package com.allawn.cryptography.algorithm;

import android.content.Context;
import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.entity.CertParameters;
import com.allawn.cryptography.exception.InvalidArgumentException;
import com.allawn.cryptography.teesdk.CryptoEngCmd;
import com.allawn.cryptography.teesdk.TAInterfaceException;
import com.allawn.cryptography.util.LogUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class CertUtil {
    public static boolean checkCertChain(CertParameters certParameters) {
        X509Certificate[] x509CertificateArr;
        try {
            if (certParameters == null) {
                throw new InvalidArgumentException("certParameters is null");
            }
            CertParameters.TrustCAListEnum trustCAMode = certParameters.getTrustCAMode();
            if (trustCAMode == CertParameters.TrustCAListEnum.OPLUS_LIST) {
                return checkOplusCert(certParameters.getContext(), certParameters.getEndCertificate());
            }
            X509Certificate[] intermediateCAs = certParameters.getIntermediateCAs();
            if (intermediateCAs != null) {
                x509CertificateArr = new X509Certificate[intermediateCAs.length + 1];
                System.arraycopy(intermediateCAs, 0, x509CertificateArr, 1, intermediateCAs.length);
            } else {
                x509CertificateArr = new X509Certificate[1];
            }
            x509CertificateArr[0] = certParameters.getEndCertificate();
            if (trustCAMode == CertParameters.TrustCAListEnum.SYSTEM_LIST) {
                return verityCert((KeyStore) null, x509CertificateArr);
            }
            if (trustCAMode != CertParameters.TrustCAListEnum.THIRD_PARTY_LIST) {
                return false;
            }
            if (certParameters.getRootCAs() != null) {
                return verityCert(certParameters.getRootCAs(), x509CertificateArr);
            }
            throw new InvalidArgumentException("No third-party root certificate is set");
        } catch (InvalidArgumentException | IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new EncryptException(e);
        }
    }

    public static boolean checkCertValidity(X509Certificate x509Certificate) {
        try {
            if (x509Certificate == null) {
                throw new InvalidArgumentException("certificate is null");
            }
            try {
                x509Certificate.checkValidity();
                return true;
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                e.printStackTrace();
                return false;
            }
        } catch (InvalidArgumentException e2) {
            throw new EncryptException(e2);
        }
    }

    public static boolean checkOplusCert(Context context, X509Certificate x509Certificate) {
        try {
            if (CryptoEngCmd.pkiCertVerify(x509Certificate)) {
                return checkCertValidity(x509Certificate);
            }
            return false;
        } catch (TAInterfaceException unused) {
            LogUtil.d("CertUtil", "checkOplusCert unable to request ta to verify the certificate chain.");
            if (context == null) {
                throw new InvalidArgumentException("context is null");
            }
            InputStream open = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Global_Root_CA_E1.pem");
            X509Certificate readCertificate = readCertificate(open);
            open.close();
            InputStream open2 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Device_CA_E1.pem");
            X509Certificate readCertificate2 = readCertificate(open2);
            open2.close();
            InputStream open3 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Service_CA_E1.pem");
            X509Certificate readCertificate3 = readCertificate(open3);
            open3.close();
            return verityCert(new X509Certificate[]{readCertificate}, new X509Certificate[]{x509Certificate, readCertificate2, readCertificate3});
        }
    }

    public static X509Certificate readCertificate(InputStream inputStream) {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static X509Certificate readCertificate(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate readCertificate = readCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return readCertificate;
    }

    public static String subjectCN(X509Certificate x509Certificate) {
        try {
            if (x509Certificate == null) {
                throw new InvalidArgumentException("cert is null");
            }
            Matcher matcher = Pattern.compile("(?:^|,\\s?)(?:CN=(?<val>\"(?:[^\"]|\"\")+\"|[^,]+))").matcher(x509Certificate.getSubjectX500Principal().getName());
            if (matcher.find()) {
                return matcher.group(1);
            }
            return null;
        } catch (InvalidArgumentException e) {
            throw new EncryptException(e);
        }
    }

    public static boolean verityCert(KeyStore keyStore, X509Certificate[] x509CertificateArr) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        try {
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "RSA");
            return true;
        } catch (CertificateException e) {
            LogUtil.d("CertUtil", "verityCert e = " + e.toString());
            e.printStackTrace();
            return false;
        }
    }

    public static boolean verityCert(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int i = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry("user:" + i, x509Certificate);
            i++;
        }
        return verityCert(keyStore, x509CertificateArr2);
    }
}
