package cn.com.infosec.util;

import java.security.Principal;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class CertificateChainUtil {
    public static void main(String[] strArr) {
    }

    public static X509Certificate[] sortCertificates(X509Certificate[] x509CertificateArr) throws Exception {
        boolean z10;
        int length = x509CertificateArr.length;
        int i10 = 0;
        int i11 = 0;
        while (true) {
            if (i11 >= length) {
                z10 = false;
                break;
            }
            Principal subjectDN = x509CertificateArr[i11].getSubjectDN();
            int i12 = 0;
            while (i12 < length && !subjectDN.equals(x509CertificateArr[i12].getIssuerDN())) {
                i12++;
            }
            if (i12 == length) {
                X509Certificate x509Certificate = x509CertificateArr[i11];
                z10 = true;
                break;
            }
            i11++;
        }
        if (i11 == length && !z10) {
            throw new Exception("Can't found a usercert in the chain");
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        x509CertificateArr[0] = x509CertificateArr[i11];
        x509CertificateArr[i11] = x509Certificate2;
        Principal issuerDN = x509CertificateArr[0].getIssuerDN();
        for (int i13 = 1; i13 < x509CertificateArr.length - 1; i13++) {
            int i14 = i13;
            while (true) {
                if (i14 >= x509CertificateArr.length) {
                    break;
                }
                if (x509CertificateArr[i14].getSubjectDN().equals(issuerDN)) {
                    X509Certificate x509Certificate3 = x509CertificateArr[i13];
                    x509CertificateArr[i13] = x509CertificateArr[i14];
                    x509CertificateArr[i14] = x509Certificate3;
                    issuerDN = x509CertificateArr[i13].getIssuerDN();
                    break;
                }
                i14++;
            }
            if (i14 == x509CertificateArr.length) {
                throw new Exception("Incomplete certificate chain in reply");
            }
        }
        while (i10 < x509CertificateArr.length - 1) {
            int i15 = i10 + 1;
            try {
                x509CertificateArr[i10].verify(x509CertificateArr[i15].getPublicKey());
                i10 = i15;
            } catch (Exception unused) {
                throw new Exception("Certificate in chain does not verify");
            }
        }
        return x509CertificateArr;
    }
}
