package de.vwag.viwi.mib3.library.internal.utils;

import de.vwag.viwi.mib3.library.R;
import de.vwag.viwi.mib3.library.api.ClientLibrary;
import de.vwag.viwi.mib3.library.internal.diagnostic.L;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.tls.Certificate;

/* loaded from: classes.dex */
public class CertificateVerifier {
    private static final String KEYSTORE_PASSWORD = "Opusiwofi479";
    private static X509Certificate[] trustedRootCertificates;

    private static List<X509Certificate> getServerCertificates(Certificate certificate) {
        ArrayList arrayList = new ArrayList();
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        for (int i = 0; i < certificate.getLength(); i++) {
            arrayList.add(jcaX509CertificateConverter.getCertificate(new X509CertificateHolder(certificate.getCertificateAt(i))));
        }
        return arrayList;
    }

    private static void loadTrustedRootCertificates() {
        ArrayList arrayList = new ArrayList();
        InputStream inputStream = null;
        try {
            inputStream = ClientLibrary.getInstance().getApplicationContext().getResources().openRawResource(R.raw.trusted_keystore);
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(inputStream, KEYSTORE_PASSWORD.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                java.security.cert.Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            CommonUtils.closeSilently(inputStream);
            trustedRootCertificates = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Throwable th) {
            CommonUtils.closeSilently(inputStream);
            throw th;
        }
    }

    public static boolean verifyCertificate(Certificate certificate) {
        if (trustedRootCertificates == null) {
            try {
                loadTrustedRootCertificates();
            } catch (Exception e) {
                L.e(e, "Could not load trusted root certificates.", new Object[0]);
                return false;
            }
        }
        return verifyCertificate(certificate, trustedRootCertificates);
    }

    public static boolean verifyCertificate(Certificate certificate, X509Certificate... x509CertificateArr) {
        try {
            HashSet hashSet = new HashSet();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                hashSet.add(new TrustAnchor(x509Certificate, null));
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            return ((PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(getServerCertificates(certificate)), pKIXParameters)) != null;
        } catch (Exception e) {
            L.e(e, "Could not verify server certificate chain.", new Object[0]);
            return false;
        }
    }
}
