package asia.dbt.thundercrypt.core.utils;

import asia.dbt.thundercrypt.core.Issuers;
import asia.dbt.thundercrypt.core.exceptions.certificates.DefectCertificateException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificatePermissionException;
import java.security.cert.X509Certificate;
import java.util.List;

/* loaded from: input_file:asia/dbt/thundercrypt/core/utils/CertificatePermissionUtil.class */
public class CertificatePermissionUtil {
    public static final int DIGITAL_SIGNATURE_PERMISSION_INDEX = 0;
    public static final int NON_REPUDIATION_PERMISSION_INDEX = 1;
    public static final int KEY_EENCIPHERMENT_PERMISSION_INDEX = 2;
    public static final int DATA_EENCIPHERMENT_PERMISSION_INDEX = 3;
    public static final int KEY_AGREEMENT_PERMISSION_INDEX = 4;
    public static final int KEY_CERT_SIGN_PERMISSION_INDEX = 5;
    public static final int CRL_SIGN_EENCIPHERMENT_PERMISSION_INDEX = 6;
    public static final int ENCIPHER_ONLY_PERMISSION_INDEX = 6;
    public static final int DECIPHER_ONLY_PERMISSION_INDEX = 6;

    public static void checkPolicies(X509Certificate x509Certificate, CertificatePolicy... certificatePolicyArr) throws CertificatePermissionException {
        int length = certificatePolicyArr.length;
        for (int i = 0; i < length; i++) {
            switch (certificatePolicyArr[i]) {
                case AUTH:
                    if (!isKeyForAuth(x509Certificate)) {
                        break;
                    } else {
                        return;
                    }
                case SIGN:
                    if (!isKeyForSign(x509Certificate)) {
                        break;
                    } else {
                        return;
                    }
            }
        }
        throw new CertificatePermissionException();
    }

    public static void checkPermissions(X509Certificate x509Certificate, int... iArr) throws DefectCertificateException, CertificatePermissionException {
        try {
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            for (int i : iArr) {
                if (!keyUsage[i]) {
                    throw new CertificatePermissionException();
                }
            }
        } catch (CertificatePermissionException e) {
            throw e;
        } catch (Exception e2) {
            throw new DefectCertificateException(e2);
        }
    }

    public static void checkExtensionPermissions(X509Certificate x509Certificate, CertificatePermission... certificatePermissionArr) throws DefectCertificateException, CertificatePermissionException {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            for (CertificatePermission certificatePermission : certificatePermissionArr) {
                if (!extendedKeyUsage.contains(certificatePermission.toString())) {
                    throw new CertificatePermissionException();
                }
            }
        } catch (CertificatePermissionException e) {
            throw e;
        } catch (Exception e2) {
            throw new DefectCertificateException(e2);
        }
    }

    public static void checkOptionalExtensionPermissions(X509Certificate x509Certificate, CertificatePermission... certificatePermissionArr) throws DefectCertificateException, CertificatePermissionException {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            for (CertificatePermission certificatePermission : certificatePermissionArr) {
                if (extendedKeyUsage.contains(certificatePermission.toString())) {
                    return;
                }
            }
            throw new CertificatePermissionException();
        } catch (CertificatePermissionException e) {
            throw e;
        } catch (Exception e2) {
            throw new DefectCertificateException(e2);
        }
    }

    public static boolean isKeyForSign(X509Certificate x509Certificate) {
        try {
            checkPermissions(x509Certificate, 0, 1);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean isKeyForAuth(X509Certificate x509Certificate) {
        try {
            checkPermissions(x509Certificate, 0, 2);
            return true;
        } catch (Exception e) {
            return CertificateUtil.checkCertficateIssuer(x509Certificate, Issuers.PKI_UCGO) || CertificateUtil.checkCertficateIssuer(x509Certificate, Issuers.PKI_UCGO);
        }
    }

    public static boolean isEntityOfOrganization(X509Certificate x509Certificate) {
        try {
            checkExtensionPermissions(x509Certificate, CertificatePermission.ENTITY, CertificatePermission.ENTITY_OF_ORGANIZATION);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean isHavePermissionsForSign(X509Certificate x509Certificate) {
        try {
            checkExtensionPermissions(x509Certificate, CertificatePermission.ENTITY);
            checkOptionalExtensionPermissions(x509Certificate, CertificatePermission.ENTITY_WITH_SIGN_PERM, CertificatePermission.TOP_HEAD);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
