package net.netca.pki;

import java.io.UnsupportedEncodingException;
import java.util.Date;

/* loaded from: classes3.dex */
public final class CertVerify implements Freeable {
    public static final int CERT_STATUS_UNREVOKED = 1;
    public static final int OPTION_CHECK_AKID = 256;
    public static final int OPTION_IGNOREALLEXT = 4;
    public static final int OPTION_NOT_VERIFY_TIME = 128;
    public static final int OPTION_ONLINE_GETCACERT = 32;
    public static final int OPTION_ONLINE_GETREVOKEINFO = 64;
    public static final int OPTION_USEALLCACERT = 2;
    public static final int OPTION_USEV1CERT = 1;
    public static final int OPTION_USE_GSMA_NAMECONSTRAINTS = 512;
    public static final int OPTION_USE_SYSTEM_CERT_STORE = 2048;
    public static final int OPTION_VERIFYCAREVOKE = 16;
    public static final int OPTION_VERIFYEEREVOKE = 8;
    public static final int STATUS_BULID_CERTPATH_FAIL = -1001;
    public static final int STATUS_CA_REVOKED = -2;
    public static final int STATUS_NOT_IN_VALIDITY = -1003;
    public static final int STATUS_NO_CA_REVOKE_INFO = -1006;
    public static final int STATUS_NO_REVOKE_INFO = -1005;
    public static final int STATUS_NO_ROOTCERT = -1004;
    public static final int STATUS_OTHER_ERROR = -1000;
    public static final int STATUS_REVOKED = 0;
    public static final int STATUS_UNDETERMINED = -1;
    public static final int STATUS_UNREVOKED = 1;
    public static final int STATUS_VERIFY_CERTPATH_FAIL = -1002;
    private long hCertVerify;
    private final Logger logger;
    private int reason;
    private Date revtime;
    private byte[] revtimevalue;
    private int verifyreturn;

    static {
        Util.loadJNI();
    }

    public CertVerify() throws PkiException {
        this.hCertVerify = 0L;
        Logger logger = LoggerFactory.getLogger(CertVerify.class);
        this.logger = logger;
        logger.debug("Enter CertVerify()");
        long newCertVerify = newCertVerify();
        this.hCertVerify = newCertVerify;
        if (newCertVerify != 0) {
            logger.debug("Leave CertVerify(),hCertVerify={}", new Long(this.hCertVerify));
        } else {
            logger.error("Leave CertVerify() fail,newCertVerify return 0");
            throw new PkiException("newCertVerify fail");
        }
    }

    public CertVerify(long j2, int i2, Date date) throws PkiException {
        this.hCertVerify = 0L;
        this.logger = LoggerFactory.getLogger(CertVerify.class);
        this.hCertVerify = j2;
        this.revtime = date;
        this.reason = i2;
    }

    private static native void addCACert(long j2, long j3);

    private static native void addCRL(long j2, long j3);

    private static native void addCRL(long j2, byte[] bArr, int i2, int i3);

    private static native void addIgnoreExtension(long j2, byte[] bArr);

    private static native void addOCSP(long j2, byte[] bArr, int i2, int i3, long j3);

    private static native void addOCSPCert(long j2, long j3, long j4);

    private static native void addRootCert(long j2, long j3);

    public static native void freeCRL(long j2);

    public static native void freeCertVerify(long j2);

    private static native byte[][] getAuthPolicySet(long j2);

    private static native long[] getCertPath(long j2);

    private int getCertStatus(int i2, int i3) {
        if (i2 == 1) {
            return i3;
        }
        if (i2 == -12) {
            return -1001;
        }
        if (i2 == -13) {
            return -1002;
        }
        if (i2 == -14) {
            return STATUS_NOT_IN_VALIDITY;
        }
        if (i2 == -28) {
            return STATUS_NO_ROOTCERT;
        }
        if (i2 == -29) {
            return STATUS_NO_REVOKE_INFO;
        }
        if (i2 == -30) {
            return STATUS_NO_CA_REVOKE_INFO;
        }
        return -1000;
    }

    private String[] getPolicySet(byte[][] bArr) throws PkiException {
        String[] strArr = new String[bArr.length];
        for (int i2 = 0; i2 < bArr.length; i2++) {
            try {
                strArr[i2] = new String(bArr[i2], "UTF-8");
            } catch (UnsupportedEncodingException e2) {
                this.logger.error("PolictSet {i} oid bad encode", new Integer(i2), e2);
                throw new PkiException("bad policy set oid");
            }
        }
        return strArr;
    }

    private static native long getPublicKey(long j2, int i2);

    private static native RevokeInfoSource[] getRevokeInfoSource(long j2, int i2);

    private static native byte[][] getUserPolicySet(long j2);

    public static native long newCRL(byte[] bArr, int i2, int i3);

    private static native long newCertVerify();

    private static native void setOption(long j2, int i2);

    private static native void setParam(long j2, byte[] bArr);

    private static native void setVerifyTime(long j2, byte[] bArr);

    private native int verify(long j2, long j3);

    public void addCACert(Certificate certificate) throws PkiException {
        this.logger.debug("Enter addCACert(Certificate cert),hCertVerify={}", new Long(this.hCertVerify));
        if (certificate == null) {
            this.logger.error("Leave addCACert(Certificate cert) fail,cert is null");
            throw new PkiException("addCACert fail,cert is null");
        }
        if (this.logger.isDebugEnabled()) {
            certificate.log(this.logger);
        }
        addCACert(this.hCertVerify, certificate.hCert);
        this.logger.debug("Leave addCACert(Certificate cert),hCert={}", new Long(certificate.hCert));
    }

    public void addCRL(long j2) throws PkiException {
        this.logger.debug("Enter addCRL(long crlHandle),hCertVerify={},crlHandle={}", new Object[]{new Long(this.hCertVerify), new Long(j2)});
        addCRL(this.hCertVerify, j2);
        this.logger.debug("Leave addCRL(long crlHandle)");
    }

    public void addCRL(byte[] bArr) throws PkiException {
        addCRL(bArr, 0, bArr.length);
    }

    public void addCRL(byte[] bArr, int i2, int i3) throws PkiException {
        this.logger.debug("Enter addCRL(byte[] crl,int offset,int len),hCertVerify={},offset={},len={}", new Object[]{new Long(this.hCertVerify), new Integer(i2), new Integer(i3)});
        addCRL(this.hCertVerify, bArr, i2, i3);
        this.logger.debug("Leave addCRL(byte[] crl,int offset,int len)");
    }

    public void addIgnoreExtension(String str) throws PkiException {
        this.logger.debug("Enter addIgnoreExtension(String oid),hCertVerify={},oid={}", new Long(this.hCertVerify), str);
        try {
            addIgnoreExtension(this.hCertVerify, str.getBytes("ASCII"));
            this.logger.debug("Leave addIgnoreExtension(String oid)");
        } catch (UnsupportedEncodingException unused) {
            this.logger.debug("Leave addIgnoreExtension(String oid) fail,bad oid");
            throw new PkiException("oid encode ascii fail");
        }
    }

    public void addOCSP(byte[] bArr) throws PkiException {
        addOCSP(bArr, 0, bArr.length, null);
    }

    public void addOCSP(byte[] bArr, int i2, int i3) throws PkiException {
        addOCSP(bArr, i2, i3, null);
    }

    public void addOCSP(byte[] bArr, int i2, int i3, Certificate certificate) throws PkiException {
        this.logger.debug("addOCSP(byte[] ocsp,int offset,int len,Certificate ocspCert),hCertVerify={},offset={},len={}", new Object[]{new Long(this.hCertVerify), new Integer(i2), new Integer(i3)});
        if (certificate == null) {
            addOCSP(this.hCertVerify, bArr, i2, i3, 0L);
        } else {
            if (this.logger.isDebugEnabled()) {
                certificate.log(this.logger);
            }
            this.logger.debug("ocspCert hCert={}", new Long(certificate.hCert));
            addOCSP(this.hCertVerify, bArr, i2, i3, certificate.hCert);
        }
        this.logger.debug("addOCSP(byte[] ocsp,int offset,int len,Certificate ocspCert)");
    }

    public void addOCSP(byte[] bArr, Certificate certificate) throws PkiException {
        addOCSP(bArr, 0, bArr.length, certificate);
    }

    public void addOCSPCert(Certificate certificate, Certificate certificate2) throws PkiException {
        this.logger.debug("Enter addOCSPCert(Certificate issuerCert,Certificate ocspCert),hCertVerify={}", new Long(this.hCertVerify));
        if (certificate == null) {
            this.logger.error("Leave addOCSPCert(Certificate issuerCert,Certificate ocspCert) fail,issuerCert is null");
            throw new PkiException("issuerCert is null");
        }
        if (this.logger.isDebugEnabled()) {
            certificate.log(this.logger);
        }
        if (certificate2 == null) {
            this.logger.error("Leave addOCSPCert(Certificate issuerCert,Certificate ocspCert) fail,ocspCert is null");
            throw new PkiException("ocspCert is null");
        }
        if (this.logger.isDebugEnabled()) {
            certificate2.log(this.logger);
        }
        addOCSPCert(this.hCertVerify, certificate.hCert, certificate2.hCert);
        this.logger.debug("Leave addOCSPCert(Certificate issuerCert,Certificate ocspCert)");
    }

    public void addRootCert(Certificate certificate) throws PkiException {
        this.logger.debug("Enter addRootCert(Certificate cert),hCertVerify={}", new Long(this.hCertVerify));
        if (certificate == null) {
            this.logger.error("Leave addRootCert(Certificate cert) fail,cert is null");
            throw new PkiException("addRootCert fail,cert is null");
        }
        if (this.logger.isDebugEnabled()) {
            certificate.log(this.logger);
        }
        addRootCert(this.hCertVerify, certificate.hCert);
        this.logger.debug("Leave addRootCert(Certificate cert),hCert={}", new Long(certificate.hCert));
    }

    public void finalize() throws Throwable {
        try {
            synchronized (this) {
                free();
            }
        } finally {
            super.finalize();
        }
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        this.logger.debug("Enter free()");
        if (this.hCertVerify != 0) {
            this.logger.debug("hCertVerify={}", new Long(this.hCertVerify));
            freeCertVerify(this.hCertVerify);
            this.hCertVerify = 0L;
        }
        this.logger.debug("Leave free()");
    }

    public String[] getAuthPolicySet() throws PkiException {
        this.logger.debug("Enter getAuthPolicySet(),hCertVerify={}", new Long(this.hCertVerify));
        byte[][] authPolicySet = getAuthPolicySet(this.hCertVerify);
        if (authPolicySet == null) {
            this.logger.debug("Leave getAuthPolicySet(),return null");
            return null;
        }
        String[] policySet = getPolicySet(authPolicySet);
        this.logger.debug("Leave getAuthPolicySet()");
        return policySet;
    }

    public Certificate[] getCertPath() throws PkiException {
        this.logger.debug("Enter getCertPath(),hCertVerify={}", new Long(this.hCertVerify));
        long[] certPath = getCertPath(this.hCertVerify);
        if (certPath != null) {
            Certificate[] certificateArr = new Certificate[certPath.length];
            int i2 = 0;
            for (int i3 = 0; i3 < certPath.length; i3++) {
                try {
                    try {
                        certificateArr[i3] = new Certificate(certPath[i3]);
                        certificateArr[i3].log(this.logger);
                    } catch (Exception e2) {
                        while (i2 < i3) {
                            certificateArr[i2].free();
                            i2++;
                        }
                        while (true) {
                            i2++;
                            if (i2 >= certPath.length) {
                                break;
                            }
                            Certificate.freeCert(certPath[i2]);
                        }
                        throw e2;
                    }
                } catch (Exception e3) {
                    this.logger.warn("getCertPath() catch exception", (Throwable) e3);
                }
            }
            this.logger.debug("Leave getCertPath()");
            return certificateArr;
        }
        this.logger.debug("Leave getCertPath(),return null");
        return null;
    }

    public PublicKey getPublicKey(int i2) throws PkiException {
        this.logger.debug("Enter getPublicKey(int purpose),hCertVerify={},purpose={}", new Long(this.hCertVerify), new Integer(i2));
        long publicKey = getPublicKey(this.hCertVerify, i2);
        if (publicKey == 0) {
            this.logger.debug("Leave getPublicKey(int purpose),return null");
            return null;
        }
        try {
            PublicKey publicKey2 = new PublicKey(publicKey);
            this.logger.debug("Leave getPublicKey(int purpose),hPublicKey={}", new Long(publicKey));
            return publicKey2;
        } catch (Exception e2) {
            this.logger.warn("getPublicKey(int purpose) catch exception", (Throwable) e2);
            this.logger.debug("Leave getPublicKey(int purpose),return null");
            PublicKey.freePublicKey(publicKey);
            return null;
        }
    }

    public RevokeInfo getRevokeInfo() {
        this.logger.debug("Enter getRevokeInfo(),hCertVerify={}", new Long(this.hCertVerify));
        RevokeInfo revokeInfo = new RevokeInfo(this.revtime, this.reason);
        this.logger.debug("Leave getRevokeInfo()");
        return revokeInfo;
    }

    public RevokeInfoSource[] getRevokeInfoSource(int i2) throws PkiException {
        return getRevokeInfoSource(this.hCertVerify, i2);
    }

    public String[] getUserPolicySet() throws PkiException {
        this.logger.debug("Enter getUserPolicySet(),hCertVerify={}", new Long(this.hCertVerify));
        byte[][] userPolicySet = getUserPolicySet(this.hCertVerify);
        if (userPolicySet == null) {
            this.logger.debug("Leave getUserPolicySet(),return null");
            return null;
        }
        String[] policySet = getPolicySet(userPolicySet);
        this.logger.debug("Leave getUserPolicySet()");
        return policySet;
    }

    public void setOption(int i2) throws PkiException {
        this.logger.debug("Enter setOption(int option),hCertVerify={},option={}", new Long(this.hCertVerify), new Integer(i2));
        setOption(this.hCertVerify, i2);
        this.logger.debug("Leave setOption(int option)");
    }

    public void setParam(String str) throws PkiException {
        this.logger.debug("Enter setParam(String param),hCertVerify={},param={}", new Long(this.hCertVerify), str);
        try {
            setParam(this.hCertVerify, str.getBytes("UTF-8"));
            this.logger.debug("Leave setParam(String param)");
        } catch (UnsupportedEncodingException unused) {
            this.logger.debug("Leave setParam(String param) fail");
            throw new PkiException("param encode utf-8 fail");
        }
    }

    public void setVerifyTime(Date date) throws PkiException {
        this.logger.debug("Enter setVerifyTime(Date time),hCertVerify={},time={}", new Long(this.hCertVerify), date);
        setVerifyTime(this.hCertVerify, Util.EncodeUTCTime(date));
        this.logger.debug("Leave setVerifyTime(Date time)");
    }

    public int verify(Certificate certificate) throws PkiException {
        this.logger.debug("Enter verify(Certificate cert),hCertVerify={}", new Long(this.hCertVerify));
        this.verifyreturn = -1;
        if (certificate == null) {
            this.logger.error("Leave verify(Certificate cert) fail,cert is null");
            throw new PkiException("verify fail,cert is null");
        }
        if (this.logger.isDebugEnabled()) {
            certificate.log(this.logger);
        }
        int verify = verify(this.hCertVerify, certificate.hCert);
        this.logger.debug("verify finish,return value={},status={}", new Integer(this.verifyreturn), new Integer(verify));
        int certStatus = getCertStatus(this.verifyreturn, verify);
        if (certStatus == 0 || certStatus == -2) {
            Date UTCTimeDecode = Util.UTCTimeDecode(this.revtimevalue);
            this.revtime = UTCTimeDecode;
            this.logger.debug("Revoked Time: {},Reason: {}", UTCTimeDecode, new Integer(this.reason));
        }
        this.logger.debug("Leave verify(Certificate cert),hCert={},return {}", new Long(certificate.hCert), new Integer(certStatus));
        return certStatus;
    }
}
