package de.culture4life.luca.util;

import android.content.Context;
import dgca.verifier.app.decoder.ExtensionsKt;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;

@Metadata(d1 = {"\u0000>\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0018\u0010\u0019J\"\u0010\b\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u00042\b\b\u0002\u0010\u0006\u001a\u00020\u0002H\u0007J\"\u0010\n\u001a\u00020\t2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u00042\b\b\u0002\u0010\u0006\u001a\u00020\u0002H\u0007J\u0018\u0010\f\u001a\u00020\u000b2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0007J\u0010\u0010\f\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\rH\u0007J\u001c\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000b2\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u000b0\u0010R\u0014\u0010\u0014\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0014\u0010\u0015R\u0014\u0010\u0016\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0016\u0010\u0015R\u0014\u0010\u0017\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0017\u0010\u0015¨\u0006\u001a"}, d2 = {"Lde/culture4life/luca/util/CertificateUtil;", "", "", "fileName", "Landroid/content/Context;", "context", "algorithm", "Ljava/security/PublicKey;", "loadPublicPEMKey", "Ljava/security/PrivateKey;", "loadPrivatePEMKey", "Ljava/security/cert/X509Certificate;", "loadCertificate", "Ljava/io/InputStream;", "inputStream", "rootCertificate", "", "certificateChain", "Lyn/v;", "checkCertificateChain", "TYPE_X509", "Ljava/lang/String;", "ALGORITHM_RSA", "ALGORITHM_PKIX", "<init>", "()V", "app_production"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes2.dex */
public final class CertificateUtil {
    private static final String ALGORITHM_PKIX = "PKIX";
    private static final String ALGORITHM_RSA = "RSA";
    public static final CertificateUtil INSTANCE = new CertificateUtil();
    private static final String TYPE_X509 = "X509";

    private CertificateUtil() {
    }

    public static final X509Certificate loadCertificate(InputStream inputStream) {
        kotlin.jvm.internal.k.f(inputStream, "inputStream");
        Certificate generateCertificate = CertificateFactory.getInstance(TYPE_X509).generateCertificate(inputStream);
        kotlin.jvm.internal.k.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    public static final X509Certificate loadCertificate(String fileName, Context context) {
        kotlin.jvm.internal.k.f(fileName, "fileName");
        kotlin.jvm.internal.k.f(context, "context");
        return loadCertificate(AssetUtil.getInputStream(fileName, context));
    }

    public static final PrivateKey loadPrivatePEMKey(String fileName, Context context, String algorithm) {
        kotlin.jvm.internal.k.f(fileName, "fileName");
        kotlin.jvm.internal.k.f(context, "context");
        kotlin.jvm.internal.k.f(algorithm, "algorithm");
        PrivateKey generatePrivate = KeyFactory.getInstance(algorithm).generatePrivate(new PKCS8EncodedKeySpec(ExtensionsKt.fromBase64(zq.j.z(zq.j.z(new String(AssetUtil.getBytes(fileName, context), zq.a.f34831b), "-----BEGIN PRIVATE KEY-----", "", false), "-----END PRIVATE KEY-----", "", false))));
        kotlin.jvm.internal.k.e(generatePrivate, "generatePrivate(...)");
        return generatePrivate;
    }

    public static /* synthetic */ PrivateKey loadPrivatePEMKey$default(String str, Context context, String str2, int i10, Object obj) {
        if ((i10 & 4) != 0) {
            str2 = ALGORITHM_RSA;
        }
        return loadPrivatePEMKey(str, context, str2);
    }

    public static final PublicKey loadPublicPEMKey(String fileName, Context context, String algorithm) {
        kotlin.jvm.internal.k.f(fileName, "fileName");
        kotlin.jvm.internal.k.f(context, "context");
        kotlin.jvm.internal.k.f(algorithm, "algorithm");
        PublicKey generatePublic = KeyFactory.getInstance(algorithm).generatePublic(new X509EncodedKeySpec(ExtensionsKt.fromBase64(zq.j.z(zq.j.z(new String(AssetUtil.getBytes(fileName, context), zq.a.f34831b), "-----BEGIN PUBLIC KEY-----", "", false), "-----END PUBLIC KEY-----", "", false))));
        kotlin.jvm.internal.k.e(generatePublic, "generatePublic(...)");
        return generatePublic;
    }

    public static /* synthetic */ PublicKey loadPublicPEMKey$default(String str, Context context, String str2, int i10, Object obj) {
        if ((i10 & 4) != 0) {
            str2 = ALGORITHM_RSA;
        }
        return loadPublicPEMKey(str, context, str2);
    }

    public final void checkCertificateChain(X509Certificate rootCertificate, List<? extends X509Certificate> certificateChain) {
        kotlin.jvm.internal.k.f(rootCertificate, "rootCertificate");
        kotlin.jvm.internal.k.f(certificateChain, "certificateChain");
        rootCertificate.checkValidity();
        Iterator<T> it = certificateChain.iterator();
        while (it.hasNext()) {
            ((X509Certificate) it.next()).checkValidity();
        }
        CertPathValidator certPathValidator = CertPathValidator.getInstance(ALGORITHM_PKIX);
        CertPath generateCertPath = CertificateFactory.getInstance(TYPE_X509).generateCertPath(certificateChain);
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) e0.c.z(new TrustAnchor(rootCertificate, null)));
        pKIXParameters.setRevocationEnabled(false);
        certPathValidator.validate(generateCertPath, pKIXParameters);
    }
}
