package net.java.xades.security;

import com.lowagie.text.xml.xmp.XmpWriter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import net.java.xades.util.Base64;
import net.java.xades.util.ComparableBean;
import net.java.xades.util.SystemUtils;
import net.java.xades.util.UniversalIndexKey;
import org.apache.batik.util.SVGConstants;
import org.apache.batik.util.XMLConstants;
import sun.security.x509.AccessDescription;
import sun.security.x509.AuthorityInfoAccessExtension;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.IssuerAlternativeNameExtension;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.SerialNumber;
import sun.security.x509.SubjectKeyIdentifierExtension;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:net/java/xades/security/CertificateHelper.class */
public class CertificateHelper implements ComparableBean {
    private static final String EMAIL_ADDRESS_NAME = "EMAILADDRESS";
    X509Certificate certificate;
    X509CertImpl certificateImpl;
    X509Certificate[] certificateChain;
    X509Certificate[] trustedCACertificates;
    CertPath certPath;
    CertificateFactory certFactory;
    String thumbprintAlgorithm;
    X500Name subjectName;
    X500Name issuerName;
    String eMail;
    Provider provider;
    PrivateKey privateKey;
    byte[] certEncoded;
    String alias;
    private Comparable<UniversalIndexKey> indexKey;

    public CertificateHelper() {
        this.certificate = null;
        this.certificateChain = null;
        this.trustedCACertificates = null;
        this.certPath = null;
        this.certFactory = null;
        this.thumbprintAlgorithm = "SHA1";
        this.subjectName = null;
        this.issuerName = null;
        this.eMail = null;
        this.certEncoded = null;
        this.alias = null;
    }

    public CertificateHelper(X509Certificate x509Certificate) {
        this.certificate = null;
        this.certificateChain = null;
        this.trustedCACertificates = null;
        this.certPath = null;
        this.certFactory = null;
        this.thumbprintAlgorithm = "SHA1";
        this.subjectName = null;
        this.issuerName = null;
        this.eMail = null;
        this.certEncoded = null;
        this.alias = null;
        this.certificate = x509Certificate;
    }

    @Override // net.java.xades.util.ComparableBean
    public Comparable<UniversalIndexKey> getIndexKey() {
        if (this.indexKey == null) {
            try {
                this.indexKey = new UniversalIndexKey(getIssuerCommonName(), getSerialNumberAsString());
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return this.indexKey;
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof CertificateHelper)) {
            return false;
        }
        return getIndexKey().equals(((CertificateHelper) obj).getIndexKey());
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public X509CertImpl getCertificateImpl() throws CertificateException {
        if (this.certificateImpl == null) {
            this.certificateImpl = X509CertImpl.toImpl(getCertificate());
        }
        return this.certificateImpl;
    }

    public Provider getProvider() {
        return this.provider;
    }

    public void setProvider(Provider provider) {
        this.provider = provider;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void verifyCertificate() throws CertificateExpiredException, CertificateNotYetValidException {
        verifyCertificate(null);
    }

    public void verifyCertificate(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        X509Certificate certificate = getCertificate();
        if (date == null) {
            certificate.checkValidity();
        } else {
            certificate.checkValidity(date);
        }
    }

    public CertificateFactory getCertificateFactory() throws CertificateException {
        if (this.certFactory == null) {
            this.certFactory = CertificateFactory.getInstance("X.509");
        }
        return this.certFactory;
    }

    public URI getOCSPServerURI() throws GeneralSecurityException, IOException {
        AuthorityInfoAccessExtension authorityInfoAccessExtension = getAuthorityInfoAccessExtension();
        if (authorityInfoAccessExtension == null) {
            return null;
        }
        for (AccessDescription accessDescription : (List) authorityInfoAccessExtension.get("descriptions")) {
            if (accessDescription.getAccessMethod().equals(AccessDescription.Ad_OCSP_Id)) {
                GeneralName accessLocation = accessDescription.getAccessLocation();
                if (accessLocation.getType() == 6) {
                    try {
                        return new URI(accessLocation.getName().getName());
                    } catch (URISyntaxException e) {
                        throw new CertPathValidatorException(e);
                    }
                }
            }
        }
        return null;
    }

    public URI getCRLDistributionPointsURI() throws IOException, GeneralSecurityException, URISyntaxException {
        Object obj;
        CRLDistributionPointsExtension cRLDistributionPointsExtension = getCRLDistributionPointsExtension();
        if (cRLDistributionPointsExtension == null || (obj = cRLDistributionPointsExtension.get(SVGConstants.SVG_POINTS_ATTRIBUTE)) == null || !(obj instanceof List)) {
            return null;
        }
        List list = (List) obj;
        for (DistributionPoint distributionPoint : (DistributionPoint[]) list.toArray(new DistributionPoint[list.size()])) {
            GeneralNames fullName = distributionPoint.getFullName();
            if (fullName != null && !fullName.isEmpty()) {
                Iterator it = fullName.iterator();
                while (it.hasNext()) {
                    URIName name = ((GeneralName) it.next()).getName();
                    if (name != null && (name instanceof URIName)) {
                        return name.getURI();
                    }
                }
            }
        }
        return null;
    }

    public KeyIdentifier getSubjectKeyIdentifier() throws CertificateException, IOException {
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = getSubjectKeyIdentifierExtension();
        if (subjectKeyIdentifierExtension != null) {
            return (KeyIdentifier) subjectKeyIdentifierExtension.get("key_id");
        }
        return null;
    }

    public String getSubjectKeyIdentifierAsString() throws CertificateException, IOException {
        KeyIdentifier subjectKeyIdentifier = getSubjectKeyIdentifier();
        if (subjectKeyIdentifier != null) {
            return SystemUtils.toHexString(subjectKeyIdentifier.getIdentifier());
        }
        return null;
    }

    public byte[] getThumbprint() throws GeneralSecurityException {
        return MessageDigest.getInstance(this.thumbprintAlgorithm).digest(getCertificate().getEncoded());
    }

    private X500Name getSubjectName() {
        if (this.subjectName == null) {
            this.subjectName = X500Name.asX500Name(getCertificate().getSubjectX500Principal());
        }
        return this.subjectName;
    }

    private X500Name getIssuerName() {
        if (this.issuerName == null) {
            this.issuerName = X500Name.asX500Name(getCertificate().getIssuerX500Principal());
        }
        return this.issuerName;
    }

    public Date getNotAfter() {
        return getCertificate().getNotAfter();
    }

    public Date getNotBefore() {
        return getCertificate().getNotBefore();
    }

    public String getEMail() {
        if (this.eMail == null) {
            String[] split = getSubjectName().getName().split(",");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str = split[i];
                int indexOf = str.toUpperCase().indexOf(EMAIL_ADDRESS_NAME);
                if (indexOf >= 0) {
                    String substring = str.substring(indexOf);
                    this.eMail = substring.substring(substring.indexOf(XMLConstants.XML_EQUAL_SIGN) + 1).trim();
                    StringTokenizer stringTokenizer = new StringTokenizer(this.eMail, ", +;");
                    if (stringTokenizer.hasMoreTokens()) {
                        this.eMail = stringTokenizer.nextToken();
                    }
                } else {
                    i++;
                }
            }
            if (this.eMail == null) {
                try {
                    Collection<List<?>> subjectAlternativeNames = getCertificate().getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        for (List<?> list : subjectAlternativeNames) {
                            int i2 = 0;
                            while (true) {
                                if (i2 >= list.size()) {
                                    break;
                                }
                                Object obj = list.get(i2);
                                if ((obj instanceof Integer) && ((Integer) obj).intValue() == 1) {
                                    this.eMail = list.get(i2 + 1).toString();
                                    break;
                                }
                                i2 += 2;
                            }
                            if (this.eMail != null) {
                                break;
                            }
                        }
                    }
                } catch (GeneralSecurityException e) {
                    e.printStackTrace();
                }
            }
        }
        return this.eMail;
    }

    public AuthorityKeyIdentifierExtension getAuthorityKeyIdentifierExtension() throws CertificateException {
        return getCertificateImpl().getAuthorityKeyIdentifierExtension();
    }

    public KeyIdentifier getAuthorityKeyIdentifier() throws CertificateException, IOException {
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = getAuthorityKeyIdentifierExtension();
        if (authorityKeyIdentifierExtension != null) {
            return (KeyIdentifier) authorityKeyIdentifierExtension.get("key_id");
        }
        return null;
    }

    public String getAuthorityKeyIdentifierAsString() throws CertificateException, IOException {
        KeyIdentifier authorityKeyIdentifier = getAuthorityKeyIdentifier();
        if (authorityKeyIdentifier != null) {
            return SystemUtils.toHexString(authorityKeyIdentifier.getIdentifier());
        }
        return null;
    }

    public X500Name getAuthorityName() throws CertificateException, IOException {
        GeneralNames generalNames;
        X500Name name;
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = getAuthorityKeyIdentifierExtension();
        if (authorityKeyIdentifierExtension == null || (generalNames = (GeneralNames) authorityKeyIdentifierExtension.get("auth_name")) == null || generalNames.size() <= 0 || (name = generalNames.get(0).getName()) == null || !(name instanceof X500Name)) {
            return null;
        }
        return name;
    }

    public SerialNumber getAuthoritySerialNumber() throws CertificateException, IOException {
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = getAuthorityKeyIdentifierExtension();
        if (authorityKeyIdentifierExtension != null) {
            return (SerialNumber) authorityKeyIdentifierExtension.get("serial_number");
        }
        return null;
    }

    public String getAuthoritySerialNumberAsString() throws CertificateException, IOException {
        SerialNumber authoritySerialNumber = getAuthoritySerialNumber();
        if (authoritySerialNumber != null) {
            return authoritySerialNumber.getNumber().toString();
        }
        return null;
    }

    public AuthorityInfoAccessExtension getAuthorityInfoAccessExtension() throws CertificateException {
        return getCertificateImpl().getAuthorityInfoAccessExtension();
    }

    public CRLDistributionPointsExtension getCRLDistributionPointsExtension() throws CertificateException {
        return getCertificateImpl().getCRLDistributionPointsExtension();
    }

    public SubjectKeyIdentifierExtension getSubjectKeyIdentifierExtension() throws CertificateException {
        return getCertificateImpl().getSubjectKeyIdentifierExtension();
    }

    public IssuerAlternativeNameExtension getIssuerAlternativeNameExtension() throws CertificateException {
        return getCertificateImpl().getIssuerAlternativeNameExtension();
    }

    public String getIssuerAlternativeName() throws CertificateException, IOException {
        GeneralNames generalNames;
        URIName name;
        URI uri;
        IssuerAlternativeNameExtension issuerAlternativeNameExtension = getIssuerAlternativeNameExtension();
        if (issuerAlternativeNameExtension == null || (generalNames = (GeneralNames) issuerAlternativeNameExtension.get("issuer_name")) == null || generalNames.size() <= 0 || (name = generalNames.get(0).getName()) == null || !(name instanceof URIName) || (uri = name.getURI()) == null) {
            return null;
        }
        return uri.toString();
    }

    public String getSubjectCommonName() throws IOException {
        return getSubjectName().getCommonName();
    }

    public String getSubjectOrganizationalUnit() throws IOException {
        return getSubjectName().getOrganizationalUnit();
    }

    public String getSubjectOrganization() throws IOException {
        return getSubjectName().getOrganization();
    }

    public String getSubjectLocality() throws IOException {
        return getSubjectName().getLocality();
    }

    public String getSubjectCountry() throws IOException {
        return getSubjectName().getCountry();
    }

    public String getSerialNumberAsString() {
        return getCertificate().getSerialNumber().toString();
    }

    public String getIssuerCommonName() throws IOException {
        return getIssuerName().getCommonName();
    }

    public String getIssuerOrganizationalUnit() throws IOException {
        return getIssuerName().getOrganizationalUnit();
    }

    public String getIssuerOrganization() throws IOException {
        return getIssuerName().getOrganization();
    }

    public String getIssuerLocality() throws IOException {
        return getIssuerName().getLocality();
    }

    public String getIssuerCountry() throws IOException {
        return getIssuerName().getCountry();
    }

    public String toString() {
        try {
            return getSubjectCommonName();
        } catch (Exception unused) {
            return "ERROR retrieving Subject CN";
        }
    }

    public static void exportToPKCS7(X509Certificate x509Certificate, OutputStream outputStream) throws CertificateEncodingException, IOException {
        exportToPKCS7(x509Certificate, outputStream, true);
    }

    public static void exportToPKCS7(X509Certificate x509Certificate, OutputStream outputStream, boolean z) throws CertificateEncodingException, IOException {
        byte[] encoded = x509Certificate.getEncoded();
        if (z) {
            outputStream.write(encoded);
        } else {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream, Charset.forName(XmpWriter.UTF8));
            outputStreamWriter.write("-----BEGIN CERTIFICATE-----\n");
            outputStreamWriter.write(Base64.encodeBytes(encoded));
            outputStreamWriter.write("\n-----END CERTIFICATE-----\n");
            outputStreamWriter.flush();
        }
        outputStream.flush();
        outputStream.close();
    }

    public static X509Certificate getPKCS7Certificate(byte[] bArr) throws CertificateException, IOException {
        return getPKCS7Certificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate getPKCS7Certificate(InputStream inputStream) throws CertificateException, IOException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        inputStream.close();
        return x509Certificate;
    }
}
