package com.scanmarker.license.client;

import android.content.SharedPreferences;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.joda.time.LocalDate;
import org.joda.time.Period;

/* loaded from: classes.dex */
public class CRLVerifier {
    public static String LAST_CRL_DOWNLOAD_TIME = "com.scanmarker.license.client.LAST_CRL_DOWNLOAD_TIME";

    private static X509CRL downloadCRL(String str) throws IOException, CertificateException, CRLException, CertificateVerificationException {
        if (str.startsWith("http://") || str.startsWith("https://") || str.startsWith("ftp://")) {
            return downloadCRLFromWeb(str);
        }
        throw new CertificateVerificationException("Can not download CRL from certificate distribution point: " + str);
    }

    private static X509CRL downloadCRLFromWeb(String str) throws MalformedURLException, IOException, CertificateException, CRLException {
        InputStream openStream = new URL(str).openStream();
        try {
            return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
        } finally {
            openStream.close();
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return new ArrayList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }

    public static void verifyCertificateCRLs(X509Certificate x509Certificate) throws CertificateVerificationException {
        try {
            for (String str : getCrlDistributionPoints(x509Certificate)) {
                X509CRL downloadCRL = downloadCRL(str);
                Date date = new Date();
                SharedPreferences.Editor edit = CryptoHandler.s_preferences.edit();
                edit.putLong(LAST_CRL_DOWNLOAD_TIME, date.getTime());
                edit.apply();
                if (downloadCRL.isRevoked(x509Certificate)) {
                    throw new CertificateVerificationException("The certificate is revoked by CRL: " + str);
                }
            }
        } catch (IOException unused) {
            if (Math.abs(new Period(LocalDate.now(), new LocalDate(CryptoHandler.s_preferences.getLong(LAST_CRL_DOWNLOAD_TIME, 0L))).getDays()) <= 30) {
                return;
            }
            throw new CertificateVerificationException("Failed to download CRL for more than 30 days: " + x509Certificate.getSubjectX500Principal());
        } catch (Exception e) {
            if (e instanceof CertificateVerificationException) {
                throw ((CertificateVerificationException) e);
            }
            throw new CertificateVerificationException("Can not verify CRL for certificate: " + x509Certificate.getSubjectX500Principal());
        }
    }
}
