package com.initech.cpv.manager.impl;

import com.initech.asn1.ASN1Exception;
import com.initech.core.INISAFECore;
import com.initech.cpv.crl.CRLChecker;
import com.initech.cpv.exception.CRLException;
import com.initech.cpv.exception.UndeterminedCertStatusException;
import com.initech.cpv.manager.CertStatusManagerParameters;
import com.initech.cpv.manager.CertStatusManagerSpi;
import com.initech.cpv.util.Debug;
import com.initech.x509.extensions.BasicConstraints;
import com.initech.x509.extensions.CRLDistPoints;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public class CRLCertStatusManager extends CertStatusManagerSpi {
    private CRLCertStatusManagerParameters a;
    private boolean b;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public CRLCertStatusManager(CertStatusManagerParameters certStatusManagerParameters) throws InvalidAlgorithmParameterException {
        super(certStatusManagerParameters);
        this.b = false;
        if (!(certStatusManagerParameters instanceof CRLCertStatusManagerParameters)) {
            throw new InvalidAlgorithmParameterException("Parameters must be CRLCertStatusCheckerParameters.");
        }
        this.a = (CRLCertStatusManagerParameters) certStatusManagerParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.cpv.manager.CertStatusManagerSpi
    public boolean engineIsUsable() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.cpv.manager.CertStatusManagerSpi
    public boolean engineIsValid() throws UndeterminedCertStatusException {
        BasicConstraints basicConstraints;
        BasicConstraints basicConstraints2;
        CRLDistPoints cRLDistPoints = null;
        byte[] extensionValue = this.cert.getExtensionValue("2.5.29.19");
        if (extensionValue != null) {
            try {
                basicConstraints2 = new BasicConstraints(extensionValue);
            } catch (ASN1Exception e) {
                Debug.handleException(e);
                basicConstraints = null;
            }
        } else {
            basicConstraints2 = null;
        }
        basicConstraints = basicConstraints2;
        if (basicConstraints == null && !this.a.isIgnoreOldVersionCert()) {
            INISAFECore.CoreLogger(1, "X.509 인증서 확장 필드에 BasicConstraints 가 존재하지 않습니다.(버전 3 보다 낮은 버전의 인증서는 CRL 을 지원하지 않습니다");
            throw new UndeterminedCertStatusException("there is not BasicConstraints in extension field of X509 certificate (certificate under version 3 does not support CRL)");
        }
        byte[] extensionValue2 = this.cert.getExtensionValue("2.5.29.31");
        if (extensionValue2 != null) {
            try {
                cRLDistPoints = new CRLDistPoints(extensionValue2);
            } catch (ASN1Exception e2) {
                Debug.handleException(e2);
            }
        }
        if (cRLDistPoints == null && !this.a.isIgnoreOldVersionCert()) {
            INISAFECore.CoreLogger(1, "X.509 인증서 확장 필드에 CRLDistributionPoint 가 존재하지 않습니다.(버전 3 보다 낮은 버전의 인증서는 CRL 을 지원하지 않습니다.");
            throw new UndeterminedCertStatusException("there is not CRLDistributionPoint in extension field of X509 certificate. (certificate under version 3 does not support CRL)");
        }
        int version = this.cert.getVersion();
        if (this.a.isIgnoreOldVersionCert() && ((version == 1 || version == 2) && !this.a.isUseUserDefinedCRL())) {
            return true;
        }
        if (basicConstraints != null && this.a.isIgnoreCACert() && basicConstraints.isCA()) {
            return true;
        }
        if (this.cert.getIssuerDN().toString().equals(this.cert.getSubjectDN().toString())) {
            if (this.b) {
                System.out.println("Root Ca인증서 : [ " + this.cert + " ]");
            }
            return true;
        }
        CRLChecker cRLChecker = new CRLChecker(this.cert, this.a.getCrlIssuerManager(), this.a.isVerifyCRL(), this.a.isUseDeltaCRL());
        if (this.a.isUseUserDefinedCRL()) {
            cRLChecker.setUserCRLs(this.a.getUserDefinedCompleteCRLs());
            cRLChecker.setUserDeltaCRLs(this.a.getUserDefinedDeltaCRLs());
        }
        try {
            if (cRLChecker == null) {
                INISAFECore.CoreLogger(1, "an error occurred during making object of CRLChecker");
                throw new UndeterminedCertStatusException("CRLCheck 객체 생성 중 에러가 발생했습니다.");
            }
            int certStatus = cRLChecker.getCertStatus();
            if (certStatus == -1) {
                return true;
            }
            if (certStatus != -1 && certStatus != 255) {
                return false;
            }
            INISAFECore.CoreLogger(1, "인증서의 상태를 검증할 수 없습니다. 네트워크 상태를 점검하세요.");
            throw new UndeterminedCertStatusException("cannot verify certificate status, check network state.");
        } catch (CRLException e3) {
            Debug.handleException(e3);
            throw new UndeterminedCertStatusException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.initech.cpv.manager.CertStatusManagerSpi
    public boolean engineIsValid(X509Certificate x509Certificate) throws UndeterminedCertStatusException {
        BasicConstraints basicConstraints;
        BasicConstraints basicConstraints2;
        CRLDistPoints cRLDistPoints = null;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
        if (extensionValue != null) {
            try {
                basicConstraints2 = new BasicConstraints(extensionValue);
            } catch (ASN1Exception e) {
                Debug.handleException(e);
                basicConstraints = null;
            }
        } else {
            basicConstraints2 = null;
        }
        basicConstraints = basicConstraints2;
        if (basicConstraints == null && !this.a.isIgnoreOldVersionCert()) {
            throw new UndeterminedCertStatusException("Certificate does not have BasicConstraints extension.(Maybe old version certificate.)");
        }
        byte[] extensionValue2 = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue2 != null) {
            try {
                cRLDistPoints = new CRLDistPoints(extensionValue2);
            } catch (ASN1Exception e2) {
                Debug.handleException(e2);
            }
        }
        if (cRLDistPoints == null && !this.a.isIgnoreOldVersionCert()) {
            throw new UndeterminedCertStatusException("Certificate does not have CRLDistributionPoint extension.(Maybe old version certificate.)");
        }
        int version = x509Certificate.getVersion();
        if (this.a.isIgnoreOldVersionCert() && ((version == 1 || version == 2) && !this.a.isUseUserDefinedCRL())) {
            return true;
        }
        if (basicConstraints != null && this.a.isIgnoreCACert() && basicConstraints.isCA()) {
            if (this.b) {
                System.out.println("ROOT CA 인증서 : [" + x509Certificate + "]");
            }
            return true;
        }
        if (x509Certificate.getIssuerDN().toString().equals(x509Certificate.getSubjectDN().toString())) {
            if (this.b) {
                System.out.println("ROOT CA 인증서 : [" + x509Certificate + "]");
            }
            return true;
        }
        CRLChecker cRLChecker = new CRLChecker(x509Certificate, this.a.getCrlIssuerManager(), this.a.isVerifyCRL(), this.a.isUseDeltaCRL());
        if (this.a.isUseUserDefinedCRL()) {
            cRLChecker.setUserCRLs(this.a.getUserDefinedCompleteCRLs());
            cRLChecker.setUserDeltaCRLs(this.a.getUserDefinedDeltaCRLs());
        }
        try {
            if (cRLChecker == null) {
                throw new UndeterminedCertStatusException("an error occurred during making object of CRLChecker.");
            }
            int certStatus = cRLChecker.getCertStatus();
            if (certStatus == -1) {
                return true;
            }
            if (certStatus == -1 || certStatus == 255) {
                throw new UndeterminedCertStatusException("Certificate status cannot be checked.");
            }
            return false;
        } catch (CRLException e3) {
            Debug.handleException(e3);
            throw new UndeterminedCertStatusException(e3);
        }
    }
}
