package asia.dbt.thundercrypt.core.utils;

import asia.dbt.thundercrypt.core.ProviderManager;
import asia.dbt.thundercrypt.core.exceptions.UnknownCaException;
import asia.dbt.thundercrypt.core.exceptions.certificates.IssuerCertificateNotFoundException;
import asia.dbt.thundercrypt.core.exceptions.certificates.RootCheckCertificateException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:asia/dbt/thundercrypt/core/utils/CertificateChainUtil.class */
public class CertificateChainUtil {
    private static final int MAX_DEPTH_FOR_CA = 5;

    public static List<X509Certificate> getCertificatesChain(X509Certificate x509Certificate) throws RootCheckCertificateException, IssuerCertificateNotFoundException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, SignatureException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate");
        }
        ArrayList arrayList = new ArrayList();
        int i = 1;
        while (true) {
            arrayList.add(x509Certificate);
            if (CertificateUtil.isRoot(x509Certificate)) {
                break;
            }
            int i2 = i;
            i++;
            if (i2 >= 5) {
                break;
            }
            x509Certificate = CertificateUtil.getIssuerCertificate(x509Certificate);
        }
        return arrayList;
    }

    public static void validateCertificateChain(X509Certificate x509Certificate, Date date) throws UnknownCaException, RootCheckCertificateException, CertificateNotYetValidException, CertificateExpiredException {
        try {
            List<X509Certificate> certificatesChain = getCertificatesChain(x509Certificate);
            for (int i = 0; i < certificatesChain.size() - 1; i++) {
                certificatesChain.get(i).verify(certificatesChain.get(i + 1).getPublicKey(), ProviderManager.getProviderName());
            }
            Iterator<X509Certificate> it = certificatesChain.iterator();
            while (it.hasNext()) {
                CertificateUtil.validateCertificateExpire(it.next(), date);
            }
        } catch (Exception e) {
            throw new UnknownCaException(e);
        }
    }
}
