package net.java.dev.sommer.foafssl.verifier;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import net.java.dev.sommer.foafssl.principals.DereferencedFoafSslPrincipal;
import net.java.dev.sommer.foafssl.principals.FoafSslPrincipal;
import org.openrdf.OpenRDFException;
import org.openrdf.model.ValueFactory;
import org.openrdf.query.Binding;
import org.openrdf.query.BindingSet;
import org.openrdf.query.QueryLanguage;
import org.openrdf.query.TupleQuery;
import org.openrdf.query.TupleQueryResult;
import org.openrdf.repository.sail.SailRepository;
import org.openrdf.repository.sail.SailRepositoryConnection;
import org.openrdf.rio.RDFFormat;
import org.openrdf.sail.memory.MemoryStore;

/* loaded from: input_file:WEB-INF/lib/foafssl-verifier-0.3.1.jar:net/java/dev/sommer/foafssl/verifier/DereferencingFoafSslVerifier.class */
public class DereferencingFoafSslVerifier implements FoafSslVerifier {
    static transient Logger log = Logger.getLogger(DereferencingFoafSslVerifier.class.getName());
    private static final char[] hexchars = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'a', 'B', 'b', 'C', 'c', 'D', 'd', 'E', 'e', 'F', 'f'};

    @Override // net.java.dev.sommer.foafssl.verifier.FoafSslVerifier
    public Collection<? extends FoafSslPrincipal> verifyFoafSslCertificate(X509Certificate x509Certificate) throws OpenRDFException, IOException {
        ArrayList arrayList = new ArrayList();
        Iterator<URI> it = getAlternativeURIName(x509Certificate).iterator();
        while (it.hasNext()) {
            DereferencedFoafSslPrincipal verifyByDereferencing = verifyByDereferencing(it.next(), x509Certificate.getPublicKey());
            if (verifyByDereferencing != null) {
                arrayList.add(verifyByDereferencing);
            }
        }
        return arrayList;
    }

    public DereferencedFoafSslPrincipal verifyByDereferencing(URI uri, PublicKey publicKey) throws OpenRDFException, IOException {
        URLConnection openConnection = uri.toURL().openConnection();
        openConnection.addRequestProperty("Accept:", "application/rdf+xml");
        openConnection.connect();
        InputStream inputStream = openConnection.getInputStream();
        try {
            boolean z = false;
            Certificate[] certificateArr = null;
            if (openConnection instanceof HttpsURLConnection) {
                z = true;
                certificateArr = ((HttpsURLConnection) openConnection).getServerCertificates();
            }
            DereferencedFoafSslPrincipal verifyByDereferencing = verifyByDereferencing(uri, publicKey, openConnection.getURL(), inputStream, mimeType(openConnection.getContentType()), z, certificateArr);
            inputStream.close();
            return verifyByDereferencing;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public DereferencedFoafSslPrincipal verifyByDereferencing(URI uri, PublicKey publicKey, URL url, InputStream inputStream, String str) throws OpenRDFException, IOException {
        return verifyByDereferencing(uri, publicKey, url, inputStream, str, false, null);
    }

    public DereferencedFoafSslPrincipal verifyByDereferencing(URI uri, PublicKey publicKey, URL url, InputStream inputStream, String str, boolean z, Certificate[] certificateArr) throws OpenRDFException, IOException {
        Binding binding;
        RDFFormat forMIMEType = RDFFormat.forMIMEType(str);
        URL url2 = new URL(url.getProtocol(), url.getHost(), url.getPort(), url.getFile());
        MemoryStore memoryStore = new MemoryStore();
        memoryStore.initialize();
        SailRepository sailRepository = new SailRepository(memoryStore);
        SailRepositoryConnection connection = sailRepository.getConnection();
        ValueFactory valueFactory = sailRepository.getValueFactory();
        connection.add(inputStream, url.toString(), forMIMEType, valueFactory.createURI(url2.toString()));
        if (!(publicKey instanceof RSAPublicKey)) {
            if (publicKey instanceof DSAPublicKey) {
            }
            return null;
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        TupleQuery prepareTupleQuery = connection.prepareTupleQuery(QueryLanguage.SPARQL, "PREFIX cert: <http://www.w3.org/ns/auth/cert#>PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>SELECT ?mod ?exp WHERE {   ?sig cert:identity ?person .   ?sig a rsa:RSAPublicKey;        rsa:modulus [ cert:hex ?mod ] ;        rsa:public_exponent [ cert:decimal ?exp ] .}");
        prepareTupleQuery.setBinding("person", valueFactory.createURI(uri.toString()));
        TupleQueryResult evaluate = prepareTupleQuery.evaluate();
        while (evaluate.hasNext()) {
            BindingSet next = evaluate.next();
            Binding binding2 = next.getBinding("mod");
            if (binding2 != null && new BigInteger(cleanHex(binding2.getValue().stringValue()), 16).equals(rSAPublicKey.getModulus()) && (binding = next.getBinding("exp")) != null && new BigInteger(binding.getValue().stringValue(), 10).equals(rSAPublicKey.getPublicExponent())) {
                return new DereferencedFoafSslPrincipal(uri, z, certificateArr);
            }
        }
        return null;
    }

    public static List<URI> getAlternativeURIName(X509Certificate x509Certificate) {
        Collection<List<?>> subjectAlternativeNames;
        ArrayList arrayList = new ArrayList();
        if (x509Certificate == null) {
            return arrayList;
        }
        try {
            subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            log.log(Level.WARNING, "Unable to parse certificate for extracting the subjectAltNames.", (Throwable) e);
        }
        if (subjectAlternativeNames == null) {
            return arrayList;
        }
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 6) {
                Object obj = list.get(1);
                if (obj instanceof String) {
                    try {
                        arrayList.add(new URI((String) obj));
                    } catch (URISyntaxException e2) {
                        e2.printStackTrace();
                    }
                }
            }
        }
        return arrayList;
    }

    private String cleanHex(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        for (char c : str.toCharArray()) {
            if (Arrays.binarySearch(hexchars, c) >= 0) {
                stringBuffer.append(c);
            }
        }
        return stringBuffer.toString();
    }

    private String mimeType(String str) {
        int indexOf = str.indexOf(59);
        if (indexOf > 0) {
            str = str.substring(0, indexOf);
        }
        return str.trim();
    }

    static {
        Arrays.sort(hexchars);
    }
}
