package com.rsa.ssl;

import b.a.a.a.a;
import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.Provider;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.BasicConstraints;
import com.rsa.certj.cert.extensions.KeyUsage;
import com.rsa.certj.provider.db.MemoryDB;
import com.rsa.certj.provider.path.PKIXCertPath;
import com.rsa.certj.provider.random.DefaultRandom;
import com.rsa.certj.provider.revocation.CRLCertStatus;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.ssl.external.VerifyUtils;
import java.util.Date;
import java.util.Vector;
import mf.javax.xml.datatype.DatatypeConstants;

/* loaded from: classes.dex */
public class CertJIntegrator {
    private static final String CANNOT_VERIFY_CERTIFICATE = "Cannot verify certificate.";
    private static final String ERROR_CA_CERTS = "Cannot load CA certificates from database.";
    private CertJ certJ;
    private CertPathCtx certPathCtx;
    private DatabaseService databaseService;

    public CertJIntegrator() {
        try {
            this.certJ = new CertJ(new Provider[]{new MemoryDB("MyDB"), new PKIXCertPath("PKIX path"), new CRLCertStatus("CRL status"), new DefaultRandom("RSARandom")});
            this.databaseService = this.certJ.bindServices(1);
        } catch (Exception unused) {
            throw new SSLException("Cannot create a CertJIntegrator");
        }
    }

    public CertJIntegrator(CertJ certJ) {
        try {
            this.certJ = certJ;
            this.databaseService = this.certJ.bindServices(1);
        } catch (Exception unused) {
            throw new SSLException("Cannot create a CertJIntegrator");
        }
    }

    public CertJIntegrator(DatabaseService databaseService, CertJ certJ) {
        this.databaseService = databaseService;
        this.certJ = certJ;
    }

    public CertJIntegrator(DatabaseService databaseService, CertJ certJ, CertPathCtx certPathCtx) {
        this.databaseService = databaseService;
        this.certJ = certJ;
        this.certPathCtx = certPathCtx;
    }

    private void addCRLs(DatabaseService databaseService) {
        this.databaseService.setupCRLIterator();
        while (this.databaseService.hasMoreCRLs()) {
            databaseService.insertCRL(this.databaseService.nextCRL());
        }
    }

    private boolean checkAdditionalConstraints(X509Certificate x509Certificate, int i, CipherSuite cipherSuite) {
        if (!VerifyUtils.checkBasicConstraints(x509Certificate, i) || VerifyUtils.areKeyLimitsViolated(x509Certificate)) {
            return false;
        }
        return checkKeyUsage(x509Certificate, i, cipherSuite);
    }

    private boolean checkKeyUsage(X509Certificate x509Certificate, int i, CipherSuite cipherSuite) {
        KeyUsage extensionByType;
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null || (extensionByType = extensions.getExtensionByType(15)) == null || !extensionByType.getCriticality()) {
            return true;
        }
        return i > 0 ? extensionByType.verifyKeyUsage(67108864) : ("RSA".equals(cipherSuite.getAsymmetricAlgorithm()) || "RSA".equals(cipherSuite.getSignAlgorithm())) ? extensionByType.verifyKeyUsage(536870912) || extensionByType.verifyKeyUsage(268435456) || extensionByType.verifyKeyUsage(DatatypeConstants.FIELD_UNDEFINED) : extensionByType.verifyKeyUsage(DatatypeConstants.FIELD_UNDEFINED);
    }

    private boolean checkStrongKey(X509Certificate x509Certificate, SSLParams sSLParams) {
        if (sSLParams.isCompatibilityTypeSet(CompatibilityType.WEAK_KEYS_ENABLED)) {
            return true;
        }
        return !VerifyUtils.isPublicExponentWeak(x509Certificate);
    }

    private boolean hasBasicConstraintsExtension(X509Certificate x509Certificate) {
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions != null) {
            try {
                BasicConstraints extensionByType = extensions.getExtensionByType(19);
                if (extensionByType != null && extensionByType.getCA()) {
                    return true;
                }
            } catch (CertificateException unused) {
            }
        }
        return false;
    }

    public CertJ getCertJObject() {
        return this.certJ;
    }

    public CertPathCtx getCertPathCtx() {
        return this.certPathCtx;
    }

    public DatabaseService getDatabaseService() {
        return this.databaseService;
    }

    /*  JADX ERROR: JadxOverflowException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxOverflowException: Regions count limit reached
        	at jadx.core.utils.ErrorsCounter.addError(ErrorsCounter.java:59)
        	at jadx.core.utils.ErrorsCounter.error(ErrorsCounter.java:31)
        	at jadx.core.dex.attributes.nodes.NotificationAttrNode.addError(NotificationAttrNode.java:19)
        */
    /* JADX WARN: Removed duplicated region for block: B:11:0x001e A[Catch: Exception -> 0x0016, TRY_ENTER, TRY_LEAVE, TryCatch #1 {Exception -> 0x0016, blocks: (B:3:0x0005, B:5:0x0013, B:11:0x001e), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:15:0x002d A[SYNTHETIC] */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:11:0x002a -> B:5:0x0013). Please report as a decompilation issue!!! */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.rsa.certj.cert.X509Certificate[] loadCACerts() {
        /*
            r3 = this;
            java.util.Vector r0 = new java.util.Vector
            r0.<init>()
            com.rsa.certj.DatabaseService r1 = r3.databaseService     // Catch: java.lang.Exception -> L16
            com.rsa.certj.cert.Certificate r1 = r1.firstCertificate()     // Catch: java.lang.Exception -> L16
            com.rsa.certj.cert.X509Certificate r1 = (com.rsa.certj.cert.X509Certificate) r1     // Catch: java.lang.Exception -> L16
            boolean r2 = r3.hasBasicConstraintsExtension(r1)     // Catch: java.lang.Exception -> L16
            if (r2 == 0) goto L16
        L13:
            r0.addElement(r1)     // Catch: java.lang.Exception -> L16
        L16:
            com.rsa.certj.DatabaseService r1 = r3.databaseService     // Catch: java.lang.Exception -> L36
            boolean r1 = r1.hasMoreCertificates()     // Catch: java.lang.Exception -> L36
            if (r1 == 0) goto L2d
            com.rsa.certj.DatabaseService r1 = r3.databaseService     // Catch: java.lang.Exception -> L16
            com.rsa.certj.cert.Certificate r1 = r1.nextCertificate()     // Catch: java.lang.Exception -> L16
            com.rsa.certj.cert.X509Certificate r1 = (com.rsa.certj.cert.X509Certificate) r1     // Catch: java.lang.Exception -> L16
            boolean r2 = r3.hasBasicConstraintsExtension(r1)     // Catch: java.lang.Exception -> L16
            if (r2 == 0) goto L16
            goto L13
        L2d:
            java.lang.Object[] r0 = r0.toArray()
            com.rsa.certj.cert.X509Certificate[] r0 = (com.rsa.certj.cert.X509Certificate[]) r0
            com.rsa.certj.cert.X509Certificate[] r0 = (com.rsa.certj.cert.X509Certificate[]) r0
            return r0
        L36:
            com.rsa.ssl.SSLException r0 = new com.rsa.ssl.SSLException
            java.lang.String r1 = "Cannot load CA certificates from database."
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.rsa.ssl.CertJIntegrator.loadCACerts():com.rsa.certj.cert.X509Certificate[]");
    }

    public X509Certificate[] loadCACerts(X500Name[] x500NameArr) {
        Vector vector = new Vector();
        for (X500Name x500Name : x500NameArr) {
            try {
                this.databaseService.selectCertificateBySubject(x500Name, vector);
            } catch (Exception unused) {
                throw new SSLException(ERROR_CA_CERTS);
            }
        }
        return (X509Certificate[]) vector.toArray();
    }

    public CRL[] loadCRLs(X500Name x500Name, Date date) {
        Vector vector = new Vector();
        try {
            this.databaseService.selectCRLByIssuerAndTime(x500Name, date, vector);
            if (vector.isEmpty()) {
                return null;
            }
            return (CRL[]) vector.toArray();
        } catch (Exception unused) {
            throw new SSLException("Cannot load CRL from database.");
        }
    }

    public X509Certificate[] loadCertificateChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        try {
            Vector vector = new Vector();
            if (this.certPathCtx == null) {
                this.certPathCtx = new CertPathCtx(0, x509CertificateArr, (byte[][]) null, new Date(), this.databaseService);
            }
            return this.certJ.buildCertPath(this.certPathCtx, x509Certificate, vector, (Vector) null, (Vector) null, (Vector) null) ? (X509Certificate[]) vector.toArray() : new X509Certificate[]{x509Certificate};
        } catch (Exception unused) {
            throw new SSLException("Cannot load certificate chain from database.");
        }
    }

    public JSAFE_PrivateKey loadPrivateKey(X509Certificate x509Certificate) {
        try {
            return this.databaseService.selectPrivateKeyByCertificate(x509Certificate);
        } catch (Exception unused) {
            throw new SSLException("Cannot load private key from database.");
        }
    }

    public void setCertJ(CertJ certJ) {
        try {
            this.certJ = certJ;
            this.databaseService = this.certJ.bindServices(1);
        } catch (CertJException e) {
            StringBuilder b2 = a.b("Can't bind database service: ");
            b2.append(e.getMessage());
            throw new SSLException(b2.toString());
        }
    }

    public void setCertPathCtx(CertPathCtx certPathCtx) {
        this.certPathCtx = certPathCtx;
    }

    public void setDatabaseService(DatabaseService databaseService) {
        this.databaseService = databaseService;
    }

    public int verifyCertificate(SSLParams sSLParams, X509Certificate[] x509CertificateArr, CipherSuite cipherSuite) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return -1;
        }
        Certificate[] cACertificates = sSLParams.getCACertificates();
        try {
            CertJ certJ = new CertJ(new Provider[]{new PKIXCertPath("Path provider"), new MemoryDB("Memory DB provider"), new CRLCertStatus("CRL Cert Status provider")});
            certJ.setDevice(sSLParams.getDevice());
            DatabaseService databaseService = (DatabaseService) certJ.bindService(1, "Memory DB provider");
            addCRLs(databaseService);
            if (!checkStrongKey(x509CertificateArr[0], sSLParams)) {
                return -1;
            }
            for (int i = 1; i < x509CertificateArr.length; i++) {
                if (!checkStrongKey(x509CertificateArr[i], sSLParams)) {
                    return -1;
                }
                databaseService.insertCertificate(x509CertificateArr[i]);
            }
            for (Certificate certificate : cACertificates) {
                databaseService.insertCertificate(certificate);
            }
            CertPathCtx certPathCtx = new CertPathCtx(this.databaseService.firstCRL() == null ? 100 : 96, cACertificates, (byte[][]) null, new Date(), databaseService);
            Vector vector = new Vector();
            if (!certJ.buildCertPath(certPathCtx, x509CertificateArr[0], vector, (Vector) null, (Vector) null, (Vector) null)) {
                return -1;
            }
            Object[] array = vector.toArray();
            for (int i2 = 0; i2 < array.length; i2++) {
                if (!checkAdditionalConstraints((X509Certificate) array[i2], i2, cipherSuite)) {
                    return -1;
                }
            }
            X509Certificate x509Certificate = (X509Certificate) vector.get(vector.size() - 1);
            for (int i3 = 0; i3 < cACertificates.length; i3++) {
                if (x509Certificate.equals(cACertificates[i3])) {
                    return i3;
                }
            }
            return -1;
        } catch (CertificateException unused) {
            throw new SSLException(CANNOT_VERIFY_CERTIFICATE);
        } catch (CertJException unused2) {
            throw new SSLException(CANNOT_VERIFY_CERTIFICATE);
        }
    }
}
