package ym;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.crypto.IllegalBlockSizeException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes3.dex */
public class w {
    public static boolean a(@Nullable X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException e11) {
            g0.n("CertificateUtils", "Certificate Expired", e11);
            return false;
        } catch (CertificateNotYetValidException e12) {
            g0.U("CertificateUtils", "Certificate not yet valid: ", e12);
            return false;
        }
    }

    @Nullable
    public static X509Certificate h(@Nullable byte[] bArr) {
        if (l.e(bArr)) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e11) {
            g0.n("CertificateUtils", "Error during X.509 certificate generation", e11);
            return null;
        }
    }

    @Nullable
    public static Collection<X509Certificate> i(@Nullable byte[] bArr) {
        if (l.e(bArr)) {
            return null;
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
        } catch (CertificateException e11) {
            g0.n("CertificateUtils", "Error during X.509 certificate generation", e11);
            return null;
        }
    }

    @Nullable
    public List<X509Certificate> b(X509Certificate[] x509CertificateArr, List<X509Certificate> list) {
        boolean z11;
        g0.c("CertificateUtils", "getCertificateChainUptoRoot");
        if (!f(x509CertificateArr)) {
            return null;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(x509CertificateArr));
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        while (!x509Certificate.getSubjectDN().getName().equals(x509Certificate.getIssuerDN().getName())) {
            Iterator<X509Certificate> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z11 = false;
                    break;
                }
                X509Certificate next = it.next();
                if (x509Certificate.getIssuerDN().getName().equals(next.getSubjectDN().getName())) {
                    try {
                        x509Certificate.verify(next.getPublicKey());
                        arrayList.add(next);
                        g0.c("CertificateUtils", "Issuer for " + x509Certificate.getSubjectDN().getName() + " found.");
                        x509Certificate = next;
                        z11 = true;
                        break;
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        g0.c("CertificateUtils", "Issuer found, but signature verification failed");
                    } catch (Exception e11) {
                        if (!(e11 instanceof IllegalBlockSizeException)) {
                            throw e11;
                        }
                        g0.c("CertificateUtils", "Issuer found, but signature verification failed");
                    }
                }
            }
            if (!z11) {
                g0.k("CertificateUtils", "Unable to complete the chain");
                return null;
            }
        }
        return arrayList;
    }

    @Nullable
    public List<X509Certificate> c(X509Certificate x509Certificate, List<X509Certificate> list) {
        g0.c("CertificateUtils", "getChainWithIssuerCert");
        try {
            x509Certificate.checkValidity();
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            for (X509Certificate x509Certificate2 : list) {
                if (x509Certificate.getIssuerDN().getName().equals(x509Certificate2.getSubjectDN().getName())) {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        arrayList.add(x509Certificate2);
                        g0.c("CertificateUtils", "Issuer for " + x509Certificate.getSubjectDN().getName() + " found.");
                        return arrayList;
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        g0.c("CertificateUtils", "Issuer found, but signature verification failed");
                    } catch (Exception e11) {
                        if (!(e11 instanceof IllegalBlockSizeException)) {
                            throw e11;
                        }
                        g0.c("CertificateUtils", "Issuer found, but signature verification failed");
                    }
                }
            }
            return null;
        } catch (CertificateExpiredException | CertificateNotYetValidException unused2) {
            g0.c("CertificateUtils", "Invalid cert : " + x509Certificate.getSubjectDN().getName());
            return null;
        }
    }

    public String d(X509Certificate x509Certificate) {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.reset();
            messageDigest.update(encoded);
            return new BigInteger(1, messageDigest.digest()).toString(16);
        } catch (NoSuchAlgorithmException e11) {
            throw new RuntimeException(e11);
        } catch (CertificateEncodingException e12) {
            throw new RuntimeException(e12);
        }
    }

    public boolean e(@NonNull X509Certificate x509Certificate) {
        boolean z11 = x509Certificate.getBasicConstraints() != -1;
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        boolean z12 = keyUsage != null && keyUsage[5];
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Verifying CA Certificate using basic constraints extensions and key usage: ");
        sb2.append(z11 && z12);
        g0.c("CertificateUtils", sb2.toString());
        return z11 && z12;
    }

    public boolean f(X509Certificate[] x509CertificateArr) {
        String name = x509CertificateArr[0].getSubjectDN().getName();
        g0.c("CertificateUtils", "isChainValid called for " + name + " with chain length: " + x509CertificateArr.length);
        int i11 = 0;
        while (i11 < x509CertificateArr.length - 1) {
            try {
                int i12 = i11 + 1;
                x509CertificateArr[i11].verify(x509CertificateArr[i12].getPublicKey());
                x509CertificateArr[i11].checkValidity();
                i11 = i12;
            } catch (InvalidKeyException e11) {
                e = e11;
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e.toString());
                return false;
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e.toString());
                return false;
            } catch (NoSuchProviderException e13) {
                e = e13;
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e.toString());
                return false;
            } catch (SignatureException e14) {
                e = e14;
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e.toString());
                return false;
            } catch (CertificateExpiredException e15) {
                e = e15;
                g0.k("CertificateUtils", "Cert chain for " + name + " not valid. " + e.toString());
                return false;
            } catch (CertificateNotYetValidException e16) {
                e = e16;
                g0.k("CertificateUtils", "Cert chain for " + name + " not valid. " + e.toString());
                return false;
            } catch (CertificateException e17) {
                e = e17;
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e.toString());
                return false;
            } catch (Exception e18) {
                if (!(e18 instanceof IllegalBlockSizeException)) {
                    throw e18;
                }
                g0.c("CertificateUtils", "Exception while validating cert chain for " + name + e18.toString());
                return false;
            }
        }
        x509CertificateArr[x509CertificateArr.length - 1].checkValidity();
        g0.c("CertificateUtils", "Chain for " + name + " is valid");
        return true;
    }

    public boolean g(X509Certificate[] x509CertificateArr, List<X509Certificate> list) {
        StringBuilder sb2;
        String str;
        String name = x509CertificateArr[0].getSubjectDN().getName();
        g0.c("CertificateUtils", "isTrusted called for " + name + " with chain length: " + x509CertificateArr.length);
        if (f(x509CertificateArr)) {
            for (int length = x509CertificateArr.length - 1; length >= 0; length--) {
                X509Certificate x509Certificate = x509CertificateArr[length];
                Iterator<X509Certificate> it = list.iterator();
                while (it.hasNext()) {
                    if (Arrays.equals(x509Certificate.getSignature(), it.next().getSignature())) {
                        g0.c("CertificateUtils", "Cert in provided chain found in trust store. Cert chain is valid.");
                        return true;
                    }
                }
            }
            X509Certificate x509Certificate2 = x509CertificateArr[x509CertificateArr.length - 1];
            for (X509Certificate x509Certificate3 : list) {
                if (x509Certificate2.getIssuerDN().getName().equals(x509Certificate3.getSubjectDN().getName())) {
                    try {
                        x509Certificate2.verify(x509Certificate3.getPublicKey());
                        g0.c("CertificateUtils", "Issuer found for: " + name + " in trust store. Cert chain is trusted.");
                        return true;
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        str = "Issuer name matched, but not signature. Continuing to check for right issuer";
                        g0.c("CertificateUtils", str);
                    } catch (Exception e11) {
                        if (!(e11 instanceof IllegalBlockSizeException)) {
                            throw e11;
                        }
                        str = "Issuer found, but signature verification failed";
                        g0.c("CertificateUtils", str);
                    }
                }
            }
            sb2 = new StringBuilder();
        } else {
            sb2 = new StringBuilder();
        }
        sb2.append(name);
        sb2.append(" is not trusted");
        g0.c("CertificateUtils", sb2.toString());
        return false;
    }
}
