package cn.com.syan.trusttracker.sdk;

import cn.com.syan.a.a.a.a.a;
import cn.com.syan.b.a.b;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes.dex */
public class TTLocalCertificateVerifier extends TTCertificateVerifier {
    static final String CERTIFICATE_HAS_EXPIRED = "CERTIFICATE HAS EXPIRED";
    static final String CERTIFICATE_NOT_YET_VALID = "CERTIFICATE NOT YET VALID";
    static final String ISSUER_CERTIFICATE_INVALID = "ISSUER CERTIFICATE INVALID";
    static final String NO_ISSUER_CERTIFICATE_FOUND_IN_KEY_STORE = "NO ISSUER CERTIFICATE FOUND IN KEY STORE";
    private TTCertificateStore ttCertificateStore;

    private TTLocalCertificateVerifier() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public TTLocalCertificateVerifier(TTCertificateStore tTCertificateStore) {
        this();
        if (tTCertificateStore == null) {
            throw new NullPointerException("TTCertificateStore can not be null");
        }
        this.ttCertificateStore = tTCertificateStore;
    }

    private int checkValidity(Date date, Date date2) {
        int i = 0;
        int i2 = 1;
        Date date3 = new Date();
        switch (this.greenPass) {
            case 1:
                i2 = 0;
                break;
            case 2:
                i2 = 0;
                break;
            case 3:
                return i;
        }
        if (date.after(date3)) {
            i = i2 * (-1);
        } else if (date2.before(date3)) {
            return i2;
        }
        return i;
    }

    @Override // cn.com.syan.trusttracker.sdk.TTCertificateVerifier
    public boolean verify(String str) {
        return verify(a.b(str));
    }

    @Override // cn.com.syan.trusttracker.sdk.TTCertificateVerifier
    public boolean verify(X509Certificate x509Certificate) {
        if (this.ttCertificateStore == null) {
            throw new NullPointerException("TTCertificateStore is null, which  must be set first.");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("neither entity certificate or issuer certificate may be null");
        }
        int checkValidity = checkValidity(x509Certificate.getNotBefore(), x509Certificate.getNotAfter());
        if (checkValidity != 0) {
            if (checkValidity == 1) {
                this.errorCode = CERTIFICATE_HAS_EXPIRED;
                return false;
            }
            if (checkValidity != -1) {
                return false;
            }
            this.errorCode = CERTIFICATE_NOT_YET_VALID;
            return false;
        }
        TTCACertificate findIssuerX509Certificate = this.ttCertificateStore.findIssuerX509Certificate(x509Certificate);
        if (findIssuerX509Certificate == null) {
            this.errorCode = NO_ISSUER_CERTIFICATE_FOUND_IN_KEY_STORE;
            return false;
        }
        if (findIssuerX509Certificate.getStatus() == 0) {
            this.errorCode = ISSUER_CERTIFICATE_INVALID;
            return false;
        }
        X509Certificate x509Certificate2 = findIssuerX509Certificate.getX509Certificate();
        try {
            b a = b.a(x509Certificate.getSigAlgName());
            a.a(x509Certificate2.getPublicKey());
            a.a(x509Certificate.getTBSCertificate());
            return a.b(x509Certificate.getSignature());
        } catch (Exception e) {
            this.errorCode = e.getMessage();
            return false;
        }
    }
}
