package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.CertKitException;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.org.bouncycastle.asn1.x509.CRLDistPoint;
import cfca.sadk.org.bouncycastle.util.encoders.Hex;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.PublicKey;
import java.util.Date;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

/* loaded from: input_file:cfca/sadk/x509/certificate/X509CertVerifier.class */
public final class X509CertVerifier {
    private static Hashtable trustCerts = new Hashtable();

    public static void updateTrustCertsMap(String str) throws PKIException {
        try {
            updateTrustCertsMap(new X509Cert(str));
        } catch (PKIException e) {
            throw e;
        } catch (Exception e2) {
            throw new PKIException("CertVerifier update failure", e2);
        }
    }

    public static void updateTrustCertsMap(X509Cert x509Cert) throws PKIException {
        if (isValid(x509Cert)) {
            try {
                synchronized (trustCerts) {
                    trustCerts.put(x509Cert.getSubject(), x509Cert.getPublicKey());
                    if (x509Cert.getSubjectKeyIdentifier() != null) {
                        try {
                            trustCerts.put(Hex.toHexString(x509Cert.getSubjectKeyIdentifier().getKeyIdentifier()), x509Cert.getPublicKey());
                        } catch (Exception e) {
                        }
                    }
                }
            } catch (PKIException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new PKIException("CertVerifier update failure", e3);
            }
        }
    }

    private static boolean isValid(X509Cert x509Cert) {
        boolean z = false;
        if (x509Cert != null) {
            z = "1.2.156.10197.1.501".equals(x509Cert.getCertStructure().getSignatureAlgorithm().getAlgorithm().getId()) || "1.2.840.113549.1.1.1".equals(x509Cert.cert.getSubjectPublicKeyInfo().getAlgorithm().getAlgorithm().getId());
        }
        return z;
    }

    public static void updateTrustCertsMap(X509Cert[] x509CertArr) throws PKIException {
        if (x509CertArr != null) {
            for (X509Cert x509Cert : x509CertArr) {
                updateTrustCertsMap(x509Cert);
            }
        }
    }

    public static void clearTrustCertsMap() {
        synchronized (trustCerts) {
            trustCerts.clear();
        }
    }

    public static boolean validateCertSign(X509Cert x509Cert) throws PKIException {
        if (x509Cert == null) {
            throw new PKIException("null not allowed for parameter@cert");
        }
        PublicKey publicKey = null;
        if (x509Cert.getAuthorityKeyIdentifier() != null) {
            try {
                publicKey = (PublicKey) trustCerts.get(Hex.toHexString(x509Cert.getAuthorityKeyIdentifier().getKeyIdentifier()));
            } catch (Exception e) {
            }
        }
        if (publicKey == null) {
            publicKey = (PublicKey) trustCerts.get(x509Cert.getIssuer());
        }
        if (publicKey == null) {
            throw new PKIException("can not get the user issuer's cert");
        }
        return x509Cert.verify(publicKey);
    }

    public static boolean verifyCertDate(X509Cert x509Cert) {
        if (x509Cert == null) {
            throw new SecurityException("null not allowed for parameter@cert");
        }
        Date date = new Date();
        boolean z = true;
        if (date.before(x509Cert.getNotBefore()) || date.after(x509Cert.getNotAfter())) {
            z = false;
        }
        return z;
    }

    public static boolean verifyCertByCRLOutLine(X509Cert x509Cert, String str) throws PKIException {
        try {
            return !new X509CRL(new FileInputStream(new File(str))).isRevoke(x509Cert.getSerialNumber());
        } catch (FileNotFoundException e) {
            throw new PKIException(CertKitException.API_CRL_NOT_FOUND_ERR, CertKitException.API_CRL_NOT_FOUND_ERR_DES, e);
        }
    }

    public static String getCRLPointName(X509Cert x509Cert) throws PKIException {
        CRLDistPoint cRLDistributionPoints = x509Cert.getCRLDistributionPoints();
        if (cRLDistributionPoints == null || cRLDistributionPoints.getDistributionPoints() == null) {
            throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_NOPOINT);
        }
        int length = cRLDistributionPoints.getDistributionPoints().length;
        String str = null;
        for (int i = 0; i < length; i++) {
            String distributionPointName = cRLDistributionPoints.getDistributionPoints()[i].getDistributionPoint().toString();
            if (distributionPointName.indexOf("ldap://") != -1) {
                str = distributionPointName;
            }
        }
        if (str == null) {
            throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_DES);
        }
        return str;
    }

    public static boolean verifyCertByLDAP(X509Cert x509Cert) throws PKIException {
        String cRLPointName = getCRLPointName(x509Cert);
        if (cRLPointName == null) {
            throw new PKIException(CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR, CertKitException.API_NULL_CRL_PATH_IN_CERT_ERR_NOPOINT);
        }
        String substring = cRLPointName.substring(cRLPointName.indexOf("ldap://") + 7, cRLPointName.length());
        int indexOf = substring.indexOf(":");
        String substring2 = substring.substring(0, indexOf);
        String substring3 = substring.substring(indexOf + 1, substring.length());
        int indexOf2 = substring3.indexOf("/");
        String substring4 = substring3.substring(0, indexOf2);
        String substring5 = substring3.substring(indexOf2 + 1, substring3.length());
        try {
            X509CRL cRLFromLDAP = getCRLFromLDAP(substring2, substring4, substring5.substring(0, substring5.indexOf("?")), substring5.substring(substring5.indexOf("=") + 1, substring5.indexOf(",")));
            if (cRLFromLDAP != null) {
                return !cRLFromLDAP.isRevoke(x509Cert.getSerialNumber());
            }
            throw new PKIException(CertKitException.API_CRL_DOWNLOAD_ERR, CertKitException.API_CRL_DOWNLOAD_ERR_DES);
        } catch (Exception e) {
            throw new PKIException(CertKitException.API_CRL_DOWNLOAD_ERR, CertKitException.API_CRL_DOWNLOAD_ERR_DES, e);
        }
    }

    private static X509CRL getCRLFromLDAP(String str, String str2, String str3, String str4) throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", new StringBuffer().append("ldap://").append(str).append(":").append(str2).toString());
        hashtable.put("java.naming.ldap.attributes.binary", "certificateRevocationList");
        try {
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            X509CRL x509crl = null;
            try {
                NamingEnumeration search = initialDirContext.search(str3, new StringBuffer().append("(&(objectclass=cRLDistributionPoint)(cn=").append(str4).append("))").toString(), new String[]{"certificateRevocationList;binary"}, searchControls);
                if (search != null && search.hasMore()) {
                    while (search.hasMore()) {
                        x509crl = new X509CRL((byte[]) ((SearchResult) search.next()).getAttributes().get("certificateRevocationList;binary").get(0));
                    }
                }
                initialDirContext.close();
                return x509crl;
            } catch (Exception e) {
                throw e;
            }
        } catch (NamingException e2) {
            throw e2;
        }
    }
}
