package com.koalii.svs;

import com.koalii.svs.client.Svs2ClientHelper;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.net.SocketTimeoutException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: input_file:com/koalii/svs/X509CertChecker.class */
public class X509CertChecker {
    private ArrayList certChains = new ArrayList();
    private String svsHost = Svs2ClientHelper.DIGEST_NAME_NONE;
    private int svsPort = 0;

    public void reset() {
        this.certChains.clear();
        this.svsHost = Svs2ClientHelper.DIGEST_NAME_NONE;
        this.svsPort = 0;
    }

    public int addCertChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return -1;
        }
        int checkCertChain = checkCertChain(x509CertificateArr);
        if (checkCertChain != 0) {
            return checkCertChain;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate);
        }
        this.certChains.add(arrayList);
        return 0;
    }

    public void setRemoteHost(String str, int i) {
        this.svsHost = str;
        this.svsPort = i;
    }

    public int localCheck(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return -1;
        }
        if (checkCertValidity(x509Certificate) != 0) {
            return 3;
        }
        boolean z = false;
        for (int i = 0; i < this.certChains.size(); i++) {
            ArrayList arrayList = (ArrayList) this.certChains.get(i);
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i2);
                if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                    if (checkCertSignature(x509Certificate, x509Certificate2.getPublicKey()) == 0) {
                        return 0;
                    }
                    z = true;
                }
            }
        }
        return z ? 5 : 4;
    }

    public int remoteCheck(X509Certificate x509Certificate) {
        if (x509Certificate == null || this.svsHost == null || this.svsHost.length() <= 0 || this.svsPort <= 0) {
            return -1;
        }
        try {
            String base64Encode = SvsBase.base64Encode(x509Certificate.getEncoded());
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("<msg>");
            stringBuffer.append("<msg_head>");
            stringBuffer.append("<msg_type>0</msg_type>");
            stringBuffer.append("<msg_id>1000</msg_id>");
            stringBuffer.append("<msg_sn>0</msg_sn>");
            stringBuffer.append("<version>1</version>");
            stringBuffer.append("</msg_head>");
            stringBuffer.append("<msg_body>");
            stringBuffer.append("<ocsp_flag>0</ocsp_flag>");
            stringBuffer.append("<crl_flag>1</crl_flag>");
            stringBuffer.append("<b64_cert>" + base64Encode + "</b64_cert>");
            stringBuffer.append("</msg_body>");
            stringBuffer.append("</msg>");
            String str = Svs2ClientHelper.DIGEST_NAME_NONE;
            int i = 0;
            while (true) {
                if (i >= 3) {
                    break;
                }
                UdpSockClient udpSockClient = new UdpSockClient(this.svsHost, this.svsPort);
                try {
                    udpSockClient.init();
                    str = udpSockClient.sendAndRecv(stringBuffer.toString());
                    if (str != null && str.length() > 0) {
                        udpSockClient.close();
                        break;
                    }
                    udpSockClient.close();
                    i++;
                } catch (SocketTimeoutException e) {
                    return -3;
                } catch (Exception e2) {
                    return -4;
                }
            }
            if (str == null || str.length() <= 0) {
                return -1;
            }
            String xPathValue = getXPathValue("/msg/msg_body/error_no", str);
            return xPathValue == null ? 0 : Integer.parseInt(xPathValue);
        } catch (Exception e3) {
            return -2;
        }
    }

    public static String getXPathValue(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        int i = '/' == str.charAt(0) ? 1 : 0;
        while (true) {
            int indexOf = str.indexOf("/", i);
            if (-1 == indexOf) {
                break;
            }
            arrayList.add(str.substring(i, indexOf));
            i = indexOf + 1;
        }
        if (i < str.length()) {
            arrayList.add(str.substring(i));
        }
        String str3 = str2;
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            str3 = parseXml((String) arrayList.get(i2), str3);
            if (str3 == null) {
                return null;
            }
        }
        return str3;
    }

    protected static String parseXml(String str, String str2) {
        int indexOf;
        String str3 = "<" + str + ">";
        String str4 = "</" + str + ">";
        int indexOf2 = str2.indexOf(str3);
        if (-1 == indexOf2 || -1 == (indexOf = str2.indexOf(str4))) {
            return null;
        }
        return str2.substring(indexOf2 + str3.length(), indexOf);
    }

    public static int checkCertValidity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return -1;
        }
        try {
            x509Certificate.checkValidity();
            return 0;
        } catch (CertificateExpiredException e) {
            return 1;
        } catch (CertificateNotYetValidException e2) {
            return 2;
        }
    }

    public static int checkCertSignature(X509Certificate x509Certificate, PublicKey publicKey) {
        if (x509Certificate == null || publicKey == null) {
            return -1;
        }
        try {
            x509Certificate.verify(publicKey);
            return 0;
        } catch (InvalidKeyException e) {
            return 3;
        } catch (NoSuchAlgorithmException e2) {
            return 4;
        } catch (NoSuchProviderException e3) {
            return 5;
        } catch (SignatureException e4) {
            return 1;
        } catch (CertificateException e5) {
            return 2;
        }
    }

    public static X509Certificate parseX509Cert(String str) throws Exception {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (bufferedInputStream.available() > 0) {
            return (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
        }
        return null;
    }

    public static int checkCertChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return -1;
        }
        int length = x509CertificateArr.length;
        for (int i = 0; i < length - 1; i++) {
            if (checkCertValidity(x509CertificateArr[i]) != 0) {
                return 300 + i;
            }
            if (!x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i + 1].getSubjectDN())) {
                return 600 + i;
            }
            if (checkCertSignature(x509CertificateArr[i], x509CertificateArr[i + 1].getPublicKey()) != 0) {
                return 900 + i;
            }
        }
        if (checkCertValidity(x509CertificateArr[length - 1]) != 0) {
            return (300 + length) - 1;
        }
        if (!x509CertificateArr[length - 1].getSubjectDN().equals(x509CertificateArr[length - 1].getIssuerDN()) || checkCertSignature(x509CertificateArr[length - 1], x509CertificateArr[length - 1].getPublicKey()) == 0) {
            return 0;
        }
        return (900 + length) - 1;
    }

    public static int checkCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null || x509Certificate2 == null) {
            return -1;
        }
        if (checkCertValidity(x509Certificate2) != 0) {
            return 300;
        }
        if (!x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            return 600;
        }
        if (checkCertSignature(x509Certificate2, x509Certificate.getPublicKey()) != 0) {
            return 900;
        }
        if (checkCertValidity(x509Certificate) != 0) {
            return 400;
        }
        return (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN()) || checkCertSignature(x509Certificate, x509Certificate.getPublicKey()) == 0) ? 0 : 1000;
    }

    public static int checkCertNotCheckTime(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null || x509Certificate2 == null) {
            return -1;
        }
        if (!x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            return 600;
        }
        if (checkCertSignature(x509Certificate2, x509Certificate.getPublicKey()) != 0) {
            return 900;
        }
        return (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN()) || checkCertSignature(x509Certificate, x509Certificate.getPublicKey()) == 0) ? 0 : 1000;
    }
}
