package net.qihoo.smail.q;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.Time;
import org.spongycastle.asn1.x509.AuthorityKeyIdentifier;
import org.spongycastle.asn1.x509.ExtendedKeyUsage;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.cert.jcajce.JcaCertStoreBuilder;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataParser;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationStore;
import org.spongycastle.cms.jcajce.JcaX509CertSelectorConverter;
import org.spongycastle.jce.PrincipalUtil;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.x509.PKIXCertPathReviewer;

/* loaded from: classes3.dex */
public class m {

    /* renamed from: d, reason: collision with root package name */
    private static final int f3318d = 512;
    private static final long e = 946728000000L;
    private CertStore g;
    private SignerInformationStore h;
    private Map i;
    private String[] j;
    private Class k;

    /* renamed from: a, reason: collision with root package name */
    private static final Class<PKIXCertPathReviewer> f3315a = PKIXCertPathReviewer.class;

    /* renamed from: b, reason: collision with root package name */
    private static final String f3316b = Extension.extendedKeyUsage.getId();

    /* renamed from: c, reason: collision with root package name */
    private static final String f3317c = Extension.subjectAlternativeName.getId();
    private static final JcaX509CertSelectorConverter f = new JcaX509CertSelectorConverter();

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    public m(CMSSignedData cMSSignedData, PKIXParameters pKIXParameters, String[] strArr) {
        this(cMSSignedData, pKIXParameters, strArr, f3315a);
    }

    public m(CMSSignedData cMSSignedData, PKIXParameters pKIXParameters, String[] strArr, Class<?> cls) {
        this.k = cls;
        if (!f3315a.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + f3315a.getName());
        }
        try {
            this.g = new JcaCertStoreBuilder().addCertificates(cMSSignedData.getCertificates()).addCRLs(cMSSignedData.getCRLs()).setProvider("BC").build();
            this.h = cMSSignedData.getSignerInfos();
            this.j = strArr;
            this.i = new HashMap();
            a(pKIXParameters);
        } catch (Exception e2) {
            throw new Exception("CMS签名数据读取错误", e2);
        }
    }

    public m(CMSSignedDataParser cMSSignedDataParser, PKIXParameters pKIXParameters, String[] strArr) {
        this(cMSSignedDataParser, pKIXParameters, strArr, f3315a);
    }

    public m(CMSSignedDataParser cMSSignedDataParser, PKIXParameters pKIXParameters, String[] strArr, Class<?> cls) {
        this.k = cls;
        if (!f3315a.isAssignableFrom(cls)) {
            throw new IllegalArgumentException("certPathReviewerClass is not a subclass of " + f3315a.getName());
        }
        try {
            cMSSignedDataParser.getSignedContent().drain();
            this.g = new JcaCertStoreBuilder().addCertificates(cMSSignedDataParser.getCertificates()).addCRLs(cMSSignedDataParser.getCRLs()).setProvider("BC").build();
            this.h = cMSSignedDataParser.getSignerInfos();
            this.j = strArr;
            this.i = new HashMap();
            a(pKIXParameters);
        } catch (Exception e2) {
            throw new Exception("CMS签名数据读取错误", e2);
        }
    }

    static String a(Object[] objArr) {
        if (objArr == null) {
            return "null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('[');
        for (int i = 0; i != objArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append(String.valueOf(objArr[i]));
        }
        return stringBuffer.append(']').toString();
    }

    private static X509Certificate a(List list, X509CertSelector x509CertSelector, Set set) {
        Iterator it = a(list, x509CertSelector).iterator();
        boolean z = false;
        X509Certificate x509Certificate = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            x509Certificate = (X509Certificate) it.next();
            if (!set.contains(x509Certificate)) {
                z = true;
                break;
            }
        }
        if (z) {
            return x509Certificate;
        }
        return null;
    }

    public static Date a(SignerInformation signerInformation) {
        Attribute attribute;
        AttributeTable signedAttributes = signerInformation.getSignedAttributes();
        if (signedAttributes == null || (attribute = signedAttributes.get(CMSAttributes.signingTime)) == null) {
            return null;
        }
        return Time.getInstance(attribute.getAttrValues().getObjectAt(0).toASN1Primitive()).getDate();
    }

    private static List a(List list, X509CertSelector x509CertSelector) {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((CertStore) it.next()).getCertificates(x509CertSelector));
        }
        return arrayList;
    }

    public static Set a(X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        X509Principal subjectX509Principal = PrincipalUtil.getSubjectX509Principal(x509Certificate);
        Vector oIDs = subjectX509Principal.getOIDs();
        Vector values = subjectX509Principal.getValues();
        int i = 0;
        while (true) {
            if (i >= oIDs.size()) {
                break;
            }
            if (oIDs.get(i).equals(X509Principal.EmailAddress)) {
                hashSet.add(((String) values.get(i)).toLowerCase(Locale.US));
                break;
            }
            i++;
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(f3317c);
        if (extensionValue != null) {
            ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(a(extensionValue));
            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1Sequence.getObjectAt(i2);
                if (aSN1TaggedObject.getTagNo() == 1) {
                    hashSet.add(DERIA5String.getInstance(aSN1TaggedObject, false).getString().toLowerCase(Locale.US));
                }
            }
        }
        return hashSet;
    }

    private static ASN1Primitive a(byte[] bArr) {
        return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(bArr).readObject()).getOctets()).readObject();
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x007d  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0091  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00d0 A[Catch: GeneralSecurityException -> 0x00e3, CertPathReviewerException -> 0x015d, TryCatch #10 {GeneralSecurityException -> 0x00e3, CertPathReviewerException -> 0x015d, blocks: (B:24:0x009f, B:26:0x00bf, B:29:0x00c7, B:31:0x00d0, B:32:0x00d6, B:36:0x012e, B:37:0x015c, B:40:0x018f, B:41:0x01bd), top: B:23:0x009f, inners: #11 }] */
    /* JADX WARN: Removed duplicated region for block: B:48:0x0117 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(java.security.cert.PKIXParameters r14) {
        /*
            Method dump skipped, instructions count: 478
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.qihoo.smail.q.m.a(java.security.cert.PKIXParameters):void");
    }

    public static Object[] a(X509Certificate x509Certificate, Set set, List list, List list2) {
        X509Certificate x509Certificate2;
        boolean z;
        X509Certificate x509Certificate3;
        boolean z2;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ArrayList arrayList = new ArrayList();
        linkedHashSet.add(x509Certificate);
        arrayList.add(true);
        X509Certificate x509Certificate4 = null;
        boolean z3 = false;
        X509Certificate x509Certificate5 = x509Certificate;
        while (x509Certificate5 != null && !z3) {
            Iterator it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                X509Certificate trustedCert = trustAnchor.getTrustedCert();
                if (trustedCert != null) {
                    if (trustedCert.getSubjectX500Principal().equals(x509Certificate5.getIssuerX500Principal())) {
                        try {
                            x509Certificate5.verify(trustedCert.getPublicKey(), "BC");
                            x509Certificate4 = trustedCert;
                            z3 = true;
                            break;
                        } catch (Exception e2) {
                        }
                    } else {
                        continue;
                    }
                } else if (trustAnchor.getCAName().equals(x509Certificate5.getIssuerX500Principal().getName())) {
                    try {
                        x509Certificate5.verify(trustAnchor.getCAPublicKey(), "BC");
                        z3 = true;
                        break;
                    } catch (Exception e3) {
                    }
                } else {
                    continue;
                }
            }
            if (z3) {
                x509Certificate3 = x509Certificate5;
            } else {
                X509CertSelector x509CertSelector = new X509CertSelector();
                try {
                    x509CertSelector.setSubject(x509Certificate5.getIssuerX500Principal().getEncoded());
                    byte[] extensionValue = x509Certificate5.getExtensionValue(Extension.authorityKeyIdentifier.getId());
                    if (extensionValue != null) {
                        try {
                            AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(a(extensionValue));
                            if (authorityKeyIdentifier.getKeyIdentifier() != null) {
                                x509CertSelector.setSubjectKeyIdentifier(new DEROctetString(authorityKeyIdentifier.getKeyIdentifier()).getEncoded(ASN1Encoding.DER));
                            }
                        } catch (IOException e4) {
                        }
                    }
                    x509Certificate3 = a(list, x509CertSelector, linkedHashSet);
                    if (x509Certificate3 != null || list2 == null) {
                        z2 = false;
                    } else {
                        x509Certificate3 = a(list2, x509CertSelector, linkedHashSet);
                        z2 = true;
                    }
                    if (x509Certificate3 != null) {
                        linkedHashSet.add(x509Certificate3);
                        arrayList.add(Boolean.valueOf(z2));
                    }
                } catch (IOException e5) {
                    throw new IllegalStateException(e5.toString());
                }
            }
            x509Certificate5 = x509Certificate3;
        }
        if (z3) {
            if (x509Certificate4 == null || !x509Certificate4.getSubjectX500Principal().equals(x509Certificate4.getIssuerX500Principal())) {
                X509CertSelector x509CertSelector2 = new X509CertSelector();
                try {
                    x509CertSelector2.setSubject(x509Certificate5.getIssuerX500Principal().getEncoded());
                    x509CertSelector2.setIssuer(x509Certificate5.getIssuerX500Principal().getEncoded());
                    X509Certificate a2 = a(list, x509CertSelector2, linkedHashSet);
                    if (a2 != null || list2 == null) {
                        x509Certificate2 = a2;
                        z = false;
                    } else {
                        x509Certificate2 = a(list2, x509CertSelector2, linkedHashSet);
                        z = true;
                    }
                    if (x509Certificate2 != null) {
                        try {
                            x509Certificate5.verify(x509Certificate2.getPublicKey(), "BC");
                            linkedHashSet.add(x509Certificate2);
                            arrayList.add(Boolean.valueOf(z));
                        } catch (GeneralSecurityException e6) {
                        }
                    }
                } catch (IOException e7) {
                    throw new IllegalStateException(e7.toString());
                }
            } else {
                linkedHashSet.add(x509Certificate4);
                arrayList.add(false);
            }
        }
        return new Object[]{CertificateFactory.getInstance("X.509", "BC").generateCertPath(new ArrayList(linkedHashSet)), arrayList};
    }

    public SignerInformationStore a() {
        return this.h;
    }

    protected void a(X509Certificate x509Certificate, List list, List list2) {
        boolean z;
        PublicKey publicKey = x509Certificate.getPublicKey();
        int bitLength = publicKey instanceof RSAPublicKey ? ((RSAPublicKey) publicKey).getModulus().bitLength() : publicKey instanceof DSAPublicKey ? ((DSAPublicKey) publicKey).getParams().getP().bitLength() : -1;
        if (bitLength != -1 && bitLength <= 512) {
            list2.add("证书密钥过短(" + String.valueOf(bitLength) + ")");
        }
        if (x509Certificate.getNotAfter().getTime() - x509Certificate.getNotBefore().getTime() > e) {
            list2.add("证书有效期过长(" + x509Certificate.getNotBefore() + " -- " + x509Certificate.getNotAfter() + ")");
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            list.add("证书不可用于签名");
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(f3316b);
            if (extensionValue != null) {
                ExtendedKeyUsage extendedKeyUsage = ExtendedKeyUsage.getInstance(a(extensionValue));
                if (!extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.anyExtendedKeyUsage) && !extendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)) {
                    list.add("extKeyUsage不被允许");
                }
            }
        } catch (Exception e2) {
            list.add("extKeyUsageError");
        }
        try {
            Set a2 = a(x509Certificate);
            if (a2.isEmpty()) {
                list.add("证书中未找到邮件地址");
                return;
            }
            int i = 0;
            while (true) {
                if (i >= this.j.length) {
                    z = false;
                    break;
                } else {
                    if (a2.contains(this.j[i].toLowerCase(Locale.US))) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
            if (z) {
                return;
            }
            list.add("证书邮件地址与发件人不符(" + a2.toString() + ")");
        } catch (Exception e3) {
            list.add("查找证书邮件地址出错");
        }
    }

    public X509Certificate b(SignerInformation signerInformation) {
        try {
            Iterator<? extends Certificate> it = this.g.getCertificates(f.getCertSelector(signerInformation.getSID())).iterator();
            if (it.hasNext()) {
                return (X509Certificate) it.next();
            }
            return null;
        } catch (Exception e2) {
            return null;
        }
    }

    public o c(SignerInformation signerInformation) {
        if (this.h.getSigners(signerInformation.getSID()).isEmpty()) {
            throw new n(this, "不存在的签名");
        }
        return (o) this.i.get(signerInformation);
    }
}
