package com.digt.trusted.util.addon;

import com.digt.trusted.jce.provider.CryptoProCSPCertStore;
import com.digt.trusted.util.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;

/* loaded from: input_file:com/digt/trusted/util/addon/util4php.class */
public class util4php {
    public static X509Certificate getX509(String str) throws IOException, CertificateException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str.getBytes()));
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }

    public static String getSubjectPath(X509Certificate x509Certificate, String str, boolean z) {
        String str2 = "";
        String name = z ? x509Certificate.getSubjectDN().getName() : x509Certificate.getIssuerDN().getName();
        int indexOf = name.indexOf(str);
        if (indexOf >= 0) {
            String substring = name.substring(indexOf + str.length());
            int indexOf2 = substring.indexOf(",");
            if (indexOf2 < 0) {
                indexOf2 = substring.length();
            }
            str2 = substring.substring(0, indexOf2);
        }
        return str2;
    }

    public static X509Certificate searchCertRoot(X509Certificate x509Certificate, String str) {
        if (str.length() == 0) {
            str = "CurrentUser/CA";
        }
        if (str.equals("CurrentUser/CA")) {
            str = "CurrentUser/Root";
        }
        X509Certificate x509Certificate2 = null;
        try {
            for (X509Certificate x509Certificate3 : new CryptoProCSPCertStore().getInstance(str, null).getAllCertificates()) {
                if (x509Certificate3.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
                    if (null == x509Certificate3.getSubjectUniqueID() || null == x509Certificate.getIssuerUniqueID()) {
                        try {
                            x509Certificate.verify(x509Certificate3.getPublicKey(), "DIGT");
                        } catch (Exception e) {
                        }
                    } else if (x509Certificate3.getSubjectUniqueID() != x509Certificate.getIssuerUniqueID()) {
                    }
                    x509Certificate2 = x509Certificate3;
                    break;
                }
            }
            if (null == x509Certificate2 && str.equals("CurrentUser/CA")) {
                x509Certificate2 = searchCertRoot(x509Certificate, str);
            }
            return x509Certificate2;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    public static X509Certificate searchCertRoot(X509Certificate x509Certificate) {
        return searchCertRoot(x509Certificate, "");
    }

    public static boolean verifyCertificate(X509Certificate x509Certificate, StringBuilder sb) throws CertificateNotYetValidException, CertificateExpiredException, NoSuchAlgorithmException, CertStoreException {
        X509Certificate searchCertRoot = searchCertRoot(x509Certificate);
        if (null == searchCertRoot) {
            sb.append("<pre>Сертификат издателя не найден среди доверенных!!!</pre>");
            return false;
        }
        try {
            searchCertRoot.checkValidity();
            PublicKey publicKey = searchCertRoot.getPublicKey();
            try {
                x509Certificate.verify(publicKey, "DIGT");
                if (searchCertRoot.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal()) && searchCertRoot.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                    return true;
                }
                try {
                    x509Certificate.checkValidity();
                    X509CRL x509crl = null;
                    try {
                        try {
                            Iterator it = new CryptoProCSPCertStore().getInstance("CurrentUser/CA", null).getAllCRLs().iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                X509CRL x509crl2 = (X509CRL) it.next();
                                if (x509crl2.getIssuerX500Principal().equals(x509Certificate.getIssuerX500Principal()) && (0 == 0 || x509crl.getThisUpdate().before(x509crl2.getThisUpdate()))) {
                                    try {
                                        x509crl2.verify(publicKey, "DIGT");
                                        x509crl = x509crl2;
                                        break;
                                    } catch (Exception e) {
                                    }
                                }
                            }
                            if (null == x509crl) {
                                sb.append("<pre>Ни один СОС на найден!!!</pre>");
                                return false;
                            }
                            if (x509crl.getNextUpdate().before(new Date())) {
                                sb.append("<pre>Срок действия СОС истек!!!</pre>");
                                return false;
                            }
                            try {
                                x509crl.verify(publicKey, "DIGT");
                                if (x509crl.getRevokedCertificate(x509Certificate) == null) {
                                    return true;
                                }
                                sb.append("<pre>Сертификат занесен в список СОС!!!</pre>");
                                return false;
                            } catch (Exception e2) {
                                sb.append("<pre>Список СОС не прошел проверку на математическую корректность!!!</pre>");
                                return false;
                            }
                        } catch (CertStoreException e3) {
                            sb.append("<pre>Ни один СОС на найден!!!</pre>");
                            return false;
                        }
                    } catch (NoSuchAlgorithmException e4) {
                        sb.append("<pre>Ни один СОС на найден!!!</pre>");
                        return false;
                    }
                } catch (CertificateExpiredException e5) {
                    sb.append("<pre>Сертификат просрочен!!!</pre>");
                    return false;
                } catch (CertificateNotYetValidException e6) {
                    sb.append("<pre>Сертификат не вступил в силу!!!</pre>");
                    return false;
                }
            } catch (Exception e7) {
                sb.append("<pre>Сертификат не прошел проверку на математическую корректность!!!</pre>");
                return false;
            }
        } catch (CertificateExpiredException e8) {
            sb.append("<pre>Сертификат издателя просрочен!!!</pre>");
            return false;
        } catch (CertificateNotYetValidException e9) {
            sb.append("<pre>Сертификат издателя не вступил в силу!!!</pre>");
            return false;
        }
    }
}
