package com.huawei.secure.android.common.e.b;

import android.net.http.SslCertificate;
import com.ximalaya.ting.android.xmuimonitorbase.core.AppMethodBeat;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes5.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    private static final String f12069a = "CertificateChainVerify";

    /* renamed from: b, reason: collision with root package name */
    private static final int f12070b = 5;

    public static X509Certificate a(SslCertificate sslCertificate) {
        X509Certificate x509Certificate;
        AppMethodBeat.i(76280);
        byte[] byteArray = SslCertificate.saveState(sslCertificate).getByteArray("x509-certificate");
        if (byteArray != null) {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            } catch (CertificateException e) {
                h.a(f12069a, "exception", e);
            }
            AppMethodBeat.o(76280);
            return x509Certificate;
        }
        x509Certificate = null;
        AppMethodBeat.o(76280);
        return x509Certificate;
    }

    public static X509Certificate a(String str) {
        X509Certificate x509Certificate;
        AppMethodBeat.i(76273);
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (CertificateException e) {
            h.e(f12069a, "generateX509FromStr: CertificateException" + e.getMessage());
            x509Certificate = null;
        }
        AppMethodBeat.o(76273);
        return x509Certificate;
    }

    public static boolean a(X509Certificate x509Certificate) {
        AppMethodBeat.i(76282);
        if (x509Certificate == null) {
            AppMethodBeat.o(76282);
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            AppMethodBeat.o(76282);
            return false;
        }
        boolean z = x509Certificate.getKeyUsage()[5];
        AppMethodBeat.o(76282);
        return z;
    }

    public static boolean a(X509Certificate x509Certificate, String str) {
        AppMethodBeat.i(76276);
        if (str.equals(x509Certificate.getSubjectDN().getName())) {
            AppMethodBeat.o(76276);
            return true;
        }
        h.e(f12069a, "verify: subject name is error");
        AppMethodBeat.o(76276);
        return false;
    }

    public static boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        AppMethodBeat.i(76278);
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            if (a(new X509Certificate[]{x509Certificate, x509Certificate2})) {
                AppMethodBeat.o(76278);
                return true;
            }
            h.e(f12069a, "verify: date not right");
            AppMethodBeat.o(76278);
            return false;
        } catch (InvalidKeyException e) {
            h.e(f12069a, "verify: publickey InvalidKeyException " + e.getMessage());
            AppMethodBeat.o(76278);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            h.e(f12069a, "verify: publickey NoSuchAlgorithmException " + e2.getMessage());
            AppMethodBeat.o(76278);
            return false;
        } catch (NoSuchProviderException e3) {
            h.e(f12069a, "verify: publickey NoSuchProviderException " + e3.getMessage());
            AppMethodBeat.o(76278);
            return false;
        } catch (SignatureException e4) {
            h.e(f12069a, "verify: publickey SignatureException " + e4.getMessage());
            AppMethodBeat.o(76278);
            return false;
        } catch (CertificateException e5) {
            h.e(f12069a, "verify: publickey CertificateException " + e5.getMessage());
            AppMethodBeat.o(76278);
            return false;
        }
    }

    public static boolean a(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        AppMethodBeat.i(76279);
        Principal principal = null;
        int i = 0;
        while (i < x509CertificateArr.length) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    h.e(f12069a, "verify: principalIssuer not match");
                    AppMethodBeat.o(76279);
                    return false;
                }
                x509CertificateArr[i].verify(x509CertificateArr[i - 1].getPublicKey());
            }
            i++;
            principal = subjectDN;
        }
        if (!a(x509Certificate, x509CertificateArr[0])) {
            AppMethodBeat.o(76279);
            return false;
        }
        if (a(x509CertificateArr)) {
            AppMethodBeat.o(76279);
            return true;
        }
        AppMethodBeat.o(76279);
        return false;
    }

    public static boolean a(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, X509CRL x509crl, String str) throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException, InvalidKeyException, SignatureException {
        AppMethodBeat.i(76274);
        if (a(x509Certificate, x509CertificateArr)) {
            AppMethodBeat.o(76274);
            return false;
        }
        if (a(x509CertificateArr, x509crl)) {
            AppMethodBeat.o(76274);
            return false;
        }
        if (!a(x509CertificateArr[x509CertificateArr.length - 1], str)) {
            AppMethodBeat.o(76274);
            return false;
        }
        if (a(x509CertificateArr)) {
            AppMethodBeat.o(76274);
            return true;
        }
        AppMethodBeat.o(76274);
        return false;
    }

    public static boolean a(List<X509Certificate> list) {
        AppMethodBeat.i(76281);
        for (int i = 0; i < list.size() - 1; i++) {
            if (!a(list.get(i))) {
                AppMethodBeat.o(76281);
                return false;
            }
        }
        AppMethodBeat.o(76281);
        return true;
    }

    public static boolean a(X509Certificate[] x509CertificateArr) {
        AppMethodBeat.i(76277);
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                h.e(f12069a, "verifyCertificateDate: exception : " + e.getMessage());
                AppMethodBeat.o(76277);
                return false;
            }
        }
        AppMethodBeat.o(76277);
        return true;
    }

    public static boolean a(X509Certificate[] x509CertificateArr, X509CRL x509crl) {
        AppMethodBeat.i(76275);
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate.getSerialNumber());
        }
        if (x509crl != null) {
            try {
                Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
                if (revokedCertificates != null && !revokedCertificates.isEmpty()) {
                    Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
                    while (it.hasNext()) {
                        if (arrayList.contains(it.next().getSerialNumber())) {
                            h.e(f12069a, "verify: certificate revoked");
                            AppMethodBeat.o(76275);
                            return false;
                        }
                    }
                }
            } catch (Exception e) {
                h.e(f12069a, "verify: revoked verify exception : " + e.getMessage());
                AppMethodBeat.o(76275);
                return false;
            }
        }
        AppMethodBeat.o(76275);
        return true;
    }
}
