package org.demoiselle.signer.core.ca.manager;

import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.demoiselle.signer.core.ca.provider.ProviderCA;
import org.demoiselle.signer.core.ca.provider.ProviderCAFactory;
import org.demoiselle.signer.core.ca.provider.ProviderSignaturePolicyRootCA;
import org.demoiselle.signer.core.ca.provider.ProviderSignaturePolicyRootCAFactory;
import org.demoiselle.signer.core.util.MessagesBundle;

/* loaded from: classes.dex */
public class CAManager {
    private static final CAManager instance = new CAManager();
    private static final Logger LOGGER = Logger.getLogger(CAManager.class.getName());
    private static MessagesBundle coreMessagesBundle = new MessagesBundle();

    private CAManager() {
    }

    private X509Certificate getCAFromCertificate(Collection<X509Certificate> collection, X509Certificate x509Certificate) {
        if (isRootCA(x509Certificate)) {
            return null;
        }
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        for (X509Certificate x509Certificate2 : collection) {
            if (isCAofCertificate(x509Certificate2, x509Certificate)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    public static CAManager getInstance() {
        return instance;
    }

    public Collection<X509Certificate> getCertificateChain(KeyStore keyStore, String str, String str2) {
        Certificate[] certificateChainArray = getCertificateChainArray(keyStore, str, str2);
        if (certificateChainArray == null) {
            throw new CAManagerException(coreMessagesBundle.getString("error.no.chain.alias"));
        }
        LinkedList linkedList = new LinkedList();
        for (Certificate certificate : certificateChainArray) {
            linkedList.add((X509Certificate) certificate);
        }
        return linkedList;
    }

    public Collection<X509Certificate> getCertificateChain(X509Certificate x509Certificate) {
        boolean z;
        LinkedList linkedList = new LinkedList();
        linkedList.add(x509Certificate);
        if (!isRootCA(x509Certificate)) {
            for (ProviderCA providerCA : ProviderCAFactory.getInstance().factory()) {
                try {
                    LOGGER.info(coreMessagesBundle.getString("info.searching.on.provider", providerCA.getName()));
                    Collection<X509Certificate> cAs = providerCA.getCAs();
                    z = false;
                    for (X509Certificate x509Certificate2 : cAs) {
                        if (isCAofCertificate(x509Certificate2, x509Certificate)) {
                            linkedList.add(x509Certificate2);
                            X509Certificate cAFromCertificate = getCAFromCertificate(cAs, x509Certificate2);
                            while (true) {
                                if (cAFromCertificate == null) {
                                    break;
                                }
                                linkedList.add(cAFromCertificate);
                                if (isRootCA(cAFromCertificate)) {
                                    z = true;
                                    break;
                                }
                                cAFromCertificate = getCAFromCertificate(cAs, cAFromCertificate);
                            }
                        }
                        if (z) {
                            break;
                        }
                    }
                    LOGGER.log(Level.INFO, coreMessagesBundle.getString("info.found.levels", Integer.valueOf(linkedList.size()), providerCA.getName()));
                } catch (Throwable th) {
                    LOGGER.error(coreMessagesBundle.getString("error.no.ca", providerCA.getName()));
                }
                if (z) {
                    break;
                }
                LOGGER.info(coreMessagesBundle.getString("warn.no.chain.on.provider", providerCA.getName()));
            }
        }
        return linkedList;
    }

    public Certificate[] getCertificateChainArray(KeyStore keyStore, String str, String str2) {
        try {
            keyStore.getKey(str2, str.toCharArray());
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain == null) {
                throw new CAManagerException(coreMessagesBundle.getString("error.no.chain.alias", str2));
            }
            return certificateChain;
        } catch (KeyStoreException e) {
            throw new CAManagerException(coreMessagesBundle.getString("error.keystore.type"), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
        } catch (UnrecoverableKeyException e3) {
            throw new CAManagerException(coreMessagesBundle.getString("error.unrecoverable.key"), e3);
        }
    }

    public Certificate[] getCertificateChainArray(X509Certificate x509Certificate) {
        LinkedList linkedList = (LinkedList) getCertificateChain(x509Certificate);
        if (linkedList == null || linkedList.size() <= 0) {
            return null;
        }
        Certificate[] certificateArr = new Certificate[linkedList.size()];
        for (int i = 0; i < linkedList.size(); i++) {
            certificateArr[i] = (Certificate) linkedList.get(i);
        }
        return certificateArr;
    }

    public Collection<X509Certificate> getSignaturePolicyRootCAs(String str) {
        Collection<ProviderSignaturePolicyRootCA> factory = ProviderSignaturePolicyRootCAFactory.getInstance().factory(str);
        HashSet hashSet = new HashSet();
        Iterator<ProviderSignaturePolicyRootCA> it = factory.iterator();
        while (it.hasNext()) {
            try {
                hashSet.addAll(it.next().getCAs());
            } catch (Throwable th) {
                LOGGER.error(th);
            }
        }
        return hashSet;
    }

    public boolean isCAofCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (NoSuchAlgorithmException e2) {
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
        } catch (NoSuchProviderException e3) {
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.provider"), e3);
        } catch (SignatureException e4) {
            return false;
        } catch (CertificateException e5) {
            throw new CAManagerException(coreMessagesBundle.getString("error.certificate.exception"), e5);
        }
    }

    public boolean isRootCA(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        return isCAofCertificate(x509Certificate, x509Certificate);
    }

    public boolean validateRootCA(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null) {
            throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.informed"));
        }
        if (!isRootCA(x509Certificate)) {
            throw new CAManagerException(coreMessagesBundle.getString("error.not.root"));
        }
        Collection<X509Certificate> certificateChain = getCertificateChain(x509Certificate2);
        if (certificateChain == null || certificateChain.size() <= 0) {
            throw new CAManagerException(coreMessagesBundle.getString("error.get.chain"));
        }
        X509Certificate x509Certificate3 = null;
        Iterator<X509Certificate> it = certificateChain.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate next = it.next();
            if (isRootCA(next)) {
                x509Certificate3 = next;
                break;
            }
        }
        if (x509Certificate3 == null) {
            throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.found"));
        }
        if (isCAofCertificate(x509Certificate3, x509Certificate)) {
            return true;
        }
        throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.chain"));
    }

    public boolean validateRootCAs(Collection<X509Certificate> collection, X509Certificate x509Certificate) {
        boolean z = false;
        Iterator<X509Certificate> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            try {
                validateRootCA(it.next(), x509Certificate);
                z = true;
                break;
            } catch (CAManagerException e) {
            }
        }
        if (z) {
            return true;
        }
        throw new CAManagerException(coreMessagesBundle.getString("error.no.authority"));
    }
}
