package mx.gob.sat.sgi.SgiCripto;

import com.sun.jna.platform.win32.WinError;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.bouncycastle.jce.cert.CertPath;
import org.bouncycastle.jce.cert.CertPathValidator;
import org.bouncycastle.jce.cert.CertPathValidatorException;
import org.bouncycastle.jce.cert.CertStore;
import org.bouncycastle.jce.cert.CertificateFactory;
import org.bouncycastle.jce.cert.CollectionCertStoreParameters;
import org.bouncycastle.jce.cert.PKIXParameters;
import org.bouncycastle.jce.cert.TrustAnchor;

/* loaded from: input_file:mx/gob/sat/sgi/SgiCripto/SgiCadCert.class */
public class SgiCadCert {
    private CertPathValidator validador = null;
    private List listaACs = null;
    private boolean iniciado = false;
    private X509Certificate root = null;
    private byte[] certificadoAvalidar = null;

    private void ver_SgiCadCert() {
    }

    private X509Certificate getCertificado(InputStream inputStream) throws SgiCriptoException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(inputStream);
        } catch (NoSuchProviderException e) {
            throw new SgiCriptoException(new StringBuffer().append("El proveedor no esta cargado.").append(e.getMessage()).toString(), WinError.ERROR_RECEIVE_PARTIAL);
        } catch (CertificateException e2) {
            throw new SgiCriptoException(new StringBuffer().append("Error al generar X509.").append(e2.getMessage()).toString(), WinError.ERROR_RXACT_STATE_CREATED);
        }
    }

    private void cargaCertificados(List list) throws SgiCriptoException {
        int size = list.size();
        this.listaACs = new ArrayList();
        if (!this.listaACs.isEmpty()) {
            this.listaACs.clear();
        }
        for (int i = 0; i < size; i++) {
            this.listaACs.add(getCertificado((InputStream) list.get(i)));
        }
    }

    public void inicia(InputStream inputStream, List list) throws SgiCriptoException {
        if (this.certificadoAvalidar != null) {
            this.certificadoAvalidar = null;
        }
        this.root = getCertificado(inputStream);
        cargaCertificados(list);
        this.iniciado = true;
    }

    private boolean valida_ant(InputStream inputStream) throws SgiCriptoException {
        if (!this.iniciado) {
            throw new SgiCriptoException("Objeto SgiCadCert no iniciado.", 1000);
        }
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(this.root);
            for (int i = 0; i < this.listaACs.size(); i++) {
                arrayList.add(this.listaACs.get(i));
            }
            arrayList.add(getCertificado(inputStream));
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(arrayList.get(arrayList.size() - 1));
            for (int i2 = 0; i2 < this.listaACs.size(); i2++) {
                arrayList2.add(this.listaACs.get(i2));
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList2);
            Set singleton = Collections.singleton(new TrustAnchor(this.root, null));
            this.validador = CertPathValidator.getInstance("PKIX", "BC");
            PKIXParameters pKIXParameters = new PKIXParameters(singleton);
            pKIXParameters.addCertStore(certStore);
            pKIXParameters.setDate(new Date());
            pKIXParameters.setRevocationEnabled(false);
            this.validador.validate(generateCertPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new SgiCriptoException(new StringBuffer().append("Parametros PKIX invalidos.").append(e.getMessage()).toString(), WinError.ERROR_FT_READ_RECOVERY_FROM_BACKUP);
        } catch (NoSuchAlgorithmException e2) {
            throw new SgiCriptoException(new StringBuffer().append("Algoritmo no encontrado.").append(e2.getMessage()).toString(), WinError.ERROR_FT_WRITE_RECOVERY);
        } catch (NoSuchProviderException e3) {
            throw new SgiCriptoException(new StringBuffer().append("El proveedor no esta cargado.").append(e3.getMessage()).toString(), WinError.ERROR_RECEIVE_PARTIAL);
        } catch (CertificateException e4) {
            throw new SgiCriptoException(new StringBuffer().append("Certificado no valido.").append(e4.getMessage()).toString(), WinError.ERROR_RECEIVE_EXPEDITED);
        } catch (CertPathValidatorException e5) {
            throw new SgiCriptoException(new StringBuffer().append("Certificado no validado.").append(e5.getMessage()).toString(), WinError.ERROR_IMAGE_MACHINE_TYPE_MISMATCH);
        }
    }

    public boolean valida(InputStream inputStream) throws SgiCriptoException {
        if (!this.iniciado) {
            throw new SgiCriptoException("Objeto SgiCadCert no iniciado.", 1000);
        }
        try {
            this.certificadoAvalidar = new byte[inputStream.available()];
            inputStream.read(this.certificadoAvalidar);
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            int size = this.listaACs.size();
            for (int i = 0; i < size; i++) {
                if (!arrayList.isEmpty()) {
                    arrayList.clear();
                }
                if (z) {
                    break;
                }
                try {
                    arrayList.add(this.root);
                    arrayList.add(this.listaACs.get(i));
                    arrayList.add(getCertificado(new ByteArrayInputStream(this.certificadoAvalidar)));
                    CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add(arrayList.get(arrayList.size() - 1));
                    arrayList2.add(this.listaACs.get(i));
                    CertPath generateCertPath = certificateFactory.generateCertPath(arrayList2);
                    Set singleton = Collections.singleton(new TrustAnchor(this.root, null));
                    this.validador = CertPathValidator.getInstance("PKIX", "BC");
                    PKIXParameters pKIXParameters = new PKIXParameters(singleton);
                    pKIXParameters.addCertStore(certStore);
                    pKIXParameters.setDate(new Date());
                    pKIXParameters.setRevocationEnabled(false);
                    this.validador.validate(generateCertPath, pKIXParameters);
                    z = true;
                } catch (InvalidAlgorithmParameterException e) {
                    if (i == size) {
                        break;
                    }
                } catch (NoSuchAlgorithmException e2) {
                    if (i == size) {
                        break;
                    }
                } catch (NoSuchProviderException e3) {
                    if (i == size) {
                        break;
                    }
                } catch (CertificateException e4) {
                    if (i == size) {
                        break;
                    }
                } catch (CertPathValidatorException e5) {
                    if (i == size) {
                        break;
                    }
                }
            }
            return z;
        } catch (IOException e6) {
            throw new SgiCriptoException(new StringBuffer().append("Error al leer el certificado a validar. ").append(e6.getMessage()).toString(), WinError.ERROR_RXACT_STATE_CREATED);
        }
    }
}
