterator();
            while (it.hasNext()) {
                hashSet.add(new TrustAnchor(it.next(), null));
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            arrayList.addAll(this.intermediateList);
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(false);
            if (date != null) {
                pKIXBuilderParameters.setDate(date);
            }
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
            Iterator<? extends Certificate> it2 = pKIXCertPathBuilderResult.getCertPath().getCertificates().iterator();
            while (it2.hasNext()) {
                LOGGER.debug("cert path: {}", ((X509Certificate) it2.next()).getSubjectDN());
            }
            X509Certificate trustedCert = pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert();
            LOGGER.debug("cert path: {}", trustedCert.getSubjectDN());
            fingerprint = CertificateUtil.getFingerprint(trustedCert);
        } catch (Exception e) {
            LOGGER.error("Error during certificate verification", (Throwable) e);
        }
        if (!Arrays.equals(fingerprint, Hex.decode("89df74fe5cf40f4a80f9e3377d54da91e101318e")) && !Arrays.equals(fingerprint, Hex.decode("2388c9d371cc9e963dff7d3ca7cefcd625ec190d"))) {
            if (MainApplication.TEST && Arrays.equals(fingerprint, Hex.decode("f3a3782b51425a8559f2c8dfac67528a12bf6c06"))) {
                return true;
            }
            LOGGER.error("Non-Microsec root CA not allowed");
            return false;
        }
        return true;
    }
}
