package pl.mobileexperts.smimelib.crypto.cert;

import java.io.IOException;
import java.math.BigInteger;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import lib.javame.b.t;
import lib.javame.b.z;
import lib.org.bouncycastle.asn1.bd;
import lib.org.bouncycastle.asn1.bh;
import lib.org.bouncycastle.cert.CertException;
import lib.org.bouncycastle.cert.validation.PKIXNameConstraintValidatorException;
import lib.org.bouncycastle.crypto.h.u;
import lib.org.bouncycastle.operator.OperatorCreationException;
import org.xbill.DNS.KEYRecord;
import pl.mobileexperts.securephone.android.MLog;

/* loaded from: classes.dex */
public final class h {
    private static final z h = new t();
    private final lib.org.bouncycastle.cert.b[] a;
    private Date b;
    private pl.mobileexperts.smimelib.crypto.l c;
    private Collection<lib.org.bouncycastle.cert.b> d;
    private pl.mobileexperts.smimelib.crypto.certbase.b e;
    private boolean f;
    private boolean g;

    static {
        h.b(lib.org.bouncycastle.asn1.e.b.F);
        h.b(lib.org.bouncycastle.asn1.e.b.G);
        h.b(lib.org.bouncycastle.asn1.e.b.H);
    }

    public h(lib.org.bouncycastle.cert.b[] bVarArr) {
        if (bVarArr == null) {
            throw new NullPointerException();
        }
        if (bVarArr.length == 0) {
            throw new IllegalArgumentException();
        }
        this.a = bVarArr;
        this.b = new Date();
        this.c = pl.mobileexperts.smimelib.a.h();
        this.e = null;
        this.f = false;
        this.g = false;
    }

    private long b() {
        long j;
        lib.org.bouncycastle.cert.b bVar = this.a[this.a.length - 1];
        if (bVar.c(true)) {
            j = 0;
        } else {
            if (MLog.e) {
                MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" is not a root certificate").toString());
            }
            j = 0 | 1;
        }
        if (this.c.a(new pl.mobileexperts.contrib.bc.d.d(bVar)).b() != 0) {
            return j;
        }
        if (MLog.e) {
            MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" is not a trusted certificate (not found in root cert store)").toString());
        }
        if (this.d != null) {
            Iterator<lib.org.bouncycastle.cert.b> it = this.d.iterator();
            while (it.hasNext()) {
                if (it.next().equals(bVar)) {
                    return j;
                }
            }
        }
        return j | 8;
    }

    private long c() {
        long j = 0;
        lib.org.bouncycastle.operator.f fVar = new lib.org.bouncycastle.operator.f();
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= this.a.length) {
                return j;
            }
            lib.org.bouncycastle.cert.b bVar = this.a[i2];
            lib.org.bouncycastle.cert.b bVar2 = this.a[Math.min(i2 + 1, this.a.length - 1)];
            lib.org.bouncycastle.asn1.j.a k = bVar.k();
            lib.org.bouncycastle.asn1.j.a a = fVar.a(k);
            if (a.e() == null) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" uses unsupported signature algorithm ").append(k).toString());
                }
                j |= 4;
            } else {
                if (h.a(a)) {
                    j |= 64;
                }
                try {
                    if (bVar.a(new lib.org.bouncycastle.operator.a.k(new lib.org.bouncycastle.operator.f()).a(bVar2))) {
                        try {
                            lib.org.bouncycastle.crypto.h.a a2 = lib.org.bouncycastle.crypto.k.c.a(bVar.i());
                            if (a2 instanceof u) {
                                int bitLength = ((u) a2).b().bitLength();
                                if (bitLength < 1024) {
                                    if (MLog.e) {
                                        MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" uses weak RSA key of bit length ").append(bitLength).append(" which is less than our nonweak key limit ").append(KEYRecord.Flags.FLAG5).toString());
                                    }
                                    j |= 32;
                                }
                            } else if (a2 instanceof lib.org.bouncycastle.crypto.h.l) {
                                int bitLength2 = ((lib.org.bouncycastle.crypto.h.l) a2).b().a().bitLength();
                                if (bitLength2 < 1024) {
                                    if (MLog.e) {
                                        MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" uses weak DSA key of bit length ").append(bitLength2).append(" which is less than our nonweak key limit ").append(KEYRecord.Flags.FLAG5).toString());
                                    }
                                    j |= 32;
                                }
                            } else if (a2 instanceof lib.org.bouncycastle.crypto.h.p) {
                                int bitLength3 = ((lib.org.bouncycastle.crypto.h.p) a2).b().c().bitLength();
                                if (bitLength3 < 160) {
                                    if (MLog.e) {
                                        MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" uses weak EC key of bit length ").append(bitLength3).append(" which is less than our nonweak key limit ").append(160).toString());
                                    }
                                    j |= 32;
                                }
                            } else {
                                pl.mobileexperts.smimelib.a.e().c("Don't know how to determine weakness of public key " + a2 + " of class " + a2.getClass().getName());
                            }
                        } catch (IOException e) {
                            j |= 4;
                        }
                    } else {
                        if (MLog.e) {
                            MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(bVar).append(" uses unsupported signature algorithm ").append(k).toString());
                        }
                        j |= 2;
                    }
                } catch (CertException e2) {
                    j |= 4;
                } catch (OperatorCreationException e3) {
                    j |= 4;
                }
            }
            i = i2 + 1;
        }
    }

    private long d() {
        for (int i = 0; i < this.a.length; i++) {
            if (!this.a[i].a(this.b)) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), new StringBuffer().append("Certificate ").append(this.a[i]).append(" invalid on ").append(this.b).append(" (valid from ").append(this.a[i].g()).append(" until ").append(this.a[i].h()).toString());
                }
                return 256 | 0;
            }
        }
        return 0L;
    }

    private long e() {
        if (this.e == null) {
            return 512L;
        }
        return this.e.a(this.a, this.f, this.g);
    }

    private long f() {
        lib.org.bouncycastle.asn1.i.c e = this.a[0].e();
        for (int i = 1; i < this.a.length; i++) {
            if (!this.a[i].f().equals(e)) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), new StringBuffer().append("Issuer for ").append(this.a[i - 1]).append(" (=").append(e).append(") differs from subject ").append(this.a[i].f()).append(" for cert ").append(this.a[i]).toString());
                }
                return 16 | 0;
            }
            e = this.a[i].e();
        }
        return 0L;
    }

    private long g() {
        int intValue;
        int length = this.a.length;
        int i = length;
        for (int length2 = this.a.length - 1; length2 >= 0; length2--) {
            lib.org.bouncycastle.cert.b bVar = this.a[length2];
            if (!bVar.n()) {
                if (i < 0) {
                    if (MLog.e) {
                        MLog.b(MLog.a(this), new StringBuffer().append("Max path len constraint invalidated on certificate ").append(bVar).append(" at index ").append(length2).toString());
                    }
                    return 16 | 0;
                }
                i--;
            }
            lib.org.bouncycastle.asn1.j.c a = lib.org.bouncycastle.asn1.j.c.a(bVar.a(lib.org.bouncycastle.asn1.j.q.g));
            BigInteger f = a == null ? null : a.f();
            if (f != null && (intValue = f.intValue()) < i) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), new StringBuffer().append("Found path len constraint in certificate ").append(bVar).append(" equal ").append(intValue).append(", less than current MPL ").append(i).append(" - decreasing current MPL").toString());
                }
                i = intValue;
            }
        }
        return 0L;
    }

    private long h() {
        for (int i = 1; i < this.a.length; i++) {
            lib.org.bouncycastle.asn1.j.q a = this.a[i].a(lib.org.bouncycastle.asn1.j.q.c);
            if (a != null && (lib.org.bouncycastle.asn1.j.i.b(a).g() & 4) != 4) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), "No keyCertSign in keyUsage extension in certificate " + this.a[i]);
                }
                return 16 | 0;
            }
        }
        return 0L;
    }

    private long i() {
        long j = 0;
        lib.org.bouncycastle.cert.validation.a aVar = new lib.org.bouncycastle.cert.validation.a();
        for (int length = this.a.length - 1; length >= 0; length--) {
            lib.org.bouncycastle.cert.b bVar = this.a[length];
            if (!bVar.n()) {
                lib.org.bouncycastle.asn1.p pVar = (lib.org.bouncycastle.asn1.p) bVar.f().c();
                try {
                    aVar.a(pVar);
                    aVar.b(pVar);
                    lib.org.bouncycastle.asn1.p pVar2 = null;
                    try {
                        lib.org.bouncycastle.asn1.j.q a = bVar.a(lib.org.bouncycastle.asn1.j.q.e);
                        if (a != null) {
                            pVar2 = bh.a((Object) ((bd) a.b().d()).f());
                            lib.org.bouncycastle.asn1.j.f[] e = lib.org.bouncycastle.asn1.j.g.a(pVar2).e();
                            for (int i = 0; i < e.length; i++) {
                                if (MLog.e) {
                                    MLog.b(MLog.a(this), "general name " + i + ": " + e[i].toString());
                                }
                            }
                        }
                        if (pVar2 != null) {
                            for (int i2 = 0; i2 < pVar2.f(); i2++) {
                                lib.org.bouncycastle.asn1.j.f a2 = lib.org.bouncycastle.asn1.j.f.a(pVar2.a(i2));
                                try {
                                    aVar.a(a2);
                                    aVar.b(a2);
                                } catch (PKIXNameConstraintValidatorException e2) {
                                    if (MLog.e) {
                                        MLog.b(MLog.a(this), new StringBuffer().append("subjectAltName ").append(a2).append(" was not permitted or excluded by ").append(aVar).append(": ").append(e2.getMessage()).toString());
                                    }
                                    j = 16 | j;
                                }
                            }
                        }
                    } catch (Exception e3) {
                        if (MLog.e) {
                            MLog.b(MLog.a(this), new StringBuffer().append("Exception ").append(e3).append(" when extracting subjectAlternativeName from ").append(bVar).toString());
                        }
                        return j | 16;
                    }
                } catch (PKIXNameConstraintValidatorException e4) {
                    if (MLog.e) {
                        MLog.b(MLog.a(this), new StringBuffer().append("subject ").append(pVar).append(" was not permitted or excluded by ").append(aVar).append(": ").append(e4.getMessage()).toString());
                    }
                    return j | 16;
                }
            }
            try {
                lib.org.bouncycastle.asn1.j.q a3 = bVar.a(lib.org.bouncycastle.asn1.j.q.o);
                lib.org.bouncycastle.asn1.p pVar3 = a3 != null ? (lib.org.bouncycastle.asn1.p) a3.c() : null;
                if (pVar3 != null) {
                    lib.org.bouncycastle.asn1.j.j jVar = new lib.org.bouncycastle.asn1.j.j(pVar3);
                    lib.org.bouncycastle.asn1.p e5 = jVar.e();
                    if (e5 != null) {
                        aVar.c(e5);
                    }
                    lib.org.bouncycastle.asn1.p f = jVar.f();
                    if (f != null) {
                        Enumeration e6 = f.e();
                        while (e6.hasMoreElements()) {
                            aVar.a(lib.org.bouncycastle.asn1.j.h.a(e6.nextElement()));
                        }
                    }
                }
            } catch (Exception e7) {
                if (MLog.e) {
                    MLog.b(MLog.a(this), new StringBuffer().append("Exception ").append(e7).append(" when extracting nameConstraints from ").append(bVar).toString());
                }
                return j | 16;
            }
        }
        return j;
    }

    public long a() {
        return 0 | b() | c() | d() | e() | f() | g() | h() | i();
    }

    public h a(Collection<lib.org.bouncycastle.cert.b> collection) {
        this.d = collection;
        return this;
    }

    public h a(Date date) {
        this.b = date;
        return this;
    }

    public h a(pl.mobileexperts.smimelib.crypto.certbase.b bVar) {
        this.e = bVar;
        return this;
    }

    public h a(pl.mobileexperts.smimelib.crypto.l lVar) {
        this.c = lVar;
        return this;
    }

    public h a(boolean z) {
        this.g = z;
        return this;
    }

    public h b(boolean z) {
        this.f = z;
        return this;
    }
}
