package com.dreamsecurity.jcaos.x509;

import com.dreamsecurity.jcaos.c;
import com.dreamsecurity.jcaos.cms.SignedData;
import com.dreamsecurity.jcaos.exception.BuildCertPathException;
import com.dreamsecurity.jcaos.exception.CTLException;
import com.dreamsecurity.jcaos.exception.NotExistSignerCertException;
import com.dreamsecurity.jcaos.exception.ObtainCertPathException;
import com.dreamsecurity.jcaos.exception.ParsingException;
import com.dreamsecurity.jcaos.exception.RevocationCheckException;
import com.dreamsecurity.jcaos.exception.RevokedCertException;
import com.dreamsecurity.jcaos.exception.TrustRootException;
import com.dreamsecurity.jcaos.exception.ValidateCertPathException;
import com.dreamsecurity.jcaos.exception.VerifyException;
import com.dreamsecurity.jcaos.ocsp.BasicOCSPResponse;
import com.dreamsecurity.jcaos.ocsp.OCSPResponse;
import com.dreamsecurity.jcaos.pkcs.PKCS8PrivateKeyInfo;
import com.dreamsecurity.jcaos.protocol.HTTP;
import com.dreamsecurity.jcaos.protocol.LDAP;
import com.dreamsecurity.jcaos.protocol.URLParser;
import com.dreamsecurity.jcaos.util.ByteUtil;
import com.dreamsecurity.jcaos.util.FileUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Properties;

/* loaded from: input_file:com/dreamsecurity/jcaos/x509/X509CertVerifier.class */
public class X509CertVerifier {
    public static final int REVOCATION_CHECK_NONE = 0;
    public static final int REVOCATION_CHECK_BY_ARL = 1;
    public static final int REVOCATION_CHECK_BY_CRL = 2;
    public static final int REVOCATION_CHECK_BY_OCSP = 4;
    public static final int DONT_CACHE_CAPUBS = 1;
    public static final int DONT_CACHE_CTL = 2;
    public static final int DONT_CACHE_ARL = 4;
    public static final int DONT_CACHE_CRL = 8;
    public static final int RANGE_FULL_PATH = 1;
    public static final int RANGE_USER_CERT_ONLY = 2;
    String a;
    Properties b;
    String c;
    int d;
    X509CertPath f;
    X509CRL g;
    X509CRL h;
    X509Certificate i;
    Object j;
    PKCS8PrivateKeyInfo k;
    String o;
    boolean p;
    boolean q;
    int e = 10000;
    int l = 7;
    int m = 1;
    X509ValidatorParameters n = new X509ValidatorParameters();

    public X509CertVerifier(Properties properties, String str) {
        this.q = false;
        this.b = properties;
        this.a = str;
        this.n.setExplicitPolicyRequired(true);
        this.p = false;
        this.q = c.a();
    }

    public X509CertVerifier(String str) {
        this.q = false;
        this.a = str;
        this.n.setExplicitPolicyRequired(true);
        this.p = false;
        this.q = c.a();
    }

    private boolean a() {
        try {
            Class.forName("com.dreamsecurity.jcaos.zzz.Zebra");
            return false;
        } catch (ClassNotFoundException e) {
            return true;
        }
    }

    public void verifyStrictly() {
        this.p = true;
    }

    public void setIPS(String[] strArr) {
        this.n.setInitialPolicies(strArr);
    }

    public void setCertType(String str) {
        this.c = str;
    }

    public void setTimeToVerify(Date date) {
        this.n.setDate(date);
    }

    public void setTrustedAnchors(ArrayList arrayList) {
        this.n.setTrustAnchors(arrayList);
    }

    public void dontUseCache(int i) {
        this.d = i;
    }

    public void setVerifyRange(int i) {
        this.m = i;
        if (a() && this.m != 1) {
            throw new IllegalArgumentException("Client module can set RANGE_FULL_PATH only.");
        }
    }

    public void setCaPubs(X509CertPath x509CertPath) {
        this.f = x509CertPath;
    }

    public void setCRL(X509CRL x509crl) {
        this.g = x509crl;
    }

    public void setARL(X509CRL x509crl) {
        this.h = x509crl;
    }

    public void setRevocationCheckMethod(int i) {
        this.l = i;
    }

    public void setOCSPRequesterCert(X509Certificate x509Certificate, PKCS8PrivateKeyInfo pKCS8PrivateKeyInfo) {
        this.i = x509Certificate;
        this.k = pKCS8PrivateKeyInfo;
    }

    public void setOCSPUrl(String str) {
        this.o = str;
    }

    public void setTimeOut(int i) {
        this.e = i;
    }

    public void setPolicyNone() {
        this.n.setExplicitPolicyRequired(false);
    }

    public void verify(X509Certificate x509Certificate) throws ObtainCertPathException, BuildCertPathException, TrustRootException, ValidateCertPathException, RevokedCertException, RevocationCheckException, CertificateNotYetValidException, CertificateExpiredException, IOException, ParseException {
        a(x509Certificate, false);
    }

    /* JADX WARN: Code restructure failed: missing block: B:108:0x0275, code lost:
    
        if (r0 != 0) goto L70;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x017e, code lost:
    
        if (r0 != 0) goto L39;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    void a(com.dreamsecurity.jcaos.x509.X509Certificate r9, boolean r10) throws com.dreamsecurity.jcaos.exception.ObtainCertPathException, com.dreamsecurity.jcaos.exception.BuildCertPathException, com.dreamsecurity.jcaos.exception.TrustRootException, com.dreamsecurity.jcaos.exception.ValidateCertPathException, com.dreamsecurity.jcaos.exception.RevokedCertException, com.dreamsecurity.jcaos.exception.RevocationCheckException, java.security.cert.CertificateNotYetValidException, java.security.cert.CertificateExpiredException, java.io.IOException, java.text.ParseException {
        /*
            Method dump skipped, instructions count: 1091
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.a(com.dreamsecurity.jcaos.x509.X509Certificate, boolean):void");
    }

    public Object getRevocationInfo() {
        return this.j;
    }

    public X509CertPath obtainCertPath(X509Certificate x509Certificate) throws ObtainCertPathException {
        return b(x509Certificate, false);
    }

    /* JADX WARN: Code restructure failed: missing block: B:40:0x010d, code lost:
    
        if (com.dreamsecurity.jcaos.x509.X509Certificate.c != 0) goto L38;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    com.dreamsecurity.jcaos.x509.X509CertPath b(com.dreamsecurity.jcaos.x509.X509Certificate r8, boolean r9) throws com.dreamsecurity.jcaos.exception.ObtainCertPathException {
        /*
            Method dump skipped, instructions count: 353
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.b(com.dreamsecurity.jcaos.x509.X509Certificate, boolean):com.dreamsecurity.jcaos.x509.X509CertPath");
    }

    X509CertPath a(String str) {
        try {
            return new X509CertPath(FileUtil.read(str));
        } catch (Exception e) {
            return null;
        }
    }

    X509CertPath a(X509Certificate x509Certificate) throws IOException, Exception, ParsingException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        String caIssuers;
        int i = X509Certificate.c;
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate2 = x509Certificate;
        X509InformationAccess authorityInformationAccess = x509Certificate2.getAuthorityInformationAccess();
        if (authorityInformationAccess == null || (caIssuers = authorityInformationAccess.getCaIssuers()) == null) {
            return null;
        }
        URLParser uRLParser = new URLParser(caIssuers);
        if (uRLParser.getProtocol() != 1) {
            return null;
        }
        LDAP ldap = new LDAP();
        ldap.setSearchTimeout(this.e);
        ldap.connect(uRLParser.getIP(), uRLParser.getPort());
        int i2 = 0;
        while (i2 < 5) {
            ldap.search(x509Certificate2.getIssuerDN().getName(), LDAP.ATTR_CA_CERT);
            ArrayList object = ldap.getObject();
            byte[] bArr = null;
            int i3 = 0;
            while (i3 < object.size()) {
                bArr = (byte[]) object.get(i3);
                if (bArr[0] == 48 && i == 0) {
                    break;
                }
                i3++;
                if (i != 0) {
                    break;
                }
            }
            x509Certificate2 = X509Certificate.getInstance(bArr);
            arrayList.add(x509Certificate2);
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN()) && x509Certificate2.verify(x509Certificate2.getPublicKey())) {
                z = true;
                if (i == 0) {
                    break;
                }
            }
            i2++;
            if (i != 0) {
                break;
            }
        }
        ldap.close();
        if (z) {
            return new X509CertPath(arrayList);
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0102  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x015c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    com.dreamsecurity.jcaos.x509.X509CertPath b(com.dreamsecurity.jcaos.x509.X509Certificate r9) throws com.dreamsecurity.jcaos.exception.ObtainCertPathException, java.io.IOException, com.dreamsecurity.jcaos.exception.ParsingException, java.lang.Exception, java.lang.NoSuchMethodException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException, java.security.SignatureException {
        /*
            Method dump skipped, instructions count: 357
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.b(com.dreamsecurity.jcaos.x509.X509Certificate):com.dreamsecurity.jcaos.x509.X509CertPath");
    }

    X509CertPath c(X509Certificate x509Certificate) throws Exception, ParsingException, IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, ObtainCertPathException, NoSuchMethodException {
        int i = X509Certificate.c;
        if (this.q) {
            c.a(c.g, getClass(), "verify", "", "getCaPubs by ca_env_info file.");
        }
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate2 = x509Certificate;
        int parseInt = Integer.parseInt(this.b.getProperty("ca.count"));
        int i2 = 0;
        boolean z = false;
        int i3 = 1;
        while (i3 < parseInt + 1) {
            if (i2 == 5) {
                throw new ObtainCertPathException("Can't collect ca certificates.");
            }
            String property = this.b.getProperty(new StringBuffer().append("ca").append(i3).append(".dn").toString());
            if (x509Certificate2.getIssuerDN().equals(property) || i != 0) {
                String property2 = this.b.getProperty(new StringBuffer().append("ca").append(i3).append(".directory").toString());
                x509Certificate2 = (X509Certificate) a(new StringBuffer().append(property2).append("/").append(property).toString(), LDAP.ATTR_CA_CERT);
                if (this.q) {
                    c.a(c.g, getClass(), "verify", "LDAP_URL", new StringBuffer().append(property2).append("/").append(property).append(LDAP.ATTR_CA_CERT).toString());
                }
                arrayList.add(x509Certificate2);
                if (d(x509Certificate2)) {
                    z = true;
                    if (i == 0) {
                        break;
                    }
                }
                i3 = 0;
                i2++;
            }
            i3++;
            if (i != 0) {
                break;
            }
        }
        return !z ? b(x509Certificate) : new X509CertPath(arrayList);
    }

    boolean d(X509Certificate x509Certificate) throws ParsingException, IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        return x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN()) && x509Certificate.verify(x509Certificate.getPublicKey());
    }

    Object a(String str, String str2) throws Exception, IOException, ParsingException, NoSuchMethodException {
        return a(str, str2, 0);
    }

    Object a(String str, String str2, int i) throws Exception, IOException, ParsingException, NoSuchMethodException {
        int i2 = X509Certificate.c;
        byte[] bArr = null;
        URLParser uRLParser = new URLParser(str);
        if (uRLParser.getProtocol() == 1) {
            LDAP ldap = new LDAP();
            ldap.setSearchTimeout(this.e);
            ldap.connect(uRLParser.getIP(), uRLParser.getPort());
            String attribute = uRLParser.getAttribute();
            if (attribute.length() == 0) {
                attribute = str2;
            }
            if (this.q) {
                c.a(c.g, getClass(), "verify", "", new StringBuffer().append("read CRL from ldap (").append(str).append("?").append(attribute).append(")").toString());
            }
            ldap.search(uRLParser.getURI(), attribute);
            ArrayList object = ldap.getObject();
            ldap.close();
            for (int i3 = 0; i3 < object.size(); i3++) {
                bArr = (byte[]) object.get(i3);
                if (bArr[0] == 48 && i3 == i && i2 == 0) {
                    break;
                }
            }
        } else if (uRLParser.getProtocol() == 0) {
            HTTP http = new HTTP("GET");
            http.connect(new URL(str));
            http.setRecvTimeout(this.e);
            bArr = http.recv();
            http.close();
        }
        if (str2.toLowerCase().equals(LDAP.ATTR_CA_CERT)) {
            return X509Certificate.getInstance(bArr);
        }
        if (str2.toLowerCase().equals(LDAP.ATTR_ARL) || str2.toLowerCase().equals(LDAP.ATTR_CRL)) {
            return X509CRL.getInstance(bArr);
        }
        if (str2.toLowerCase().equals(LDAP.ATTR_CTL)) {
            return SignedData.getInstance(bArr);
        }
        return null;
    }

    boolean e(X509Certificate x509Certificate) throws ParsingException, CTLException, Exception, ParseException, IOException, ParsingException, NoSuchAlgorithmException, NotExistSignerCertException, NoSuchProviderException, InvalidKeySpecException, InvalidKeyException, SignatureException, VerifyException, Exception {
        return a(x509Certificate, 0);
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x00a3, code lost:
    
        if (r0 != 0) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00d1, code lost:
    
        if (r0 != 0) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x011d, code lost:
    
        if (r0 != 0) goto L41;
     */
    /* JADX WARN: Removed duplicated region for block: B:37:0x01d3 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:39:? A[LOOP:0: B:2:0x0007->B:39:?, LOOP_END, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean a(com.dreamsecurity.jcaos.x509.X509Certificate r6, int r7) throws com.dreamsecurity.jcaos.exception.ParsingException, com.dreamsecurity.jcaos.exception.CTLException, java.lang.Exception, java.text.ParseException, java.io.IOException, com.dreamsecurity.jcaos.exception.ParsingException, java.security.NoSuchAlgorithmException, com.dreamsecurity.jcaos.exception.NotExistSignerCertException, java.security.NoSuchProviderException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.SignatureException, com.dreamsecurity.jcaos.exception.VerifyException, java.lang.Exception {
        /*
            Method dump skipped, instructions count: 469
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.a(com.dreamsecurity.jcaos.x509.X509Certificate, int):boolean");
    }

    /* JADX WARN: Code restructure failed: missing block: B:40:0x00b3, code lost:
    
        if (r0 != 0) goto L39;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean a(com.dreamsecurity.jcaos.x509.X509CertPath r7, boolean r8) throws java.io.IOException, com.dreamsecurity.jcaos.exception.ParsingException, java.lang.Exception, com.dreamsecurity.jcaos.exception.ValidateCRLException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.SignatureException, java.text.ParseException, java.security.cert.CRLException, java.lang.Exception {
        /*
            Method dump skipped, instructions count: 215
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.a(com.dreamsecurity.jcaos.x509.X509CertPath, boolean):boolean");
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x0191, code lost:
    
        if (r0 != 0) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x0113, code lost:
    
        if (r0 != 0) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x0064, code lost:
    
        if (r0 != 0) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean a(boolean r9, com.dreamsecurity.jcaos.x509.X509Certificate r10, com.dreamsecurity.jcaos.x509.X509Certificate r11) throws java.io.IOException, com.dreamsecurity.jcaos.exception.ParsingException, java.lang.Exception, com.dreamsecurity.jcaos.exception.ValidateCRLException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.SignatureException, java.text.ParseException, java.security.cert.CRLException, java.lang.Exception {
        /*
            Method dump skipped, instructions count: 605
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.a(boolean, com.dreamsecurity.jcaos.x509.X509Certificate, com.dreamsecurity.jcaos.x509.X509Certificate):boolean");
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0087, code lost:
    
        if (r0 != 0) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x01f2, code lost:
    
        if (r0 != 0) goto L54;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:42:0x01d5. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:52:0x0215 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:55:0x0222  */
    /* JADX WARN: Removed duplicated region for block: B:57:0x022c  */
    /* JADX WARN: Removed duplicated region for block: B:59:? A[LOOP:0: B:37:0x0191->B:59:?, LOOP_END, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean f(com.dreamsecurity.jcaos.x509.X509Certificate r8) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 566
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dreamsecurity.jcaos.x509.X509CertVerifier.f(com.dreamsecurity.jcaos.x509.X509Certificate):boolean");
    }

    X509Certificate a(OCSPResponse oCSPResponse) throws IOException, ParsingException {
        int i = X509Certificate.c;
        ArrayList certs = ((BasicOCSPResponse) oCSPResponse.getResponse()).getCerts();
        byte[] responderID_ByKey = ((BasicOCSPResponse) oCSPResponse.getResponse()).getResponderID_ByKey();
        X500Principal responderID_ByName = ((BasicOCSPResponse) oCSPResponse.getResponse()).getResponderID_ByName();
        int i2 = 0;
        while (i2 < certs.size()) {
            X509Certificate x509Certificate = (X509Certificate) certs.get(i2);
            if (responderID_ByKey != null) {
                if (ByteUtil.equals(x509Certificate.getSubjectKeyIdentifier(), responderID_ByKey)) {
                    return x509Certificate;
                }
            } else if (responderID_ByName.equals(x509Certificate.getSubjectDN())) {
                return x509Certificate;
            }
            i2++;
            if (i != 0) {
                return null;
            }
        }
        return null;
    }

    SignedData b(String str) {
        try {
            return SignedData.getInstance(FileUtil.read(str));
        } catch (Exception e) {
            return null;
        }
    }

    X509CRL c(String str) {
        try {
            return X509CRL.getInstance(FileUtil.read(str));
        } catch (Exception e) {
            return null;
        }
    }

    SignedData a(X500Principal x500Principal, int i) throws ParsingException, IOException, Exception, NoSuchMethodException {
        String str;
        String str2;
        String name = x500Principal.getName();
        if (name.toLowerCase().indexOf("ou=gpki") > 0) {
            str = "ldap://cen.dir.go.kr:389";
            str2 = name;
        } else {
            str = "ldap://ds.yessign.or.kr:389";
            str2 = "cn=KISA-CTL,ou=ROOTCA,o=KISA,c=KR";
        }
        return (SignedData) a(new StringBuffer().append(str).append("/").append(str2).toString(), LDAP.ATTR_CTL, i);
    }

    SignedData b(X500Principal x500Principal, int i) throws ParsingException, IOException, Exception, NoSuchMethodException {
        int i2 = X509Certificate.c;
        String str = null;
        String str2 = null;
        int parseInt = Integer.parseInt(this.b.getProperty("ca.count"));
        for (int i3 = 0; i3 < parseInt; i3++) {
            if (x500Principal.equals(this.b.getProperty(new StringBuffer().append("ca").append(i3 + 1).append(".dn").toString())) || i2 != 0) {
                str = this.b.getProperty(new StringBuffer().append("ca").append(i3 + 1).append(".ctl").toString());
                str2 = this.b.getProperty(new StringBuffer().append("ca").append(i3 + 1).append(".directory").toString());
                break;
            }
        }
        return (str == null || str.length() == 0) ? a(x500Principal, i) : (SignedData) a(new StringBuffer().append(str2).append("/").append(str).toString(), LDAP.ATTR_CTL, i);
    }

    String a(Exception exc) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter(byteArrayOutputStream);
        exc.printStackTrace(printWriter);
        printWriter.flush();
        return byteArrayOutputStream.toString();
    }
}
