package nl.innovalor.cert;

import defpackage.GetPRNGTestResultResp;
import defpackage.PreMDv2KeyStateMeta;
import defpackage.TransactionAndRPRequestManagerImplExternalSyntheticLambda2;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class CertUtil {
    private static final Logger a = Logger.getLogger("nl.innovalor.cert");
    private static final Provider b = PreMDv2KeyStateMeta.a();
    private static final GetPRNGTestResultResp d;
    public static final CertSelector e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: nl.innovalor.cert.CertUtil$5, reason: invalid class name */
    /* loaded from: classes2.dex */
    public class AnonymousClass5 extends GetPRNGTestResultResp {
        private static final long serialVersionUID = 8905599771792544765L;
        final /* synthetic */ String val$alpha2Code;
        final /* synthetic */ String val$alpha3Code;
        final /* synthetic */ String val$countryName;
        final /* synthetic */ String val$nationalityName;
        final /* synthetic */ int val$number;

        AnonymousClass5(int i, String str, String str2, String str3, String str4) {
            this.val$number = i;
            this.val$countryName = str;
            this.val$nationalityName = str2;
            this.val$alpha2Code = str3;
            this.val$alpha3Code = str4;
        }

        @Override // defpackage.GetPRNGTestResultResp
        public String getName() {
            return this.val$countryName;
        }

        @Override // defpackage.GetPRNGTestResultResp
        public String getNationality() {
            return this.val$nationalityName;
        }

        @Override // defpackage.GetPRNGTestResultResp
        public String toAlpha2Code() {
            return this.val$alpha2Code;
        }

        @Override // defpackage.GetPRNGTestResultResp
        public String toAlpha3Code() {
            return this.val$alpha3Code;
        }

        @Override // defpackage.GetPRNGTestResultResp
        public int valueOf() {
            return this.val$number;
        }
    }

    /* loaded from: classes2.dex */
    enum GeneralName {
        OTHER_NAME(0),
        RFC822_NAME(1),
        DNS_DAME(2),
        X400_ADDRESS(3),
        DIRECTORY_NAME(4),
        EDI_PARTY_NAME(5),
        URI(6),
        IP_ADDRESS(7),
        REGISTERED_ID(8);

        private int a;

        GeneralName(int i) {
            this.a = i;
        }
    }

    static {
        new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.1
            @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
            public boolean match(Certificate certificate) {
                return certificate instanceof X509Certificate;
            }
        };
        e = new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.2
            @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
            public boolean match(Certificate certificate) {
                if (!(certificate instanceof X509Certificate)) {
                    return false;
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (!CertUtil.b(x509Certificate) || !CertUtil.e(x509Certificate)) {
                    return false;
                }
                Object e2 = PreMDv2KeyStateMeta.e();
                try {
                    try {
                        x509Certificate.verify(x509Certificate.getPublicKey(), CertUtil.b);
                        PreMDv2KeyStateMeta.a(e2);
                        return true;
                    } catch (SignatureException e3) {
                        CertUtil.a.log(Level.FINEST, "Signature not valid", (Throwable) e3);
                        PreMDv2KeyStateMeta.a(e2);
                        return false;
                    } catch (GeneralSecurityException e4) {
                        CertUtil.a.log(Level.WARNING, "Some error validating signature, but not a signature exception", (Throwable) e4);
                        PreMDv2KeyStateMeta.a(e2);
                        return false;
                    }
                } catch (Throwable th) {
                    PreMDv2KeyStateMeta.a(e2);
                    throw th;
                }
            }
        };
        new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.3
            @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
            public boolean match(Certificate certificate) {
                if (!(certificate instanceof X509Certificate)) {
                    return false;
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (!CertUtil.b(x509Certificate) || !CertUtil.e(x509Certificate)) {
                    return true;
                }
                Object e2 = PreMDv2KeyStateMeta.e();
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey(), CertUtil.b);
                    return false;
                } catch (SignatureException e3) {
                    CertUtil.a.log(Level.FINEST, "Signature not valid", (Throwable) e3);
                    return true;
                } catch (GeneralSecurityException e4) {
                    CertUtil.a.log(Level.WARNING, "Some error validating signature, but not a signature exception", (Throwable) e4);
                    return true;
                } finally {
                    PreMDv2KeyStateMeta.a(e2);
                }
            }
        };
        new Comparator<X509Certificate>() { // from class: nl.innovalor.cert.CertUtil.4
            @Override // java.util.Comparator
            public /* synthetic */ int compare(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
                return CertUtil.d(x509Certificate.getIssuerX500Principal()).toAlpha2Code().compareTo(CertUtil.d(x509Certificate2.getIssuerX500Principal()).toAlpha2Code());
            }
        };
        d = new AnonymousClass5(-1, "Unknown country", "Unknown nationality", "XX", "XXX");
    }

    private static Set a(Collection collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            Certificate certificate = (Certificate) it.next();
            if (certificate instanceof X509Certificate) {
                hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
            }
        }
        return hashSet;
    }

    public static boolean b(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (issuerX500Principal == null && subjectX500Principal == null) {
            return true;
        }
        if (issuerX500Principal == null || subjectX500Principal == null) {
            return false;
        }
        return subjectX500Principal.equals(issuerX500Principal);
    }

    public static GetPRNGTestResultResp d(X500Principal x500Principal) {
        String name = x500Principal.getName("RFC1779");
        int indexOf = name.indexOf("C=");
        if (indexOf < 0) {
            a.info("Could not get country from issuer name");
            return d;
        }
        int indexOf2 = name.indexOf(44, indexOf);
        if (indexOf2 < 0) {
            indexOf2 = name.length();
        }
        String upperCase = name.substring(indexOf + 2, indexOf2).trim().toUpperCase();
        try {
            return GetPRNGTestResultResp.getInstance(upperCase);
        } catch (Exception e2) {
            Logger logger = a;
            Level level = Level.OFF;
            StringBuilder sb = new StringBuilder("Could not determine country for code ");
            sb.append(upperCase);
            logger.log(level, sb.toString(), (Throwable) e2);
            StringBuilder sb2 = new StringBuilder("X");
            sb2.append(upperCase);
            String obj = sb2.toString();
            StringBuilder sb3 = new StringBuilder("Unknown country (");
            sb3.append(upperCase);
            sb3.append(")");
            String obj2 = sb3.toString();
            StringBuilder sb4 = new StringBuilder("Unknown nationality (");
            sb4.append(upperCase);
            sb4.append(")");
            return new AnonymousClass5(-1, obj2, sb4.toString(), upperCase, obj);
        }
    }

    private static Collection<Certificate> d(Collection<? extends Certificate> collection, CertSelector certSelector) {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : collection) {
            if (certSelector == null || certSelector.match(certificate)) {
                arrayList.add(certificate);
            }
        }
        return arrayList;
    }

    public static TrustedCertStore e(String str, InputStream inputStream, InputStream inputStream2) throws SignatureException, IOException {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509", TransactionAndRPRequestManagerImplExternalSyntheticLambda2.e()).generateCertificate(inputStream2);
            CSCAMasterList cSCAMasterList = new CSCAMasterList(inputStream);
            new CSCAMasterListVerifier();
            byte[] bArr = cSCAMasterList.a;
            byte[] bArr2 = cSCAMasterList.d;
            if (!CSCAMasterListVerifier.d(Collections.unmodifiableCollection(cSCAMasterList.f3875c), Collections.singleton(new TrustAnchor((X509Certificate) generateCertificate, null)))) {
                throw new SignatureException("Could not validate masterlist");
            }
            List unmodifiableList = Collections.unmodifiableList(cSCAMasterList.e);
            return new DefaultTrustedCertStore(str, CertStore.getInstance("Collection", new CollectionCertStoreParameters(unmodifiableList)), a(new ArrayList(d(unmodifiableList, e))));
        } catch (SignatureException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new SignatureException("Could not interpret or validate masterlist", e3);
        }
    }

    public static TrustedCertStore e(String str, KeyStore keyStore) throws GeneralSecurityException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Cannot get certificates from null key-store");
        }
        ArrayList arrayList = new ArrayList(keyStore.size());
        ArrayList arrayList2 = new ArrayList(keyStore.size());
        for (String str2 : Collections.list(keyStore.aliases())) {
            if (keyStore.isCertificateEntry(str2)) {
                Certificate certificate = keyStore.getCertificate(str2);
                arrayList.add(certificate);
                if (str2.contains("_root_")) {
                    arrayList2.add(certificate);
                } else if (!str2.contains("_link_") && e.match(certificate)) {
                    arrayList2.add(certificate);
                }
            }
        }
        return new DefaultTrustedCertStore(str, CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList)), a(arrayList2));
    }

    public static boolean e(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        if (sigAlgName == null && algorithm == null) {
            return true;
        }
        if (sigAlgName == null || algorithm == null) {
            return false;
        }
        if ((!algorithm.toUpperCase().contains("RSA") || sigAlgName.toUpperCase().contains("RSA")) && (algorithm.toUpperCase().contains("RSA") || !sigAlgName.toUpperCase().contains("RSA"))) {
            return (!algorithm.toUpperCase().contains("EC") || sigAlgName.toUpperCase().contains("EC")) && (algorithm.toUpperCase().contains("EC") || !sigAlgName.toUpperCase().contains("EC"));
        }
        return false;
    }
}
