package com.huawei.secure.android.common.ssl.p;

import android.net.http.SslCertificate;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes14.dex */
public class d {
    private static final String a = "b";
    private static final int b = 5;

    public static X509Certificate a(SslCertificate sslCertificate) {
        X509Certificate x509Certificate;
        com.lizhi.component.tekiapm.tracer.block.c.k(40485);
        byte[] byteArray = SslCertificate.saveState(sslCertificate).getByteArray("x509-certificate");
        if (byteArray != null) {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            } catch (CertificateException e2) {
                i.c(a, "exception", e2);
            }
            com.lizhi.component.tekiapm.tracer.block.c.n(40485);
            return x509Certificate;
        }
        x509Certificate = null;
        com.lizhi.component.tekiapm.tracer.block.c.n(40485);
        return x509Certificate;
    }

    public static X509Certificate b(String str) {
        X509Certificate x509Certificate;
        com.lizhi.component.tekiapm.tracer.block.c.k(40470);
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (CertificateException e2) {
            i.d(a, "generateX509FromStr: CertificateException" + e2.getMessage());
            x509Certificate = null;
        }
        com.lizhi.component.tekiapm.tracer.block.c.n(40470);
        return x509Certificate;
    }

    public static boolean c(X509Certificate x509Certificate) {
        com.lizhi.component.tekiapm.tracer.block.c.k(40487);
        if (x509Certificate == null) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40487);
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40487);
            return false;
        }
        boolean z = x509Certificate.getKeyUsage()[5];
        com.lizhi.component.tekiapm.tracer.block.c.n(40487);
        return z;
    }

    public static boolean d(X509Certificate x509Certificate, String str) {
        boolean z;
        com.lizhi.component.tekiapm.tracer.block.c.k(40478);
        if (str.equals(x509Certificate.getSubjectDN().getName())) {
            z = true;
        } else {
            i.d(a, "verify: subject name is error");
            z = false;
        }
        com.lizhi.component.tekiapm.tracer.block.c.n(40478);
        return z;
    }

    public static boolean e(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        com.lizhi.component.tekiapm.tracer.block.c.k(40483);
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            if (j(new X509Certificate[]{x509Certificate, x509Certificate2})) {
                com.lizhi.component.tekiapm.tracer.block.c.n(40483);
                return true;
            }
            i.d(a, "verify: date not right");
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (InvalidKeyException e2) {
            i.d(a, "verify: publickey InvalidKeyException " + e2.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            i.d(a, "verify: publickey NoSuchAlgorithmException " + e3.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (NoSuchProviderException e4) {
            i.d(a, "verify: publickey NoSuchProviderException " + e4.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (SignatureException e5) {
            i.d(a, "verify: publickey SignatureException " + e5.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (CertificateException e6) {
            i.d(a, "verify: publickey CertificateException " + e6.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        } catch (Exception e7) {
            i.d(a, "verify: Exception " + e7.getMessage());
            com.lizhi.component.tekiapm.tracer.block.c.n(40483);
            return false;
        }
    }

    public static boolean f(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        com.lizhi.component.tekiapm.tracer.block.c.k(40484);
        Principal principal = null;
        int i2 = 0;
        while (i2 < x509CertificateArr.length) {
            X509Certificate x509Certificate2 = x509CertificateArr[i2];
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    i.d(a, "verify: principalIssuer not match");
                    com.lizhi.component.tekiapm.tracer.block.c.n(40484);
                    return false;
                }
                x509CertificateArr[i2].verify(x509CertificateArr[i2 - 1].getPublicKey());
            }
            i2++;
            principal = subjectDN;
        }
        if (!e(x509Certificate, x509CertificateArr[0])) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40484);
            return false;
        }
        if (!j(x509CertificateArr)) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40484);
            return false;
        }
        if (!c(x509Certificate)) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40484);
            return false;
        }
        boolean h2 = h(x509CertificateArr);
        com.lizhi.component.tekiapm.tracer.block.c.n(40484);
        return h2;
    }

    public static boolean g(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, X509CRL x509crl, String str) throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException, InvalidKeyException, SignatureException {
        com.lizhi.component.tekiapm.tracer.block.c.k(40471);
        if (f(x509Certificate, x509CertificateArr)) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40471);
            return false;
        }
        if (i(x509CertificateArr, x509crl)) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40471);
            return false;
        }
        if (!d(x509CertificateArr[x509CertificateArr.length - 1], str)) {
            com.lizhi.component.tekiapm.tracer.block.c.n(40471);
            return false;
        }
        boolean j2 = j(x509CertificateArr);
        com.lizhi.component.tekiapm.tracer.block.c.n(40471);
        return j2;
    }

    public static boolean h(X509Certificate[] x509CertificateArr) {
        com.lizhi.component.tekiapm.tracer.block.c.k(40486);
        for (int i2 = 0; i2 < x509CertificateArr.length - 1; i2++) {
            if (!c(x509CertificateArr[i2])) {
                com.lizhi.component.tekiapm.tracer.block.c.n(40486);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.c.n(40486);
        return true;
    }

    public static boolean i(X509Certificate[] x509CertificateArr, X509CRL x509crl) {
        com.lizhi.component.tekiapm.tracer.block.c.k(40474);
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate.getSerialNumber());
        }
        if (x509crl != null) {
            try {
                Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
                if (revokedCertificates != null && !revokedCertificates.isEmpty()) {
                    Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
                    while (it.hasNext()) {
                        if (arrayList.contains(it.next().getSerialNumber())) {
                            i.d(a, "verify: certificate revoked");
                            com.lizhi.component.tekiapm.tracer.block.c.n(40474);
                            return false;
                        }
                    }
                }
            } catch (Exception e2) {
                i.d(a, "verify: revoked verify exception : " + e2.getMessage());
                com.lizhi.component.tekiapm.tracer.block.c.n(40474);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.c.n(40474);
        return true;
    }

    public static boolean j(X509Certificate[] x509CertificateArr) {
        com.lizhi.component.tekiapm.tracer.block.c.k(40480);
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (CertificateExpiredException e2) {
                e = e2;
                i.d(a, "verifyCertificateDate: exception : " + e.getMessage());
                com.lizhi.component.tekiapm.tracer.block.c.n(40480);
                return false;
            } catch (CertificateNotYetValidException e3) {
                e = e3;
                i.d(a, "verifyCertificateDate: exception : " + e.getMessage());
                com.lizhi.component.tekiapm.tracer.block.c.n(40480);
                return false;
            } catch (Exception e4) {
                i.d(a, "verifyCertificateDate : exception : " + e4.getMessage());
                com.lizhi.component.tekiapm.tracer.block.c.n(40480);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.c.n(40480);
        return true;
    }
}
