package me;

import android.net.http.SslCertificate;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes7.dex */
public class e {

    /* renamed from: a, reason: collision with root package name */
    public static final String f50065a = "b";

    /* renamed from: b, reason: collision with root package name */
    public static final int f50066b = 5;

    public static X509Certificate a(SslCertificate sslCertificate) {
        X509Certificate x509Certificate;
        com.lizhi.component.tekiapm.tracer.block.d.j(38822);
        byte[] byteArray = SslCertificate.saveState(sslCertificate).getByteArray("x509-certificate");
        if (byteArray != null) {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
            } catch (CertificateException e10) {
                h.c(f50065a, "exception", e10);
            }
            com.lizhi.component.tekiapm.tracer.block.d.m(38822);
            return x509Certificate;
        }
        x509Certificate = null;
        com.lizhi.component.tekiapm.tracer.block.d.m(38822);
        return x509Certificate;
    }

    public static X509Certificate b(String str) {
        X509Certificate x509Certificate;
        com.lizhi.component.tekiapm.tracer.block.d.j(38815);
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance(ke.k.f47194f).generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (CertificateException e10) {
            h.d(f50065a, "generateX509FromStr: CertificateException" + e10.getMessage());
            x509Certificate = null;
        }
        com.lizhi.component.tekiapm.tracer.block.d.m(38815);
        return x509Certificate;
    }

    public static boolean c(X509Certificate x509Certificate) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38824);
        if (x509Certificate == null) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38824);
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38824);
            return false;
        }
        boolean z10 = x509Certificate.getKeyUsage()[5];
        com.lizhi.component.tekiapm.tracer.block.d.m(38824);
        return z10;
    }

    public static boolean d(X509Certificate x509Certificate, String str) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38818);
        if (str.equals(x509Certificate.getSubjectDN().getName())) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38818);
            return true;
        }
        h.d(f50065a, "verify: subject name is error");
        com.lizhi.component.tekiapm.tracer.block.d.m(38818);
        return false;
    }

    public static boolean e(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38820);
        try {
            x509Certificate2.verify(x509Certificate.getPublicKey());
            if (j(new X509Certificate[]{x509Certificate, x509Certificate2})) {
                com.lizhi.component.tekiapm.tracer.block.d.m(38820);
                return true;
            }
            h.d(f50065a, "verify: date not right");
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (InvalidKeyException e10) {
            h.d(f50065a, "verify: publickey InvalidKeyException " + e10.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (NoSuchAlgorithmException e11) {
            h.d(f50065a, "verify: publickey NoSuchAlgorithmException " + e11.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (NoSuchProviderException e12) {
            h.d(f50065a, "verify: publickey NoSuchProviderException " + e12.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (SignatureException e13) {
            h.d(f50065a, "verify: publickey SignatureException " + e13.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (CertificateException e14) {
            h.d(f50065a, "verify: publickey CertificateException " + e14.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        } catch (Exception e15) {
            h.d(f50065a, "verify: Exception " + e15.getMessage());
            com.lizhi.component.tekiapm.tracer.block.d.m(38820);
            return false;
        }
    }

    public static boolean f(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        com.lizhi.component.tekiapm.tracer.block.d.j(38821);
        Principal principal = null;
        int i10 = 0;
        while (i10 < x509CertificateArr.length) {
            X509Certificate x509Certificate2 = x509CertificateArr[i10];
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    h.d(f50065a, "verify: principalIssuer not match");
                    com.lizhi.component.tekiapm.tracer.block.d.m(38821);
                    return false;
                }
                x509CertificateArr[i10].verify(x509CertificateArr[i10 - 1].getPublicKey());
            }
            i10++;
            principal = subjectDN;
        }
        if (!e(x509Certificate, x509CertificateArr[0])) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38821);
            return false;
        }
        if (!j(x509CertificateArr)) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38821);
            return false;
        }
        if (!c(x509Certificate)) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38821);
            return false;
        }
        boolean h10 = h(x509CertificateArr);
        com.lizhi.component.tekiapm.tracer.block.d.m(38821);
        return h10;
    }

    public static boolean g(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, X509CRL x509crl, String str) throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException, InvalidKeyException, SignatureException {
        com.lizhi.component.tekiapm.tracer.block.d.j(38816);
        if (f(x509Certificate, x509CertificateArr)) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38816);
            return false;
        }
        if (i(x509CertificateArr, x509crl)) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38816);
            return false;
        }
        if (!d(x509CertificateArr[x509CertificateArr.length - 1], str)) {
            com.lizhi.component.tekiapm.tracer.block.d.m(38816);
            return false;
        }
        boolean j10 = j(x509CertificateArr);
        com.lizhi.component.tekiapm.tracer.block.d.m(38816);
        return j10;
    }

    public static boolean h(X509Certificate[] x509CertificateArr) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38823);
        for (int i10 = 0; i10 < x509CertificateArr.length - 1; i10++) {
            if (!c(x509CertificateArr[i10])) {
                com.lizhi.component.tekiapm.tracer.block.d.m(38823);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.d.m(38823);
        return true;
    }

    public static boolean i(X509Certificate[] x509CertificateArr, X509CRL x509crl) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38817);
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate.getSerialNumber());
        }
        if (x509crl != null) {
            try {
                Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
                if (revokedCertificates != null && !revokedCertificates.isEmpty()) {
                    Iterator<? extends X509CRLEntry> it = revokedCertificates.iterator();
                    while (it.hasNext()) {
                        if (arrayList.contains(it.next().getSerialNumber())) {
                            h.d(f50065a, "verify: certificate revoked");
                            com.lizhi.component.tekiapm.tracer.block.d.m(38817);
                            return false;
                        }
                    }
                }
            } catch (Exception e10) {
                h.d(f50065a, "verify: revoked verify exception : " + e10.getMessage());
                com.lizhi.component.tekiapm.tracer.block.d.m(38817);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.d.m(38817);
        return true;
    }

    public static boolean j(X509Certificate[] x509CertificateArr) {
        com.lizhi.component.tekiapm.tracer.block.d.j(38819);
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (CertificateExpiredException e10) {
                e = e10;
                h.d(f50065a, "verifyCertificateDate: exception : " + e.getMessage());
                com.lizhi.component.tekiapm.tracer.block.d.m(38819);
                return false;
            } catch (CertificateNotYetValidException e11) {
                e = e11;
                h.d(f50065a, "verifyCertificateDate: exception : " + e.getMessage());
                com.lizhi.component.tekiapm.tracer.block.d.m(38819);
                return false;
            } catch (Exception e12) {
                h.d(f50065a, "verifyCertificateDate : exception : " + e12.getMessage());
                com.lizhi.component.tekiapm.tracer.block.d.m(38819);
                return false;
            }
        }
        com.lizhi.component.tekiapm.tracer.block.d.m(38819);
        return true;
    }
}
