package net.netca.pki.crypto.android.l;

import android.text.TextUtils;
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
import net.netca.pki.Certificate;
import net.netca.pki.Hash;
import net.netca.pki.crypto.android.exceptions.CertNotActiveException;
import net.netca.pki.crypto.android.exceptions.CertOutOfDateException;
import net.netca.pki.crypto.android.exceptions.NetworkException;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.ocsp.BasicOCSPResponse;
import net.netca.pki.encoding.asn1.pki.ocsp.CertID;
import net.netca.pki.encoding.asn1.pki.ocsp.OCSPRequestBuilder;
import net.netca.pki.encoding.asn1.pki.ocsp.OCSPResponse;
import net.netca.pki.encoding.asn1.pki.ocsp.RequestList;
import net.netca.pki.encoding.asn1.pki.ocsp.Responses;
import net.netca.pki.encoding.asn1.pki.ocsp.SingleRequest;
import net.netca.pki.encoding.asn1.pki.ocsp.SingleResponse;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class d {
    public static int a(byte[] bArr) {
        try {
            OCSPResponse oCSPResponse = new OCSPResponse(bArr);
            if ((oCSPResponse.getStatus() != 0) && (!oCSPResponse.getResponseType().equals(OCSPResponse.OCSP_BASIC_OID))) {
                return -1;
            }
            switch (a(new BasicOCSPResponse(oCSPResponse.getResponse())).getCertStatus().getType()) {
                case 0:
                    return 1;
                case 1:
                    return 0;
                default:
                    return -1;
            }
        } catch (Exception e) {
            e.printStackTrace();
            return -1;
        }
    }

    private static SingleResponse a(BasicOCSPResponse basicOCSPResponse) {
        Responses responses = basicOCSPResponse.getResponses();
        if (responses.size() > 0) {
            return responses.get(0);
        }
        return null;
    }

    public static void a(Certificate certificate) {
        Date validityEnd = certificate.getValidityEnd();
        Date validityStart = certificate.getValidityStart();
        Date time = Calendar.getInstance().getTime();
        if (time.before(validityStart)) {
            throw new CertNotActiveException("证书未生效");
        }
        if (time.after(validityEnd)) {
            throw new CertOutOfDateException("证书已过期");
        }
    }

    public static byte[] a(String str, Certificate certificate) {
        try {
            if (TextUtils.isEmpty(str)) {
                throw new u("CRL地址为空,无法验证");
            }
            return new net.netca.pki.crypto.android.g.a().getData(str);
        } catch (IOException e) {
            throw new u(e.getMessage());
        }
    }

    public static byte[] a(Certificate certificate, Certificate certificate2) {
        X509Certificate x509Certificate = new X509Certificate(certificate.derEncode());
        X509Certificate x509Certificate2 = new X509Certificate(certificate2.derEncode());
        CertID certID = new CertID(AlgorithmIdentifier.CreateAlgorithmIdentifier(AlgorithmIdentifier.SHA1_OID), Hash.computeHash(8192, x509Certificate.getSubject().getASN1Object().encode()), Hash.computeHash(8192, x509Certificate.getSubjectPublicKeyInfo().getSubjectPublicKey().getValue()), x509Certificate2.getSerialNumber());
        OCSPRequestBuilder oCSPRequestBuilder = new OCSPRequestBuilder();
        RequestList requestList = new RequestList();
        requestList.add(new SingleRequest(certID, null));
        oCSPRequestBuilder.setRequestList(requestList);
        oCSPRequestBuilder.addCert(x509Certificate2);
        return oCSPRequestBuilder.build().derEncode();
    }

    public static byte[] b(String str, Certificate certificate) {
        try {
            if (TextUtils.isEmpty(str)) {
                throw new u("OCSP地址为空,无法验证");
            }
            try {
                Certificate[] buildCertPath = certificate.buildCertPath();
                if (buildCertPath == null || buildCertPath.length < 2) {
                    throw new u("构建证书链失败，无法验证");
                }
                return new net.netca.pki.crypto.android.g.a().a(str, a(buildCertPath[buildCertPath.length - 2], certificate));
            } catch (Exception unused) {
                throw new u("构建证书链失败，无法验证");
            }
        } catch (NetworkException e) {
            throw new u(e.getMessage());
        }
    }
}
