package cn.com.infosec.util;

import java.security.Principal;
import java.security.cert.X509Certificate;

/* loaded from: input_file:BOOT-INF/lib/infosecCrypto_1.2.jar:cn/com/infosec/util/CertificateChainUtil.class */
public class CertificateChainUtil {
    public static X509Certificate[] sortCertificates(X509Certificate[] x509CertificateArr) throws Exception {
        boolean z = false;
        int length = x509CertificateArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Principal subjectDN = x509CertificateArr[i].getSubjectDN();
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                if (subjectDN.equals(x509CertificateArr[i2].getIssuerDN())) {
                    z = false;
                    break;
                }
                i2++;
            }
            if (i2 == length) {
                z = true;
                X509Certificate x509Certificate = x509CertificateArr[i];
                break;
            }
            i++;
        }
        if (i == length && !z) {
            throw new Exception("Can't found a usercert in the chain");
        }
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        x509CertificateArr[0] = x509CertificateArr[i];
        x509CertificateArr[i] = x509Certificate2;
        Principal issuerDN = x509CertificateArr[0].getIssuerDN();
        for (int i3 = 1; i3 < x509CertificateArr.length - 1; i3++) {
            int i4 = i3;
            while (true) {
                if (i4 >= x509CertificateArr.length) {
                    break;
                }
                if (x509CertificateArr[i4].getSubjectDN().equals(issuerDN)) {
                    X509Certificate x509Certificate3 = x509CertificateArr[i3];
                    x509CertificateArr[i3] = x509CertificateArr[i4];
                    x509CertificateArr[i4] = x509Certificate3;
                    issuerDN = x509CertificateArr[i3].getIssuerDN();
                    break;
                }
                i4++;
            }
            if (i4 == x509CertificateArr.length) {
                throw new Exception("Incomplete certificate chain in reply");
            }
        }
        for (int i5 = 0; i5 < x509CertificateArr.length - 1; i5++) {
            try {
                x509CertificateArr[i5].verify(x509CertificateArr[i5 + 1].getPublicKey());
            } catch (Exception e) {
                throw new Exception("Certificate in chain does not verify");
            }
        }
        return x509CertificateArr;
    }

    public static void main(String[] strArr) {
    }
}
