package com.allawn.cryptography.algorithm;

import android.content.Context;
import com.allawn.cryptography.entity.b;
import com.allawn.cryptography.util.j;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final String f18359a = "CertUtil";

    /* renamed from: b, reason: collision with root package name */
    private static final String f18360b = "RSA";

    /* renamed from: c, reason: collision with root package name */
    private static final String f18361c = "X509";

    /* renamed from: d, reason: collision with root package name */
    private static final String f18362d = "X.509";

    /* renamed from: e, reason: collision with root package name */
    private static final int f18363e = 2;

    /* renamed from: f, reason: collision with root package name */
    public static final int f18364f = 1;

    /* renamed from: g, reason: collision with root package name */
    public static final int f18365g = 2;

    /* renamed from: h, reason: collision with root package name */
    public static final int f18366h = 3;

    /* renamed from: i, reason: collision with root package name */
    public static final int f18367i = 4;

    /* renamed from: j, reason: collision with root package name */
    public static final int f18368j = 5;

    public static boolean a(com.allawn.cryptography.entity.b bVar) throws com.allawn.cryptography.d {
        X509Certificate[] x509CertificateArr;
        try {
            if (bVar == null) {
                throw new m1.d("certParameters is null");
            }
            b.c i7 = bVar.i();
            if (i7 == b.c.OPLUS_LIST) {
                return d(bVar.b(), bVar.c());
            }
            X509Certificate[] d7 = bVar.d();
            if (d7 != null) {
                x509CertificateArr = new X509Certificate[d7.length + 1];
                System.arraycopy(d7, 0, x509CertificateArr, 1, d7.length);
            } else {
                x509CertificateArr = new X509Certificate[1];
            }
            x509CertificateArr[0] = bVar.c();
            if (i7 == b.c.SYSTEM_LIST) {
                return m(null, x509CertificateArr);
            }
            if (i7 != b.c.THIRD_PARTY_LIST) {
                return false;
            }
            if (bVar.e() != null) {
                return n(bVar.e(), x509CertificateArr);
            }
            throw new m1.d("No third-party root certificate is set");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | m1.d e7) {
            throw new com.allawn.cryptography.d(e7);
        }
    }

    public static int b(com.allawn.cryptography.entity.b bVar) throws com.allawn.cryptography.d {
        try {
            if (bVar == null) {
                throw new m1.d("certParameters is null");
            }
            boolean z6 = false;
            if (bVar.f() != null) {
                if (!o(bVar.c(), bVar.f())) {
                    return 2;
                }
                z6 = true;
            }
            String name = bVar.c().getIssuerX500Principal().getName();
            for (Map.Entry<String, String> entry : bVar.g().entrySet()) {
                if (entry.getValue() != null) {
                    if (!p(name, entry.getKey(), entry.getValue())) {
                        return 4;
                    }
                    z6 = true;
                }
            }
            String name2 = bVar.c().getSubjectX500Principal().getName();
            for (Map.Entry<String, String> entry2 : bVar.h().entrySet()) {
                if (entry2.getValue() != null) {
                    if (!p(name2, entry2.getKey(), entry2.getValue())) {
                        return 3;
                    }
                    z6 = true;
                }
            }
            return !z6 ? 5 : 1;
        } catch (CertificateParsingException | m1.d e7) {
            throw new com.allawn.cryptography.d(e7);
        }
    }

    public static boolean c(X509Certificate x509Certificate) throws com.allawn.cryptography.d {
        try {
            if (x509Certificate == null) {
                throw new m1.d("certificate is null");
            }
            try {
                x509Certificate.checkValidity();
                return true;
            } catch (CertificateExpiredException | CertificateNotYetValidException e7) {
                e7.printStackTrace();
                return false;
            }
        } catch (m1.d e8) {
            throw new com.allawn.cryptography.d(e8);
        }
    }

    private static boolean d(Context context, X509Certificate x509Certificate) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, m1.d, com.allawn.cryptography.d {
        try {
            if (com.allawn.cryptography.teesdk.a.a(x509Certificate)) {
                if (c(x509Certificate)) {
                    return true;
                }
            }
            return false;
        } catch (com.allawn.cryptography.teesdk.e unused) {
            j.a(f18359a, "checkOplusCert unable to request ta to verify the certificate chain.");
            if (context == null) {
                throw new m1.d("context is null");
            }
            InputStream open = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Global_Root_CA_E1.pem");
            X509Certificate i7 = i(open);
            open.close();
            InputStream open2 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Device_CA_E1.pem");
            X509Certificate i8 = i(open2);
            open2.close();
            InputStream open3 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Service_CA_E1.pem");
            X509Certificate i9 = i(open3);
            open3.close();
            return n(new X509Certificate[]{i7}, new X509Certificate[]{x509Certificate, i8, i9});
        }
    }

    public static X509Certificate e() {
        List<X509Certificate> list;
        try {
            list = com.allawn.cryptography.teesdk.a.c(com.allawn.cryptography.teesdk.type.b.DEVICE_EE_CERT_LABEL);
        } catch (com.allawn.cryptography.teesdk.e | IOException | CertificateException e7) {
            e7.printStackTrace();
            list = null;
        }
        if (list == null || list.size() <= 0) {
            return null;
        }
        return list.get(0);
    }

    private static List<String> f(X509Certificate x509Certificate) throws CertificateParsingException, m1.d {
        if (x509Certificate != null) {
            return x509Certificate.getExtendedKeyUsage();
        }
        throw new m1.d("cert is null");
    }

    private static boolean[] g(X509Certificate x509Certificate) throws m1.d {
        if (x509Certificate != null) {
            return x509Certificate.getKeyUsage();
        }
        throw new m1.d("cert is null");
    }

    private static List<String> h(X509Certificate x509Certificate, int i7) throws CertificateParsingException, m1.d {
        if (i7 > 8) {
            throw new m1.d("altNameType must be 0 to 8");
        }
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (i7 == ((Integer) list.get(0)).intValue()) {
                    arrayList.add((String) list.get(1));
                }
            }
        }
        if (arrayList.size() == 0) {
            return null;
        }
        return arrayList;
    }

    public static X509Certificate i(InputStream inputStream) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance(f18362d).generateCertificate(inputStream);
    }

    public static X509Certificate j(String str) throws CertificateException, IOException {
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        X509Certificate i7 = i(fileInputStream);
        fileInputStream.close();
        return i7;
    }

    public static X509Certificate k(byte[] bArr) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate i7 = i(byteArrayInputStream);
        byteArrayInputStream.close();
        return i7;
    }

    public static String l(X509Certificate x509Certificate) throws com.allawn.cryptography.d {
        try {
            if (x509Certificate == null) {
                throw new m1.d("cert is null");
            }
            Matcher matcher = Pattern.compile("(?:^|,\\s?)(?:CN=(?<val>\"(?:[^\"]|\"\")+\"|[^,]+))").matcher(x509Certificate.getSubjectX500Principal().getName());
            if (matcher.find()) {
                return matcher.group(1);
            }
            return null;
        } catch (m1.d e7) {
            throw new com.allawn.cryptography.d(e7);
        }
    }

    private static boolean m(KeyStore keyStore, X509Certificate[] x509CertificateArr) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(f18361c);
        trustManagerFactory.init(keyStore);
        try {
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "RSA");
            return true;
        } catch (CertificateException e7) {
            j.a(f18359a, "verityCert e = " + e7.toString());
            e7.printStackTrace();
            return false;
        }
    }

    private static boolean n(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int i7 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry("user:" + i7, x509Certificate);
            i7++;
        }
        return m(keyStore, x509CertificateArr2);
    }

    private static boolean o(X509Certificate x509Certificate, String str) throws CertificateParsingException, m1.d {
        List<String> h7 = h(x509Certificate, 2);
        if (h7 == null) {
            return false;
        }
        for (String str2 : h7) {
            if (str2.startsWith("*")) {
                if (str.endsWith(str2.substring(1))) {
                    return true;
                }
            } else if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean p(String str, String str2, String str3) {
        int indexOf = str.indexOf(str2 + "=");
        while (indexOf != -1) {
            String[] split = str.substring(str2.length() + indexOf + 1).split("=");
            String replace = split[0].replace("\\", "");
            if (split.length > 1) {
                replace = replace.substring(0, replace.lastIndexOf(com.oplus.shield.b.f36543j));
            }
            if (replace.equals(str3)) {
                return true;
            }
            indexOf = str.indexOf(str2 + "=", indexOf + 1);
        }
        return false;
    }
}
