package com.maverick.ssl;

import com.maverick.crypto.asn1.ASN1Sequence;
import com.maverick.crypto.asn1.DERInputStream;
import com.maverick.crypto.asn1.x509.CertificateException;
import com.maverick.crypto.asn1.x509.X509Certificate;
import com.maverick.crypto.asn1.x509.X509CertificateStructure;
import com.maverick.crypto.digests.MD5Digest;
import com.maverick.crypto.digests.SHA1Digest;
import com.maverick.crypto.publickey.Rsa;
import com.maverick.crypto.publickey.RsaPublicKey;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.text.MessageFormat;
import java.util.Hashtable;

/* loaded from: input_file:com/maverick/ssl/TrustedCACertStore.class */
public class TrustedCACertStore {
    static Hashtable temporarilyTrusted = new Hashtable();

    public boolean isTrustedCertificate(X509Certificate x509Certificate, boolean z, boolean z2) throws SSLException {
        try {
            if (!CertificateStore.getInstance().contains(x509Certificate.getIssuerDN().toString())) {
                try {
                    x509Certificate.checkValidity();
                    if (z2) {
                        return true;
                    }
                    if (CertificatePrompt.prompt == null) {
                        return false;
                    }
                    String str = new String(x509Certificate.getSignature());
                    if (!temporarilyTrusted.containsKey(str) && CertificatePrompt.prompt.untrusted(x509Certificate) == 2) {
                        return false;
                    }
                    temporarilyTrusted.put(str, x509Certificate);
                    return true;
                } catch (CertificateException e) {
                    if (z) {
                        return true;
                    }
                    if (CertificatePrompt.prompt == null) {
                        return false;
                    }
                    String str2 = new String(x509Certificate.getSignature());
                    if (!temporarilyTrusted.containsKey(str2) && CertificatePrompt.prompt.invalid(x509Certificate) == 2) {
                        return false;
                    }
                    temporarilyTrusted.put(str2, x509Certificate);
                    return true;
                }
            }
            X509Certificate x509Certificate2 = CertificateStore.getInstance().get(x509Certificate.getIssuerDN().toString());
            if (!(x509Certificate2.getPublicKey() instanceof RsaPublicKey)) {
                throw new SSLException(43, Messages.getString("TrustedCACertStore.unsupportedPublicKeyInX509Cert"));
            }
            if (!x509Certificate.getSigAlgName().equals("MD5WithRSAEncryption")) {
                if (!x509Certificate.getSigAlgName().equals("SHA1WithRSAEncryption")) {
                    throw new SSLException(43, MessageFormat.format(Messages.getString("TrustedCACertStore.signatureAlgorithmNotSupported"), x509Certificate.getSigAlgName()));
                }
                try {
                    byte[] signature = x509Certificate.getSignature();
                    if ((signature[0] & 128) == 128) {
                        signature = new byte[x509Certificate.getSignature().length + 1];
                        signature[0] = 0;
                        System.arraycopy(x509Certificate.getSignature(), 0, signature, 1, x509Certificate.getSignature().length);
                    }
                    BigInteger bigInteger = new BigInteger(signature);
                    RsaPublicKey publicKey = x509Certificate2.getPublicKey();
                    byte[] byteArray = Rsa.removePKCS1(Rsa.doPublic(bigInteger, publicKey.getModulus(), publicKey.getPublicExponent()), 1).toByteArray();
                    SHA1Digest sHA1Digest = new SHA1Digest();
                    sHA1Digest.update(x509Certificate.getTBSCertificate(), 0, x509Certificate.getTBSCertificate().length);
                    byte[] bArr = new byte[sHA1Digest.getDigestSize()];
                    sHA1Digest.doFinal(bArr, 0);
                    ASN1Sequence readObject = new DERInputStream(new ByteArrayInputStream(byteArray)).readObject();
                    readObject.getObjectAt(0).getObjectAt(0);
                    byte[] octets = readObject.getObjectAt(1).getOctets();
                    for (int i = 0; i < octets.length; i++) {
                        if (octets[i] != bArr[i]) {
                            return false;
                        }
                    }
                    x509Certificate2.checkValidity();
                    x509Certificate.checkValidity();
                    return true;
                } catch (IOException e2) {
                    throw new SSLException(997, e2.getMessage());
                }
            }
            try {
                byte[] signature2 = x509Certificate.getSignature();
                if ((signature2[0] & 128) == 128) {
                    signature2 = new byte[x509Certificate.getSignature().length + 1];
                    signature2[0] = 0;
                    System.arraycopy(x509Certificate.getSignature(), 0, signature2, 1, x509Certificate.getSignature().length);
                }
                BigInteger bigInteger2 = new BigInteger(signature2);
                RsaPublicKey publicKey2 = x509Certificate2.getPublicKey();
                byte[] byteArray2 = Rsa.removePKCS1(Rsa.doPublic(bigInteger2, publicKey2.getModulus(), publicKey2.getPublicExponent()), 1).toByteArray();
                MD5Digest mD5Digest = new MD5Digest();
                mD5Digest.update(x509Certificate.getTBSCertificate(), 0, x509Certificate.getTBSCertificate().length);
                byte[] bArr2 = new byte[mD5Digest.getDigestSize()];
                mD5Digest.doFinal(bArr2, 0);
                ASN1Sequence readObject2 = new DERInputStream(new ByteArrayInputStream(byteArray2)).readObject();
                readObject2.getObjectAt(0).getObjectAt(0);
                byte[] octets2 = readObject2.getObjectAt(1).getOctets();
                for (int i2 = 0; i2 < octets2.length; i2++) {
                    if (octets2[i2] != bArr2[i2]) {
                        return false;
                    }
                }
                try {
                    x509Certificate2.checkValidity();
                    x509Certificate.checkValidity();
                    return true;
                } catch (CertificateException e3) {
                    if (z) {
                        return true;
                    }
                    if (CertificatePrompt.prompt == null) {
                        return false;
                    }
                    String str3 = new String(x509Certificate.getSignature());
                    if (!temporarilyTrusted.containsKey(str3) && CertificatePrompt.prompt.invalid(x509Certificate) == 2) {
                        return false;
                    }
                    temporarilyTrusted.put(str3, x509Certificate);
                    return true;
                }
            } catch (IOException e4) {
                throw new SSLException(997, e4.getMessage());
            }
        } catch (CertificateException e5) {
            throw new SSLException(43, e5.getMessage());
        } catch (IOException e6) {
            e6.printStackTrace();
            throw new SSLException(43, Messages.getString("TrustedCACertStore.errorGettingCertFromTrustStore"));
        }
    }

    public static void main(String[] strArr) {
        new TrustedCACertStore();
        try {
            new X509Certificate(X509CertificateStructure.getInstance(new DERInputStream(new FileInputStream("c:\\exported.cer")).readObject()));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
