package com.lexpersona.token.cert;

import com.lexpersona.token.tools.IOUtilities;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;

/* loaded from: classes.dex */
public class CertUtil {
    private CertUtil() {
    }

    public static X509Certificate[] buildCertificatePath(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        return buildCertificatePath(new X509Certificate[]{x509Certificate}, x509CertificateArr);
    }

    public static X509Certificate[] buildCertificatePath(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        return buildCertificatePath(x509CertificateArr, x509CertificateArr2, null);
    }

    public static X509Certificate[] buildCertificatePath(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2, Date date) {
        boolean z;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (int i = 1; i < x509CertificateArr.length; i++) {
            linkedHashSet.add(x509CertificateArr[i]);
        }
        if (x509CertificateArr2 != null && x509CertificateArr2.length > 0) {
            linkedHashSet.addAll(Arrays.asList(x509CertificateArr2));
        }
        int i2 = 0;
        List<List<X509Certificate>> list = null;
        try {
            list = new LPCertPathBuilder().build(x509CertificateArr[0], linkedHashSet, null);
        } catch (Exception unused) {
        }
        if (list == null || list.isEmpty()) {
            X509Certificate[] x509CertificateArr3 = new X509Certificate[x509CertificateArr.length];
            while (i2 < x509CertificateArr.length) {
                x509CertificateArr3[i2] = x509CertificateArr[i2];
                i2++;
            }
            return x509CertificateArr3;
        }
        if (date != null) {
            ArrayList arrayList = new ArrayList();
            for (List<X509Certificate> list2 : list) {
                Iterator<X509Certificate> it = list2.iterator();
                while (it.hasNext()) {
                    try {
                        it.next().checkValidity(date);
                    } catch (Exception unused2) {
                        z = false;
                    }
                }
                z = true;
                if (z) {
                    arrayList.add(list2);
                }
            }
            list = arrayList;
        }
        for (List<X509Certificate> list3 : list) {
            if (isRootCertificate(list3.get(list3.size() - 1))) {
                return (X509Certificate[]) list3.toArray(new X509Certificate[list3.size()]);
            }
        }
        if (!list.isEmpty()) {
            List<X509Certificate> list4 = list.get(0);
            return (X509Certificate[]) list4.toArray(new X509Certificate[list4.size()]);
        }
        X509Certificate[] x509CertificateArr4 = new X509Certificate[x509CertificateArr.length];
        while (i2 < x509CertificateArr.length) {
            x509CertificateArr4[i2] = x509CertificateArr[i2];
            i2++;
        }
        return x509CertificateArr4;
    }

    public static boolean checkKeyIdentifier(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        AuthorityKeyIdentifier authorityKeyIdentifier = getAuthorityKeyIdentifier(x509Certificate);
        if (authorityKeyIdentifier == null) {
            return true;
        }
        byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
        if (keyIdentifier != null) {
            SubjectKeyIdentifier subjectKeyIdentifier = getSubjectKeyIdentifier(x509Certificate2);
            if (subjectKeyIdentifier == null) {
                return true;
            }
            if (!Arrays.equals(keyIdentifier, subjectKeyIdentifier.getKeyIdentifier())) {
                return false;
            }
        }
        BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
        return authorityCertSerialNumber == null || authorityCertSerialNumber.equals(x509Certificate2.getSerialNumber());
    }

    private static AuthorityKeyIdentifier getAuthorityKeyIdentifier(X509Certificate x509Certificate) {
        ASN1InputStream aSN1InputStream;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.35");
        ASN1InputStream aSN1InputStream2 = null;
        if (extensionValue == null) {
            return null;
        }
        try {
            aSN1InputStream = new ASN1InputStream(extensionValue);
            try {
                ASN1OctetString aSN1OctetString = (ASN1OctetString) aSN1InputStream.readObject();
                aSN1InputStream.close();
                ASN1InputStream aSN1InputStream3 = new ASN1InputStream(aSN1OctetString.getOctets());
                try {
                    AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(aSN1InputStream3.readObject());
                    aSN1InputStream3.close();
                    IOUtilities.close(aSN1InputStream3);
                    return authorityKeyIdentifier;
                } catch (IOException unused) {
                    aSN1InputStream = aSN1InputStream3;
                    IOUtilities.close(aSN1InputStream);
                    return null;
                } catch (Throwable th) {
                    th = th;
                    aSN1InputStream2 = aSN1InputStream3;
                    IOUtilities.close(aSN1InputStream2);
                    throw th;
                }
            } catch (IOException unused2) {
            } catch (Throwable th2) {
                th = th2;
                aSN1InputStream2 = aSN1InputStream;
            }
        } catch (IOException unused3) {
            aSN1InputStream = null;
        } catch (Throwable th3) {
            th = th3;
        }
    }

    private static SubjectKeyIdentifier getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        ASN1InputStream aSN1InputStream;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        ASN1InputStream aSN1InputStream2 = null;
        if (extensionValue == null) {
            return null;
        }
        try {
            aSN1InputStream = new ASN1InputStream(extensionValue);
            try {
                ASN1OctetString aSN1OctetString = (ASN1OctetString) aSN1InputStream.readObject();
                aSN1InputStream.close();
                ASN1InputStream aSN1InputStream3 = new ASN1InputStream(aSN1OctetString.getOctets());
                try {
                    SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(aSN1InputStream3.readObject());
                    aSN1InputStream3.close();
                    IOUtilities.close(aSN1InputStream3);
                    return subjectKeyIdentifier;
                } catch (IOException unused) {
                    aSN1InputStream = aSN1InputStream3;
                    IOUtilities.close(aSN1InputStream);
                    return null;
                } catch (Throwable th) {
                    th = th;
                    aSN1InputStream2 = aSN1InputStream3;
                    IOUtilities.close(aSN1InputStream2);
                    throw th;
                }
            } catch (IOException unused2) {
            } catch (Throwable th2) {
                th = th2;
                aSN1InputStream2 = aSN1InputStream;
            }
        } catch (IOException unused3) {
            aSN1InputStream = null;
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public static boolean isRootCertificate(X509Certificate x509Certificate) {
        if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
            return false;
        }
        AuthorityKeyIdentifier authorityKeyIdentifier = getAuthorityKeyIdentifier(x509Certificate);
        SubjectKeyIdentifier subjectKeyIdentifier = getSubjectKeyIdentifier(x509Certificate);
        if (authorityKeyIdentifier == null || subjectKeyIdentifier == null) {
            return true;
        }
        byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
        byte[] keyIdentifier2 = subjectKeyIdentifier.getKeyIdentifier();
        return keyIdentifier == null || keyIdentifier2 == null || Arrays.equals(keyIdentifier, keyIdentifier2);
    }
}
