package anon.crypto;

import anon.util.IXMLEncodable;
import anon.util.XMLParseException;
import anon.util.XMLUtil;
import jap.JAPConstants;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
import logging.LogHolder;
import logging.LogType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:anon/crypto/CertPath.class */
public class CertPath implements IXMLEncodable {
    public static final String XML_ELEMENT_NAME = "CertPath";
    public static final String XML_ATTR_CLASS = "rootCertificateClass";
    public static final String XML_ATTR_TYPE = "certificateType";
    public static final int NO_ERRORS = 0;
    public static final int ERROR_VERIFICATION = 1;
    public static final int ERROR_VALIDITY = 2;
    public static final int ERROR_REVOCATION = 3;
    public static final int ERROR_UNKNOWN_CRITICAL_EXTENSION = 4;
    public static final int ERROR_BASIC_CONSTRAINTS_IS_CA = 5;
    public static final int ERROR_BASIC_CONSTRAINTS_IS_NO_CA = 6;
    public static final int ERROR_BASIC_CONSTRAINTS_PATH_TOO_LONG = 7;
    public static final int ERROR_KEY_USAGE = 8;
    public static final int ERROR_VALIDITY_SEVERE = 9;
    private static final int VERIFICATION_INTERVAL = 180000;
    private static final long GRACE_PERIOD = 5184000000L;
    private int m_documentType;
    private Vector m_certificates;
    private boolean m_rootFound;
    private boolean m_valid;
    private boolean m_verified;
    private long m_verificationTime;
    private int m_pathError;
    private int m_errorPosition;

    private CertPath(JAPCertificate jAPCertificate, int i) {
        this.m_certificates = new Vector();
        this.m_documentType = i;
        this.m_verificationTime = 0L;
        this.m_verified = false;
        this.m_pathError = 0;
        this.m_errorPosition = -1;
        appendCertificate(jAPCertificate);
        this.m_rootFound = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertPath(Element element) throws XMLParseException {
        if (element == null || !element.getNodeName().equals(XML_ELEMENT_NAME)) {
            throw new XMLParseException(XMLParseException.ROOT_TAG, XML_ELEMENT_NAME);
        }
        XMLUtil.parseAttribute((Node) element, XML_ATTR_TYPE, -1);
        NodeList elementsByTagName = element.getElementsByTagName(JAPCertificate.XML_ELEMENT_NAME);
        if (elementsByTagName.getLength() == 0) {
            throw new XMLParseException("No certificates found!");
        }
        this.m_certificates = new Vector(elementsByTagName.getLength());
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            this.m_certificates.addElement(JAPCertificate.getInstance(elementsByTagName.item(i)));
        }
        if (this.m_documentType == 0) {
            this.m_valid = true;
        } else {
            this.m_valid = buildAndValidate(null);
        }
    }

    public static CertPath getRootInstance(JAPCertificate jAPCertificate) {
        CertPath certPath = new CertPath(jAPCertificate, 0);
        certPath.m_valid = true;
        return certPath;
    }

    public static CertPath getInstance(JAPCertificate jAPCertificate, int i, Vector vector) {
        if (jAPCertificate == null) {
            return null;
        }
        CertificateInfoStructure certificateInfoStructure = SignatureVerifier.getInstance().getVerificationCertificateStore().getCertificateInfoStructure(jAPCertificate, getCertType(i));
        if (certificateInfoStructure != null && certificateInfoStructure.getCertPath().m_valid && (certificateInfoStructure.getCertPath().checkValidity(new Date()) || !isPossiblyValid(jAPCertificate, vector))) {
            return certificateInfoStructure.getCertPath();
        }
        CertPath certPath = new CertPath(jAPCertificate, i);
        certPath.m_valid = certPath.buildAndValidate((Vector) vector.clone());
        if (!certPath.m_valid && certificateInfoStructure != null) {
            return certificateInfoStructure.getCertPath();
        }
        SignatureVerifier.getInstance().getVerificationCertificateStore().addCertificateWithVerification(certPath, getCertType(i), false);
        return certPath;
    }

    private static boolean isPossiblyValid(JAPCertificate jAPCertificate, Vector vector) {
        if (!jAPCertificate.getValidity().isValid(new Date())) {
            return false;
        }
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            if (((JAPCertificate) elements.nextElement()).getValidity().isValid(new Date())) {
                return true;
            }
        }
        return false;
    }

    private boolean buildAndValidate(Vector vector) {
        int i = 0;
        build(vector);
        synchronized (this.m_certificates) {
            Enumeration elements = this.m_certificates.elements();
            if (elements.hasMoreElements()) {
                JAPCertificate jAPCertificate = (JAPCertificate) elements.nextElement();
                do {
                    JAPCertificate jAPCertificate2 = null;
                    if (elements.hasMoreElements()) {
                        jAPCertificate2 = (JAPCertificate) elements.nextElement();
                    }
                    this.m_pathError = validate(jAPCertificate, i, jAPCertificate2);
                    if (this.m_pathError != 0) {
                        this.m_errorPosition = i;
                        if (this.m_pathError == 1 || this.m_pathError == 3 || this.m_pathError == 4 || this.m_pathError == 9) {
                            return false;
                        }
                    }
                    jAPCertificate = jAPCertificate2;
                    i++;
                } while (jAPCertificate != null);
            }
            return true;
        }
    }

    private void build(Vector vector) {
        JAPCertificate jAPCertificate = null;
        if (vector != null) {
            jAPCertificate = doNameAndKeyChaining(getLastCertificate(), vector, false);
        }
        while (jAPCertificate != null) {
            appendCertificate(jAPCertificate);
            jAPCertificate = doNameAndKeyChaining(jAPCertificate, vector, false);
        }
        findVerifier();
    }

    private void findVerifier() {
        JAPCertificate doNameAndKeyChaining = doNameAndKeyChaining(getLastCertificate(), SignatureVerifier.getInstance().getVerificationCertificateStore().getAvailableCertificatesByType(getRootCertType(this.m_documentType)), false);
        if (doNameAndKeyChaining == null) {
            doNameAndKeyChaining = doNameAndKeyChaining(getLastCertificate(), SignatureVerifier.getInstance().getVerificationCertificateStore().getUnavailableCertificatesByType(getRootCertType(this.m_documentType)), false);
        }
        if (doNameAndKeyChaining != null) {
            this.m_rootFound = true;
            appendCertificate(doNameAndKeyChaining);
        }
    }

    private static JAPCertificate doNameAndKeyChaining(JAPCertificate jAPCertificate, Vector vector, boolean z) {
        X509AuthorityKeyIdentifier x509AuthorityKeyIdentifier;
        JAPCertificate jAPCertificate2 = null;
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            Object nextElement = elements.nextElement();
            JAPCertificate certificate = nextElement instanceof JAPCertificate ? (JAPCertificate) nextElement : ((CertificateInfoStructure) nextElement).getCertificate();
            if (jAPCertificate.getIssuer() != null && certificate.getSubject() != null && (z || !jAPCertificate.equals(certificate))) {
                if (jAPCertificate.getIssuer().equals(certificate.getSubject()) && ((x509AuthorityKeyIdentifier = (X509AuthorityKeyIdentifier) jAPCertificate.getExtensions().getExtension(X509AuthorityKeyIdentifier.IDENTIFIER)) == null || x509AuthorityKeyIdentifier.getValue().equals(certificate.getSubjectKeyIdentifier()))) {
                    if (!jAPCertificate.equals(certificate)) {
                        return certificate;
                    }
                    jAPCertificate2 = certificate;
                }
            }
        }
        return jAPCertificate2;
    }

    private int validate(JAPCertificate jAPCertificate, int i, JAPCertificate jAPCertificate2) {
        if (jAPCertificate2 != null && !jAPCertificate.verify(jAPCertificate2)) {
            return 1;
        }
        if (jAPCertificate.isRevoked()) {
            return 3;
        }
        if (jAPCertificate.getExtensions().hasUnknownCriticalExtensions()) {
            return 4;
        }
        Date date = new Date();
        if (!jAPCertificate.getValidity().isValid(date)) {
            return jAPCertificate.getValidity().getValidTo().getTime() + GRACE_PERIOD < date.getTime() ? 9 : 2;
        }
        X509BasicConstraints x509BasicConstraints = (X509BasicConstraints) jAPCertificate.getExtensions().getExtension(X509BasicConstraints.IDENTIFIER);
        if (x509BasicConstraints != null) {
            if (x509BasicConstraints.isCA()) {
                if (i == 0) {
                    return 5;
                }
                int pathLengthConstraint = x509BasicConstraints.getPathLengthConstraint();
                if (pathLengthConstraint != -1 && pathLengthConstraint < i) {
                    return 7;
                }
            } else if (i > 0) {
                return 6;
            }
        }
        X509KeyUsage x509KeyUsage = (X509KeyUsage) jAPCertificate.getExtensions().getExtension(X509KeyUsage.IDENTIFIER);
        if (x509KeyUsage != null) {
            return i == 0 ? !x509KeyUsage.allowsDigitalSignature() ? 8 : 0 : (x509KeyUsage.allowsDigitalSignature() && x509KeyUsage.allowsKeyCertSign()) ? 0 : 8;
        }
        return 0;
    }

    @Override // anon.util.IXMLEncodable
    public Element toXmlElement(Document document) {
        if (document == null) {
            return null;
        }
        Element createElement = document.createElement(XML_ELEMENT_NAME);
        XMLUtil.setAttribute(createElement, XML_ATTR_TYPE, this.m_documentType);
        synchronized (this.m_certificates) {
            Enumeration elements = this.m_certificates.elements();
            while (elements.hasMoreElements()) {
                createElement.appendChild(((JAPCertificate) elements.nextElement()).toXmlElement(document));
            }
        }
        return createElement;
    }

    private void appendCertificate(JAPCertificate jAPCertificate) {
        synchronized (this.m_certificates) {
            if (!this.m_certificates.contains(jAPCertificate)) {
                this.m_certificates.addElement(jAPCertificate);
            }
        }
    }

    private void removeLastCertificate() {
        synchronized (this.m_certificates) {
            if (this.m_certificates.size() > 1) {
                this.m_certificates.removeElementAt(this.m_certificates.size() - 1);
            }
        }
    }

    public JAPCertificate getLastCertificate() {
        synchronized (this.m_certificates) {
            if (this.m_certificates.size() <= 0) {
                return null;
            }
            return (JAPCertificate) this.m_certificates.lastElement();
        }
    }

    public JAPCertificate getFirstCertificate() {
        synchronized (this.m_certificates) {
            if (this.m_certificates.size() <= 0) {
                return null;
            }
            return (JAPCertificate) this.m_certificates.firstElement();
        }
    }

    public JAPCertificate getSecondCertificate() {
        synchronized (this.m_certificates) {
            if (this.m_certificates.size() <= 1) {
                return null;
            }
            return (JAPCertificate) this.m_certificates.elementAt(1);
        }
    }

    private static int getRootCertType(int i) {
        switch (i) {
            case 0:
                return 0;
            case 1:
                return 1;
            case 2:
                return 5;
            case 3:
                return 6;
            case 4:
                return 8;
            case 5:
                return 10;
            default:
                return -1;
        }
    }

    private static int getCertType(int i) {
        switch (i) {
            case 0:
                return 0;
            case 1:
                return 2;
            case 2:
                return 3;
            case 3:
                return 4;
            case 4:
                return 7;
            case 5:
                return 9;
            default:
                return -1;
        }
    }

    public boolean checkValidity(Date date) {
        if (date == null) {
            return false;
        }
        synchronized (this.m_certificates) {
            Enumeration elements = this.m_certificates.elements();
            while (elements.hasMoreElements()) {
                if (!((JAPCertificate) elements.nextElement()).getValidity().isValid(date)) {
                    return false;
                }
            }
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isVerifier(JAPCertificate jAPCertificate) {
        if (jAPCertificate == null || !this.m_valid) {
            return false;
        }
        if (this.m_rootFound && jAPCertificate.equals(getLastCertificate())) {
            return true;
        }
        return getLastCertificate().verify(jAPCertificate);
    }

    public synchronized boolean verify() {
        if (this.m_documentType == 0) {
            return true;
        }
        if (System.currentTimeMillis() - this.m_verificationTime < 180000) {
            return this.m_verified;
        }
        this.m_valid = buildAndValidate(null);
        this.m_verificationTime = System.currentTimeMillis();
        CertificateInfoStructure certificateInfoStructure = SignatureVerifier.getInstance().getVerificationCertificateStore().getCertificateInfoStructure(getLastCertificate());
        if (!this.m_rootFound) {
            Vector vector = new Vector();
            vector.addElement(getLastCertificate());
            if (doNameAndKeyChaining(getLastCertificate(), vector, true) != null) {
                Vector availableCertificatesByType = SignatureVerifier.getInstance().getVerificationCertificateStore().getAvailableCertificatesByType(getCertType(this.m_documentType));
                if (this.m_valid && doNameAndKeyChaining(getLastCertificate(), availableCertificatesByType, true) != null) {
                    this.m_verified = true;
                    return true;
                }
            }
        } else {
            if (certificateInfoStructure == null || certificateInfoStructure.getCertificateType() != getRootCertType(this.m_documentType)) {
                if (certificateInfoStructure != null && certificateInfoStructure.getCertificateType() != getRootCertType(this.m_documentType)) {
                    LogHolder.log(1, LogType.CRYPTO, new StringBuffer().append("Verification root certificate found in wrong type path! Cert doctype: ").append(certificateInfoStructure.getCertificateType()).append(" Expected doc type: ").append(getRootCertType(this.m_documentType)).append(certificateInfoStructure.getCertificate() != null ? new StringBuffer().append(" SKI:").append(certificateInfoStructure.getCertificate().getSubjectKeyIdentifier()).toString() : JAPConstants.DEFAULT_MIXMINION_EMAIL).toString());
                    this.m_verified = false;
                    return false;
                }
                removeLastCertificate();
                this.m_rootFound = false;
                resetVerification();
                return verify();
            }
            if (certificateInfoStructure.isAvailable() && this.m_valid) {
                this.m_verified = true;
                return true;
            }
        }
        this.m_verified = false;
        return false;
    }

    public int length() {
        return this.m_certificates.size();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetVerification() {
        this.m_verificationTime = 0L;
    }

    public String toString() {
        String str;
        synchronized (this.m_certificates) {
            String str2 = new String(new StringBuffer().append("Certification Path (").append(length()).append("):").toString());
            String str3 = new String();
            for (int size = this.m_certificates.size(); size > 0; size--) {
                str3 = new StringBuffer().append(str3).append("\t").toString();
                str2 = new StringBuffer().append(str2).append("\n").append(str3).append(((JAPCertificate) this.m_certificates.elementAt(size - 1)).getSubject().getCommonName()).toString();
            }
            str = str2;
        }
        return str;
    }

    public CertPathInfo getPathInfo() {
        boolean verify;
        JAPCertificate firstCertificate;
        JAPCertificate secondCertificate;
        JAPCertificate jAPCertificate = null;
        Vector vector = null;
        synchronized (this.m_certificates) {
            verify = verify();
            int length = length();
            firstCertificate = getFirstCertificate();
            if (length > 1 && this.m_rootFound) {
                jAPCertificate = getLastCertificate();
                length--;
            }
            secondCertificate = length > 1 ? getSecondCertificate() : null;
            if (length > 2) {
                vector = new Vector();
                for (int i = 2; i < length; i++) {
                    vector.addElement(this.m_certificates.elementAt(i));
                }
            }
        }
        CertPathInfo certPathInfo = new CertPathInfo(firstCertificate, secondCertificate, jAPCertificate, vector, 1);
        certPathInfo.setVerified(verify);
        return certPathInfo;
    }

    public boolean isValidPath() {
        return this.m_valid;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Vector getCertificates() {
        Vector vector = (Vector) this.m_certificates.clone();
        if (this.m_rootFound) {
            vector.removeElementAt(vector.size() - 1);
        }
        return vector;
    }

    public int getErrorCode() {
        return this.m_pathError;
    }

    public int getErrorPosition() {
        return this.m_errorPosition;
    }
}
