package pl.unizeto.android.cryptoapi.util.cert;

import iaik.asn1.ObjectID;
import iaik.x509.V3Extension;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.BasicConstraints;
import iaik.x509.extensions.CertificatePolicies;
import iaik.x509.extensions.ExtendedKeyUsage;
import iaik.x509.extensions.KeyUsage;
import iaik.x509.extensions.qualified.QCStatements;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.cryptoapi.exception.PKIErrorCode;
import pl.unizeto.android.cryptoapi.exception.PKIException;
import pl.unizeto.android.cryptoapi.internal.CommonProperties;

/* loaded from: classes.dex */
public class CertificateExtensionsSupport {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String[] FULLY_SUPPORTED_CRITICAL_EXTENSIONS;
    protected static final Logger log;
    private static boolean unsupportedCriticalExtensionsCheckingEnabled;

    static {
        $assertionsDisabled = !CertificateExtensionsSupport.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(CertificateExtensionsSupport.class.getSimpleName());
        Boolean bool = true;
        try {
            bool = Boolean.valueOf(Boolean.valueOf(CommonProperties.getInstance().getProperty("pl.unizeto.procertum.util.cert.CertificateExtensionsSupport.unsupportedCriticalExtensionsCheckingEnabled", bool.toString())).booleanValue());
        } catch (Exception e) {
            log.warn("Błąd w czasie odczytu 'pl.unizeto.procertum.util.cert.CertificateExtensionsSupport.unsupportedCriticalExtensionsCheckingEnabled' z pliku ustawień", (Throwable) e);
        }
        unsupportedCriticalExtensionsCheckingEnabled = bool.booleanValue();
        if (log.isDebugEnabled()) {
            log.debug(String.valueOf("pl.unizeto.procertum.util.cert.CertificateExtensionsSupport.unsupportedCriticalExtensionsCheckingEnabled") + " = " + unsupportedCriticalExtensionsCheckingEnabled);
        }
        FULLY_SUPPORTED_CRITICAL_EXTENSIONS = new String[]{KeyUsage.oid.getID(), ExtendedKeyUsage.oid.getID(), CertificatePolicies.oid.getID(), QCStatements.oid.getID(), BasicConstraints.oid.getID()};
    }

    public static void checkUnsupportedCriticalExceptions(X509Certificate x509Certificate) throws CertificateException, PKIException {
        if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie czy w certyfikacie występują nieobsługiwane rozszerzenia krytyczne (cert: " + CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate) + ")");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("'cert' mustn't be null");
        }
        if (isUnsupportedCriticalExtensionsCheckingEnabled()) {
            if (hasUnsupportedCriticalExtension(x509Certificate)) {
                throw new PKIException(PKIErrorCode.CERTIFICATE_HAS_UNSUPPORTED_CRITICAL_EXTENSION, CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate));
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie nieobsługiwanych rozszerzeń krytycznych wyłączone.");
        }
    }

    public static void checkUnsupportedCriticalExtensions(Collection<X509Certificate> collection) throws CertificateException, PKIException {
        if (collection == null) {
            if (log.isDebugEnabled()) {
                log.debug("'certs' is null");
            }
            throw new IllegalArgumentException("'certs' is null");
        }
        if (collection.contains(null)) {
            throw new IllegalArgumentException("'certs' collection mustn't contain null");
        }
        if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie czy w certyfikatach (" + collection.size() + ") występują nieobsługiwane rozszerzenia krytyczne");
        }
        if (isUnsupportedCriticalExtensionsCheckingEnabled()) {
            Iterator<X509Certificate> it = collection.iterator();
            while (it.hasNext()) {
                checkUnsupportedCriticalExceptions(it.next());
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie nieobsługiwanych rozszerzeń krytycznych wyłączone.");
        }
    }

    public static boolean hasUnsupportedCriticalExtension(X509Certificate x509Certificate) throws CertificateException {
        if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie czy w certyfikacie występują nieobsługiwane rozszerzenia krytyczne (cert: " + CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate) + ")");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("'cert' mustn't be null");
        }
        if (!isUnsupportedCriticalExtensionsCheckingEnabled()) {
            if (log.isDebugEnabled()) {
                log.debug("Sprawdzanie nieobsługiwanych rozszerzeń krytycznych wyłączone. Zwracam 'false'");
            }
            return false;
        }
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        Iterator<String> it = criticalExtensionOIDs.iterator();
        while (it.hasNext()) {
            if (isUnsupportedCriticalExtension(x509Certificate, it.next())) {
                return true;
            }
        }
        return false;
    }

    private static boolean isUnsupportedCriticalExtension(V3Extension v3Extension) {
        if ($assertionsDisabled || v3Extension != null) {
            return v3Extension.isCritical() && !Arrays.asList(FULLY_SUPPORTED_CRITICAL_EXTENSIONS).contains(v3Extension.getObjectID().getID());
        }
        throw new AssertionError("'ext' mustn't be null");
    }

    public static boolean isUnsupportedCriticalExtension(X509Certificate x509Certificate, String str) throws CertificateException {
        if (x509Certificate == null || str == null) {
            if (log.isDebugEnabled()) {
                log.debug("'cert' or 'oid' is null");
            }
            throw new IllegalArgumentException("'cert' or 'oid' is null");
        }
        if (log.isDebugEnabled()) {
            log.debug("Sprawdzanie czy biblioteka obsługuje podane rozszerzenie krytyczne (cert: " + CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate) + ", oid: " + str + ")");
        }
        if (!isUnsupportedCriticalExtensionsCheckingEnabled()) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Sprawdzanie nieobsługiwanych rozszerzeń krytycznych wyłączone. Zwracam 'false'");
            return false;
        }
        try {
            V3Extension extension = CertificateUtils.convert(x509Certificate).getExtension(new ObjectID(str));
            return extension == null ? false : isUnsupportedCriticalExtension(extension);
        } catch (X509ExtensionInitException e) {
            if (log.isDebugEnabled()) {
                log.debug("Nie można odczytać rozszerzenia z certyfikatu(cert: " + CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate) + "; oid: " + str + ")", (Throwable) e);
            }
            return e.isCriticalExtension();
        }
    }

    public static synchronized boolean isUnsupportedCriticalExtensionsCheckingEnabled() {
        boolean z;
        synchronized (CertificateExtensionsSupport.class) {
            log.debug("Sprawdzam 'unsupportedCriticalExtensionsCheckingEnabled': " + unsupportedCriticalExtensionsCheckingEnabled);
            z = unsupportedCriticalExtensionsCheckingEnabled;
        }
        return z;
    }
}
