package com.huawei.saott.a;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.X509TrustManager;

/* compiled from: X509Utils.java */
/* loaded from: classes3.dex */
public class t {

    /* renamed from: a, reason: collision with root package name */
    private static final Map<String, X509CRL> f22534a = new HashMap();
    private static final Map<String, Boolean> b = new HashMap();

    /* renamed from: c, reason: collision with root package name */
    private static String f22535c = "2.5.29.31";

    private static X509Certificate a(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        String x500Principal = x509Certificate.getIssuerX500Principal().toString();
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x500Principal.equalsIgnoreCase(x509Certificate2.getSubjectX500Principal().toString())) {
                return x509Certificate2;
            }
        }
        return x509Certificate;
    }

    public static void a(X509Certificate[] x509CertificateArr, String str, X509TrustManager x509TrustManager) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
        if (x509CertificateArr.length > 1) {
            X509Certificate x509Certificate2 = x509CertificateArr[x509CertificateArr.length - 1];
            if (x509Certificate2.getBasicConstraints() == -1) {
                throw new CertificateException("The root CA has no CA attribute");
            }
            boolean[] keyUsage = x509Certificate2.getKeyUsage();
            if (!keyUsage[5]) {
                throw new CertificateException("The root CA's keyusage has not value keyCertSign");
            }
            if (!keyUsage[6]) {
                throw new CertificateException("The root CA's keyusage has not value cRLSign");
            }
            if (!a(x509CertificateArr)) {
                throw new CertificateException("The certificate is in CRL, invalid certificate");
            }
        }
    }

    private static boolean a(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String upperCase = x509Certificate.getSerialNumber().toString(16).toUpperCase(Locale.ENGLISH);
            if (b.containsKey(upperCase)) {
                if (!b.get(upperCase).booleanValue()) {
                    return false;
                }
            } else if (x509Certificate.getExtensionValue(f22535c) == null) {
                b.put(upperCase, true);
            } else {
                String x500Principal = x509Certificate.getIssuerX500Principal().toString();
                if (!f22534a.containsKey(x500Principal)) {
                    b.put(upperCase, false);
                    return false;
                }
                X509CRL x509crl = f22534a.get(x500Principal);
                try {
                    x509crl.verify(a(x509Certificate, x509CertificateArr).getPublicKey());
                    boolean isRevoked = x509crl.isRevoked(x509Certificate);
                    b.put(upperCase, Boolean.valueOf(!isRevoked));
                    if (isRevoked) {
                        return false;
                    }
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CRLException unused) {
                    return false;
                }
            }
        }
        return true;
    }
}
