package etri.fido.auth.crypto;

import etri.fido.auth.common.AuthException;
import etri.fido.utility.Base64Helper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import o.AbstractC2852Sk;
import o.AbstractC2858Sq;
import o.AbstractC2859Sr;
import o.C2848Sg;
import o.C2922Va;
import o.C2927Vf;
import o.C2929Vh;
import o.C2930Vi;
import o.SW;
import o.SY;
import o.UV;

/* loaded from: classes2.dex */
public class ETRICertPathValidator implements CertPathValidator {
    public static boolean checkCRL(X509Certificate x509Certificate) {
        try {
            Iterator<String> it = getCrlDPs(x509Certificate).iterator();
            while (it.hasNext()) {
                if (downloadCRL(it.next()).isRevoked(x509Certificate)) {
                    return false;
                }
            }
            return true;
        } catch (Exception unused) {
            throw new AuthException("can not check CRL for certificate: " + x509Certificate.getSubjectX500Principal());
        }
    }

    private static X509CRL downloadCRL(String str) {
        if (!str.startsWith("http://") && !str.startsWith("https://") && !str.startsWith("ftp://")) {
            return null;
        }
        try {
            InputStream openStream = new URL(str).openStream();
            try {
                return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
            } finally {
                openStream.close();
            }
        } catch (Exception e) {
            throw new AuthException(e.getMessage());
        }
    }

    public static List<String> getCrlDPs(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return arrayList;
        }
        C2848Sg c2848Sg = new C2848Sg(new ByteArrayInputStream(extensionValue));
        try {
            try {
                AbstractC2858Sq abstractC2858Sq = null;
                try {
                    abstractC2858Sq = new C2848Sg(new ByteArrayInputStream(((SY) c2848Sg.m9818()).mo9798())).m9818();
                } catch (IOException e) {
                    e.printStackTrace();
                }
                C2922Va[] m9945 = (abstractC2858Sq != null ? new UV(AbstractC2859Sr.m9846(abstractC2858Sq)) : null).m9945();
                for (C2922Va c2922Va : m9945) {
                    C2929Vh c2929Vh = c2922Va.f17143;
                    if (c2929Vh != null && c2929Vh.f17179 == 0) {
                        AbstractC2852Sk abstractC2852Sk = c2929Vh.f17178;
                        C2927Vf c2927Vf = abstractC2852Sk instanceof C2927Vf ? (C2927Vf) abstractC2852Sk : abstractC2852Sk != null ? new C2927Vf(AbstractC2859Sr.m9846(abstractC2852Sk)) : null;
                        C2927Vf c2927Vf2 = c2927Vf;
                        C2930Vi[] c2930ViArr = new C2930Vi[c2927Vf.f17156.length];
                        System.arraycopy(c2927Vf2.f17156, 0, c2930ViArr, 0, c2927Vf2.f17156.length);
                        for (int i = 0; i < c2930ViArr.length; i++) {
                            if (c2930ViArr[i].f17181 == 6) {
                                arrayList.add(SW.m9803(c2930ViArr[i].f17180).mo9698());
                            }
                        }
                    }
                }
                return arrayList;
            } finally {
                try {
                    c2848Sg.close();
                } catch (IOException unused) {
                }
            }
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new AuthException(e2.getMessage());
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException unused) {
            return false;
        } catch (NoSuchAlgorithmException e) {
            throw new AuthException(e.getMessage());
        } catch (NoSuchProviderException e2) {
            throw new AuthException(e2.getMessage());
        } catch (SignatureException unused2) {
            return false;
        } catch (CertificateException e3) {
            throw new AuthException(e3.getMessage());
        }
    }

    @Override // etri.fido.auth.crypto.CertPathValidator
    public boolean validate(String[] strArr, byte[][] bArr) {
        if (strArr == null) {
            throw new AuthException("strRootCerts is null");
        }
        if (bArr == null) {
            throw new AuthException("certs is null");
        }
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            hashSet.add(new TrustAnchor(CryptoHelper.getX509Certificate(Base64Helper.decode(str)), null));
        }
        X509Certificate x509Certificate = CryptoHelper.getX509Certificate(bArr[0]);
        HashSet hashSet2 = new HashSet();
        for (byte[] bArr2 : bArr) {
            hashSet2.add(CryptoHelper.getX509Certificate(bArr2));
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        try {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            try {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), "SC"));
                try {
                    PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "SC").build(pKIXBuilderParameters);
                    return (pKIXCertPathBuilderResult == null || pKIXCertPathBuilderResult.getTrustAnchor() == null) ? false : true;
                } catch (InvalidAlgorithmParameterException e) {
                    e.printStackTrace();
                    throw new AuthException(e.getMessage());
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                    throw new AuthException(e2.getMessage());
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                    throw new AuthException(e3.getMessage());
                } catch (CertPathBuilderException unused) {
                    return false;
                }
            } catch (InvalidAlgorithmParameterException e4) {
                e4.printStackTrace();
                throw new AuthException(e4.getMessage());
            } catch (NoSuchAlgorithmException e5) {
                e5.printStackTrace();
                throw new AuthException(e5.getMessage());
            } catch (NoSuchProviderException e6) {
                e6.printStackTrace();
                throw new AuthException(e6.getMessage());
            }
        } catch (InvalidAlgorithmParameterException e7) {
            e7.printStackTrace();
            throw new AuthException(e7.getMessage());
        }
    }
}
