package iaik.smime;

import iaik.DebugCMS;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.cms.IssuerAndSerialNumber;
import iaik.smime.ess.utils.ESSUtil;
import iaik.utils.CryptoUtils;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.SubjectAltName;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Array;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:iaik/smime/TrustVerifier.class */
public class TrustVerifier {
    protected PrintWriter debugWriter_;
    private static boolean a;
    protected Hashtable trustedCerts_ = new Hashtable(20);
    private Hashtable c = new Hashtable(20);
    private Hashtable b = new Hashtable(20);

    public boolean verifyChain(X509Certificate[] x509CertificateArr, String str) {
        try {
            verifyCertificateChain(x509CertificateArr, str);
            return true;
        } catch (CertificateException unused) {
            return false;
        }
    }

    public boolean verifyChain(X509Certificate[] x509CertificateArr) {
        return verifyChain(x509CertificateArr, null);
    }

    public void verifyCertificateChain(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new NullPointerException("Cannot verify null cert chain!");
        }
        String stringBuffer = str == null ? "" : new StringBuffer("(").append(str).append(") ").toString();
        try {
            int length = x509CertificateArr.length;
            for (int i = 0; i < length - 1; i++) {
                if (a(x509CertificateArr[i], x509CertificateArr[i + 1], str)) {
                    b(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                    return;
                }
            }
            X509Certificate x509Certificate = x509CertificateArr[length - 1];
            if (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                X509Certificate[] trustedIssuerCerts = getTrustedIssuerCerts(x509Certificate);
                if (trustedIssuerCerts.length > 0) {
                    b(new StringBuffer(String.valueOf(stringBuffer)).append("Found issuers.").toString());
                }
                for (int i2 = 0; i2 < trustedIssuerCerts.length; i2++) {
                    b(new StringBuffer(String.valueOf(stringBuffer)).append("Checking against issuer cert ").append(trustedIssuerCerts[0].getSubjectDN()).append("...").toString());
                    try {
                    } catch (Exception e) {
                        b(new StringBuffer(String.valueOf(stringBuffer)).append("Verification failed for issuer cert ").append(trustedIssuerCerts[0].getSubjectDN()).append(e.toString()).toString());
                        if (i2 == trustedIssuerCerts.length - 1) {
                            throw e;
                        }
                    }
                    if (a(x509Certificate, trustedIssuerCerts[i2], str)) {
                        b(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                        return;
                    }
                    if (trustedIssuerCerts[i2] != null && isTrustedCertificate(trustedIssuerCerts[i2])) {
                        b(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                        return;
                    }
                }
            } else if (a(x509Certificate, x509Certificate, str)) {
                b(new StringBuffer(String.valueOf(stringBuffer)).append("Found a trusted certificate, ok!").toString());
                return;
            }
            if (size() != 0) {
                b(new StringBuffer(String.valueOf(stringBuffer)).append("No trusted certificate found, rejected.").toString());
                throw new CertificateException("No trusted certificate found, rejected.");
            }
            b(new StringBuffer(String.valueOf(stringBuffer)).append("No trusted certificate found, OK anyway.").toString());
        } catch (Exception e2) {
            String stringBuffer2 = new StringBuffer("Error verifying certificate chain: ").append(e2).toString();
            b(new StringBuffer(String.valueOf(stringBuffer)).append(stringBuffer2).toString());
            throw new CertificateException(stringBuffer2);
        }
    }

    public void verifyCertificateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        verifyCertificateChain(x509CertificateArr, null);
    }

    private boolean a(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) throws Exception {
        String stringBuffer = str == null ? "" : new StringBuffer("(").append(str).append(") ").toString();
        b(new StringBuffer(String.valueOf(stringBuffer)).append("Verifying ").append(x509Certificate.getSubjectDN()).toString());
        x509Certificate.checkValidity();
        if (isTrustedCertificate(x509Certificate)) {
            b(new StringBuffer(String.valueOf(stringBuffer)).append(" Cert is trusted, done.").toString());
            return true;
        }
        if (x509Certificate2 == null) {
            return false;
        }
        x509Certificate.verify(x509Certificate2.getPublicKey());
        if (!CryptoUtils.equalsBlock(x509Certificate.getSignature(), x509Certificate2.getSignature()) || x509Certificate.equals(x509Certificate2)) {
            return false;
        }
        throw new CertificateException(new StringBuffer("Cert ").append(x509Certificate.getSubjectDN()).append(" and ").append(x509Certificate2.getSubjectDN()).append(" have same signature value!").toString());
    }

    public int size() {
        return this.trustedCerts_.size();
    }

    public void setDebugStream(OutputStream outputStream) {
        if (outputStream == null) {
            this.debugWriter_ = null;
        } else {
            this.debugWriter_ = new PrintWriter(outputStream, true);
        }
    }

    private static Object[] a(Object[] objArr, int i) {
        Object[] objArr2 = (Object[]) Array.newInstance(objArr.getClass().getComponentType(), i);
        System.arraycopy(objArr, 0, objArr2, 0, Math.min(i, objArr.length));
        return objArr2;
    }

    public boolean removeTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            boolean z = this.trustedCerts_.remove(new IssuerAndSerialNumber(x509Certificate)) != null;
            if (z) {
                b(x509Certificate, x509Certificate.getSubjectDN(), this.c);
                Enumeration emailAddresses = getEmailAddresses(x509Certificate);
                while (emailAddresses.hasMoreElements()) {
                    b(x509Certificate, ESSUtil.parseAddress((String) emailAddresses.nextElement()), this.b);
                }
            }
            return z;
        } catch (Exception unused) {
            return false;
        }
    }

    private static void b(X509Certificate x509Certificate, Object obj, Hashtable hashtable) {
        Certificate[] certificateArr = (X509Certificate[]) hashtable.get(obj);
        if (certificateArr == null || certificateArr.length <= 0) {
            return;
        }
        int length = certificateArr.length;
        if (length == 1) {
            if (certificateArr[0].equals(x509Certificate)) {
                hashtable.remove(obj);
                return;
            }
            return;
        }
        for (int i = 0; i < length; i++) {
            if (certificateArr[i].equals(x509Certificate)) {
                certificateArr[i] = null;
                X509Certificate[] x509CertificateArr = new X509Certificate[length - 1];
                int i2 = 0;
                for (int i3 = 0; i3 < length; i3++) {
                    if (certificateArr[i3] != null) {
                        int i4 = i2;
                        i2++;
                        x509CertificateArr[i4] = certificateArr[i3];
                    }
                }
                hashtable.put(obj, x509CertificateArr);
                return;
            }
        }
    }

    public boolean isTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("Cannot check null certificate!");
        }
        X509Certificate x509Certificate2 = (X509Certificate) this.trustedCerts_.get(new IssuerAndSerialNumber(x509Certificate));
        boolean z = false;
        if (x509Certificate2 != null && x509Certificate2.equals(x509Certificate)) {
            z = true;
        }
        return z;
    }

    private static boolean a(X509Certificate x509Certificate) {
        try {
            BasicConstraints extension = x509Certificate.getExtension(BasicConstraints.oid);
            if (extension != null) {
                if (extension.ca()) {
                    return true;
                }
            }
        } catch (X509ExtensionInitException unused) {
        }
        if (!x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            return false;
        }
        try {
            x509Certificate.verify();
            return true;
        } catch (Exception unused2) {
            return false;
        }
    }

    public X509Certificate[] getTrustedIssuerCerts(X509Certificate x509Certificate) {
        X509Certificate[] x509CertificateArr = null;
        if (x509Certificate != null) {
            x509CertificateArr = (X509Certificate[]) this.c.get(x509Certificate.getIssuerDN());
        }
        if (x509CertificateArr == null) {
            x509CertificateArr = new X509Certificate[0];
        }
        return x509CertificateArr;
    }

    public X509Certificate getTrustedIssuerCert(X509Certificate x509Certificate) {
        X509Certificate[] x509CertificateArr;
        int length;
        if (x509Certificate == null || (x509CertificateArr = (X509Certificate[]) this.c.get(x509Certificate.getIssuerDN())) == null || (length = x509CertificateArr.length) <= 0) {
            return null;
        }
        if (length == 1) {
            return x509CertificateArr[0];
        }
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            try {
                x509Certificate2.checkValidity();
                x509Certificate.verify(x509Certificate2.getPublicKey());
                return x509Certificate2;
            } catch (Exception unused) {
            }
        }
        return null;
    }

    public Enumeration getTrustedCertificates() {
        return this.trustedCerts_.elements();
    }

    public static Enumeration getEmailAddresses(X509Certificate x509Certificate) {
        Vector vector = new Vector();
        String[] rDNs = x509Certificate.getSubjectDN().getRDNs(ObjectID.emailAddress);
        if (rDNs != null) {
            for (String str : rDNs) {
                vector.addElement(str.toLowerCase());
            }
        }
        try {
            SubjectAltName extension = x509Certificate.getExtension(SubjectAltName.oid);
            if (extension != null) {
                Enumeration names = extension.getGeneralNames().getNames();
                while (names.hasMoreElements()) {
                    GeneralName generalName = (GeneralName) names.nextElement();
                    if (generalName.getType() == 1) {
                        vector.addElement(((String) generalName.getName()).toLowerCase());
                    }
                }
            }
        } catch (Exception unused) {
        }
        return vector.elements();
    }

    public X509Certificate[] getCertificates(Principal principal) {
        X509Certificate[] x509CertificateArr = null;
        if (principal != null) {
            x509CertificateArr = (X509Certificate[]) this.c.get(principal);
        }
        if (x509CertificateArr == null) {
            x509CertificateArr = new X509Certificate[0];
        }
        return x509CertificateArr;
    }

    public X509Certificate[] getCertificates(String str) {
        X509Certificate[] x509CertificateArr = null;
        if (str != null) {
            x509CertificateArr = (X509Certificate[]) this.b.get(ESSUtil.parseAddress(str).toLowerCase());
        }
        if (x509CertificateArr == null) {
            x509CertificateArr = new X509Certificate[0];
        }
        return x509CertificateArr;
    }

    private void b(String str) {
        if (this.debugWriter_ != null) {
            this.debugWriter_.println(new StringBuffer("TrustVerifier: ").append(str).toString());
        }
    }

    public boolean checkEMail(String str, X509Certificate x509Certificate) {
        SubjectAltName subjectAltName;
        GeneralNames generalNames;
        String parseAddress = ESSUtil.parseAddress(str);
        String rdn = x509Certificate.getSubjectDN().getRDN(ObjectID.emailAddress);
        if (rdn != null) {
            if (parseAddress.equalsIgnoreCase(rdn)) {
                b("Email addresses correct!");
                return true;
            }
            b("Email addresses do not match!");
            return false;
        }
        try {
            subjectAltName = (SubjectAltName) x509Certificate.getExtension(SubjectAltName.oid);
        } catch (Exception unused) {
            subjectAltName = null;
        }
        if (subjectAltName != null && (generalNames = subjectAltName.getGeneralNames()) != null) {
            Enumeration names = generalNames.getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 1) {
                    rdn = (String) generalName.getName();
                    if (parseAddress.equalsIgnoreCase(rdn)) {
                        b("Email addresses correct!");
                        return true;
                    }
                }
            }
        }
        if (rdn != null) {
            b("Email addresses do not match!");
            return false;
        }
        if (a(x509Certificate)) {
            b("Ca cert must not contain an email!");
            return true;
        }
        b("Missing email in certificate!");
        return false;
    }

    private static boolean a(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate2.equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public void addTrustedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("Cannot add a null certificate!");
        }
        this.trustedCerts_.put(new IssuerAndSerialNumber(x509Certificate), x509Certificate);
        a(x509Certificate, x509Certificate.getSubjectDN(), this.c);
        Enumeration emailAddresses = getEmailAddresses(x509Certificate);
        while (emailAddresses.hasMoreElements()) {
            a(x509Certificate, ESSUtil.parseAddress((String) emailAddresses.nextElement()), this.b);
        }
    }

    private static void a(X509Certificate x509Certificate, Object obj, Hashtable hashtable) {
        X509Certificate[] x509CertificateArr;
        if (obj != null) {
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) hashtable.get(obj);
            if (x509CertificateArr2 == null || x509CertificateArr2.length <= 0) {
                x509CertificateArr = new X509Certificate[]{x509Certificate};
            } else {
                if (a(x509CertificateArr2, x509Certificate)) {
                    return;
                }
                x509CertificateArr = (X509Certificate[]) a(x509CertificateArr2, x509CertificateArr2.length + 1);
                x509CertificateArr[x509CertificateArr.length - 1] = x509Certificate;
            }
            hashtable.put(obj, x509CertificateArr);
        }
    }

    public TrustVerifier() {
        if (a) {
            setDebugStream(System.out);
        }
    }

    static {
        a = DebugCMS.getDebugMode() && a;
    }
}
