package com.lankapay.justpay.util.jscep.client;

import com.andridx.rj1;
import com.andridx.tz;
import com.andridx.vz;
import java.math.BigInteger;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;

/* loaded from: classes.dex */
public final class CertStoreInspector {
    private static final int DATA_ENCIPHERMENT = 2;
    private static final int DIGITAL_SIGNATURE = 0;
    private static final int KEY_ENCIPHERMENT = 2;
    private static final int KEY_USAGE_LENGTH = 9;
    private static final tz LOGGER = vz.LKTMoTMwSkmFt4rBdzL1(CertStoreInspector.class);
    private final X509Certificate encrypter;
    private final X509Certificate issuer;
    private final X509Certificate verifier;

    private CertStoreInspector(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3) {
        this.verifier = x509Certificate;
        this.encrypter = x509Certificate2;
        this.issuer = x509Certificate3;
    }

    private static X509Certificate getCaCertificate(CertStore certStore) {
        rj1 rj1Var = new rj1();
        rj1Var.setBasicConstraints(0);
        Collection<? extends Certificate> certificates = certStore.getCertificates(rj1Var);
        if (certificates.size() > 0) {
            return (X509Certificate) certificates.iterator().next();
        }
        throw new RuntimeException("No suitable certificate for verification");
    }

    public static CertStoreInspector inspect(CertStore certStore) {
        try {
            Iterator<? extends Certificate> it = certStore.getCertificates(null).iterator();
            while (it.hasNext()) {
            }
            X509Certificate selectEncryptionCertificate = selectEncryptionCertificate(certStore);
            new BigInteger(selectEncryptionCertificate.getSerialNumber().toString());
            return new CertStoreInspector(selectSigner(certStore), selectEncryptionCertificate, selectIssuer(certStore));
        } catch (CertStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private static X509Certificate selectEncryptionCertificate(CertStore certStore) {
        Iterator<? extends Certificate> it;
        boolean[] zArr = new boolean[9];
        zArr[2] = true;
        rj1 rj1Var = new rj1();
        rj1Var.setBasicConstraints(-1);
        rj1Var.setKeyUsage(zArr);
        Collection<? extends Certificate> certificates = certStore.getCertificates(rj1Var);
        if (certificates.size() > 0) {
            it = certificates.iterator();
        } else {
            boolean[] zArr2 = new boolean[9];
            zArr2[2] = true;
            rj1Var.setKeyUsage(zArr2);
            Collection<? extends Certificate> certificates2 = certStore.getCertificates(rj1Var);
            if (certificates2.size() <= 0) {
                return getCaCertificate(certStore);
            }
            it = certificates2.iterator();
        }
        return (X509Certificate) it.next();
    }

    private static X509Certificate selectIssuer(CertStore certStore) {
        return getCaCertificate(certStore);
    }

    private static X509Certificate selectSigner(CertStore certStore) {
        boolean[] zArr = new boolean[9];
        zArr[0] = true;
        rj1 rj1Var = new rj1();
        rj1Var.setBasicConstraints(-2);
        rj1Var.setKeyUsage(zArr);
        Collection<? extends Certificate> certificates = certStore.getCertificates(rj1Var);
        return certificates.size() > 0 ? (X509Certificate) certificates.iterator().next() : getCaCertificate(certStore);
    }

    public X509Certificate getIssuer() {
        return this.issuer;
    }

    public X509Certificate getRecipient() {
        return this.encrypter;
    }

    public X509Certificate getSigner() {
        return this.verifier;
    }
}
