package by.avest.crypto.conscrypt;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: classes2.dex */
public class StaticCACertStore {
    private static CertStore singletonStore = null;
    private static AvCaCertStoreImportParams params = new AvCaCertStoreImportParams();

    public static synchronized StaticCACertStore getInstance() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        StaticCACertStore staticCACertStore;
        synchronized (StaticCACertStore.class) {
            if (singletonStore == null) {
                singletonStore = CertStore.getInstance("AvCA", params);
            }
            staticCACertStore = new StaticCACertStore();
        }
        return staticCACertStore;
    }

    private void verifyCRL(X509CRL x509crl, AtomicReference<KeyStore> atomicReference, Set<X509Certificate> set) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, CertStoreException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String principal = x509crl.getIssuerDN().toString();
        for (X509Certificate x509Certificate : set) {
            try {
            } catch (Exception e) {
                linkedHashMap.put(x509Certificate, e);
            }
            if (verifyCRL(x509crl, principal, x509Certificate)) {
                return;
            }
        }
        if (atomicReference.get() == null) {
            atomicReference.set(KeyStore.getInstance("AvRoot"));
            atomicReference.get().load(null, null);
        }
        Enumeration<String> aliases = atomicReference.get().aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate2 = null;
            try {
                x509Certificate2 = (X509Certificate) atomicReference.get().getCertificate(aliases.nextElement());
                if (x509Certificate2 != null && verifyCRL(x509crl, principal, x509Certificate2)) {
                    return;
                }
            } catch (Exception e2) {
                linkedHashMap.put(x509Certificate2, e2);
            }
        }
        if (linkedHashMap.isEmpty()) {
            throw new CertStoreException("Failed to verify CRL, issuer: " + x509crl.getIssuerDN() + ", thisUpdate: " + x509crl.getThisUpdate() + ", nextUpdate: " + x509crl.getNextUpdate() + ", no matched CA certs found");
        }
        CertStoreException certStoreException = new CertStoreException("Failed to verify CRL issuer: " + x509crl.getIssuerDN() + ", thisUpdate: " + x509crl.getThisUpdate() + ", nextUpdate: " + x509crl.getNextUpdate() + ", tried to match to " + linkedHashMap.size() + " CA certs, matched certs with errors follows as supressed");
        for (Map.Entry entry : linkedHashMap.entrySet()) {
            certStoreException.addSuppressed(new Exception(((X509Certificate) entry.getKey()).toString(), (Throwable) entry.getValue()));
        }
        throw certStoreException;
    }

    private boolean verifyCRL(X509CRL x509crl, String str, X509Certificate x509Certificate) throws InvalidKeyException, CRLException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        if (!x509Certificate.getSubjectDN().toString().equalsIgnoreCase(str)) {
            return false;
        }
        x509crl.verify(x509Certificate.getPublicKey());
        return true;
    }

    public CertStore getCertStore() {
        return singletonStore;
    }

    public boolean importCRL(X509CRL x509crl) throws CertStoreException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (singletonStore == null || x509crl == null) {
            return false;
        }
        Date date = new Date();
        if (x509crl.getThisUpdate().after(date)) {
            throw new CertStoreException("crl is not yet active");
        }
        Date nextUpdate = x509crl.getNextUpdate();
        if (nextUpdate != null && nextUpdate.before(date)) {
            throw new CertStoreException("crl is already expired");
        }
        CertStoreImport impl = params.getImpl();
        if (impl == null) {
            return false;
        }
        verifyCRL(x509crl, new AtomicReference<>(null), (Set<X509Certificate>) singletonStore.getCertificates(null));
        CertStoreEntryHandle<X509CRL> findOldCRL = impl.findOldCRL(x509crl);
        if (findOldCRL == null) {
            findOldCRL = impl.createCRLHandle(x509crl);
        } else {
            if (!findOldCRL.get().getThisUpdate().before(x509crl.getThisUpdate())) {
                return false;
            }
            findOldCRL.set(x509crl);
        }
        return impl.importCRL(findOldCRL);
    }

    public void precheckCRL() {
        if (singletonStore == null) {
            return;
        }
        try {
            AtomicReference<KeyStore> atomicReference = new AtomicReference<>(null);
            Set<X509Certificate> set = (Set) singletonStore.getCertificates(null);
            for (CRL crl : singletonStore.getCRLs(null)) {
                if (crl instanceof X509CRL) {
                    try {
                        verifyCRL((X509CRL) crl, atomicReference, set);
                    } catch (Exception e) {
                        System.err.println("CLR precheck failure");
                        e.printStackTrace();
                    }
                }
            }
        } catch (Exception e2) {
            System.err.println("CLR precheck failure");
            e2.printStackTrace();
        }
    }
}
