package com.blackberry.security.cr.svc;

import android.util.Base64;
import android.util.Log;
import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import org.xbill.DNS.WKSRecord;

/* loaded from: classes.dex */
public class ProxyCRLCertPair {
    private static final int ASN_CONTEXT0_TAG = -96;
    private static final int ASN_CONTEXT2_TAG = -94;
    private static final int ASN_CONTEXT6_TAG = -122;
    private static final int ASN_OCTET_STRING_TAG = 4;
    private static final int ASN_SEQUENCE_TAG = 48;
    private static final String CRL_DISTRIBUTION_POINT_OID = "2.5.29.31";
    private static final int MAX_BYTE_VALUE = 256;
    private String _certId;
    private ArrayList<String> _crlDistPoints;
    private X509Certificate _issuerCert;
    private String _issuerDN;
    private String _issuerPubKey;
    private String _serialNumber;
    private X509Certificate _targetCert;

    public ProxyCRLCertPair(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        setIssuerCert(x509Certificate);
        setTargetCert(x509Certificate2);
        setSerialNumber(formatSerialNumber(this._targetCert));
        setIssuerDN(this._targetCert.getIssuerDN().toString().replaceAll(", ", ","));
        setIssuerPubKey(Base64.encodeToString(this._issuerCert.getPublicKey().getEncoded(), 2));
        setCertId(generateCertId(this._serialNumber, this._issuerDN, this._issuerPubKey));
        setCrlDistPoints(getCrlDistPoints(this._targetCert));
    }

    private static byte[] decodeAsnObject(int i10, ByteArrayInputStream byteArrayInputStream) {
        ArrayList<byte[]> decodeAsnObjectsLoop = decodeAsnObjectsLoop(i10, byteArrayInputStream, true);
        if (decodeAsnObjectsLoop == null || decodeAsnObjectsLoop.size() < 1) {
            return null;
        }
        return decodeAsnObjectsLoop.get(0);
    }

    private static ArrayList<byte[]> decodeAsnObjects(int i10, ByteArrayInputStream byteArrayInputStream) {
        return decodeAsnObjectsLoop(i10, byteArrayInputStream, false);
    }

    private static ArrayList<byte[]> decodeAsnObjectsLoop(int i10, ByteArrayInputStream byteArrayInputStream, boolean z10) {
        ArrayList<byte[]> arrayList = new ArrayList<>();
        int i11 = (i10 + 256) % 256;
        while (byteArrayInputStream.available() >= 2) {
            int read = (byteArrayInputStream.read() + 256) % 256;
            int read2 = (byteArrayInputStream.read() + 256) % 256;
            if ((read2 & 128) != 0) {
                int i12 = read2 & WKSRecord.Service.LOCUS_CON;
                int i13 = 0;
                for (int i14 = 0; i14 < i12; i14++) {
                    if (i13 > 0) {
                        i13 <<= 8;
                    }
                    i13 += (byteArrayInputStream.read() + 256) % 256;
                }
                read2 = i13;
            }
            if (read2 > byteArrayInputStream.available()) {
                Log.w(CertificateRevocationProxyCRL.LOG_TAG, "available[" + byteArrayInputStream.available() + "] < length[" + read2 + "], unable to continue");
                return null;
            }
            byte[] bArr = new byte[read2];
            int read3 = byteArrayInputStream.read(bArr, 0, read2);
            if (read3 != read2) {
                Log.w(CertificateRevocationProxyCRL.LOG_TAG, "read[" + read2 + "], actual[" + read3 + "], unable to continue");
                return null;
            }
            if (i11 == read) {
                arrayList.add(bArr);
            }
            if (byteArrayInputStream.available() <= 0 || z10) {
                return arrayList;
            }
        }
        Log.w(CertificateRevocationProxyCRL.LOG_TAG, "available byte < 2, unable to continue");
        return null;
    }

    private String formatSerialNumber(X509Certificate x509Certificate) {
        return Base64.encodeToString(removeLeadingZeros(x509Certificate.getSerialNumber().toByteArray()), 0).trim();
    }

    private String generateCertId(String str, String str2, String str3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(IDevicePopManager.SHA_1);
            messageDigest.update(str.getBytes());
            messageDigest.update(str2.getBytes());
            messageDigest.update(str3.getBytes());
            return Base64.encodeToString(messageDigest.digest(), 0);
        } catch (NoSuchAlgorithmException e10) {
            Log.e(CertificateRevocationProxyCRL.LOG_TAG, "Failed to hash certId", e10);
            return null;
        }
    }

    private ArrayList<String> getCrlDistPoints(X509Certificate x509Certificate) {
        byte[] decodeAsnObject;
        ArrayList<String> uriFromGeneralNames;
        ArrayList<String> arrayList = new ArrayList<>();
        byte[] extensionValue = x509Certificate.getExtensionValue(CRL_DISTRIBUTION_POINT_OID);
        if (extensionValue == null || (decodeAsnObject = decodeAsnObject(4, new ByteArrayInputStream(extensionValue))) == null) {
            return null;
        }
        ArrayList<byte[]> decodeAsnObjects = decodeAsnObjects(48, new ByteArrayInputStream(decodeAsnObject));
        for (int i10 = 0; i10 < decodeAsnObjects.size(); i10++) {
            ArrayList<byte[]> decodeAsnObjects2 = decodeAsnObjects(48, new ByteArrayInputStream(decodeAsnObjects.get(i10)));
            for (int i11 = 0; i11 < decodeAsnObjects2.size(); i11++) {
                byte[] decodeAsnObject2 = decodeAsnObject(ASN_CONTEXT0_TAG, new ByteArrayInputStream(decodeAsnObjects2.get(i11)));
                if (decodeAsnObject2 != null && (uriFromGeneralNames = getUriFromGeneralNames(decodeAsnObject(ASN_CONTEXT0_TAG, new ByteArrayInputStream(decodeAsnObject2)))) != null) {
                    arrayList.addAll(uriFromGeneralNames);
                }
                ArrayList<String> uriFromGeneralNames2 = getUriFromGeneralNames(decodeAsnObject(ASN_CONTEXT2_TAG, new ByteArrayInputStream(decodeAsnObjects2.get(i11))));
                if (uriFromGeneralNames2 != null) {
                    arrayList.addAll(uriFromGeneralNames2);
                }
            }
        }
        if (arrayList.size() > 0) {
            return arrayList;
        }
        return null;
    }

    private ArrayList<String> getUriFromGeneralNames(byte[] bArr) {
        ArrayList<String> arrayList = new ArrayList<>();
        if (bArr == null) {
            return null;
        }
        ArrayList<byte[]> decodeAsnObjects = decodeAsnObjects(ASN_CONTEXT6_TAG, new ByteArrayInputStream(bArr));
        if (decodeAsnObjects != null && !decodeAsnObjects.isEmpty()) {
            for (int i10 = 0; i10 < decodeAsnObjects.size(); i10++) {
                arrayList.add(new String(decodeAsnObjects.get(i10)));
            }
        }
        return arrayList;
    }

    private byte[] removeLeadingZeros(byte[] bArr) {
        int i10 = 0;
        while (bArr[i10] == 0) {
            i10++;
        }
        return Arrays.copyOfRange(bArr, i10, bArr.length);
    }

    private void setCertId(String str) {
        this._certId = str;
    }

    private void setCrlDistPoints(ArrayList<String> arrayList) {
        this._crlDistPoints = arrayList;
    }

    private void setIssuerCert(X509Certificate x509Certificate) {
        this._issuerCert = x509Certificate;
    }

    private void setIssuerDN(String str) {
        this._issuerDN = str;
    }

    private void setIssuerPubKey(String str) {
        this._issuerPubKey = str;
    }

    private void setSerialNumber(String str) {
        this._serialNumber = str;
    }

    private void setTargetCert(X509Certificate x509Certificate) {
        this._targetCert = x509Certificate;
    }

    public String getCertId() {
        return this._certId;
    }

    public ArrayList<String> getCrlDistPoints() {
        return this._crlDistPoints;
    }

    public X509Certificate getIssuerCert() {
        return this._issuerCert;
    }

    public String getIssuerDN() {
        return this._issuerDN;
    }

    public String getIssuerPubKey() {
        return this._issuerPubKey;
    }

    public String getSerialNumber() {
        return this._serialNumber;
    }

    public X509Certificate getTargetCert() {
        return this._targetCert;
    }
}
