package cn.win_trust_erpc;

import cn.win_trust_erpc.bouncycastle.asn1.ASN1ObjectIdentifier;
import cn.win_trust_erpc.bouncycastle.asn1.ASN1Primitive;
import cn.win_trust_erpc.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import cn.win_trust_erpc.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cn.win_trust_erpc.bouncycastle.asn1.x509.Certificate;
import cn.win_trust_erpc.bouncycastle.crypto.CipherParameters;
import cn.win_trust_erpc.bouncycastle.crypto.DataLengthException;
import cn.win_trust_erpc.bouncycastle.crypto.Signer;
import cn.win_trust_erpc.bouncycastle.crypto.digests.MD5Digest;
import cn.win_trust_erpc.bouncycastle.crypto.digests.SHA1Digest;
import cn.win_trust_erpc.bouncycastle.crypto.digests.SHA224Digest;
import cn.win_trust_erpc.bouncycastle.crypto.digests.SHA256Digest;
import cn.win_trust_erpc.bouncycastle.crypto.digests.SHA384Digest;
import cn.win_trust_erpc.bouncycastle.crypto.digests.SHA512Digest;
import cn.win_trust_erpc.bouncycastle.crypto.signers.RSADigestSigner;
import cn.win_trust_erpc.bouncycastle.crypto.signers.SM2Signer;
import cn.win_trust_erpc.bouncycastle.crypto.util.PublicKeyFactory;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:cn/win_trust_erpc/CertVerifyUtil.class */
public class CertVerifyUtil {
    public static final ASN1ObjectIdentifier sm2SignWithSM3 = new ASN1ObjectIdentifier("1.2.156.10197.1.501");

    public static Certificate[] MakeExternCertificateChain(String[] strArr) {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (String str : strArr) {
            arrayList.add(Util.hexStringToBytes(str));
        }
        return MakeExternCertificateChain(arrayList);
    }

    public static Certificate[] MakeExternCertificateChain(List<byte[]> list) {
        Certificate[] certificateArr = new Certificate[list.size()];
        for (int i = 0; i < certificateArr.length; i++) {
            certificateArr[i] = Certificate.getInstance(list.get(i));
        }
        return certificateArr;
    }

    public static boolean isValidParent(Certificate certificate, Certificate certificate2) {
        Signer rSADigestSigner;
        boolean z = false;
        try {
            byte[] encoded = certificate.getTBSCertificate().getEncoded();
            CipherParameters createKey = PublicKeyFactory.createKey(certificate2.getSubjectPublicKeyInfo());
            byte[] bytes = certificate.getSignature().getBytes();
            AlgorithmIdentifier signatureAlgorithm = certificate.getSignatureAlgorithm();
            if (certificate2.getSignatureAlgorithm().getAlgorithm().equals((ASN1Primitive) sm2SignWithSM3)) {
                rSADigestSigner = new SM2Signer();
            } else if (signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.md5WithRSAEncryption)) {
                rSADigestSigner = new RSADigestSigner(new MD5Digest());
            } else if (signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.sha1WithRSAEncryption)) {
                rSADigestSigner = new RSADigestSigner(new SHA1Digest());
            } else if (signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.sha256WithRSAEncryption)) {
                rSADigestSigner = new RSADigestSigner(new SHA256Digest());
            } else if (signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.sha224WithRSAEncryption)) {
                rSADigestSigner = new RSADigestSigner(new SHA224Digest());
            } else if (signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.sha384WithRSAEncryption)) {
                rSADigestSigner = new RSADigestSigner(new SHA384Digest());
            } else {
                if (!signatureAlgorithm.getAlgorithm().equals((ASN1Primitive) PKCSObjectIdentifiers.sha512WithRSAEncryption)) {
                    return false;
                }
                rSADigestSigner = new RSADigestSigner(new SHA512Digest());
            }
            rSADigestSigner.init(false, createKey);
            rSADigestSigner.update(encoded, 0, encoded.length);
            z = rSADigestSigner.verifySignature(bytes);
        } catch (DataLengthException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        }
        return z;
    }

    public static boolean isValidRoot(Certificate certificate) {
        return isValidParent(certificate, certificate);
    }

    public static Certificate getParentCertificate(Certificate certificate, Certificate[] certificateArr) throws IOException {
        for (int i = 0; i < certificateArr.length; i++) {
            if (isValidParent(certificate, certificateArr[i])) {
                return certificateArr[i];
            }
        }
        return null;
    }

    public static boolean isValid(Certificate[] certificateArr, Certificate[] certificateArr2) throws IOException {
        boolean z = false;
        Certificate certificate = certificateArr[0];
        Certificate certificate2 = certificate;
        do {
            certificate2 = getParentCertificate(certificate2, certificateArr);
            if (certificate2 != null) {
                if (certificate.equals(certificate2)) {
                    break;
                }
                certificate = certificate2;
            }
        } while (certificate2 != null);
        Certificate certificate3 = certificate;
        while (true) {
            certificate3 = getParentCertificate(certificate3, certificateArr2);
            if (certificate3 != null && isValidRoot(certificate3)) {
                z = true;
                break;
            }
            if (certificate3 == null) {
                break;
            }
        }
        return z;
    }
}
