package com.dreamsecurity.jcaos.x509;

import com.dreamsecurity.crypto.AlgorithmException;
import com.dreamsecurity.java.util.ArrayList;
import com.dreamsecurity.jcaos.exception.BuildCertPathException;
import com.dreamsecurity.jcaos.exception.NoSuchAlgorithmException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.exception.VerifyException;
import com.dreamsecurity.jcaos.resources.Resource;
import com.dreamsecurity.jcaos.util.ByteUtil;
import com.dreamsecurity.jcaos.util.LogUtil;
import com.dreamsecurity.jcaos.util.encoders.Hex;
import com.dreamsecurity.math.BigInteger;
import java.io.IOException;

/* loaded from: classes7.dex */
public class X509CertPathBuilder {
    public static final int BUILD_TO_ISSUER = 2;
    public static final int BUILD_TO_ROOT = 1;
    ArrayList _certs;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509CertPathBuilder(ArrayList arrayList, X509Certificate x509Certificate) {
        this._certs = null;
        this._certs = arrayList;
        arrayList.add(x509Certificate);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509CertPathBuilder(X509CertPath x509CertPath, X509Certificate x509Certificate) {
        this(x509CertPath.getCertificates(), x509Certificate);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean isIssuer(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws IOException, ParsingException, NoSuchAlgorithmException {
        LogUtil.append(" + AKI, SKI를 이용한 발급자 확인하여 인증서 경로 구축");
        X509AuthorityKeyIdentifier authorityKeyIdentifier = x509Certificate2.getAuthorityKeyIdentifier();
        if (authorityKeyIdentifier == null) {
            if (!x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                return false;
            }
            try {
                x509Certificate2.verify(x509Certificate.getPublicKey());
                return true;
            } catch (AlgorithmException | VerifyException unused) {
                return false;
            }
        }
        ArrayList authorityCertIssuer = authorityKeyIdentifier.getAuthorityCertIssuer();
        if (authorityCertIssuer != null) {
            LogUtil.append("  + AKI의 IssuerName과 발급자 인증서의 발급자 이름 비교");
            X500Principal directoryName = ((X509GeneralName) authorityCertIssuer.get(0)).getDirectoryName();
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("   + AKI의 IssuerName = ");
            stringBuffer.append(directoryName.getName());
            LogUtil.append(stringBuffer.toString());
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append("   + 발급자 인증서의 발급자 이름 = ");
            stringBuffer2.append(x509Certificate.getIssuerDN().getName());
            LogUtil.append(stringBuffer2.toString());
            if (!directoryName.equals(x509Certificate.getIssuerDN())) {
                LogUtil.append("  + 실패 ...");
                return false;
            }
            LogUtil.append("  + 성공 ...");
        }
        BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
        if (authorityCertSerialNumber != null) {
            LogUtil.append("  + AKI의 SerialNum과 발급자 인증서의 일련번호 비교");
            StringBuffer stringBuffer3 = new StringBuffer();
            stringBuffer3.append("   + AKI의 SerialNum = ");
            stringBuffer3.append(new String(Hex.encode(authorityCertSerialNumber.toByteArray())));
            LogUtil.append(stringBuffer3.toString());
            StringBuffer stringBuffer4 = new StringBuffer();
            stringBuffer4.append("   + 발급자 인증서의 일련번호 = ");
            stringBuffer4.append(new String(Hex.encode(x509Certificate.getSerialNumber().toByteArray())));
            LogUtil.append(stringBuffer4.toString());
            if (authorityCertSerialNumber.compareTo(x509Certificate.getSerialNumber()) != 0) {
                LogUtil.append("  + 실패 ...");
                return false;
            }
            LogUtil.append("  + 성공 ...");
        }
        byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
        byte[] subjectKeyIdentifier = x509Certificate.getSubjectKeyIdentifier();
        if (subjectKeyIdentifier != null && keyIdentifier != null) {
            LogUtil.append("  + AKI의 KeyID와 발급자 인증서의 SKI값 비교");
            StringBuffer stringBuffer5 = new StringBuffer();
            stringBuffer5.append("   + AKI의 KeyID = ");
            stringBuffer5.append(new String(Hex.encode(keyIdentifier)));
            LogUtil.append(stringBuffer5.toString());
            StringBuffer stringBuffer6 = new StringBuffer();
            stringBuffer6.append("   + 발급자 인증서의 SKI = ");
            stringBuffer6.append(new String(Hex.encode(subjectKeyIdentifier)));
            LogUtil.append(stringBuffer6.toString());
            if (!ByteUtil.equals(keyIdentifier, subjectKeyIdentifier)) {
                LogUtil.append("  + 실패 ...");
                return false;
            }
            LogUtil.append("  + 성공 ...");
        }
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean isSelfSignCert(X509Certificate x509Certificate) throws ParsingException, IOException, NoSuchAlgorithmException {
        if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (AlgorithmException | VerifyException unused) {
            return false;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509CertPath build() throws BuildCertPathException, ParsingException, IOException, NoSuchAlgorithmException {
        return build(1);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public X509CertPath build(int i) throws BuildCertPathException, ParsingException, IOException, NoSuchAlgorithmException {
        int size = this._certs.size();
        ArrayList arrayList = new ArrayList();
        LogUtil.append("- 인증서 경로 구축");
        int i2 = size - 1;
        X509Certificate x509Certificate = (X509Certificate) this._certs.get(i2);
        arrayList.add(x509Certificate);
        boolean z = false;
        int i3 = 0;
        while (i3 < i2) {
            X509Certificate x509Certificate2 = (X509Certificate) this._certs.get(i3);
            if (isIssuer(x509Certificate2, x509Certificate)) {
                arrayList.add(x509Certificate2);
                if (i == 2 || isSelfSignCert(x509Certificate2)) {
                    z = true;
                    break;
                }
                i3 = -1;
                x509Certificate = x509Certificate2;
            }
            i3++;
        }
        if (!z) {
            throw new BuildCertPathException(Resource.getErrMsg(Resource.ERR_FIND_ISSUER));
        }
        ArrayList arrayList2 = new ArrayList();
        for (int size2 = arrayList.size() - 1; size2 >= 0; size2--) {
            arrayList2.add(arrayList.get(size2));
        }
        return new X509CertPath(arrayList2);
    }
}
