package srvSeal;

import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes2.dex */
public class CerVerifyUtil {
    public static String verifyCRL(String str, String str2) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(str2);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        FileInputStream fileInputStream2 = new FileInputStream(str);
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(fileInputStream2);
        fileInputStream2.close();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (x509crl == null) {
            return "true";
        }
        try {
            Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
            if (revokedCertificates == null || revokedCertificates.isEmpty()) {
                return "true";
            }
            Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
            while (it.hasNext()) {
                if (serialNumber == it.next().getSerialNumber()) {
                    return "error:该证书证书在吊销列表内";
                }
            }
            return "true";
        } catch (Exception e) {
            e.printStackTrace();
            return "error:检查证书是否在吊销列表内出错";
        }
    }

    public static String verifyCertificateChain(String str, String str2) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (!str2.endsWith(".cer")) {
            return "error:待验证书路径不正确";
        }
        FileInputStream fileInputStream = new FileInputStream(str2);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        if (str.endsWith(".p7b")) {
            FileInputStream fileInputStream2 = new FileInputStream(str);
            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream2);
            fileInputStream2.close();
            String verifyCertificateChain = verifyCertificateChain(generateCertificates);
            if (!verifyCertificateChain.equals("true")) {
                return verifyCertificateChain;
            }
            String verifyCertificateChain2 = verifyCertificateChain(generateCertificates, x509Certificate);
            return !verifyCertificateChain2.equals("true") ? verifyCertificateChain2 : "true";
        }
        if (!str.endsWith(".cer")) {
            return "error:证书链或根证书路径不正确";
        }
        FileInputStream fileInputStream3 = new FileInputStream(str);
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(fileInputStream3);
        fileInputStream3.close();
        String verifyCertificateChain3 = verifyCertificateChain(x509Certificate2);
        if (!verifyCertificateChain3.equals("true")) {
            return verifyCertificateChain3;
        }
        String verifyCertificateChain4 = verifyCertificateChain(x509Certificate2, x509Certificate);
        return !verifyCertificateChain4.equals("true") ? verifyCertificateChain4 : "true";
    }

    public static String verifyCertificateChain(String str, X509Certificate x509Certificate) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (str.endsWith(".p7b")) {
            FileInputStream fileInputStream = new FileInputStream(str);
            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream);
            fileInputStream.close();
            String verifyCertificateChain = verifyCertificateChain(generateCertificates);
            if (!verifyCertificateChain.equals("true")) {
                return verifyCertificateChain;
            }
            String verifyCertificateChain2 = verifyCertificateChain(generateCertificates, x509Certificate);
            return !verifyCertificateChain2.equals("true") ? verifyCertificateChain2 : "true";
        }
        if (!str.endsWith(".cer")) {
            return "error:证书链或根证书路径不正确";
        }
        FileInputStream fileInputStream2 = new FileInputStream(str);
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(fileInputStream2);
        fileInputStream2.close();
        String verifyCertificateChain3 = verifyCertificateChain(x509Certificate2);
        if (!verifyCertificateChain3.equals("true")) {
            return verifyCertificateChain3;
        }
        String verifyCertificateChain4 = verifyCertificateChain(x509Certificate2, x509Certificate);
        return !verifyCertificateChain4.equals("true") ? verifyCertificateChain4 : "true";
    }

    private static String verifyCertificateChain(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity(new Date());
            return "true";
        } catch (GeneralSecurityException unused) {
            return "error:根证书不在有效期内";
        }
    }

    private static String verifyCertificateChain(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            return "error:该证书不是由指定的根证书颁发";
        }
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            return "true";
        } catch (Exception e) {
            e.printStackTrace();
            return "error:该证书不是由指定根证书颁发";
        }
    }

    private static String verifyCertificateChain(Collection collection) {
        int size = collection.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        collection.toArray(x509CertificateArr);
        new ArrayList();
        for (int i = 0; i < size; i++) {
            try {
                x509CertificateArr[i].checkValidity(new Date());
            } catch (GeneralSecurityException unused) {
                return "error:证书链中有文件不在有效期内";
            }
        }
        return "true";
    }

    private static String verifyCertificateChain(Collection collection, X509Certificate x509Certificate) {
        int size = collection.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        collection.toArray(x509CertificateArr);
        for (int i = 0; i < size; i++) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return "true";
                } catch (Exception e) {
                    e.printStackTrace();
                    return "error:该证书不是由信任的证书链颁发";
                }
            }
        }
        return "error:该证书不是由信任的证书链颁发";
    }

    public static String verifyCertificateChainHaveCRL(String str, String str2, String str3) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (!str2.endsWith(".cer")) {
            return "error:待验证书路径不正确";
        }
        FileInputStream fileInputStream = new FileInputStream(str2);
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        FileInputStream fileInputStream2 = new FileInputStream(str3);
        X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(fileInputStream2);
        fileInputStream2.close();
        if (str.endsWith(".p7b")) {
            FileInputStream fileInputStream3 = new FileInputStream(str);
            Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(fileInputStream3);
            fileInputStream3.close();
            String verifyCertificateChainHaveCRL = verifyCertificateChainHaveCRL(generateCertificates, x509crl);
            if (!verifyCertificateChainHaveCRL.equals("true")) {
                return verifyCertificateChainHaveCRL;
            }
            String verifyCertificateChain = verifyCertificateChain(generateCertificates, x509Certificate);
            if (!verifyCertificateChain.equals("true")) {
                return verifyCertificateChain;
            }
            String verifyCRL = verifyCRL(str3, str2);
            return !verifyCRL.equals("true") ? verifyCRL : "true";
        }
        if (!str.endsWith(".cer")) {
            return "error:证书链或根证书路径不正确";
        }
        FileInputStream fileInputStream4 = new FileInputStream(str);
        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(fileInputStream4);
        fileInputStream4.close();
        String verifyCertificateChainHaveCRL2 = verifyCertificateChainHaveCRL(x509Certificate2, x509crl);
        if (!verifyCertificateChainHaveCRL2.equals("true")) {
            return verifyCertificateChainHaveCRL2;
        }
        String verifyCertificateChain2 = verifyCertificateChain(x509Certificate2, x509Certificate);
        if (!verifyCertificateChain2.equals("true")) {
            return verifyCertificateChain2;
        }
        String verifyCRL2 = verifyCRL(str3, str2);
        return !verifyCRL2.equals("true") ? verifyCRL2 : "true";
    }

    private static String verifyCertificateChainHaveCRL(X509Certificate x509Certificate, X509CRL x509crl) {
        try {
            x509Certificate.checkValidity(new Date());
            if (x509crl == null) {
                return "true";
            }
            try {
                Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
                if (revokedCertificates == null || revokedCertificates.isEmpty()) {
                    return "true";
                }
                Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
                while (it.hasNext()) {
                    if (x509Certificate.getSerialNumber() == it.next().getSerialNumber()) {
                        return "error:根证书在吊销列表内";
                    }
                }
                return "true";
            } catch (Exception e) {
                e.printStackTrace();
                return "error:检查根证书是否在吊销列表内出错";
            }
        } catch (GeneralSecurityException unused) {
            return "error:证书链中有文件不在有效期内";
        }
    }

    private static String verifyCertificateChainHaveCRL(Collection collection, X509CRL x509crl) {
        int size = collection.size();
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        collection.toArray(x509CertificateArr);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < size; i++) {
            try {
                x509CertificateArr[i].checkValidity(new Date());
            } catch (GeneralSecurityException unused) {
                return "error:证书链中有文件不在有效期内";
            }
        }
        if (x509crl == null) {
            return "true";
        }
        try {
            Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
            if (revokedCertificates == null || revokedCertificates.isEmpty()) {
                return "true";
            }
            Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
            while (it.hasNext()) {
                if (arrayList.contains(it.next().getSerialNumber())) {
                    return "error:证书链中有证书在吊销列表内";
                }
            }
            return "true";
        } catch (Exception e) {
            e.printStackTrace();
            return "error:检查证书链中证书是否在吊销列表内出错";
        }
    }
}
