package com.dreamsecurity.jcaos.x509;

import com.dreamsecurity.java.security.InvalidKeyException;
import com.dreamsecurity.java.security.cert.CertificateExpiredException;
import com.dreamsecurity.java.security.cert.CertificateNotYetValidException;
import com.dreamsecurity.java.util.ArrayList;
import com.dreamsecurity.jcaos.exception.BuildCertPathException;
import com.dreamsecurity.jcaos.exception.ObtainCertPathException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.exception.RevocationCheckException;
import com.dreamsecurity.jcaos.exception.RevokedCertException;
import com.dreamsecurity.jcaos.exception.ValidateCertPathException;
import com.dreamsecurity.jcaos.protocol.LDAP;
import com.dreamsecurity.jcaos.protocol.URLParser;
import com.dreamsecurity.jcaos.resources.Resource;
import com.dreamsecurity.jcaos.util.LogUtil;
import com.dreamsecurity.jcaos.util.encoders.Hex;
import com.dreamsecurity.math.BigInteger;
import java.io.IOException;

/* loaded from: classes7.dex */
public class X509CertVerifier {
    public static final int DONT_CACHE_ARL = 4;
    public static final int DONT_CACHE_CAPUBS = 1;
    public static final int DONT_CACHE_CRL = 8;
    public static final int DONT_CACHE_CTL = 2;
    public static final int FIELD_SIGNATURE = X509CertPathValidator.VALIDATE_FIELD_SIGNATURE;
    public static final int FIELD_VALIDITY = X509CertPathValidator.VALIDATE_FIELD_VALIDITY;
    public static final int RANGE_FULL_PATH = 1;
    public static final int RANGE_USER_CERT_ONLY = 2;
    public static final int REVOCATION_CHECK_BY_ARL = 1;
    public static final int REVOCATION_CHECK_BY_CRL = 2;
    public static final int REVOCATION_CHECK_BY_OCSP = 4;
    public static final int REVOCATION_CHECK_NONE = 0;
    X509CertPath _capubs;
    Object _certStatus;
    String _cert_type;
    X509Certificate _my_cert;
    int _rev_check_method = 0;
    int _verify_range = 1;
    int _verify_field = 255;
    X509ValidatorParameters _validatorParams = new X509ValidatorParameters();

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    boolean checkRevocationByCRL(boolean z, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, ParsingException, InvalidKeyException, Exception {
        if (z) {
            LogUtil.append(" +- 인증기관 인증서 폐지여부 확인");
        } else {
            LogUtil.append(" +- 사용자 인증서 폐지여부 확인");
        }
        X509CRLDistributionPoints cRLDistributionPoints = x509Certificate.getCRLDistributionPoints();
        if (cRLDistributionPoints == null) {
            LogUtil.append("  +- ARL 배포 지점 정보 없음");
            return false;
        }
        LogUtil.append("  +- CRL 이용");
        String stringName = ((X509GeneralName) cRLDistributionPoints.getDistributionPoint(0).get(0)).getStringName();
        LogUtil.append("  +- CRL/ARL 획득하기");
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("    +- 획득 위치 : ");
        stringBuffer.append(stringName);
        LogUtil.append(stringBuffer.toString());
        X509CRL x509crl = z ? (X509CRL) download(stringName, LDAP.ATTR_ARL) : (X509CRL) download(stringName, LDAP.ATTR_CRL);
        LogUtil.append("     +- 성공 ...");
        LogUtil.append("  +- CRL/ARL 검증");
        X509CRLValidator x509CRLValidator = new X509CRLValidator();
        x509CRLValidator.setDate(this._validatorParams.getDate());
        x509CRLValidator.verify(x509crl, x509Certificate2, x509Certificate);
        X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate);
        LogUtil.append("   +- 폐지여부 확인");
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("    +- 인증서 일련번호 : ");
        stringBuffer2.append(new String(Hex.encode(x509Certificate.getSerialNumber().toByteArray())));
        LogUtil.append(stringBuffer2.toString());
        LogUtil.append("   +- 성공 ...");
        if (revokedCertificate == null) {
            return false;
        }
        this._certStatus = revokedCertificate;
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    Object download(String str, String str2) throws IOException, ParsingException, Exception {
        byte[] bArr;
        URLParser uRLParser = new URLParser(str);
        if (uRLParser.getProtocol() == 1) {
            LDAP ldap = new LDAP();
            ldap.connect(uRLParser.getIP(), uRLParser.getPort());
            String attribute = uRLParser.getAttribute();
            if (attribute.length() == 0) {
                attribute = str2;
            }
            ldap.search(uRLParser.getURI(), attribute);
            ArrayList object = ldap.getObject();
            ldap.close();
            bArr = null;
            for (int i = 0; i < object.size(); i++) {
                bArr = (byte[]) object.get(i);
                if (bArr[0] == 48) {
                    break;
                }
            }
        } else {
            if (uRLParser.getProtocol() == 0) {
                throw new Exception(Resource.getErrMsg_NotSupported("HTTP"));
            }
            bArr = null;
        }
        if (str2.toLowerCase().equals(LDAP.ATTR_CA_CERT)) {
            return X509Certificate.getInstance(bArr);
        }
        if (str2.toLowerCase().equals(LDAP.ATTR_ARL) || str2.toLowerCase().equals(LDAP.ATTR_CRL)) {
            return X509CRL.getInstance(bArr);
        }
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    String getStackTrace(Exception exc) {
        return exc.getMessage();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    boolean isRootCert(X509Certificate x509Certificate) throws ParsingException, IOException, InvalidKeyException {
        if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509CertPath obtainCertPath(X509Certificate x509Certificate) throws ObtainCertPathException {
        return obtainCertPath(x509Certificate, false);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    X509CertPath obtainCertPath(X509Certificate x509Certificate, boolean z) throws ObtainCertPathException {
        X509CertPath x509CertPath = this._capubs;
        if (x509CertPath != null) {
            return x509CertPath;
        }
        throw new ObtainCertPathException(Resource.getErrMsg(Resource.ERR_NOT_SETTED_CAPUBS));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    boolean revocationCheck(X509CertPath x509CertPath, boolean z) throws IOException, ParsingException, InvalidKeyException, Exception {
        LogUtil.append("- 인증서 폐지여부 확인");
        ArrayList certificates = x509CertPath.getCertificates();
        int size = this._verify_range == 2 ? certificates.size() - 1 : 0;
        while (size < certificates.size()) {
            X509Certificate x509Certificate = (X509Certificate) certificates.get(size);
            X509Certificate x509Certificate2 = size == 0 ? x509Certificate : (X509Certificate) certificates.get(size - 1);
            if (size != certificates.size() - 1) {
                if ((this._rev_check_method & 1) != 0 && checkRevocationByCRL(true, x509Certificate, x509Certificate2)) {
                    return true;
                }
            } else {
                if (!z && (this._rev_check_method & 4) != 0) {
                    throw new Exception(Resource.getErrMsg_NotSupported("OCSP"));
                }
                if ((this._rev_check_method & 2) != 0 && checkRevocationByCRL(false, x509Certificate, x509Certificate2)) {
                    return true;
                }
            }
            size++;
        }
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setCaPubs(X509CertPath x509CertPath) {
        this._capubs = x509CertPath;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setRevocationCheckMethod(int i) {
        this._rev_check_method = i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setVerifyField(int i) {
        this._verify_field = i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setVerifyRange(int i) {
        this._verify_range = i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void verify(X509Certificate x509Certificate) throws ObtainCertPathException, BuildCertPathException, IOException, ValidateCertPathException, RevokedCertException, RevocationCheckException, CertificateNotYetValidException, CertificateExpiredException {
        verify(x509Certificate, false);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    void verify(X509Certificate x509Certificate, boolean z) throws ObtainCertPathException, IOException, BuildCertPathException, ValidateCertPathException, RevokedCertException, RevocationCheckException, CertificateNotYetValidException, CertificateExpiredException {
        String str = z ? "[OCSP CERT] " : "";
        try {
            X509CertPathBuilder x509CertPathBuilder = new X509CertPathBuilder(obtainCertPath(x509Certificate, z), x509Certificate);
            X509CertPath build = this._verify_range == 2 ? x509CertPathBuilder.build(2) : x509CertPathBuilder.build();
            X509CertPathValidator x509CertPathValidator = new X509CertPathValidator(this._validatorParams);
            if (this._verify_range == 2) {
                x509CertPathValidator.setValidateRange(X509CertPathValidator.VALIDATE_USER_CERT);
            }
            int i = this._verify_field;
            if (i != 255) {
                x509CertPathValidator.setValidateField(i);
            }
            try {
                x509CertPathValidator.validate(this._cert_type, build);
                if (this._rev_check_method != 0) {
                    try {
                        if (revocationCheck(build, z)) {
                            Object obj = this._certStatus;
                            if (obj instanceof X509CRLEntry) {
                                BigInteger serialNumber = ((X509CRLEntry) obj).getSerialNumber();
                                StringBuffer stringBuffer = new StringBuffer();
                                stringBuffer.append(str);
                                stringBuffer.append("The certificate(");
                                stringBuffer.append(new String(Hex.encode(serialNumber.toByteArray())));
                                stringBuffer.append(") is revoked. (reasonCode = ");
                                stringBuffer.append(((X509CRLEntry) this._certStatus).getReasonCode());
                                stringBuffer.append(")");
                                String stringBuffer2 = stringBuffer.toString();
                                StringBuffer stringBuffer3 = new StringBuffer();
                                stringBuffer3.append("   +- ");
                                stringBuffer3.append(stringBuffer2);
                                LogUtil.append(stringBuffer3.toString());
                                throw new RevokedCertException(stringBuffer2);
                            }
                        }
                    } catch (Exception e) {
                        StringBuffer stringBuffer4 = new StringBuffer();
                        stringBuffer4.append(str);
                        stringBuffer4.append(getStackTrace(e));
                        throw new RevocationCheckException(stringBuffer4.toString());
                    }
                }
            } catch (CertificateExpiredException e2) {
                StringBuffer stringBuffer5 = new StringBuffer();
                stringBuffer5.append(str);
                stringBuffer5.append(getStackTrace(e2));
                throw new CertificateExpiredException(stringBuffer5.toString());
            } catch (CertificateNotYetValidException e3) {
                StringBuffer stringBuffer6 = new StringBuffer();
                stringBuffer6.append(str);
                stringBuffer6.append(getStackTrace(e3));
                throw new CertificateNotYetValidException(stringBuffer6.toString());
            } catch (Exception e4) {
                StringBuffer stringBuffer7 = new StringBuffer();
                stringBuffer7.append(str);
                stringBuffer7.append(getStackTrace(e4));
                throw new ValidateCertPathException(stringBuffer7.toString());
            }
        } catch (Exception e5) {
            StringBuffer stringBuffer8 = new StringBuffer();
            stringBuffer8.append(str);
            stringBuffer8.append(getStackTrace(e5));
            throw new BuildCertPathException(stringBuffer8.toString());
        }
    }
}
