package com.yessign.jce;

import com.yessign.api.yessignManager;
import com.yessign.asn1.ASN1Sequence;
import com.yessign.asn1.DERString;
import com.yessign.asn1.x509.AuthorityKeyIdentifier;
import com.yessign.asn1.x509.DistributionPoint;
import com.yessign.asn1.x509.DistributionPointName;
import com.yessign.asn1.x509.GeneralName;
import com.yessign.asn1.x509.GeneralNames;
import com.yessign.asn1.x509.SubjectKeyIdentifier;
import com.yessign.asn1.x509.X509Extensions;
import com.yessign.jce.provider.yessignProvider;
import com.yessign.sldap.LdapManager;
import java.security.InvalidAlgorithmParameterException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;

/* loaded from: classes.dex */
public class yessignCertPathValidator {
    public static String validErr;

    /* JADX WARN: Removed duplicated region for block: B:192:0x0181  */
    /* JADX WARN: Removed duplicated region for block: B:195:0x0301  */
    /* JADX WARN: Removed duplicated region for block: B:57:0x0131  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x017c  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x02b7 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0195 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.cert.X509Certificate a(java.security.cert.X509Certificate r11, java.security.cert.PKIXParameters r12) throws java.security.cert.CertPathBuilderException, com.yessign.daemon.LdapException {
        /*
            Method dump skipped, instructions count: 819
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yessign.jce.yessignCertPathValidator.a(java.security.cert.X509Certificate, java.security.cert.PKIXParameters):java.security.cert.X509Certificate");
    }

    private static Vector a(X509Certificate x509Certificate) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(yessignManager.getX509ExtObject(x509Certificate, X509Extensions.CRLDistributionPoints.getId()));
        if (aSN1Sequence == null) {
            return null;
        }
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            DistributionPointName distributionPoint = DistributionPoint.getInstance(aSN1Sequence.getObjectAt(i)).getDistributionPoint();
            if (distributionPoint.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint.getName()).getNames();
                for (int i2 = 0; i2 < names.length; i2++) {
                    if (names[i2].getTagNo() == 6) {
                        return LdapManager.parseURI(((DERString) names[i2].getName()).getString());
                    }
                }
            }
        }
        return null;
    }

    private static boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509CRL x509crl, Date date) {
        StringBuilder sb;
        String sb2;
        StringBuilder sb3;
        Date nextUpdate;
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy년 MM월 dd일 E요일 HH시 mm분 ss초");
        if (x509crl.getThisUpdate() == null) {
            sb2 = "인증서 폐지목록 게시날짜가 없음";
        } else if (x509crl.getNextUpdate() == null) {
            sb2 = "인증서 폐지목록 다음 업데이트 날짜가 없음";
        } else {
            if (date.before(x509crl.getThisUpdate())) {
                sb3 = new StringBuilder("아직 유효하지 않은 인증서 폐지목록임 : 발급일 - ");
                nextUpdate = x509crl.getThisUpdate();
            } else if (date.after(x509crl.getNextUpdate())) {
                sb3 = new StringBuilder("이미 유효기간이 만료된 인증서 폐지목록임 : 만료일 - ");
                nextUpdate = x509crl.getNextUpdate();
            } else {
                try {
                    x509crl.verify(x509Certificate2.getPublicKey(), yessignProvider.PROVIDER);
                    if (x509crl.getIssuerDN() == null || x509Certificate2.getSubjectDN() == null) {
                        sb2 = "NameChain 오류(DN 값이 null)";
                    } else if (x509crl.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                        try {
                            AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(yessignManager.getX509ExtObject(x509crl, X509Extensions.AuthorityKeyIdentifier.getId()));
                            AuthorityKeyIdentifier authorityKeyIdentifier2 = AuthorityKeyIdentifier.getInstance(yessignManager.getX509ExtObject(x509Certificate, X509Extensions.AuthorityKeyIdentifier.getId()));
                            if (authorityKeyIdentifier == null || authorityKeyIdentifier.getKeyIdentifier() == null || authorityKeyIdentifier2 == null || authorityKeyIdentifier2.getKeyIdentifier() == null) {
                                sb2 = "AKI 오류(AKI 값, 또는 AKI의 KeyIdentifier 필드가 null)";
                            } else {
                                if (authorityKeyIdentifier2.equals(authorityKeyIdentifier)) {
                                    return true;
                                }
                                sb2 = "AKI 오류(AKI 값이 불일치)";
                            }
                        } catch (Exception e) {
                            e = e;
                            sb = new StringBuilder("AKI 오류(CRL과 대상 인증서 AKI 생성 실패) - ");
                            sb.append(e);
                            sb2 = sb.toString();
                            validErr = sb2;
                            return false;
                        }
                    } else {
                        sb3 = new StringBuilder("NameChain 오류(발급자 DN과 불일치) - ");
                        sb3.append(x509crl.getIssuerDN());
                        sb2 = sb3.toString();
                    }
                } catch (Exception e2) {
                    e = e2;
                    sb = new StringBuilder("서명 검증 오류 - ");
                }
            }
            sb3.append(simpleDateFormat.format(nextUpdate));
            sb2 = sb3.toString();
        }
        validErr = sb2;
        return false;
    }

    private static boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        String message;
        StringBuilder sb;
        Principal certIssuer;
        try {
            x509Certificate2.checkValidity(date);
            if (x509Certificate.getIssuerDN() == null || x509Certificate2.getSubjectDN() == null) {
                message = "NameChain 오류(DN값이 null)";
            } else {
                if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(yessignManager.getX509ExtObject(x509Certificate, X509Extensions.AuthorityKeyIdentifier.getId()));
                    SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(yessignManager.getX509ExtObject(x509Certificate2, X509Extensions.SubjectKeyIdentifier.getId()));
                    if (authorityKeyIdentifier == null || authorityKeyIdentifier.getKeyIdentifier() == null || subjectKeyIdentifier == null || subjectKeyIdentifier.getKeyIdentifier() == null) {
                        message = "AKI 오류(aki 필드가 null)";
                    } else if (!Arrays.equals(authorityKeyIdentifier.getKeyIdentifier(), subjectKeyIdentifier.getKeyIdentifier())) {
                        message = "AKI 오류(KeyIdentifier 불일치)";
                    } else {
                        if (authorityKeyIdentifier.getCertIssuer() == null) {
                            return true;
                        }
                        if (authorityKeyIdentifier.getCertSerialNumber() == null) {
                            message = "AKI 오류(SerialNumber와 CertIssuer중 하나가 null)";
                        } else if (!authorityKeyIdentifier.getCertIssuer().equals(x509Certificate2.getIssuerDN())) {
                            sb = new StringBuilder("AKI 오류(CertIssuer 불일치) - ");
                            certIssuer = authorityKeyIdentifier.getCertIssuer();
                        } else {
                            if (authorityKeyIdentifier.getCertSerialNumber().equals(x509Certificate2.getSerialNumber())) {
                                return true;
                            }
                            message = "AKI 오류(SerialNumber 불일치)";
                        }
                    }
                } else {
                    sb = new StringBuilder("NameChain 오류(DN 불일치) - ");
                    certIssuer = x509Certificate.getSubjectDN();
                }
                sb.append(certIssuer);
                message = sb.toString();
            }
        } catch (Exception e) {
            message = e.getMessage();
        }
        validErr = message;
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:159:0x00ac  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00a7  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x01eb A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00c0 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.X509CRL findCRL(java.security.cert.X509Certificate r8, java.security.cert.X509Certificate r9, java.util.Date r10, java.lang.String r11) throws java.security.cert.CertPathBuilderException {
        /*
            Method dump skipped, instructions count: 572
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yessign.jce.yessignCertPathValidator.findCRL(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date, java.lang.String):java.security.cert.X509CRL");
    }

    public static X509CRL findCRLfromStore(Iterator it, X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date) {
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            if (a(x509Certificate, x509Certificate2, x509crl, date)) {
                return x509crl;
            }
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:188:0x03e6 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:194:? A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:195:0x03df A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void findCTLTrustAnchor(java.security.cert.X509Certificate r11, java.util.Set r12, java.util.Date r13) throws java.security.cert.CertPathBuilderException {
        /*
            Method dump skipped, instructions count: 1098
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yessign.jce.yessignCertPathValidator.findCTLTrustAnchor(java.security.cert.X509Certificate, java.util.Set, java.util.Date):void");
    }

    public static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set, Date date) throws CertPathBuilderException {
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            TrustAnchor trustAnchor = null;
            Exception e = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null && x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    try {
                        trustAnchor.getTrustedCert().checkValidity(date);
                        try {
                            x509Certificate.verify(trustAnchor.getTrustedCert().getPublicKey());
                        } catch (Exception e2) {
                            e = e2;
                        }
                    } catch (Exception e3) {
                        e = e3;
                    }
                }
                trustAnchor = null;
            }
            if (trustAnchor != null || e == null) {
                return trustAnchor;
            }
            if (e != null) {
                throw new CertPathBuilderException("해당 인증서를 발급한 TrustAnchor는 존재하나 검증 실패임", e);
            }
            throw new CertPathBuilderException("해당 인증서를 발급한 TrustAnchor가 존재하지 않음");
        } catch (Exception e4) {
            throw new CertPathBuilderException("fail to get issuer X500Principal encoding of param cert", e4);
        }
    }

    public CertPathBuilderResult buildAndValidate(X509Certificate x509Certificate, PKIXParameters pKIXParameters) throws CertPathBuilderException, CertPathValidatorException, InvalidAlgorithmParameterException {
        if (pKIXParameters == null) {
            throw new InvalidAlgorithmParameterException("인증서 경로구축을 위한 파라미터가 null임");
        }
        ArrayList arrayList = new ArrayList();
        Date date = pKIXParameters.getDate();
        if (date == null) {
            date = new Date();
            pKIXParameters.setDate(date);
        }
        Set<TrustAnchor> trustAnchors = pKIXParameters.getTrustAnchors();
        try {
            x509Certificate.checkValidity(date);
            arrayList.add(x509Certificate);
            X509Certificate x509Certificate2 = x509Certificate;
            while (!x509Certificate2.getIssuerDN().equals(x509Certificate2.getSubjectDN()) && findTrustAnchor(x509Certificate2, trustAnchors, date) == null) {
                try {
                    x509Certificate2 = a(x509Certificate2, pKIXParameters);
                    arrayList.add(x509Certificate2);
                } catch (Exception e) {
                    throw new CertPathBuilderException(x509Certificate2.getSubjectDN().getName() + "의 발급자 인증서 획득 실패", e);
                }
            }
            try {
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), yessignProvider.PROVIDER);
                CertPath generateCertPath = CertificateFactory.getInstance("X.509", yessignProvider.PROVIDER).generateCertPath(arrayList);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setSubject(x509Certificate.getSubjectX500Principal().getEncoded());
                pKIXParameters.setTargetCertConstraints(x509CertSelector);
                pKIXParameters.addCertStore(certStore);
                PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX", yessignProvider.PROVIDER).validate(generateCertPath, pKIXParameters);
                return new PKIXCertPathBuilderResult(generateCertPath, pKIXCertPathValidatorResult.getTrustAnchor(), pKIXCertPathValidatorResult.getPolicyTree(), pKIXCertPathValidatorResult.getPublicKey());
            } catch (CertPathValidatorException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new CertPathBuilderException("인증서 경로구축 기타 예외 발생", e3);
            }
        } catch (Exception e4) {
            throw new CertPathBuilderException(x509Certificate.getSubjectDN().getName() + " 유효기간 검증 실패", e4);
        }
    }
}
