package com.cyclonecommerce.crossworks.x509;

import com.cyclonecommerce.crossworks.asn1.ObjectID;
import com.cyclonecommerce.crossworks.o;
import com.cyclonecommerce.crossworks.p;
import com.cyclonecommerce.crossworks.pse.CycloneKeyStore;
import com.cyclonecommerce.crossworks.q;
import com.cyclonecommerce.crossworks.r;
import com.cyclonecommerce.crossworks.s;
import com.cyclonecommerce.crossworks.util.n;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Vector;

/* loaded from: input_file:com/cyclonecommerce/crossworks/x509/i.class */
public class i implements com.cyclonecommerce.crossworks.c {
    protected com.cyclonecommerce.crossworks.certstore.a b;
    protected CycloneKeyStore c;
    protected boolean f;
    protected static final com.cyclonecommerce.crossworks.util.f g = com.cyclonecommerce.crossworks.util.f.a("pathvalidator");
    protected boolean d = true;
    protected int e = 0;
    protected j[] a = new j[0];

    @Override // com.cyclonecommerce.crossworks.c
    public void a(Certificate[] certificateArr) {
        this.a = (j[]) certificateArr;
    }

    @Override // com.cyclonecommerce.crossworks.c
    public void a(CycloneKeyStore cycloneKeyStore) {
        this.c = cycloneKeyStore;
    }

    @Override // com.cyclonecommerce.crossworks.c
    public void a(com.cyclonecommerce.crossworks.certstore.a aVar) {
        this.b = aVar;
    }

    @Override // com.cyclonecommerce.crossworks.c
    public com.cyclonecommerce.crossworks.certstore.a a() throws com.cyclonecommerce.crossworks.certstore.e {
        return this.b;
    }

    public boolean a(j jVar) {
        for (int i = 0; i < this.a.length; i++) {
            try {
                if (this.a[i].equals(jVar)) {
                    return true;
                }
            } catch (KeyStoreException e) {
                e.printStackTrace(System.err);
                return false;
            }
        }
        if (this.c != null) {
            if (this.c.getCertificateAlias(jVar) != null) {
                return true;
            }
        }
        return false;
    }

    @Override // com.cyclonecommerce.crossworks.c
    public boolean a(Certificate certificate) throws com.cyclonecommerce.crossworks.m {
        try {
            j jVar = (j) certificate;
            j[] jVarArr = new j[1];
            if (jVar.n()) {
                jVarArr[0] = jVar;
            } else {
                if (a() == null) {
                    throw new IllegalArgumentException("No certificate store to retreive chain for certificate.");
                }
                Vector d = a().d(jVar);
                if (d.size() == 0) {
                    jVarArr[0] = jVar;
                } else {
                    d.insertElementAt(jVar, 0);
                    jVarArr = new j[d.size()];
                    d.copyInto(jVarArr);
                }
            }
            return b(jVarArr);
        } catch (com.cyclonecommerce.crossworks.certstore.e e) {
            throw new com.cyclonecommerce.crossworks.m(new StringBuffer().append("Unable to build certificate path: ").append(n.a(e)).toString());
        }
    }

    @Override // com.cyclonecommerce.crossworks.c
    public boolean b(Certificate[] certificateArr) throws com.cyclonecommerce.crossworks.m {
        boolean z = false;
        int i = 0;
        List e = new h(Arrays.asList(certificateArr)).e();
        j[] jVarArr = (j[]) e.toArray(new j[e.size()]);
        try {
            if (g != null) {
                g.c(new StringBuffer().append("certificate chain length: ").append(jVarArr.length).toString());
                for (int i2 = 0; i2 < jVarArr.length; i2++) {
                    g.c(new StringBuffer().append("certificate chain[").append(i2).append("]: ").append(jVarArr[i2].h()).toString());
                }
            }
            while (i < jVarArr.length) {
                if (g != null) {
                    g.c(new StringBuffer().append("DEBUG: validating certificate:\n").append(jVarArr[i]).toString());
                }
                a(jVarArr, i);
                b(jVarArr, i);
                c(jVarArr, i);
                e(jVarArr, i);
                d(jVarArr, i);
                z = z || a(jVarArr[i]);
                i++;
            }
            i--;
            if (jVarArr[i].n()) {
                return z;
            }
            throw new r(new StringBuffer().append("Certificate path abrubtly stops at:\n").append(jVarArr[i]).toString(), i);
        } catch (com.cyclonecommerce.crossworks.m e2) {
            throw e2;
        } catch (Exception e3) {
            throw new com.cyclonecommerce.crossworks.m(new StringBuffer().append("Certificate path validation error: ").append(n.a(e3)).toString(), i);
        }
    }

    protected void a(j[] jVarArr, int i) throws com.cyclonecommerce.crossworks.m {
        j jVar = jVarArr[i];
        if (i > 0) {
            try {
                j jVar2 = jVarArr[i - 1];
                if (!jVar.h().equals(jVar2.d())) {
                    throw new com.cyclonecommerce.crossworks.n(new StringBuffer().append("The certificate:\n").append(jVar2).append("is not issued by:\n").append(jVar).toString(), i);
                }
                jVar2.verify(jVar.getPublicKey());
            } catch (SignatureException e) {
                throw new com.cyclonecommerce.crossworks.m(new StringBuffer().append("Unable to validate certificate's integrity:\n").append((Object) null).append(": ").append(n.a(e)).toString(), i);
            }
        }
        if (jVar.n()) {
            jVar.verify(jVar.getPublicKey());
        }
    }

    protected void b(j[] jVarArr, int i) throws com.cyclonecommerce.crossworks.m {
        j jVar = jVarArr[i];
        try {
            jVar.checkValidity();
        } catch (CertificateExpiredException e) {
            throw new o(new StringBuffer().append("Certificate has expired:\n").append(jVar).toString(), i);
        } catch (CertificateNotYetValidException e2) {
            throw new q(new StringBuffer().append("Certificate is not yet valid:\n").append(jVar).toString(), i);
        }
    }

    protected void c(j[] jVarArr, int i) throws com.cyclonecommerce.crossworks.m {
        Enumeration f;
        j jVar = jVarArr[i];
        if (jVar.k() && (f = jVar.a().f()) != null) {
            while (f.hasMoreElements()) {
                com.cyclonecommerce.crossworks.x509.extensions.b bVar = (com.cyclonecommerce.crossworks.x509.extensions.b) f.nextElement();
                ObjectID c = bVar.c();
                if (c.equals(ObjectID.basicConstraints)) {
                    a(bVar, i);
                } else if (c.equals(ObjectID.keyUsage)) {
                    b(bVar, i);
                } else if (bVar.d()) {
                    throw new p(new StringBuffer().append("Unhandled CRITICAL extension: ").append(bVar.c()).toString(), i);
                }
            }
        }
    }

    protected void a(com.cyclonecommerce.crossworks.x509.extensions.b bVar, int i) throws com.cyclonecommerce.crossworks.m {
        com.cyclonecommerce.crossworks.x509.extensions.g gVar = (com.cyclonecommerce.crossworks.x509.extensions.g) bVar;
        if (!gVar.f()) {
            if (i != 0) {
                throw new p("certificate is marked as non-CA certificate", i);
            }
        } else {
            if (i == 0 && !this.f) {
                throw new p("leaf certificate is marked as CA certificate", i);
            }
            int e = gVar.e();
            if (e != -1 && e < i - 1) {
                throw new p("basic path length constraint violated!", i);
            }
        }
    }

    protected void b(com.cyclonecommerce.crossworks.x509.extensions.b bVar, int i) throws com.cyclonecommerce.crossworks.m {
        com.cyclonecommerce.crossworks.x509.extensions.m mVar = (com.cyclonecommerce.crossworks.x509.extensions.m) bVar;
        if (i > 0 && (mVar.e() & com.cyclonecommerce.crossworks.x509.extensions.m.y) == 0) {
            throw new com.cyclonecommerce.crossworks.m("Certificate extension error: Key usage extension does not allow certificate signing", i);
        }
    }

    public void d(j[] jVarArr, int i) throws com.cyclonecommerce.crossworks.m, com.cyclonecommerce.crossworks.certstore.e {
        j jVar;
        if (b()) {
            j jVar2 = jVarArr[i];
            k[] a = a().a(jVar2.d());
            if (a.length < 1) {
                if (g != null) {
                    g.c(new StringBuffer().append("unable to find and check CRL for: ").append(jVar2).toString());
                    return;
                }
                return;
            }
            k kVar = a[0];
            if (jVar2.n()) {
                jVar = jVar2;
            } else {
                if (i >= jVarArr.length) {
                    throw new s(new StringBuffer().append("Unable to verify signature of CRL:\n").append(kVar).toString(), i);
                }
                jVar = jVarArr[i + 1];
            }
            if (g != null) {
                g.c(new StringBuffer().append("verifying crl signature. issuer: \n").append(jVar).toString());
                g.c(new StringBuffer().append("verifying crl signature. crl: \n").append(kVar).toString());
            }
            try {
                kVar.verify(jVar.getPublicKey());
                Date nextUpdate = kVar.getNextUpdate();
                if (nextUpdate != null && new Date().after(nextUpdate)) {
                    throw new s(new StringBuffer().append("CRL has expired:\n").append(kVar).toString(), i);
                }
                if (kVar.isRevoked(jVar2)) {
                    throw new s(new StringBuffer().append("Certificate is revoked:\n").append(jVar2).toString(), i);
                }
            } catch (GeneralSecurityException e) {
                throw new s(new StringBuffer().append("Unable to validate CRL's integrity:\n").append(kVar).append(": ").append(n.a(e)).toString());
            }
        }
    }

    protected void e(j[] jVarArr, int i) throws com.cyclonecommerce.crossworks.m {
        if (jVarArr[i].k()) {
        }
    }

    public boolean b() {
        return this.d;
    }

    public void a(boolean z) {
        this.d = z;
    }

    public void b(boolean z) {
        this.f = z;
    }
}
