package t0;

import android.content.Context;
import b1.a;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import n1.h;

/* compiled from: CertUtil.java */
/* loaded from: classes.dex */
public class b {
    public static boolean a(b1.a aVar) {
        X509Certificate[] x509CertificateArr;
        try {
            if (aVar == null) {
                throw new c1.c("certParameters is null");
            }
            a.c f10 = aVar.f();
            if (f10 == a.c.OPLUS_LIST) {
                return c(aVar.b(), aVar.c());
            }
            X509Certificate[] d10 = aVar.d();
            if (d10 != null) {
                x509CertificateArr = new X509Certificate[d10.length + 1];
                System.arraycopy(d10, 0, x509CertificateArr, 1, d10.length);
            } else {
                x509CertificateArr = new X509Certificate[1];
            }
            x509CertificateArr[0] = aVar.c();
            if (f10 == a.c.SYSTEM_LIST) {
                return g(null, x509CertificateArr);
            }
            if (f10 != a.c.THIRD_PARTY_LIST) {
                return false;
            }
            if (aVar.e() != null) {
                return h(aVar.e(), x509CertificateArr);
            }
            throw new c1.c("No third-party root certificate is set");
        } catch (c1.c | IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            throw new s0.c(e10);
        }
    }

    public static boolean b(X509Certificate x509Certificate) {
        try {
            if (x509Certificate == null) {
                throw new c1.c("certificate is null");
            }
            try {
                x509Certificate.checkValidity();
                return true;
            } catch (CertificateExpiredException | CertificateNotYetValidException e10) {
                e10.printStackTrace();
                return false;
            }
        } catch (c1.c e11) {
            throw new s0.c(e11);
        }
    }

    private static boolean c(Context context, X509Certificate x509Certificate) {
        try {
            if (l1.a.a(x509Certificate)) {
                if (b(x509Certificate)) {
                    return true;
                }
            }
            return false;
        } catch (l1.e unused) {
            h.a("CertUtil", "checkOplusCert unable to request ta to verify the certificate chain.");
            if (context == null) {
                throw new c1.c("context is null");
            }
            InputStream open = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Global_Root_CA_E1.pem");
            X509Certificate d10 = d(open);
            open.close();
            InputStream open2 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Device_CA_E1.pem");
            X509Certificate d11 = d(open2);
            open2.close();
            InputStream open3 = context.getAssets().open("crypto_android_sdk/oplus_prod_cert_chain/OPlus_Service_CA_E1.pem");
            X509Certificate d12 = d(open3);
            open3.close();
            return h(new X509Certificate[]{d10}, new X509Certificate[]{x509Certificate, d11, d12});
        }
    }

    public static X509Certificate d(InputStream inputStream) {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public static X509Certificate e(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate d10 = d(byteArrayInputStream);
        byteArrayInputStream.close();
        return d10;
    }

    public static String f(X509Certificate x509Certificate) {
        try {
            if (x509Certificate == null) {
                throw new c1.c("cert is null");
            }
            Matcher matcher = Pattern.compile("(?:^|,\\s?)(?:CN=(?<val>\"(?:[^\"]|\"\")+\"|[^,]+))").matcher(x509Certificate.getSubjectX500Principal().getName());
            if (matcher.find()) {
                return matcher.group(1);
            }
            return null;
        } catch (c1.c e10) {
            throw new s0.c(e10);
        }
    }

    private static boolean g(KeyStore keyStore, X509Certificate[] x509CertificateArr) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        try {
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "RSA");
            return true;
        } catch (CertificateException e10) {
            h.a("CertUtil", "verityCert e = " + e10.toString());
            e10.printStackTrace();
            return false;
        }
    }

    private static boolean h(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int i10 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry("user:" + i10, x509Certificate);
            i10++;
        }
        return g(keyStore, x509CertificateArr2);
    }
}
