package pl.unizeto.android.cryptoapi.certpolicies;

import iaik.asn1.ObjectID;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.cryptoapi.certificatestoremanager.CertificationPath;
import pl.unizeto.android.cryptoapi.exception.PKIErrorCode;
import pl.unizeto.android.cryptoapi.internal.CommonProperties;
import pl.unizeto.android.cryptoapi.util.cert.CertificateInfoUtil;
import pl.unizeto.android.cryptoapi.util.cert.CertificateUtils;
import pl.unizeto.android.cryptoapi.util.certpolicies.exceptions.CertPoliciesException;
import pl.unizeto.pki.util.Certs;

/* loaded from: classes.dex */
public class CertPoliciesProcessor {
    private static Set<String> defaultPolicySet;
    private static final Logger log = LoggerFactory.getLogger(CertPoliciesProcessor.class.getSimpleName());
    private Set<String> userInitialPolicySet;

    static {
        reloadPolicies();
    }

    public CertPoliciesProcessor() {
        setUserInitialPolicySet(defaultPolicySet);
    }

    public CertPoliciesProcessor(Set<String> set) {
        setUserInitialPolicySet(set);
    }

    private void checkPoliciesFromCert(X509Certificate x509Certificate, Set<String> set) throws CertPoliciesException, CertificateException {
        Vector<String> policiesInternal;
        if (set == null || (policiesInternal = getPoliciesInternal(CertificateUtils.convert(x509Certificate))) == null) {
            return;
        }
        Iterator<String> it = policiesInternal.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (set.contains(next) || next.equals(ObjectID.anyPolicy.getID())) {
                return;
            }
        }
        log.debug("Polityki certyfikacji certyfikatu: " + policiesInternal);
        log.debug("Zaufane polityki certyfikacji: " + set);
        throw new CertPoliciesException(PKIErrorCode.CERT_POLICY_DOES_NOT_MATCH_TRUSTED_POLICIES, CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate));
    }

    public static Set<String> getDefaultPolicySet() {
        return defaultPolicySet;
    }

    private Vector<String> getPoliciesInternal(iaik.x509.X509Certificate x509Certificate) {
        Vector<String> policiesOID = Certs.getPoliciesOID(x509Certificate);
        if (policiesOID == null) {
            policiesOID = new Vector<>();
        }
        if (policiesOID.isEmpty()) {
            policiesOID.add(ObjectID.anyPolicy.getID());
        }
        return policiesOID;
    }

    private Set<String> getUpdatedExpectedPolicySet(X509Certificate x509Certificate, Set<String> set) throws CertificateException {
        Vector policiesOID = Certs.getPoliciesOID(CertificateUtils.convert(x509Certificate));
        if (policiesOID == null || set == null || policiesOID.contains(ObjectID.anyPolicy.getID())) {
            return set;
        }
        HashSet hashSet = new HashSet();
        Iterator it = policiesOID.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (set.contains(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    public static void reloadPolicies() {
        String str = null;
        try {
            str = CommonProperties.getInstance().getProperty("pl.unizeto.procertum.util.certpolicies.defaultUserInitialPolicySet");
        } catch (Exception e) {
            log.warn("Błąd w czasie odczytu 'pl.unizeto.procertum.util.certpolicies.defaultUserInitialPolicySet' z pliku ustawień");
        }
        if (str == null || StringUtils.isBlank(str)) {
            defaultPolicySet = null;
        } else {
            HashSet hashSet = new HashSet();
            for (String str2 : StringUtils.split(str, ",")) {
                if (!StringUtils.isBlank(str2)) {
                    hashSet.add(str2.trim());
                }
            }
            if (hashSet.isEmpty()) {
                hashSet = null;
            }
            defaultPolicySet = hashSet;
        }
        log.info(String.valueOf("pl.unizeto.procertum.util.certpolicies.defaultUserInitialPolicySet") + " = " + defaultPolicySet);
    }

    public static void setDefaultPolicySet(Set<String> set) {
        defaultPolicySet = set;
    }

    public void addToUserInitialPolicySet(String... strArr) {
        this.userInitialPolicySet.addAll(Arrays.asList(strArr));
    }

    public void checkPoliciesInPath(CertificationPath certificationPath) throws CertPoliciesException, CertificateException {
        if (certificationPath == null) {
            throw new IllegalArgumentException("'certPath' mustn't be null");
        }
        Vector<X509Certificate> path = certificationPath.getPath();
        if (path.isEmpty()) {
            throw new IllegalArgumentException("'certPath' mustn't be empty");
        }
        Set<String> userInitialPolicySet = getUserInitialPolicySet();
        for (int size = path.size(); size > 0; size--) {
            X509Certificate x509Certificate = path.get(size - 1);
            checkPoliciesFromCert(x509Certificate, userInitialPolicySet);
            userInitialPolicySet = getUpdatedExpectedPolicySet(x509Certificate, userInitialPolicySet);
        }
    }

    public Set<String> getUserInitialPolicySet() {
        return this.userInitialPolicySet;
    }

    public void setUserInitialPolicySet(Set<String> set) {
        this.userInitialPolicySet = set;
    }
}
