package net.sf.jstuff.core.security.x509;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.directory.Attribute;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import net.sf.jstuff.core.Strings;
import net.sf.jstuff.core.io.IOUtils;
import net.sf.jstuff.core.io.MoreFiles;
import net.sf.jstuff.core.io.stream.FastByteArrayInputStream;
import net.sf.jstuff.core.logging.Logger;
import net.sf.jstuff.core.security.Base64;
import net.sf.jstuff.core.security.Checksums;
import net.sf.jstuff.core.validation.Args;

/* loaded from: input_file:net/sf/jstuff/core/security/x509/X509Utils.class */
public abstract class X509Utils {
    public static final CertificateFactory CERTIFICATE_FACTORY;
    private static final Logger LOG = Logger.create();
    private static final Pattern CRL_PATTERN = Pattern.compile("BEGIN X509 CRL-+\r?\n?(.*[^-])\r?\n?-+END X509 CRL", 32);
    private static final Pattern CERTIFICATE_PATTERN = Pattern.compile("BEGIN .*CERTIFICATE-+\r?\n?(.*[^-])\r?\n?-+END .*CERTIFICATE", 32);
    private static final Pattern PRIVATE_KEY_PATTERN = Pattern.compile("BEGIN .*PRIVATE KEY-+\r?\n?(.*[^-])\r?\n?-+END .*PRIVATE KEY", 32);
    private static final Pattern PUBLIC_KEY_PATTERN = Pattern.compile("BEGIN .*PUBLIC KEY-+\r?\n?(.*[^-])\r?\n?-+END .*PUBLIC KEY", 32);

    static {
        try {
            CERTIFICATE_FACTORY = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException(e);
        }
    }

    public static X509Certificate convert(javax.security.cert.X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return (X509Certificate) CERTIFICATE_FACTORY.generateCertificate(new FastByteArrayInputStream(x509Certificate.getEncoded()));
        } catch (Exception e) {
            throw new IllegalArgumentException("[cert] " + x509Certificate + " is not convertable!", e);
        }
    }

    public static javax.security.cert.X509Certificate convert(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return javax.security.cert.X509Certificate.getInstance(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new IllegalArgumentException("[cert] " + x509Certificate + " is not convertable!", e);
        }
    }

    public static X509Certificate getCertificate(byte[] bArr) throws GeneralSecurityException {
        Args.notEmpty("data", bArr);
        return getCertificate(new FastByteArrayInputStream(bArr));
    }

    public static X509Certificate getCertificate(File file) throws GeneralSecurityException, IOException {
        Args.notNull("file", file);
        Throwable th = null;
        try {
            InputStream newInputStream = Files.newInputStream(file.toPath(), StandardOpenOption.READ);
            try {
                X509Certificate certificate = getCertificate(newInputStream);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return certificate;
            } catch (Throwable th2) {
                if (newInputStream != null) {
                    newInputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public static X509Certificate getCertificate(InputStream inputStream) throws GeneralSecurityException {
        Args.notNull("is", inputStream);
        try {
            return (X509Certificate) CERTIFICATE_FACTORY.generateCertificate(IOUtils.toBufferedInputStream(inputStream));
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static X509Certificate getCertificateFromPEM(File file) throws GeneralSecurityException, IOException {
        Args.notNull("pemFile", file);
        return getCertificateFromPEM(MoreFiles.readFileToString(file.toPath()));
    }

    public static X509Certificate getCertificateFromPEM(InputStream inputStream) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        try {
            return getCertificateFromPEM(IOUtils.toString(IOUtils.toBufferedInputStream(inputStream)));
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static X509Certificate getCertificateFromPEM(String str) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        Certificate generateCertificate = CERTIFICATE_FACTORY.generateCertificate(new FastByteArrayInputStream(CERTIFICATE_PATTERN.matcher(str).find() ? str.getBytes(StandardCharsets.UTF_8) : ("-----BEGIN CERTIFICATE-----\n" + str + "\n-----END CERTIFICATE-----").getBytes(StandardCharsets.UTF_8)));
        if ("X.509".equals(generateCertificate.getType())) {
            return (X509Certificate) generateCertificate;
        }
        throw new GeneralSecurityException("PEM-encoded certificate [" + str + "] is not X.509 but [" + generateCertificate.getType() + "]");
    }

    public static List<X509Certificate> getCertificates(KeyStore keyStore) {
        Args.notNull("ks", keyStore);
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
        } catch (KeyStoreException e) {
            LOG.error(e);
        }
        return arrayList;
    }

    public static String getCN(X509Certificate x509Certificate) {
        Args.notNull("cert", x509Certificate);
        try {
            Iterator it = new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253")).getRdns().iterator();
            while (it.hasNext()) {
                Attribute attribute = ((Rdn) it.next()).toAttributes().get("cn");
                if (attribute != null) {
                    try {
                        Object obj = attribute.get();
                        if (obj != null) {
                            return obj.toString();
                        }
                        continue;
                    } catch (Exception e) {
                        LOG.debug(e);
                    }
                }
            }
            return null;
        } catch (InvalidNameException e2) {
            LOG.debug(e2);
            return null;
        }
    }

    public static List<String> getCNs(X509Certificate x509Certificate) {
        Args.notNull("cert", x509Certificate);
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = new LdapName(x509Certificate.getSubjectX500Principal().getName("RFC2253")).getRdns().iterator();
            while (it.hasNext()) {
                Attribute attribute = ((Rdn) it.next()).toAttributes().get("cn");
                if (attribute != null) {
                    try {
                        Object obj = attribute.get();
                        if (obj != null) {
                            arrayList.add(obj.toString());
                        }
                    } catch (Exception e) {
                        LOG.debug(e);
                    }
                }
            }
        } catch (InvalidNameException e2) {
            LOG.debug(e2);
        }
        return arrayList;
    }

    public static X509CRL getCRLFromPEM(File file) throws GeneralSecurityException, IOException {
        Args.notNull("pemFile", file);
        return getCRLFromPEM(MoreFiles.readFileToString(file.toPath()));
    }

    public static X509CRL getCRLFromPEM(InputStream inputStream) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        try {
            return getCRLFromPEM(IOUtils.toString(inputStream));
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static X509CRL getCRLFromPEM(String str) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        CRL generateCRL = CERTIFICATE_FACTORY.generateCRL(new FastByteArrayInputStream(CRL_PATTERN.matcher(str).find() ? str.getBytes(StandardCharsets.UTF_8) : ("-----BEGIN X509 CRL-----\n" + str + "\n-----END X509 CRL-----").getBytes(StandardCharsets.UTF_8)));
        if ("X.509".equals(generateCRL.getType())) {
            return (X509CRL) generateCRL;
        }
        throw new GeneralSecurityException("PEM-encoded CRL [" + str + "] is not X.509 but [" + generateCRL.getType() + "]");
    }

    public static List<String> getCRLURLs(X509Certificate x509Certificate) {
        Args.notNull("cert", x509Certificate);
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        String str = new String(extensionValue, StandardCharsets.UTF_8);
        int i = 0;
        int[] iArr = new int[4];
        while (true) {
            if (i + 1 < str.length()) {
                iArr[0] = str.indexOf("http", i);
                iArr[1] = str.indexOf("ldap", i);
                iArr[2] = str.indexOf("ftp", i);
                iArr[3] = str.indexOf("file", i);
                Arrays.sort(iArr);
                int i2 = -1;
                int length = iArr.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length) {
                        break;
                    }
                    int i4 = iArr[i3];
                    if (i4 > -1) {
                        i2 = i4;
                        break;
                    }
                    i3++;
                }
                if (i2 == -1) {
                    break;
                }
                int indexOf = str.indexOf(65533, i2);
                if (indexOf == -1) {
                    String trim = str.substring(i2).trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                } else {
                    String trim2 = str.substring(i2, indexOf - 2).trim();
                    if (!arrayList.contains(trim2)) {
                        arrayList.add(trim2);
                    }
                    i = indexOf + 1;
                }
            } else {
                break;
            }
        }
        return arrayList;
    }

    public static String getFingerprint(X509Certificate x509Certificate) throws CertificateEncodingException {
        Args.notNull("cert", x509Certificate);
        return Checksums.sha1(x509Certificate.getEncoded());
    }

    public static String getOcspResponderURL(X509Certificate x509Certificate) {
        Args.notNull("cert", x509Certificate);
        byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.1");
        if (extensionValue == null) {
            return null;
        }
        String str = new String(extensionValue, StandardCharsets.US_ASCII);
        return str.contains("http") ? "http" + Strings.substringAfter(new String(extensionValue, StandardCharsets.US_ASCII), "http").trim() : str.contains("ldap") ? "ldap" + Strings.substringAfter(new String(extensionValue, StandardCharsets.US_ASCII), "ldap").trim() : null;
    }

    public static PrivateKey getPrivateKeyFromPEM(File file, String str) throws GeneralSecurityException, IOException {
        Args.notNull("pemFile", file);
        Args.notNull("algorithm", str);
        return getPrivateKeyFromPEM(MoreFiles.readFileToString(file.toPath()), str);
    }

    public static PrivateKey getPrivateKeyFromPEM(InputStream inputStream, String str) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        Args.notNull("algorithm", str);
        try {
            return getPrivateKeyFromPEM(IOUtils.toString(inputStream), str);
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static PrivateKey getPrivateKeyFromPEM(String str, String str2) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        Args.notNull("algorithm", str2);
        if (str.contains("BEGIN RSA PRIVATE KEY")) {
            throw new InvalidKeyException("PKCS#1 PEM encoded private keys are not supported.");
        }
        Matcher matcher = PRIVATE_KEY_PATTERN.matcher(str);
        return toPrivateKey(matcher.find() ? Base64.decode(matcher.group(1)) : Base64.decode(str), str2);
    }

    public static PublicKey getPublicKeyFromPEM(File file, String str) throws GeneralSecurityException, IOException {
        Args.notNull("pemFile", file);
        Args.notNull("algorithm", str);
        return getPublicKeyFromPEM(MoreFiles.readFileToString(file.toPath()), str);
    }

    public static PublicKey getPublicKeyFromPEM(InputStream inputStream, String str) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        Args.notNull("algorithm", str);
        try {
            return getPublicKeyFromPEM(IOUtils.toString(inputStream), str);
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    public static PublicKey getPublicKeyFromPEM(String str, String str2) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        Args.notNull("algorithm", str2);
        Matcher matcher = PUBLIC_KEY_PATTERN.matcher(str);
        return toPublicKey(matcher.find() ? Base64.decode(matcher.group(1)) : Base64.decode(str), str2);
    }

    public static RSAPrivateKey getRSAPrivateKeyFromPEM(InputStream inputStream) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        return (RSAPrivateKey) getPrivateKeyFromPEM(inputStream, "RSA");
    }

    public static RSAPrivateKey getRSAPrivateKeyFromPEM(String str) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        return (RSAPrivateKey) getPrivateKeyFromPEM(str, "RSA");
    }

    public static RSAPublicKey getRSAPublicKeyFromPEM(InputStream inputStream) throws GeneralSecurityException, IOException {
        Args.notNull("pemStream", inputStream);
        return (RSAPublicKey) getPublicKeyFromPEM(inputStream, "RSA");
    }

    public static RSAPublicKey getRSAPublicKeyFromPEM(String str) throws GeneralSecurityException {
        Args.notNull("pemContent", str);
        return (RSAPublicKey) getPublicKeyFromPEM(str, "RSA");
    }

    public static Duration getValidityDuration(X509Certificate x509Certificate) {
        if (!isValid(x509Certificate)) {
            return Duration.ZERO;
        }
        long time = x509Certificate.getNotAfter().getTime() - System.currentTimeMillis();
        return time < 1 ? Duration.ZERO : Duration.ofMillis(time);
    }

    public static boolean isEqualDN(String str, String str2) {
        if (str == str2) {
            return true;
        }
        if (str == null) {
            if (str2 != null) {
                return false;
            }
        } else if (str2 == null) {
            return false;
        }
        if (str.equalsIgnoreCase(str2)) {
            return true;
        }
        if (str.contains(", ")) {
            String[] splitPreserveAllTokens = Strings.splitPreserveAllTokens(str, ',');
            for (int i = 0; i < splitPreserveAllTokens.length; i++) {
                splitPreserveAllTokens[i] = splitPreserveAllTokens[i].trim();
            }
            str = Strings.join(splitPreserveAllTokens, ',');
        }
        if (str2.contains(", ")) {
            String[] splitPreserveAllTokens2 = Strings.splitPreserveAllTokens(str2, ',');
            for (int i2 = 0; i2 < splitPreserveAllTokens2.length; i2++) {
                splitPreserveAllTokens2[i2] = splitPreserveAllTokens2[i2].trim();
            }
            str2 = Strings.join(splitPreserveAllTokens2, ',');
        }
        return str.equalsIgnoreCase(str2);
    }

    public static boolean isExpired(X509Certificate x509Certificate) {
        return x509Certificate.getNotAfter().getTime() < System.currentTimeMillis();
    }

    public static boolean isIssuerDN(X509Certificate x509Certificate, String str) {
        if (x509Certificate == null || str == null) {
            return false;
        }
        return isEqualDN(x509Certificate.getIssuerX500Principal().getName(), str);
    }

    public static boolean isSelfSignedCertificate(X509Certificate x509Certificate) {
        Args.notNull("cert", x509Certificate);
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    public static boolean isSubjectDN(X509Certificate x509Certificate, String str) {
        if (x509Certificate == null || str == null) {
            return false;
        }
        return isEqualDN(x509Certificate.getSubjectX500Principal().getName(), str);
    }

    public static boolean isValid(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
            return false;
        }
    }

    public static boolean isValidFor(X509Certificate x509Certificate, Duration duration) {
        Args.notNull("duration", duration);
        return getValidityDuration(x509Certificate).compareTo(duration) >= 0;
    }

    public static boolean isX509Certificate(Certificate certificate) {
        if (certificate == null) {
            return false;
        }
        return certificate instanceof X509Certificate;
    }

    private static String toPEM(byte[] bArr, String str, int i) {
        char[] charArray = Base64.encode(bArr).toCharArray();
        StringBuilder sb = new StringBuilder(charArray.length + 70);
        sb.append("-----BEGIN ").append(str).append("-----").append(Strings.NEW_LINE);
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= charArray.length) {
                sb.append("-----END ").append(str).append("-----").append(Strings.NEW_LINE);
                return sb.toString();
            }
            if (charArray.length - i3 < i) {
                sb.append(charArray, i3, charArray.length - i3);
            } else {
                sb.append(charArray, i3, i);
            }
            sb.append(Strings.NEW_LINE);
            i2 = i3 + i;
        }
    }

    public static String toPEM(PrivateKey privateKey) {
        if (privateKey == null) {
            return null;
        }
        return toPEM(privateKey.getEncoded(), "PRIVATE KEY", 64);
    }

    public static String toPEM(PublicKey publicKey) {
        if (publicKey == null) {
            return null;
        }
        return toPEM(publicKey.getEncoded(), "PUBLIC KEY", 64);
    }

    public static String toPEM(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            return null;
        }
        return toPEM(x509Certificate.getEncoded(), "CERTIFICATE", 64);
    }

    public static String toPEM(X509CRL x509crl) throws CRLException {
        if (x509crl == null) {
            return null;
        }
        return toPEM(x509crl.getEncoded(), "X509 CRL", 64);
    }

    private static PrivateKey toPrivateKey(byte[] bArr, String str) throws GeneralSecurityException {
        return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static PublicKey toPublicKey(byte[] bArr, String str) throws GeneralSecurityException {
        return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
    }
}
