package com.gpki.gpkiapi.cert;

import com.gpki.gpkiapi.crypto.PrivateKey;
import com.gpki.gpkiapi.exception.GpkiApiException;
import com.gpki.gpkiapi_jni;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.SimpleTimeZone;

/* loaded from: input_file:com/gpki/gpkiapi/cert/CertPathValidator.class */
public class CertPathValidator {
    public static final int CERT_SIGN = 1;
    public static final int CERT_KM = 2;
    public static final int CERT_OCSP = 3;
    public static final int CERT_TSA = 4;
    public static final int CERT_VERIFY_FULL_PATH = 1;
    public static final int CERT_VERIFY_ROOT2CA = 2;
    public static final int CERT_VERIFY_ONLY_USER = 4;
    public static final int CERT_VERIFY_STRICTLY = 8;
    public static final int REVOKE_CHECK_NONE = 0;
    public static final int REVOKE_CHECK_ARL = 1;
    public static final int REVOKE_CHECK_CRL = 2;
    public static final int REVOKE_CHECK_OCSP = 4;
    public static final int REVOKE_CHECK_ALL = 7;
    int verifyRange;
    int revokationCheck;
    boolean useCache;
    byte[] myCert;
    byte[] myPriKey;
    String confFilePath;
    byte[] ocspSvrCert;
    gpkiapi_jni gpkiapi;
    String passwd = "";
    String ips = "";
    String validTime = "";

    public CertPathValidator(String str) throws GpkiApiException {
        this.confFilePath = "";
        if (str == null || str.length() == 0) {
            throw new GpkiApiException("The confFilePath is empty. You must input a value for it.");
        }
        this.gpkiapi = new gpkiapi_jni();
        this.confFilePath = str;
        this.verifyRange = gpkiapi_jni.CERT_VERIFY_FULL_PATH;
        this.revokationCheck = gpkiapi_jni.CERT_REV_CHECK_ALL;
        this.useCache = true;
    }

    public CertPathValidator(String str, int i, int i2, boolean z) throws GpkiApiException {
        this.confFilePath = "";
        if (str == null || str.length() == 0) {
            throw new GpkiApiException("The confFilePath is empty. You must input a value for it.");
        }
        this.gpkiapi = new gpkiapi_jni();
        this.confFilePath = str;
        this.useCache = z;
        setVerifyRange(i);
        setRevokationCheck(i2);
    }

    public void setVerifyRange(int i) {
        switch (i) {
            case 1:
                this.verifyRange = gpkiapi_jni.CERT_VERIFY_FULL_PATH;
                return;
            case 2:
                this.verifyRange = gpkiapi_jni.CERT_VERIFY_CA_CERT;
                return;
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                return;
            case 4:
                this.verifyRange = gpkiapi_jni.CERT_VERIFY_USER_CERT;
                return;
            case 8:
                this.verifyRange = gpkiapi_jni.CERT_VERIFY_STRICTLY;
                return;
        }
    }

    public void setRevokationCheck(int i) {
        if (i == 7) {
            this.revokationCheck = gpkiapi_jni.CERT_REV_CHECK_ALL;
            return;
        }
        if (i == 0) {
            this.revokationCheck = gpkiapi_jni.CERT_REV_CHECK_NONE;
            return;
        }
        if ((i & 1) != 0) {
            this.revokationCheck |= gpkiapi_jni.CERT_REV_CHECK_ARL;
        }
        if ((i & 2) != 0) {
            this.revokationCheck |= gpkiapi_jni.CERT_REV_CHECK_CRL;
        }
        if ((i & 4) != 0) {
            this.revokationCheck |= gpkiapi_jni.CERT_REV_CHECK_OCSP;
        }
    }

    public void useCache(boolean z) {
        this.useCache = z;
    }

    public void setCaPubs(byte[] bArr) {
        this.gpkiapi.API_SetCaPubs(bArr);
    }

    public void setUserPolicySet(String str) throws GpkiApiException {
        if (str == null || str.length() == 0) {
            throw new GpkiApiException("The ips is empty. You must input a value for it.");
        }
        this.ips = str;
    }

    public void addTrustedRootCert(X509Certificate x509Certificate) throws GpkiApiException {
        if (x509Certificate == null) {
            throw new GpkiApiException("The rootCert is empty. You must input a value for it.");
        }
        this.gpkiapi.CERT_AddTrustedCert(x509Certificate.getCert());
    }

    public void setValidationTime(Date date) throws GpkiApiException {
        if (date == null) {
            throw new GpkiApiException("The time is null. You must input a value for it.");
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        this.validTime = new StringBuffer().append(this.validTime).append(calendar.get(1)).toString();
        switch (calendar.get(2)) {
            case 0:
                this.validTime = new StringBuffer().append(this.validTime).append("01").toString();
                break;
            case 1:
                this.validTime = new StringBuffer().append(this.validTime).append("02").toString();
                break;
            case 2:
                this.validTime = new StringBuffer().append(this.validTime).append("03").toString();
                break;
            case 3:
                this.validTime = new StringBuffer().append(this.validTime).append("04").toString();
                break;
            case 4:
                this.validTime = new StringBuffer().append(this.validTime).append("05").toString();
                break;
            case 5:
                this.validTime = new StringBuffer().append(this.validTime).append("06").toString();
                break;
            case 6:
                this.validTime = new StringBuffer().append(this.validTime).append("07").toString();
                break;
            case 7:
                this.validTime = new StringBuffer().append(this.validTime).append("08").toString();
                break;
            case 8:
                this.validTime = new StringBuffer().append(this.validTime).append("09").toString();
                break;
            case 9:
                this.validTime = new StringBuffer().append(this.validTime).append("10").toString();
                break;
            case RevReason.AA_COMPROMISE /* 10 */:
                this.validTime = new StringBuffer().append(this.validTime).append("11").toString();
                break;
            case 11:
                this.validTime = new StringBuffer().append(this.validTime).append("12").toString();
                break;
        }
        int i = calendar.get(5);
        if (i < 10) {
            this.validTime = new StringBuffer().append(this.validTime).append("0").toString();
        }
        this.validTime = new StringBuffer().append(this.validTime).append(i).toString();
        int i2 = calendar.get(11);
        if (i2 < 10) {
            this.validTime = new StringBuffer().append(this.validTime).append("0").toString();
        }
        this.validTime = new StringBuffer().append(this.validTime).append(i2).toString();
        int i3 = calendar.get(12);
        if (i3 < 10) {
            this.validTime = new StringBuffer().append(this.validTime).append("0").toString();
        }
        this.validTime = new StringBuffer().append(this.validTime).append(i3).toString();
        int i4 = calendar.get(13);
        if (i4 < 10) {
            this.validTime = new StringBuffer().append(this.validTime).append("0").toString();
        }
        this.validTime = new StringBuffer().append(this.validTime).append(i4).toString();
    }

    public void setMyCert(X509Certificate x509Certificate, PrivateKey privateKey) throws GpkiApiException {
        if (x509Certificate == null) {
            throw new GpkiApiException("The cert is empty. You must input a value for it.");
        }
        if (privateKey == null) {
            throw new GpkiApiException("The priKey is empty. You must input a value for it.");
        }
        this.myCert = x509Certificate.getCert();
        this.myPriKey = privateKey.getKey();
    }

    public void validate(int i, X509Certificate x509Certificate) throws GpkiApiException {
        if (x509Certificate == null) {
            throw new GpkiApiException("The cert is hull. You must input a value for it.");
        }
        boolean z = false;
        if (this.myCert != null && this.myPriKey != null && this.myCert.length > 0 && this.myPriKey.length > 0) {
            z = true;
        }
        if (this.gpkiapi.CERT_SetVerifyEnv(this.verifyRange, this.revokationCheck, this.useCache, this.validTime, "") > 0) {
            throw new GpkiApiException(this.gpkiapi.sDetailErrorString);
        }
        if (this.gpkiapi.CERT_Verify(x509Certificate.getCert(), i, this.ips, this.confFilePath, z, this.myCert, this.myPriKey) > 0) {
            throw new GpkiApiException(this.gpkiapi.sDetailErrorString);
        }
    }

    public ArrayList checkStatusByOCSP(X509Certificate x509Certificate, String str) throws GpkiApiException, ParseException {
        if (this.gpkiapi.CERT_CheckStatByOCSP(x509Certificate.getCert(), this.myCert, this.myPriKey, str) > 0) {
            throw new GpkiApiException(this.gpkiapi.sDetailErrorString);
        }
        this.ocspSvrCert = this.gpkiapi.baReturnArray;
        return getRevocationInfo(true);
    }

    public X509Certificate getOCSPSvrCert() throws GpkiApiException {
        return new X509Certificate(this.ocspSvrCert);
    }

    public ArrayList checkStatusByCRL(X509Certificate x509Certificate) throws GpkiApiException, ParseException {
        this.gpkiapi.API_SetConfFile(this.confFilePath);
        if (this.gpkiapi.CERT_CheckStatByCRL(x509Certificate.getCert()) > 0) {
            throw new GpkiApiException(this.gpkiapi.sDetailErrorString);
        }
        return getRevocationInfo(false);
    }

    ArrayList getRevocationInfo(boolean z) throws GpkiApiException, ParseException {
        if (this.gpkiapi.sReturnString == null || this.gpkiapi.sReturnString.length() == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(RevReason.getInstance(this.gpkiapi.nReturnInt));
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
        simpleDateFormat.setTimeZone(new SimpleTimeZone(0, "Z"));
        arrayList.add(simpleDateFormat.parse(this.gpkiapi.sReturnString));
        return arrayList;
    }
}
