package com.sg.openews.api.crypto.impl;

import com.sg.openews.api.exception.CertValidatorException;
import com.sg.openews.api.exception.SGCertificateException;
import com.sg.openews.api.key.SGCertificate;
import com.sg.openews.api.key.impl.NPKICertificate;

/* loaded from: classes.dex */
public class CertChainValidator {
    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validator(SGCertificate[] sGCertificateArr) throws CertValidatorException {
        for (int i = 0; i < sGCertificateArr.length; i++) {
            NPKICertificate nPKICertificate = (NPKICertificate) sGCertificateArr[i];
            NPKICertificate nPKICertificate2 = (NPKICertificate) sGCertificateArr[i + 1];
            if (!nPKICertificate.checkValidity()) {
                throw new CertValidatorException("Error_0152", "Certificate is expired. DN=" + nPKICertificate.getSubjectDN());
            }
            try {
                if (!nPKICertificate.verify(nPKICertificate2.getPublicKey())) {
                    throw new SGCertificateException("ReDownload");
                }
                if (nPKICertificate2.getSubjectDN().equals(nPKICertificate2.getIssuerDN())) {
                    return true;
                }
                if (i + 1 == sGCertificateArr.length) {
                    throw new CertValidatorException("Error_0154", "No RootCA Certificate exist in the Cetificate Chain.");
                }
            } catch (SGCertificateException e) {
                throw new CertValidatorException("Error_0153", e);
            }
        }
        return true;
    }
}
