package com.huawei.inverterapp.solar.utils.o0;

import android.annotation.TargetApi;
import com.huawei.networkenergy.appplatform.common.log.Log;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.Security;
import java.security.cert.CRLReason;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSProcessableFile;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenInfo;
import org.bouncycastle.util.CollectionStore;

/* compiled from: TbsSdkJava */
/* loaded from: classes2.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f8559a = Logger.getLogger(a.class.getName());

    /* renamed from: b, reason: collision with root package name */
    private String f8560b;

    /* renamed from: c, reason: collision with root package name */
    private String f8561c;

    /* renamed from: d, reason: collision with root package name */
    private List<String> f8562d = new ArrayList();

    /* renamed from: e, reason: collision with root package name */
    private List<byte[]> f8563e = new ArrayList();

    /* renamed from: f, reason: collision with root package name */
    private List<String> f8564f = new ArrayList();
    private List<byte[]> g = new ArrayList();
    private boolean h = true;
    private Map<BigInteger, X509Certificate> i = new HashMap();
    private Map<X500Principal, X509CRL> j = new HashMap();
    private Set<TrustAnchor> k = new HashSet();

    public a() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public a(String str, String str2, String[] strArr, String[] strArr2) {
        Security.addProvider(new BouncyCastleProvider());
        this.f8560b = str;
        this.f8561c = str2;
        if (strArr != null) {
            this.f8562d.addAll(Arrays.asList(strArr));
        }
        if (strArr2 != null) {
            this.f8564f.addAll(Arrays.asList(strArr2));
        }
    }

    private PKIXCertPathBuilderResult a(CollectionStore collectionStore, X509Certificate x509Certificate, Date date, String str) {
        b.a().b(x509Certificate);
        b.a().a(x509Certificate, 0);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        Iterator it = collectionStore.iterator();
        while (it.hasNext()) {
            X509Certificate a2 = b.a().a((X509CertificateHolder) it.next());
            if (!b.a().c(a2)) {
                a(a2);
            }
        }
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.k, x509CertSelector);
        ArrayList a3 = a();
        pKIXBuilderParameters.setMaxPathLength(a3.size());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a3), BouncyCastleProvider.PROVIDER_NAME));
        pKIXBuilderParameters.addCertPathChecker(new c(str));
        pKIXBuilderParameters.setRevocationEnabled(this.h);
        if (date != null) {
            pKIXBuilderParameters.setDate(date);
        }
        return (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
    }

    private ArrayList a() {
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<BigInteger, X509Certificate>> it = this.i.entrySet().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getValue());
        }
        Iterator<Map.Entry<X500Principal, X509CRL>> it2 = this.j.entrySet().iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getValue());
        }
        return arrayList;
    }

    private Date a(CMSTypedData cMSTypedData, TimeStampToken timeStampToken) {
        CollectionStore collectionStore = (CollectionStore) timeStampToken.getCertificates();
        TimeStampTokenInfo timeStampInfo = timeStampToken.getTimeStampInfo();
        b.a().a(timeStampInfo.getHashAlgorithm().getAlgorithm().getId());
        X509CertificateHolder a2 = a(collectionStore, timeStampToken.getSID());
        Date genTime = timeStampInfo.getGenTime();
        PKIXCertPathBuilderResult a3 = a(collectionStore, b.a().a(a2), genTime, "1.3.6.1.5.5.7.3.8");
        if (this.h) {
            a(a3);
        }
        SignerInformationVerifier b2 = b.a().b(a2);
        timeStampToken.validate(b2);
        a(b2, cMSTypedData, timeStampToken);
        return genTime;
    }

    private X509CertificateHolder a(CollectionStore collectionStore, SignerId signerId) {
        Iterator it = collectionStore.getMatches(signerId).iterator();
        return it.hasNext() ? (X509CertificateHolder) it.next() : new X509CertificateHolder(this.i.get(signerId.getSerialNumber()).getEncoded());
    }

    private SignerInformationVerifier a(SignerInformation signerInformation, CMSSignedData cMSSignedData) {
        ASN1Set attrValues;
        ASN1Encodable objectAt;
        b.a().a(signerInformation.getDigestAlgOID());
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        Date a2 = (unsignedAttributes == null || (attrValues = unsignedAttributes.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken).getAttrValues()) == null || (objectAt = attrValues.getObjectAt(0)) == null) ? null : a(new CMSProcessableByteArray(signerInformation.getSignature()), new TimeStampToken(new CMSSignedData(objectAt.toASN1Primitive().getEncoded())));
        if (a2 == null) {
            throw new AnnotatedException("CMS signature does not have time stamp.");
        }
        CollectionStore collectionStore = (CollectionStore) cMSSignedData.getCertificates();
        X509CertificateHolder a3 = a(collectionStore, signerInformation.getSID());
        a(collectionStore, b.a().a(a3), a2, "1.3.6.1.5.5.7.3.3");
        return b.a().b(a3);
    }

    @TargetApi(24)
    private void a(PKIXCertPathBuilderResult pKIXCertPathBuilderResult) {
        X509CRLEntry revokedCertificate;
        CRLReason revocationReason;
        Iterator<? extends Certificate> it = pKIXCertPathBuilderResult.getCertPath().getCertificates().iterator();
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            X509CRL b2 = b(x509Certificate);
            if (b2 != null && (revokedCertificate = b2.getRevokedCertificate(x509Certificate)) != null && (revocationReason = revokedCertificate.getRevocationReason()) != CRLReason.AFFILIATION_CHANGED && revocationReason != CRLReason.SUPERSEDED && revocationReason != CRLReason.CESSATION_OF_OPERATION) {
                throw new AnnotatedException("Certificate has revoked。");
            }
        }
    }

    private void a(X509CRL x509crl) {
        X500Principal issuerX500Principal = x509crl.getIssuerX500Principal();
        if (!this.j.containsKey(issuerX500Principal)) {
            this.j.put(x509crl.getIssuerX500Principal(), x509crl);
            return;
        }
        if (x509crl.getThisUpdate().after(this.j.get(issuerX500Principal).getThisUpdate())) {
            this.j.remove(issuerX500Principal);
            this.j.put(issuerX500Principal, x509crl);
        }
    }

    private void a(X509Certificate x509Certificate) {
        b.a().a(x509Certificate.getSigAlgOID());
        b.a().b(x509Certificate);
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (this.i.containsKey(serialNumber)) {
            if (!this.i.get(serialNumber).equals(x509Certificate)) {
                throw new AnnotatedException("Certificates has conflict.");
            }
            return;
        }
        this.i.put(serialNumber, x509Certificate);
        if (b.a().c(x509Certificate)) {
            b.a().a(x509Certificate, 5);
            b.a().a(x509Certificate);
            this.k.add(new TrustAnchor(x509Certificate, null));
        }
    }

    private void a(SignerInformationVerifier signerInformationVerifier, CMSTypedData cMSTypedData, TimeStampToken timeStampToken) {
        byte[] bArr;
        DigestCalculator digestCalculator;
        OutputStream outputStream;
        if (cMSTypedData == null || (outputStream = (digestCalculator = signerInformationVerifier.getDigestCalculator(timeStampToken.getTimeStampInfo().getHashAlgorithm())).getOutputStream()) == null) {
            bArr = null;
        } else {
            try {
                cMSTypedData.write(outputStream);
                bArr = digestCalculator.getDigest();
            } finally {
                try {
                    outputStream.close();
                } catch (IOException unused) {
                    f8559a.log(Level.WARNING, "Close output stream failed.");
                }
            }
        }
        if (bArr == null || !org.bouncycastle.util.Arrays.constantTimeAreEqual(bArr, timeStampToken.getTimeStampInfo().getMessageImprintDigest())) {
            throw new AnnotatedException("MessageImprint digest value does not match calculated value.");
        }
    }

    private X509CRL b(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        Iterator<Map.Entry<X500Principal, X509CRL>> it = this.j.entrySet().iterator();
        while (it.hasNext()) {
            X509CRL value = it.next().getValue();
            if (value.getRevokedCertificate(x509Certificate) != null) {
                return value;
            }
        }
        return null;
    }

    private void b() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it = this.f8564f.iterator();
        while (it.hasNext()) {
            b.a().a(it.next(), arrayList, arrayList2);
        }
        Iterator<byte[]> it2 = this.g.iterator();
        while (it2.hasNext()) {
            b.a().a(it2.next(), arrayList, arrayList2);
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            a((X509CRL) it3.next());
        }
        Iterator it4 = arrayList2.iterator();
        while (it4.hasNext()) {
            a((X509Certificate) it4.next());
        }
    }

    private void c() {
        Iterator<String> it = this.f8562d.iterator();
        while (it.hasNext()) {
            a(b.a().b(it.next()));
        }
        Iterator<byte[]> it2 = this.f8563e.iterator();
        while (it2.hasNext()) {
            a(b.a().b(it2.next()));
        }
    }

    public void a(boolean z) {
        this.h = z;
    }

    public boolean d() {
        this.i.clear();
        this.j.clear();
        this.k.clear();
        try {
            byte[] c2 = b.a().c(this.f8560b);
            if (c2 == null) {
                c2 = b.a().d(this.f8560b);
            }
            try {
                c();
                if (this.h) {
                    try {
                        b();
                    } catch (IOException unused) {
                        throw new AnnotatedException("Read CRL files fail.");
                    }
                }
                CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableFile(new File(this.f8561c)), c2);
                Iterator<SignerInformation> it = cMSSignedData.getSignerInfos().iterator();
                if (!it.hasNext()) {
                    throw new AnnotatedException("CMS signature does not have signer information.");
                }
                SignerInformation next = it.next();
                return next.verify(a(next, cMSSignedData));
            } catch (IOException unused2) {
                throw new AnnotatedException("Read certificate files fail.");
            }
        } catch (IOException e2) {
            Log.debug("ver", "Exception :" + e2.toString());
            throw new AnnotatedException("Read signature file fail.");
        }
    }
}
