package nl.innovalor.cert;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import u8.q;
import x7.a;

/* loaded from: classes.dex */
public final class CertUtil {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f12896a = Logger.getLogger("nl.innovalor.cert");

    /* renamed from: b, reason: collision with root package name */
    private static final Provider f12897b = q.u();

    /* renamed from: c, reason: collision with root package name */
    public static final CertSelector f12898c = new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.1
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            return certificate instanceof X509Certificate;
        }
    };

    /* renamed from: d, reason: collision with root package name */
    public static final CertSelector f12899d = new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.2
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            if (!(certificate instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (!CertUtil.i(x509Certificate) || !CertUtil.h(x509Certificate)) {
                return false;
            }
            Object k10 = q.k();
            try {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey(), CertUtil.f12897b.getName());
                    q.t(k10);
                    return true;
                } catch (SignatureException e10) {
                    CertUtil.f12896a.log(Level.FINEST, "Signature not valid", (Throwable) e10);
                    q.t(k10);
                    return false;
                } catch (GeneralSecurityException e11) {
                    CertUtil.f12896a.log(Level.WARNING, "Some error validating signature, but not a signature exception", (Throwable) e11);
                    q.t(k10);
                    return false;
                }
            } catch (Throwable th) {
                q.t(k10);
                throw th;
            }
        }
    };

    /* renamed from: e, reason: collision with root package name */
    public static final CertSelector f12900e = new X509CertSelector() { // from class: nl.innovalor.cert.CertUtil.3
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            if (!(certificate instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (!CertUtil.i(x509Certificate) || !CertUtil.h(x509Certificate)) {
                return true;
            }
            Object k10 = q.k();
            try {
                x509Certificate.verify(x509Certificate.getPublicKey(), CertUtil.f12897b.getName());
                return false;
            } catch (SignatureException e10) {
                CertUtil.f12896a.log(Level.FINEST, "Signature not valid", (Throwable) e10);
                return true;
            } catch (GeneralSecurityException e11) {
                CertUtil.f12896a.log(Level.WARNING, "Some error validating signature, but not a signature exception", (Throwable) e11);
                return true;
            } finally {
                q.t(k10);
            }
        }
    };

    /* renamed from: f, reason: collision with root package name */
    public static final Comparator<X509Certificate> f12901f = new Comparator<X509Certificate>() { // from class: nl.innovalor.cert.CertUtil.4
        @Override // java.util.Comparator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compare(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
            return CertUtil.g(x509Certificate.getIssuerX500Principal()).toAlpha2Code().compareTo(CertUtil.g(x509Certificate2.getIssuerX500Principal()).toAlpha2Code());
        }
    };

    /* renamed from: g, reason: collision with root package name */
    private static final a f12902g = b(-1, "XX", "XXX", "Unknown country", "Unknown nationality");

    /* loaded from: classes.dex */
    private enum GeneralName {
        OTHER_NAME(0),
        RFC822_NAME(1),
        DNS_DAME(2),
        X400_ADDRESS(3),
        DIRECTORY_NAME(4),
        EDI_PARTY_NAME(5),
        URI(6),
        IP_ADDRESS(7),
        REGISTERED_ID(8);


        /* renamed from: a, reason: collision with root package name */
        private int f12913a;

        GeneralName(int i10) {
            this.f12913a = i10;
        }
    }

    private CertUtil() {
    }

    private static a b(final int i10, final String str, final String str2, final String str3, final String str4) {
        return new a() { // from class: nl.innovalor.cert.CertUtil.5
            private static final long serialVersionUID = 8905599771792544765L;

            @Override // x7.a
            public String getName() {
                return str3;
            }

            @Override // x7.a
            public String getNationality() {
                return str4;
            }

            @Override // x7.a
            public String toAlpha2Code() {
                return str;
            }

            @Override // x7.a
            public String toAlpha3Code() {
                return str2;
            }

            @Override // x7.a
            public int valueOf() {
                return i10;
            }
        };
    }

    private static a c(String str) {
        return b(-1, str, "X" + str, "Unknown country (" + str + ")", "Unknown nationality (" + str + ")");
    }

    private static Set<TrustAnchor> d(Collection<? extends Certificate> collection) {
        HashSet hashSet = new HashSet(collection.size());
        for (Certificate certificate : collection) {
            if (certificate instanceof X509Certificate) {
                hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
            }
        }
        return hashSet;
    }

    public static TrustedCertStore f(String str, KeyStore keyStore) throws GeneralSecurityException {
        if (keyStore == null) {
            throw new IllegalArgumentException("Cannot get certificates from null key-store");
        }
        ArrayList arrayList = new ArrayList(keyStore.size());
        ArrayList arrayList2 = new ArrayList(keyStore.size());
        for (String str2 : Collections.list(keyStore.aliases())) {
            if (keyStore.isCertificateEntry(str2)) {
                Certificate certificate = keyStore.getCertificate(str2);
                arrayList.add(certificate);
                if (str2.contains("_root_")) {
                    arrayList2.add(certificate);
                } else if (!str2.contains("_link_") && f12899d.match(certificate)) {
                    arrayList2.add(certificate);
                }
            }
        }
        return new DefaultTrustedCertStore(str, CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList)), d(arrayList2));
    }

    public static a g(X500Principal x500Principal) {
        String name = x500Principal.getName("RFC1779");
        int indexOf = name.indexOf("C=");
        if (indexOf < 0) {
            f12896a.info("Could not get country from issuer name");
            return f12902g;
        }
        int indexOf2 = name.indexOf(44, indexOf);
        if (indexOf2 < 0) {
            indexOf2 = name.length();
        }
        String upperCase = name.substring(indexOf + 2, indexOf2).trim().toUpperCase();
        try {
            return a.getInstance(upperCase);
        } catch (Exception e10) {
            f12896a.log(Level.OFF, "Could not determine country for code " + upperCase, (Throwable) e10);
            return c(upperCase);
        }
    }

    public static boolean h(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        String algorithm = x509Certificate.getPublicKey().getAlgorithm();
        if (sigAlgName == null && algorithm == null) {
            return true;
        }
        if (sigAlgName == null || algorithm == null) {
            return false;
        }
        if ((!algorithm.toUpperCase().contains("RSA") || sigAlgName.toUpperCase().contains("RSA")) && (algorithm.toUpperCase().contains("RSA") || !sigAlgName.toUpperCase().contains("RSA"))) {
            return (!algorithm.toUpperCase().contains("EC") || sigAlgName.toUpperCase().contains("EC")) && (algorithm.toUpperCase().contains("EC") || !sigAlgName.toUpperCase().contains("EC"));
        }
        return false;
    }

    public static boolean i(X509Certificate x509Certificate) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (issuerX500Principal == null && subjectX500Principal == null) {
            return true;
        }
        if (issuerX500Principal == null || subjectX500Principal == null) {
            return false;
        }
        return subjectX500Principal.equals(issuerX500Principal);
    }
}
