package com.cryptoarm.Crls;

import com.cryptoarm.Constants;
import com.cryptoarm.IKeyStore.KeyStoreImpl;
import com.cryptoarm.Utils;
import com.facebook.react.bridge.ReactContext;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.json.JSONObject;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X509CRLImpl;

/* loaded from: classes.dex */
public class CrlUtils {
    public static X509CRL downloadCRL(String str) throws Exception {
        if (str.startsWith("http://") || str.startsWith("https://") || str.startsWith("ftp://")) {
            return downloadCRLFromWeb(str);
        }
        throw new Exception("CERT_E_REVOCATION_FAILURE (0x800B010E). Distribution point: " + str);
    }

    private static X509CRL downloadCRLFromWeb(String str) throws Exception {
        InputStream openStream = new URL(str).openStream();
        try {
            return (X509CRL) CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME).generateCRL(openStream);
        } finally {
            openStream.close();
        }
    }

    private static List<X509Certificate> filterCertsForIssuerName(List<X509Certificate> list, Principal principal) {
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : list) {
            if (x509Certificate.getSubjectDN().equals(principal)) {
                arrayList.add(x509Certificate);
            }
        }
        return arrayList;
    }

    private static List<X509Certificate> getCertList(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement().toString());
                if (certificate != null) {
                    arrayList.add((X509Certificate) AdESUtility.CERT_FACTORY.generateCertificate(new ByteArrayInputStream(certificate.getEncoded())));
                }
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            return new ArrayList();
        }
    }

    private static byte[] getCertSubjectKeyIdentifier(X509Certificate x509Certificate) {
        try {
            return SubjectKeyIdentifier.getInstance(DEROctetString.getInstance(x509Certificate.getExtensionValue("2.5.29.14")).getOctets()).getKeyIdentifier();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static JSONObject getCrlAsJson(X509CRL x509crl, Boolean bool, String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            X509CRLImpl impl = X509CRLImpl.toImpl(x509crl);
            jSONObject.put("number", impl.getCRLNumber() != null ? impl.getCRLNumber() : 0);
            jSONObject.put("hash", Utils.getThumbPrint(impl.getEncoded()));
            jSONObject.put("nextUpdate", impl.getNextUpdate().getTime());
            jSONObject.put("issuerName", impl.getIssuerDN().toString());
            jSONObject.put("issuerFriendlyName", ((X500Name) impl.getIssuerDN()).getCommonName());
            jSONObject.put("version", impl.getVersion());
            jSONObject.put("thisUpdate", impl.getThisUpdate().getTime());
            jSONObject.put("key", UUID.randomUUID().getMostSignificantBits());
            jSONObject.put("signatureAlgorithm", impl.getSigAlgName());
            jSONObject.put("status", bool);
            jSONObject.put("path", str);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return jSONObject;
    }

    private static byte[] getCrlAuthorityKeyID(X509CRL x509crl) {
        try {
            return AuthorityKeyIdentifier.getInstance(DEROctetString.getInstance(x509crl.getExtensionValue("2.5.29.35")).getOctets()).getKeyIdentifier();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws Exception {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
        if (extensionValue == null) {
            return new ArrayList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }

    public static ConcurrentHashMap<String, JSONObject> getCrlsInfoAsJson(ConcurrentHashMap<String, X509CRL> concurrentHashMap, ReactContext reactContext) {
        ConcurrentHashMap<String, JSONObject> concurrentHashMap2 = new ConcurrentHashMap<>();
        List<X509Certificate> certList = getCertList(KeyStoreImpl.CA.getKeyStore());
        List<X509Certificate> certList2 = getCertList(KeyStoreImpl.ROOT.getKeyStore());
        try {
            for (Map.Entry<String, X509CRL> entry : concurrentHashMap.entrySet()) {
                concurrentHashMap2.put(entry.getKey(), validateCrlAndConvertToJson(entry.getValue(), entry.getKey(), certList, certList2, reactContext));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return concurrentHashMap2;
    }

    private static X509Certificate getIssuerCert(List<X509Certificate> list, X509CRL x509crl) {
        for (X509Certificate x509Certificate : list) {
            try {
                x509crl.verify(x509Certificate.getPublicKey());
                return x509Certificate;
            } catch (Exception unused) {
            }
        }
        return null;
    }

    public static ConcurrentHashMap<String, X509CRL> loadCrlStore(String str) {
        ConcurrentHashMap<String, X509CRL> concurrentHashMap = new ConcurrentHashMap<>();
        try {
            File file = new File(str);
            CertificateFactory certificateFactory = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
            if (file.exists()) {
                for (File file2 : file.listFiles()) {
                    FileInputStream fileInputStream = new FileInputStream(file2.getPath());
                    try {
                        concurrentHashMap.put(file2.getPath(), (X509CRL) certificateFactory.generateCRL(fileInputStream));
                        fileInputStream.close();
                    } finally {
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return concurrentHashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ConcurrentHashMap<String, JSONObject> saveCrlToStorage(X509CRL x509crl, ReactContext reactContext) throws Exception {
        if (!Utils.isExistDir(Constants.USER_CRLS_DIR)) {
            new File(Constants.USER_CRLS_DIR).mkdir();
        }
        String str = Constants.USER_CRLS_DIR + File.separator + Utils.getThumbPrint(x509crl.getEncoded()) + ".crl";
        File file = new File(str);
        file.createNewFile();
        FileOutputStream fileOutputStream = new FileOutputStream(file, false);
        try {
            fileOutputStream.write(x509crl.getEncoded());
            fileOutputStream.close();
            List<X509Certificate> certList = getCertList(KeyStoreImpl.CA.getKeyStore());
            List<X509Certificate> certList2 = getCertList(KeyStoreImpl.ROOT.getKeyStore());
            ConcurrentHashMap<String, JSONObject> concurrentHashMap = new ConcurrentHashMap<>();
            concurrentHashMap.put(str, validateCrlAndConvertToJson(x509crl, str, certList, certList2, reactContext));
            return concurrentHashMap;
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static JSONObject validateCrlAndConvertToJson(X509CRL x509crl, String str, List<X509Certificate> list, List<X509Certificate> list2, ReactContext reactContext) {
        Boolean.valueOf(false);
        List<X509Certificate> filterCertsForIssuerName = filterCertsForIssuerName(list, x509crl.getIssuerDN());
        List<X509Certificate> filterCertsForIssuerName2 = filterCertsForIssuerName(list2, x509crl.getIssuerDN());
        X509Certificate issuerCert = getIssuerCert(filterCertsForIssuerName, x509crl);
        try {
            if (issuerCert != null) {
                return getCrlAsJson(x509crl, Utils.buildChain(issuerCert, reactContext).get("chainBuilding"), str);
            }
            X509Certificate issuerCert2 = getIssuerCert(filterCertsForIssuerName2, x509crl);
            return issuerCert2 == null ? getCrlAsJson(x509crl, false, str) : getCrlAsJson(x509crl, Utils.buildChain(issuerCert2, reactContext).get("chainBuilding"), str);
        } catch (Exception e) {
            e.printStackTrace();
            return getCrlAsJson(x509crl, false, str);
        }
    }
}
