package com.adobe.pki;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.CRLDistributionPoints;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.cert.extensions.GeneralNames;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.pkcs7.ContentInfo;
import com.rsa.certj.pkcs7.PKCS7Exception;
import com.rsa.certj.pkcs7.SignedData;
import com.rsa.certj.provider.db.MemoryDB;
import com.rsa.certj.provider.path.PKIXCertPath;
import com.rsa.certj.provider.revocation.CRLCertStatus;
import com.rsa.certj.spi.path.CertPathCtx;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.Vector;

/* loaded from: classes.dex */
public class PKIContext {
    static final /* synthetic */ boolean $assertionsDisabled;
    private CertJ m_certJContext;
    private CRLCertStatus m_crlRevChecker;
    private PKIXCertPath m_graphBuilder;
    private MemoryDB m_inMemoryCertStoreProvider;
    private boolean m_isInit = false;

    static {
        $assertionsDisabled = !PKIContext.class.desiredAssertionStatus();
    }

    private void getCRLsFromCert(X509Certificate x509Certificate, Vector<byte[]> vector) throws GeneralSecurityException {
        Vector<byte[]> cRLsFromURL;
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null) {
            return;
        }
        try {
            X509V3Extension extensionByType = extensions.getExtensionByType(31);
            if (extensionByType != null) {
                CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) extensionByType;
                int distributionPointCount = cRLDistributionPoints.getDistributionPointCount();
                for (int i = 0; i < distributionPointCount; i++) {
                    try {
                        Object distributionPointName = cRLDistributionPoints.getDistributionPointName(i);
                        if (distributionPointName instanceof GeneralNames) {
                            GeneralNames generalNames = (GeneralNames) distributionPointName;
                            for (int i2 = 0; i2 < generalNames.getNameCount(); i2++) {
                                GeneralName generalName = generalNames.getGeneralName(i2);
                                if (generalName.getGeneralNameType() == 7 && (cRLsFromURL = getCRLsFromURL((String) generalName.getGeneralName())) != null) {
                                    vector.addAll(cRLsFromURL);
                                }
                            }
                        }
                    } catch (IOException e) {
                    }
                }
            }
        } catch (CertificateException e2) {
            throw new GeneralSecurityException("Unable to obtain CRLs: " + e2.getLocalizedMessage());
        } catch (NameException e3) {
            throw new GeneralSecurityException("Unable to obtain CRLs: " + e3.getLocalizedMessage());
        }
    }

    private Vector<byte[]> getCRLsFromURL(String str) throws GeneralSecurityException, IOException {
        CertificateException certificateException;
        URLConnection openConnection = new URL(str).openConnection();
        openConnection.setDoInput(true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[512];
        try {
            InputStream inputStream = openConnection.getInputStream();
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArray != null) {
                Vector<byte[]> lookupPEMCRLs = lookupPEMCRLs(byteArray);
                if (lookupPEMCRLs != null) {
                    return lookupPEMCRLs;
                }
                Vector<byte[]> lookupPKCS7CRLs = lookupPKCS7CRLs(byteArray);
                if (lookupPKCS7CRLs != null) {
                    return lookupPKCS7CRLs;
                }
                try {
                    X509CRL x509crl = new X509CRL(byteArray, 0, 0);
                    Vector<byte[]> vector = new Vector<>();
                    try {
                        byte[] bArr2 = new byte[x509crl.getDERLen(0)];
                        x509crl.getDEREncoding(bArr2, 0, x509crl.getDERLen(0));
                        vector.add(bArr2);
                        if (vector != null) {
                            return vector;
                        }
                    } catch (CertificateException e) {
                        certificateException = e;
                        throw new java.security.cert.CertificateException(certificateException.getLocalizedMessage());
                    }
                } catch (CertificateException e2) {
                    certificateException = e2;
                }
            }
            return null;
        } catch (IllegalArgumentException e3) {
            throw new GeneralSecurityException("Unable to obtain CRLs: " + e3.getLocalizedMessage());
        }
    }

    private void harvestCRLsFromChain(Vector<X509Certificate> vector, Vector<byte[]> vector2) throws GeneralSecurityException {
        for (int i = 0; i < vector.size(); i++) {
            getCRLsFromCert(vector.get(i), vector2);
        }
    }

    private boolean isCertSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerName().equals(x509Certificate.getSubjectName());
    }

    private Vector<byte[]> lookupPEMCRLs(byte[] bArr) {
        Vector<byte[]> lookupPEMTokens = PKIUtils.lookupPEMTokens(bArr, "X509 CRL");
        if (lookupPEMTokens == null) {
            return null;
        }
        Vector<byte[]> vector = new Vector<>();
        for (int i = 0; i < lookupPEMTokens.size(); i++) {
            try {
                byte[] elementAt = lookupPEMTokens.elementAt(i);
                new X509CRL(elementAt, 0, 0);
                vector.add(elementAt);
            } catch (CertificateException e) {
                if (!$assertionsDisabled) {
                    throw new AssertionError();
                }
            }
        }
        if (vector.size() > 0) {
            return vector;
        }
        return null;
    }

    private Vector<byte[]> lookupPKCS7CRLs(byte[] bArr) {
        Vector<byte[]> vector = new Vector<>();
        try {
            if (ContentInfo.getMessageType(bArr, 0, bArr.length) == 2) {
                SignedData signedData = (SignedData) ContentInfo.getInstance(2, this.m_certJContext, null);
                signedData.readInit(bArr, 0, bArr.length);
                signedData.readFinal();
                Vector cRLs = signedData.getCRLs();
                if (cRLs != null) {
                    for (int i = 0; i < cRLs.size(); i++) {
                        X509CRL x509crl = (X509CRL) cRLs.get(i);
                        byte[] bArr2 = new byte[x509crl.getDERLen(0)];
                        x509crl.getDEREncoding(bArr2, 0, x509crl.getDERLen(0));
                        vector.add(bArr2);
                    }
                }
            }
        } catch (CertificateException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        } catch (PKCS7Exception e2) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        if (vector.size() > 0) {
            return vector;
        }
        return null;
    }

    public void Init() throws GeneralSecurityException {
        try {
            this.m_crlRevChecker = new CRLCertStatus("crlRevChecker");
            this.m_graphBuilder = new PKIXCertPath("PKIXGraphBuilder");
            this.m_inMemoryCertStoreProvider = new MemoryDB("inMemoryDB");
            this.m_certJContext = new CertJ();
            this.m_certJContext.addProvider(this.m_crlRevChecker);
            this.m_certJContext.addProvider(this.m_graphBuilder);
            this.m_certJContext.addProvider(this.m_inMemoryCertStoreProvider);
            this.m_isInit = true;
        } catch (CertJException e) {
            throw new GeneralSecurityException(e.getLocalizedMessage());
        }
    }

    public boolean VerifyCertPath(byte[] bArr, Vector<byte[]> vector, Vector<byte[]> vector2, Vector<byte[]> vector3, Vector<byte[]> vector4, Vector<byte[]> vector5, boolean z) throws GeneralSecurityException {
        boolean z2 = false;
        if (!this.m_isInit) {
            return false;
        }
        try {
            DatabaseService databaseService = (DatabaseService) this.m_certJContext.bindService(1, "inMemoryDB");
            for (int i = 0; i < vector2.size(); i++) {
                databaseService.insertCertificate(new X509Certificate(vector2.elementAt(i), 0, 0));
            }
            Certificate[] certificateArr = new Certificate[Math.max(vector.size(), 1)];
            for (int i2 = 0; i2 < vector.size(); i2++) {
                certificateArr[i2] = new X509Certificate(vector.elementAt(i2), 0, 0);
            }
            CertPathCtx certPathCtx = new CertPathCtx(z ? 4 | 2 : 4, certificateArr, (byte[][]) null, new Date(), databaseService);
            X509Certificate x509Certificate = new X509Certificate(bArr, 0, 0);
            Vector<X509Certificate> vector6 = new Vector<>();
            if (this.m_certJContext.buildCertPath(certPathCtx, x509Certificate, vector6, null, null, null)) {
                harvestCRLsFromChain(vector6, vector4);
                for (int i3 = 0; i3 < vector6.size(); i3++) {
                    X509Certificate elementAt = vector6.elementAt(i3);
                    byte[] bArr2 = new byte[elementAt.getDERLen(0)];
                    elementAt.getDEREncoding(bArr2, 0, elementAt.getDERLen(0));
                    vector3.add(bArr2);
                }
                z2 = true;
            }
            return z2;
        } catch (CertJException e) {
            throw new GeneralSecurityException(e.getLocalizedMessage());
        } catch (CertificateException e2) {
            throw new GeneralSecurityException(e2.getLocalizedMessage());
        }
    }

    public boolean VerifyPathRevocation(Vector<byte[]> vector, Vector<byte[]> vector2, Vector<byte[]> vector3, Vector<byte[]> vector4) throws GeneralSecurityException {
        if (!this.m_isInit) {
            return false;
        }
        try {
            DatabaseService databaseService = (DatabaseService) this.m_certJContext.bindService(1, "inMemoryDB");
            for (int i = 0; i < vector3.size(); i++) {
                databaseService.insertCertificate(new X509Certificate(vector3.elementAt(i), 0, 0));
            }
            Certificate[] certificateArr = new Certificate[Math.max(vector2.size(), 1)];
            for (int i2 = 0; i2 < vector2.size(); i2++) {
                certificateArr[i2] = new X509Certificate(vector2.elementAt(i2), 0, 0);
            }
            for (int i3 = 0; i3 < vector4.size(); i3++) {
                databaseService.insertCRL(new X509CRL(vector4.elementAt(i3), 0, 0));
            }
            CertPathCtx certPathCtx = new CertPathCtx(0, certificateArr, (byte[][]) null, new Date(), databaseService);
            boolean z = false;
            for (int i4 = 0; i4 < vector.size() && !z; i4++) {
                if (this.m_certJContext.checkCertRevocation(certPathCtx, new X509Certificate(vector.elementAt(i4), 0, 0)).getStatus() == 1) {
                    z = true;
                }
            }
            return !z;
        } catch (CertJException e) {
            throw new GeneralSecurityException(e.getLocalizedMessage());
        } catch (CertificateException e2) {
            throw new GeneralSecurityException(e2.getLocalizedMessage());
        }
    }
}
