package by.avest.crypto.service.hl.core;

import android.os.RemoteException;
import android.util.Log;
import by.avest.crypto.ipc.ServiceCrypto;
import by.avest.crypto.ipc.VerException;
import by.avest.crypto.service.hl.CertVerify;
import by.avest.crypto.service.hl.CertVerifyResult;
import by.avest.crypto.service.hl.HLException;
import by.avest.crypto.service.hl.Pkcs7Handler;
import java.io.ByteArrayInputStream;
import java.security.cert.CertPath;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: classes.dex */
public final class CertVerifyCore extends ServiceComponent implements CertVerify {
    private static final String TAG = "CertVerify";
    private boolean ignoreCRL;
    private String profileList;

    public CertVerifyCore(ServiceCrypto serviceCrypto) {
        super(serviceCrypto);
        this.ignoreCRL = false;
        this.profileList = null;
    }

    public CertVerifyCore(ServiceCrypto serviceCrypto, String str) {
        super(serviceCrypto);
        this.ignoreCRL = false;
        this.profileList = str;
    }

    private X509Certificate generateCertificate(CertificateFactory certificateFactory, int i, int i2) throws CertificateException, VerException, RemoteException {
        return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(getService().getCertChainElem(i, i2)));
    }

    @Override // by.avest.crypto.service.hl.TrustProfiled
    public void closeTrustProfile() {
        this.profileList = null;
    }

    @Override // by.avest.crypto.service.hl.TrustProfiled
    public void openTrustProfile(String str) {
        this.profileList = str;
    }

    @Override // by.avest.crypto.service.hl.TrustProfiledVerifier
    public void trustWithoutCRL(boolean z) throws HLException, RemoteException {
        this.ignoreCRL = z;
    }

    @Override // by.avest.crypto.service.hl.CertVerify
    public CertVerifyResult verify(X509Certificate x509Certificate) {
        return verify(x509Certificate, (Pkcs7Handler) null);
    }

    @Override // by.avest.crypto.service.hl.CertVerify
    public CertVerifyResult verify(X509Certificate x509Certificate, Pkcs7Handler pkcs7Handler) {
        boolean z;
        int createHLContext;
        if (x509Certificate == null) {
            throw new IllegalArgumentException("X509Certificate certificate cannot be null.");
        }
        try {
            if (pkcs7Handler != null) {
                z = false;
                createHLContext = ((Pkcs7Object) pkcs7Handler).getCtx();
            } else {
                z = true;
                createHLContext = getService().createHLContext();
            }
            try {
                if (this.profileList != null && !getService().openProfile(createHLContext, this.profileList)) {
                    throw new HLException(RemoteUtils.getRemoteError(getService(), createHLContext));
                }
                if (this.ignoreCRL && !getService().trustWithoutCRL(createHLContext, true)) {
                    throw new HLException(RemoteUtils.getRemoteError(getService(), createHLContext));
                }
                boolean verifyCert = getService().verifyCert(createHLContext, x509Certificate.getEncoded(), null);
                String operationResultMessage = getService().getOperationResultMessage(createHLContext);
                int operationResultCode = getService().getOperationResultCode(createHLContext);
                new ArrayList();
                if (!verifyCert) {
                    return operationResultCode == 0 ? new CertVerifyRes(HLException.OTHER_ERROR, operationResultMessage) : new CertVerifyRes(operationResultCode, operationResultMessage);
                }
                CertPath certPath = null;
                TrustAnchor trustAnchor = null;
                try {
                    int certChainCount = getService().getCertChainCount(createHLContext);
                    if (certChainCount > 0) {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                        trustAnchor = new TrustAnchor(generateCertificate(certificateFactory, createHLContext, certChainCount - 1), null);
                        ArrayList arrayList = new ArrayList();
                        for (int i = 0; i < certChainCount - 1; i++) {
                            arrayList.add(generateCertificate(certificateFactory, createHLContext, i));
                        }
                        certPath = certificateFactory.generateCertPath(arrayList);
                    }
                } catch (VerException e) {
                    Log.i(TAG, "verify, CertPath not supported by crypto service", e);
                }
                CertVerifyRes certVerifyRes = new CertVerifyRes(operationResultCode, operationResultMessage, certPath, trustAnchor);
                if (z) {
                    getService().releaseHLContext(createHLContext);
                }
                return certVerifyRes;
            } finally {
                if (z) {
                    getService().releaseHLContext(createHLContext);
                }
            }
        } catch (RemoteException | VerException | HLException | CertificateException e2) {
            return new CertVerifyRes(HLException.OTHER_ERROR, e2.getMessage());
        }
    }

    @Override // by.avest.crypto.service.hl.CertVerify
    public CertVerifyResult verify(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain cannot be null.");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            int createHLContext = getService().createHLContext();
            try {
                if (this.profileList != null && !getService().openProfile(createHLContext, this.profileList)) {
                    throw new HLException(RemoteUtils.getRemoteError(getService(), createHLContext));
                }
                if (this.ignoreCRL && !getService().trustWithoutCRL(createHLContext, true)) {
                    throw new HLException(RemoteUtils.getRemoteError(getService(), createHLContext));
                }
                for (int i = 1; i < x509CertificateArr.length; i++) {
                    getService().addCertToChain(createHLContext, x509CertificateArr[i].getEncoded());
                }
                boolean verifyCert = getService().verifyCert(createHLContext, x509Certificate.getEncoded(), str);
                String operationResultMessage = getService().getOperationResultMessage(createHLContext);
                int operationResultCode = getService().getOperationResultCode(createHLContext);
                if (!verifyCert) {
                    return operationResultCode == 0 ? new CertVerifyRes(HLException.OTHER_ERROR, operationResultMessage) : new CertVerifyRes(operationResultCode, operationResultMessage);
                }
                CertPath certPath = null;
                TrustAnchor trustAnchor = null;
                try {
                    int certChainCount = getService().getCertChainCount(createHLContext);
                    if (certChainCount > 0) {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                        trustAnchor = new TrustAnchor(generateCertificate(certificateFactory, createHLContext, certChainCount - 1), null);
                        ArrayList arrayList = new ArrayList();
                        for (int i2 = 0; i2 < certChainCount - 1; i2++) {
                            arrayList.add(generateCertificate(certificateFactory, createHLContext, i2));
                        }
                        certPath = certificateFactory.generateCertPath(arrayList);
                    }
                } catch (VerException e) {
                    Log.i(TAG, "verify, CertPath not supported by crypto service", e);
                }
                return new CertVerifyRes(operationResultCode, operationResultMessage, certPath, trustAnchor);
            } finally {
                getService().releaseHLContext(createHLContext);
            }
        } catch (RemoteException | VerException | HLException | CertificateException e2) {
            return new CertVerifyRes(HLException.OTHER_ERROR, e2.getMessage());
        }
    }
}
