package com.neurotec.commonutils.util;

import android.util.Base64;
import android.util.Pair;
import com.neurotec.commonutils.util.NCertificate;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class NCertificateChain {
    public static final String LOG_TAG = "NCertificateChain";
    private boolean mIsSelfSign;
    private List<NCertificate> mNCertificates = new ArrayList();

    public NCertificateChain(boolean z3, X509Certificate[] x509CertificateArr) {
        this.mIsSelfSign = z3;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            LoggerUtil.log("NCertificateChain PUBLIC KEY encodedKey incoming", Base64.encodeToString(x509Certificate.getPublicKey().getEncoded(), 2));
            LoggerUtil.log("NCertificateChain PUBLIC KEY public_key_format incoming", x509Certificate.getPublicKey().getFormat());
            LoggerUtil.log("NCertificateChain PUBLIC KEY public_key_algorithm incoming", x509Certificate.getPublicKey().getAlgorithm());
            LoggerUtil.log("NCertificateChain PUBLIC KEY certificate info incoming", SSLUtil.getCertifcateDetailsTemp(x509Certificate));
            LoggerUtil.log("NCertificateChain PUBLIC KEY num of certificates in the chain", String.valueOf(x509CertificateArr.length));
            this.mNCertificates.add(new NCertificate(x509Certificate));
        }
    }

    private NCertificate findRootCert(List<NCertificate> list) {
        if (this.mIsSelfSign) {
            return this.mNCertificates.get(0);
        }
        for (NCertificate nCertificate : list) {
            NCertificate findSignedCert = findSignedCert(nCertificate, list);
            if (findSignedCert == null || findSignedCert.equals(nCertificate)) {
                return nCertificate;
            }
        }
        return null;
    }

    private NCertificate findSignedCert(NCertificate nCertificate, List<NCertificate> list) {
        for (NCertificate nCertificate2 : list) {
            if (nCertificate2.getX509Certificate().getIssuerDN().equals(nCertificate.getX509Certificate().getSubjectDN()) && !nCertificate2.equals(nCertificate)) {
                return nCertificate2;
            }
        }
        return null;
    }

    public NCertificate getRootCertificate() {
        return findRootCert(this.mNCertificates);
    }

    public HashMap<BigInteger, byte[]> getSignatures() {
        HashMap<BigInteger, byte[]> hashMap = new HashMap<>();
        for (NCertificate nCertificate : this.mNCertificates) {
            hashMap.put((BigInteger) nCertificate.getSignature().first, (byte[]) nCertificate.getSignature().second);
        }
        return hashMap;
    }

    public boolean isSelfSign() {
        return this.mIsSelfSign;
    }

    public boolean isSignaturesVerified(HashMap<BigInteger, byte[]> hashMap) {
        HashMap<BigInteger, byte[]> signatures = getSignatures();
        if (hashMap == null) {
            return false;
        }
        for (BigInteger bigInteger : hashMap.keySet()) {
            if (!signatures.containsKey(bigInteger) || !Arrays.equals(signatures.get(bigInteger), hashMap.get(bigInteger))) {
                return false;
            }
        }
        return true;
    }

    public Pair<List<NCertificate.NCertificateError>, List<String>> verify(HashMap<BigInteger, byte[]> hashMap, PublicKey publicKey) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<NCertificate> it = this.mNCertificates.iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = it.next().getX509Certificate();
            try {
                if (this.mIsSelfSign && publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e4) {
                        LoggerUtil.log(LOG_TAG, "verify certificate verify fail with public key: ", e4);
                        SSLUtil.addError(arrayList, e4);
                        SSLUtil.addStringError(arrayList2, e4.getLocalizedMessage());
                    }
                } else if (hashMap == null || hashMap.size() <= 0) {
                    LoggerUtil.log(LOG_TAG, "verify no existing certificates. Adding as new certificate");
                    SSLUtil.addError(arrayList, NCertificate.NCertificateError.SIGNATURE_ERROR);
                    SSLUtil.addStringError(arrayList2, "Signature error");
                } else if (Arrays.equals(hashMap.get(x509Certificate.getSerialNumber()), x509Certificate.getSignature())) {
                    LoggerUtil.log(LOG_TAG, "verify certificate matched with existing");
                } else {
                    LoggerUtil.log(LOG_TAG, "verify certificate serial number match. But signature does not match");
                    SSLUtil.addError(arrayList, NCertificate.NCertificateError.SIGNATURE_ERROR);
                    SSLUtil.addStringError(arrayList2, "Signature error");
                }
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException e5) {
                e = e5;
                LoggerUtil.log(LOG_TAG, "verify Exception on check certificate validity", e);
                SSLUtil.addError(arrayList, e);
                SSLUtil.addStringError(arrayList2, e.getLocalizedMessage());
            } catch (CertificateNotYetValidException e6) {
                e = e6;
                LoggerUtil.log(LOG_TAG, "verify Exception on check certificate validity", e);
                SSLUtil.addError(arrayList, e);
                SSLUtil.addStringError(arrayList2, e.getLocalizedMessage());
            } catch (Exception e7) {
                LoggerUtil.log(LOG_TAG, "verify: Exception on verify certificate", e7);
                SSLUtil.addError(arrayList, e7);
                SSLUtil.addStringError(arrayList2, e7.getLocalizedMessage());
            }
        }
        return new Pair<>(arrayList, arrayList2);
    }
}
