package cfca.sadk.cgb.toolkit;

import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.org.bouncycastle.util.encoders.Hex;
import cfca.sadk.x509.certificate.X509CRLFile;
import cfca.sadk.x509.certificate.X509Cert;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:cfca/sadk/cgb/toolkit/X509CertValidator.class */
public final class X509CertValidator {
    public static final int VERIFY_CERT_RESULT_VALID = 1;
    public static final int VERIFY_CERT_RESULT_NOT_YET_VALID = -1;
    public static final int VERIFY_CERT_RESULT_HAS_EXPIRED = -2;
    private static final Map trustCerts = new HashMap();

    public static void updateTrustCertsMap(ArrayList arrayList) throws PKIException {
        if (arrayList == null) {
            throw new IllegalArgumentException("null not allowed for trustCertPaths");
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            updateTrustCertsMap((String) it.next());
        }
    }

    public static void updateTrustCertsMap(String str) throws PKIException {
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for trustCerPath");
        }
        X509Cert loadTrustCert = loadTrustCert(str);
        synchronized (trustCerts) {
            trustCerts.put(loadTrustCert.getSubject(), loadTrustCert.getPublicKey());
            if (loadTrustCert.getSubjectKeyIdentifier() != null) {
                try {
                    trustCerts.put(Hex.toHexString(loadTrustCert.getSubjectKeyIdentifier().getKeyIdentifier()), loadTrustCert.getPublicKey());
                } catch (Exception e) {
                }
            }
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:11:0x0049
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private static cfca.sadk.x509.certificate.X509Cert loadTrustCert(java.lang.String r5) throws cfca.sadk.algorithm.common.PKIException {
        /*
            r0 = r5
            if (r0 != 0) goto Le
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException
            r1 = r0
            java.lang.String r2 = "null not allowed for trustCerPath"
            r1.<init>(r2)
            throw r0
        Le:
            r0 = 0
            r6 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: cfca.sadk.algorithm.common.PKIException -> L27 java.lang.Exception -> L2a java.lang.Throwable -> L36
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: cfca.sadk.algorithm.common.PKIException -> L27 java.lang.Exception -> L2a java.lang.Throwable -> L36
            r6 = r0
            cfca.sadk.x509.certificate.X509Cert r0 = new cfca.sadk.x509.certificate.X509Cert     // Catch: cfca.sadk.algorithm.common.PKIException -> L27 java.lang.Exception -> L2a java.lang.Throwable -> L36
            r1 = r0
            r2 = r6
            r1.<init>(r2)     // Catch: cfca.sadk.algorithm.common.PKIException -> L27 java.lang.Exception -> L2a java.lang.Throwable -> L36
            r7 = r0
            r0 = jsr -> L3c
        L25:
            r1 = r7
            return r1
        L27:
            r7 = move-exception
            r0 = r7
            throw r0     // Catch: java.lang.Throwable -> L36
        L2a:
            r7 = move-exception
            cfca.sadk.algorithm.common.PKIException r0 = new cfca.sadk.algorithm.common.PKIException     // Catch: java.lang.Throwable -> L36
            r1 = r0
            java.lang.String r2 = "update trust certificate failure"
            r3 = r7
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L36
            throw r0     // Catch: java.lang.Throwable -> L36
        L36:
            r8 = move-exception
            r0 = jsr -> L3c
        L3a:
            r1 = r8
            throw r1
        L3c:
            r9 = r0
            r0 = r6
            if (r0 == 0) goto L4b
            r0 = r6
            r0.close()     // Catch: java.lang.Exception -> L49
            goto L4b
        L49:
            r10 = move-exception
        L4b:
            ret r9
        */
        throw new UnsupportedOperationException("Method not decompiled: cfca.sadk.cgb.toolkit.X509CertValidator.loadTrustCert(java.lang.String):cfca.sadk.x509.certificate.X509Cert");
    }

    public static void clearTrustCertsMap() {
        synchronized (trustCerts) {
            trustCerts.clear();
        }
    }

    public static int verifyCertificate(byte[] bArr) throws PKIException {
        if (1 == verifyCertDate(bArr)) {
            return validateCertSignature(bArr) ? 1 : -1;
        }
        return -2;
    }

    public static boolean validateCertSignature(byte[] bArr) throws PKIException {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for certBytes");
        }
        X509Cert x509Cert = new X509Cert(bArr);
        PublicKey publicKey = null;
        if (x509Cert.getAuthorityKeyIdentifier() != null) {
            try {
                publicKey = (PublicKey) trustCerts.get(Hex.toHexString(x509Cert.getAuthorityKeyIdentifier().getKeyIdentifier()));
            } catch (Exception e) {
            }
        }
        if (publicKey == null) {
            publicKey = (PublicKey) trustCerts.get(x509Cert.getIssuer());
        }
        if (publicKey == null) {
            throw new PKIException("the ca trust certs is wrong,can not get the user cert's issuer");
        }
        return x509Cert.verify(publicKey);
    }

    private static int verifyCertDate(byte[] bArr) throws PKIException {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for certBytes");
        }
        X509Cert x509Cert = new X509Cert(bArr);
        Date date = new Date();
        if (date.before(x509Cert.getNotBefore())) {
            return -1;
        }
        return date.after(x509Cert.getNotAfter()) ? -2 : 1;
    }

    public static boolean verifyCertByCRL(byte[] bArr, String str) throws PKIException {
        if (bArr == null) {
            throw new IllegalArgumentException("null not allowed for certBytes");
        }
        if (str == null) {
            throw new IllegalArgumentException("null not allowed for crlPath");
        }
        return !new X509CRLFile(str, false).isRevoke(new X509Cert(bArr).getSerialNumber());
    }
}
