package com.lsy.baselib.crypto.manager;

import cfca.sadk.x509.certificate.X509CRL;
import cfca.sadk.x509.certificate.X509Cert;
import com.lsy.baselib.crypto.exception.TrustCertificateManagerException;
import com.lsy.baselib.crypto.exception.TrustManagerException;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class TrustManager {
    private static TrustManager trustMan;
    private X509CRL crl = null;
    private String crlPath = null;
    private HashMap<String, X509Certificate> hmTrustStore;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class CertFilenameFilter implements FilenameFilter {
        private CertFilenameFilter() {
        }

        /* synthetic */ CertFilenameFilter(TrustManager trustManager, CertFilenameFilter certFilenameFilter) {
            this();
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return str.endsWith(".crt");
        }
    }

    private TrustManager() {
        this.hmTrustStore = null;
        this.hmTrustStore = new HashMap<>();
    }

    private void checkValidity(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws TrustManagerException, CertificateExpiredException, CertificateNotYetValidException {
        Date date = new Date();
        String name = x509Certificate.getSubjectDN().getName();
        Date date2 = new Date();
        Date notBefore = x509Certificate.getNotBefore();
        Date notAfter = x509Certificate.getNotAfter();
        if (date2.before(notBefore)) {
            throw new CertificateNotYetValidException("证书【" + name + "】尚未生效!");
        }
        if (date2.after(notAfter)) {
            throw new CertificateExpiredException("证书【" + name + "】已经过期!");
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            X509CRL x509crl = this.crl;
            if (x509crl != null) {
                if (x509crl.getNextUpdate().before(date)) {
                    loadCrl();
                }
                if (this.crl.isRevoke(x509Certificate.getSerialNumber())) {
                    throw new TrustManagerException("证书【" + name + "】已被吊销!");
                }
            }
        } catch (Exception e) {
            throw new TrustManagerException("证书【" + name + "】不可信任!使用" + x509Certificate2.getSubjectDN().getName() + "校验用户证书签名失败", e);
        }
    }

    public static synchronized TrustManager getInstance() {
        TrustManager trustManager;
        synchronized (TrustManager.class) {
            if (trustMan == null) {
                trustMan = new TrustManager();
            }
            trustManager = trustMan;
        }
        return trustManager;
    }

    private void loadCrl() {
        FileInputStream fileInputStream;
        Throwable th;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(this.crlPath);
                try {
                    this.crl = new X509CRL(fileInputStream);
                    fileInputStream.close();
                } catch (Exception unused) {
                    fileInputStream2 = fileInputStream;
                    if (fileInputStream2 != null) {
                        fileInputStream2.close();
                    }
                } catch (Throwable th2) {
                    th = th2;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException unused2) {
                        }
                    }
                    throw th;
                }
            } catch (IOException unused3) {
            }
        } catch (Exception unused4) {
        } catch (Throwable th3) {
            fileInputStream = null;
            th = th3;
        }
    }

    public boolean addTrust(String str) {
        try {
            addTrustedCertificate(str.getBytes());
            return true;
        } catch (TrustManagerException unused) {
            return false;
        }
    }

    public boolean addTrustAuthority(String str) {
        try {
            addTrustedDirectory(str);
            return true;
        } catch (TrustManagerException unused) {
            return false;
        }
    }

    public void addTrustedCertificate(byte[] bArr) throws TrustManagerException {
        if (bArr == null) {
            throw new TrustManagerException("添加信任证书失败，无效的参数。");
        }
        try {
            addTrustedChain(new X509Certificate[]{new com.lsy.baselib.crypto.protocol.X509Certificate(new X509Cert(Base64.decode(bArr)))});
        } catch (Exception e) {
            throw new TrustManagerException("添加信任证书失败", e);
        }
    }

    public void addTrustedChain(X509Certificate[] x509CertificateArr) throws TrustManagerException, CertificateExpiredException, CertificateNotYetValidException {
        if (x509CertificateArr == null) {
            return;
        }
        int i = 0;
        while (i < x509CertificateArr.length - 1) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            i++;
            checkValidity(x509Certificate, x509CertificateArr[i]);
        }
        String name = x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN().getName();
        Date date = new Date();
        Date notBefore = x509CertificateArr[x509CertificateArr.length - 1].getNotBefore();
        Date notAfter = x509CertificateArr[x509CertificateArr.length - 1].getNotAfter();
        if (date.before(notBefore)) {
            throw new CertificateNotYetValidException("证书【" + name + "】尚未生效!");
        }
        if (date.after(notAfter)) {
            throw new CertificateExpiredException("证书【" + name + "】已经过期!");
        }
        for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
            this.hmTrustStore.put(x509CertificateArr[i2].getSubjectDN().getName(), x509CertificateArr[i2]);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [com.lsy.baselib.crypto.manager.TrustManager$CertFilenameFilter] */
    /* JADX WARN: Type inference failed for: r0v15 */
    /* JADX WARN: Type inference failed for: r0v17 */
    /* JADX WARN: Type inference failed for: r0v18 */
    /* JADX WARN: Type inference failed for: r0v2 */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.io.ByteArrayOutputStream] */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.io.ByteArrayOutputStream] */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v7 */
    public void addTrustedDirectory(String str) throws TrustManagerException {
        BufferedReader bufferedReader;
        ByteArrayOutputStream byteArrayOutputStream;
        if (str == null) {
            throw new TrustManagerException("设置信任证书链目录失败，无效的参数。");
        }
        ?? r0 = 0;
        r0 = 0;
        r0 = 0;
        try {
            File[] listFiles = new File(str).listFiles(new CertFilenameFilter(this, r0));
            BufferedReader bufferedReader2 = null;
            int i = 0;
            while (i < listFiles.length) {
                try {
                    bufferedReader = new BufferedReader(new FileReader(listFiles[i]));
                    try {
                        try {
                            byteArrayOutputStream = new ByteArrayOutputStream();
                        } catch (Exception e) {
                            e = e;
                        }
                    } catch (Throwable th) {
                        th = th;
                    }
                } catch (Exception e2) {
                    e = e2;
                    bufferedReader = bufferedReader2;
                } catch (Throwable th2) {
                    th = th2;
                    bufferedReader = bufferedReader2;
                }
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine.startsWith("-----BEGIN")) {
                        readLine = bufferedReader.readLine();
                    }
                    do {
                        byteArrayOutputStream.write(readLine.getBytes());
                        readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                    } while (!readLine.startsWith("-----END"));
                    addTrustedChain(new X509Certificate[]{new com.lsy.baselib.crypto.protocol.X509Certificate(new X509Cert(Base64.decode(byteArrayOutputStream.toByteArray())))});
                    i++;
                    r0 = byteArrayOutputStream;
                    bufferedReader2 = bufferedReader;
                } catch (Exception e3) {
                    e = e3;
                    r0 = byteArrayOutputStream;
                    throw new TrustManagerException("设置信任证书链目录失败", e);
                } catch (Throwable th3) {
                    th = th3;
                    r0 = byteArrayOutputStream;
                    if (r0 != 0) {
                        try {
                            r0.close();
                        } catch (IOException unused) {
                        }
                    }
                    if (bufferedReader == null) {
                        throw th;
                    }
                    try {
                        bufferedReader.close();
                        throw th;
                    } catch (IOException unused2) {
                        throw th;
                    }
                }
            }
            if (r0 != 0) {
                try {
                    r0.close();
                } catch (IOException unused3) {
                }
            }
            if (bufferedReader2 != null) {
                try {
                    bufferedReader2.close();
                } catch (IOException unused4) {
                }
            }
        } catch (Exception e4) {
            e = e4;
            bufferedReader = null;
        } catch (Throwable th4) {
            th = th4;
            bufferedReader = null;
        }
    }

    public void setCrlPath(String str) {
        this.crlPath = str;
        loadCrl();
    }

    public void verify(X509Certificate x509Certificate) throws TrustManagerException, CertificateExpiredException, CertificateNotYetValidException {
        verify(new X509Certificate[]{x509Certificate});
    }

    public void verify(byte[] bArr) throws TrustCertificateManagerException {
        try {
            verify(new X509Certificate[]{new com.lsy.baselib.crypto.protocol.X509Certificate(new X509Cert(Base64.decode(bArr)))});
        } catch (Exception e) {
            throw new TrustCertificateManagerException("verify fail", e);
        }
    }

    public void verify(X509Certificate[] x509CertificateArr) throws TrustManagerException, CertificateExpiredException, CertificateNotYetValidException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new TrustManagerException("证书链参数不能为空!");
        }
        int i = 0;
        while (i < x509CertificateArr.length - 1) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            i++;
            checkValidity(x509Certificate, x509CertificateArr[i]);
        }
        String name = x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN().getName();
        X509Certificate x509Certificate2 = this.hmTrustStore.get(name);
        if (x509Certificate2 != null) {
            checkValidity(x509CertificateArr[x509CertificateArr.length - 1], x509Certificate2);
            return;
        }
        throw new TrustManagerException("证书【" + name + "】不可信任!");
    }
}
