package com.idsmanager.sp.cvm;

import cn.jiguang.net.HttpUtils;
import com.idsmanager.sp.jce.TopCAProvider;
import com.idsmanager.sp.util.FileUtil;
import com.idsmanager.sp.util.RegexUtil;
import com.idsmanager.sp.x509.X509CRL;
import com.idsmanager.sp.x509.X509Certificate;
import java.io.IOException;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang.SystemUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CVM implements CertificateStatus {
    static final String DEFAULT_CONFIG_FILE_NAME = "cvm.xml";
    private static Logger log;
    private String providerName;
    private Hashtable<String, List<CRLContext>> crlContexts = null;
    private String configFileName = null;

    static {
        if (Security.getProvider(TopCAProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new TopCAProvider());
        }
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        log = LoggerFactory.getLogger(CVM.class);
    }

    private synchronized void init() {
        try {
            this.crlContexts = new CVMConfigFactory().buildCRLContext(this.configFileName);
            log.debug("CVM初始化成功");
        } catch (Exception e) {
            log.error(e.getMessage(), (Throwable) e);
        }
    }

    private int verifyCertificate(CRLContext cRLContext, X509Certificate x509Certificate, boolean z) {
        return verifyCertificate(cRLContext, x509Certificate, true, z);
    }

    private int verifyCertificate(CRLContext cRLContext, X509Certificate x509Certificate, boolean z, boolean z2) {
        boolean verify;
        if (z) {
            X509Certificate caCert = cRLContext.getCaCert();
            if (this.providerName == null || this.providerName.trim().equalsIgnoreCase("")) {
                verify = x509Certificate.verify(caCert);
            } else {
                try {
                    x509Certificate.verify(caCert.getPublicKey(), this.providerName);
                    verify = true;
                } catch (Exception e) {
                    log.debug(e.getMessage(), (Throwable) e);
                    verify = false;
                }
            }
            if (!verify) {
                log.info("(" + cRLContext.getIDAndAlias() + ")验证CA签名失败，疑是伪造证书，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
                return 4;
            }
        }
        if (z2) {
            X509CRL x509crl = cRLContext.getX509CRL(x509Certificate.getCRLDistributionPointURL());
            if (x509crl == null) {
                log.error("(" + cRLContext.getIDAndAlias() + ")无法获取CRL，请检查配置文件和网络。");
                return 5;
            }
            if (x509crl.isRevoked(x509Certificate)) {
                Date notBefore = x509Certificate.getNotBefore();
                Date notAfter = x509Certificate.getNotAfter();
                Date date = new Date();
                if (date.after(notBefore) && date.before(notAfter)) {
                    log.info("(" + cRLContext.getIDAndAlias() + ")证书已吊销，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
                    return 2;
                }
                log.info("(" + cRLContext.getIDAndAlias() + ")证书已被吊销而且已过期，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
                return 6;
            }
        }
        String accountHash = cRLContext.getAccountHash();
        if (accountHash == null || accountHash.equalsIgnoreCase(x509Certificate.getAccountHash())) {
            log.debug("(" + cRLContext.getIDAndAlias() + ")证书状态有效，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
            return 0;
        }
        log.info("(" + cRLContext.getIDAndAlias() + ")AccountHash不匹配，Cert's AccountHash=[" + x509Certificate.getAccountHash() + "]，RA's AccountHash=[" + accountHash + "]，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
        return 8;
    }

    public synchronized void addSupportCA(X509Certificate x509Certificate, X509CRL x509crl, String str, String str2, boolean z) {
        addSupportCA(x509Certificate, x509crl, str, str2, z, false);
    }

    public synchronized void addSupportCA(X509Certificate x509Certificate, X509CRL x509crl, String str, String str2, boolean z, boolean z2) {
        try {
            if (x509Certificate == null) {
                throw new IOException("CACert is null");
            }
            if (this.crlContexts == null) {
                this.crlContexts = new Hashtable<>();
            }
            List<CRLContext> list = this.crlContexts.get(x509Certificate.getSubjectDNString());
            if (list != null) {
                for (CRLContext cRLContext : list) {
                    if (x509Certificate.getHexSerialNumber().equalsIgnoreCase(cRLContext.getCaCert().getHexSerialNumber()) && Arrays.equals(x509Certificate.getPublicKey().getEncoded(), cRLContext.getCaCert().getPublicKey().getEncoded())) {
                        log.info("[" + x509Certificate.getSubjectDNString() + "][" + x509Certificate.getHexSerialNumber() + "]已存在。");
                        return;
                    }
                }
            } else {
                list = new ArrayList<>();
                this.crlContexts.put(x509Certificate.getSubjectDNString(), list);
            }
            CRLContextConfInfo cRLContextConfInfo = new CRLContextConfInfo();
            String absolutePath = SystemUtils.getJavaIoTmpDir().getAbsolutePath();
            String str3 = absolutePath + SystemUtils.FILE_SEPARATOR + x509Certificate.getCertID() + ".cer";
            String str4 = absolutePath + SystemUtils.FILE_SEPARATOR + x509Certificate.getCertID() + ".crl";
            if (!FileUtil.exists(str3)) {
                FileUtil.saveBytesToFile(x509Certificate.getEncoded(), str3);
            }
            if (x509crl != null && !FileUtil.exists(str4)) {
                FileUtil.saveBytesToFile(x509crl.getEncoded(), str4);
            }
            cRLContextConfInfo.setCAFilePath(str3);
            cRLContextConfInfo.setCRLFilePath(str4);
            cRLContextConfInfo.setCRLUrl(str);
            int[] iArr = null;
            if (str2 != null && !str2.equals("")) {
                String[] split = str2.split(",");
                int[] iArr2 = new int[split.length];
                for (int i = 0; i < split.length; i++) {
                    iArr2[i] = Integer.parseInt(split[i].trim());
                }
                iArr = iArr2;
            }
            cRLContextConfInfo.setRetryPolicy(iArr);
            cRLContextConfInfo.setCheckCRL(z);
            cRLContextConfInfo.setTimingDownload(z2);
            CRLContext cRLContext2 = new CRLContext(cRLContextConfInfo);
            list.add(cRLContext2);
            log.debug("CVM增加CA[" + cRLContext2.getIDAndAlias() + "]");
        } catch (Throwable th) {
            throw th;
        }
    }

    public synchronized void addSupportCA(X509Certificate x509Certificate, String str, String str2, boolean z) {
        addSupportCA(x509Certificate, (X509CRL) null, str, str2, z);
    }

    public synchronized void addSupportCA(String str, String str2, String str3, boolean z) {
        addSupportCA(str, str2, str3, z, false);
    }

    public synchronized void addSupportCA(String str, String str2, String str3, boolean z, boolean z2) {
        if (!RegexUtil.matchesIgnoreCase(str, ".*(.cer|.crt|.pem)$")) {
            log.error("(CVM.addSupportCA)第一个参数必须是后缀名为.cer或者.crt或者.pem的证书文件的绝对路径！");
            return;
        }
        X509Certificate instanceFromFile = X509Certificate.getInstanceFromFile(str);
        if (this.crlContexts == null) {
            this.crlContexts = new Hashtable<>();
        }
        List<CRLContext> list = this.crlContexts.get(instanceFromFile.getSubjectDNString());
        if (list != null) {
            Iterator<CRLContext> it = list.iterator();
            while (it.hasNext()) {
                if (instanceFromFile.getHexSerialNumber().equalsIgnoreCase(it.next().getCaCert().getHexSerialNumber())) {
                    log.info("[" + instanceFromFile.getSubjectDNString() + "][" + instanceFromFile.getHexSerialNumber() + "]已存在。");
                    return;
                }
            }
        } else {
            list = new ArrayList<>();
            this.crlContexts.put(instanceFromFile.getSubjectDNString(), list);
        }
        CRLContextConfInfo cRLContextConfInfo = new CRLContextConfInfo();
        String replaceLastIgnoreCase = RegexUtil.replaceLastIgnoreCase(str, ".cer|.crt|.pem", ".crl");
        cRLContextConfInfo.setCAFilePath(str);
        cRLContextConfInfo.setCRLFilePath(replaceLastIgnoreCase);
        cRLContextConfInfo.setCRLUrl(str2);
        int[] iArr = null;
        if (str3 != null && !str3.equals("")) {
            String[] split = str3.split(",");
            int[] iArr2 = new int[split.length];
            for (int i = 0; i < split.length; i++) {
                iArr2[i] = Integer.parseInt(split[i].trim());
            }
            iArr = iArr2;
        }
        cRLContextConfInfo.setRetryPolicy(iArr);
        cRLContextConfInfo.setCheckCRL(z);
        cRLContextConfInfo.setTimingDownload(z2);
        CRLContext cRLContext = new CRLContext(cRLContextConfInfo);
        list.add(cRLContext);
        log.debug("CVM增加CA[" + cRLContext.getIDAndAlias() + "]");
    }

    public synchronized void clear() {
        if (this.crlContexts == null) {
            return;
        }
        Enumeration<String> keys = this.crlContexts.keys();
        while (keys.hasMoreElements()) {
            List<CRLContext> list = this.crlContexts.get(keys.nextElement());
            Iterator<CRLContext> it = list.iterator();
            while (it.hasNext()) {
                it.next().cancelCRLDownloadThread();
            }
            list.clear();
        }
        this.crlContexts.clear();
    }

    public void config(String str) {
        if (this.crlContexts == null) {
            this.configFileName = str;
            init();
            return;
        }
        log.debug("CVM已经初始化:[" + this.configFileName + "]");
    }

    public CRLContext getCRLContext(String str) {
        List<CRLContext> list = this.crlContexts.get(str);
        if (list == null || list.size() <= 0) {
            return null;
        }
        return list.get(0);
    }

    public Hashtable getCRLContexts() {
        return this.crlContexts;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public String listCRLContexts() {
        StringBuilder sb = new StringBuilder();
        if (this.crlContexts == null) {
            sb.append("CVM初始化失败，没有支持的CA。");
        } else {
            Enumeration<String> keys = this.crlContexts.keys();
            while (keys.hasMoreElements()) {
                String nextElement = keys.nextElement();
                List<CRLContext> list = this.crlContexts.get(nextElement);
                if (list != null) {
                    for (CRLContext cRLContext : list) {
                        sb.append("-----BEGIN CRLContext-----\r\n");
                        sb.append("CaSubjectDN=[");
                        sb.append(nextElement);
                        sb.append("]\r\n");
                        sb.append("CaSerialNumber=[");
                        sb.append(cRLContext.getCaCert().getHexSerialNumber());
                        sb.append("]\r\n");
                        sb.append("CaFileName=[");
                        sb.append(cRLContext.getCAFilePath());
                        sb.append("]\r\n");
                        sb.append("CrlFileName=[");
                        sb.append(cRLContext.getCrlFilePath());
                        sb.append("]\r\n");
                        sb.append("CrlExist=[");
                        sb.append(cRLContext.getX509CRL() != null);
                        sb.append("]\r\n");
                        sb.append("CrlUrl=[");
                        sb.append(cRLContext.getCrlUrl());
                        sb.append("]\r\n");
                        sb.append("UserCrlUrl=[");
                        sb.append(cRLContext.getUserCrlUrl());
                        sb.append("]\r\n");
                        int[] retryPolicy = cRLContext.getRetryPolicy();
                        StringBuilder sb2 = new StringBuilder();
                        for (int i = 0; i < retryPolicy.length; i++) {
                            if (i == 0) {
                                sb2.append(retryPolicy[i]);
                            } else {
                                sb2.append(",");
                                sb2.append(retryPolicy[i]);
                            }
                        }
                        sb.append("RetryPolicy=[");
                        sb.append(sb2.toString());
                        sb.append("]\r\n");
                        sb.append("IsCheckCRL=[");
                        sb.append(cRLContext.isCheckCRL());
                        sb.append("]\r\n");
                        sb.append("-----END CRLContext-----\r\n");
                    }
                }
            }
        }
        return sb.toString();
    }

    public void reConfig(String str) {
        log.debug("读取配置文件，重新初始化CVM");
        clear();
        this.crlContexts = null;
        config(str);
    }

    public synchronized void removeSupportCA(X509Certificate x509Certificate) {
        if (this.crlContexts == null) {
            return;
        }
        if (this.crlContexts.containsKey(x509Certificate.getSubjectDNString())) {
            List<CRLContext> list = this.crlContexts.get(x509Certificate.getSubjectDNString());
            if (list != null) {
                for (CRLContext cRLContext : list) {
                    if (x509Certificate.getHexSerialNumber().equalsIgnoreCase(cRLContext.getCaCert().getHexSerialNumber())) {
                        cRLContext.cancelCRLDownloadThread();
                        list.remove(cRLContext);
                        log.debug("删除CA支持[" + x509Certificate.getSubjectDNString() + "][" + x509Certificate.getHexSerialNumber() + "]");
                    }
                }
                if (list.size() == 0) {
                    this.crlContexts.remove(x509Certificate.getSubjectDNString());
                }
            } else {
                this.crlContexts.remove(x509Certificate.getSubjectDNString());
            }
        }
    }

    public synchronized void removeSupportCA(String str) {
        if (this.crlContexts == null) {
            return;
        }
        if (this.crlContexts.containsKey(str)) {
            List<CRLContext> list = this.crlContexts.get(str);
            if (list != null) {
                for (CRLContext cRLContext : list) {
                    cRLContext.cancelCRLDownloadThread();
                    list.remove(cRLContext);
                    log.debug("删除CA支持[" + str + "][" + cRLContext.getCaCert().getHexSerialNumber() + "]");
                }
                this.crlContexts.remove(str);
            } else {
                this.crlContexts.remove(str);
            }
        }
    }

    public void setProviderName(String str) {
        this.providerName = str;
    }

    public int verifyCertificate(X509Certificate x509Certificate) {
        return verifyCertificate(x509Certificate, true, true);
    }

    public int verifyCertificate(X509Certificate x509Certificate, boolean z, boolean z2) {
        return verifyCertificate(x509Certificate, true, z, z2);
    }

    public int verifyCertificate(X509Certificate x509Certificate, boolean z, boolean z2, boolean z3) {
        int verifyCertificate;
        if (z3 && !x509Certificate.isOnValidPeriod()) {
            log.info("证书已过期，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
            return 1;
        }
        if (this.crlContexts == null) {
            if (this.configFileName == null) {
                String replaceAll = CVM.class.getResource(HttpUtils.PATHS_SEPARATOR).getPath().replaceAll("%20", " ");
                int indexOf = replaceAll.indexOf("classes");
                StringBuilder sb = new StringBuilder();
                if (indexOf >= 0) {
                    replaceAll = replaceAll.substring(0, indexOf);
                }
                sb.append(replaceAll);
                sb.append(DEFAULT_CONFIG_FILE_NAME);
                this.configFileName = sb.toString();
                log.info("自动初始化，使用默认配置文件[" + this.configFileName + "]");
            }
            init();
            if (this.crlContexts == null) {
                log.error("严重系统错误，CVM初始化失败，请检查配置文件和日志。");
                return -1;
            }
        }
        List<CRLContext> list = this.crlContexts.get(x509Certificate.getIssuerDNString());
        int i = 3;
        if (list == null || list.size() == 0) {
            log.info("不支持的颁发者=[" + x509Certificate.getIssuerDNString() + "]，Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]");
            return 3;
        }
        for (CRLContext cRLContext : list) {
            try {
                verifyCertificate = verifyCertificate(cRLContext, x509Certificate, z, z2);
            } catch (Exception e) {
                log.info("(" + cRLContext.getIDAndAlias() + ")验证证书：Cert's SubjectDN=[" + x509Certificate.getSubjectDNString() + "]时异常");
                log.info(e.getMessage(), (Throwable) e);
            }
            if (verifyCertificate == 0) {
                return verifyCertificate;
            }
            i = verifyCertificate;
        }
        return i;
    }
}
