package jeus.security.util;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import jeus.security.base.SKI;
import jeus.security.base.SecurityException;
import jeus.security.resource.UserCertInfo;

/* loaded from: input_file:jeus/security/util/X509Util.class */
public class X509Util {
    public static boolean isEmpty(CertPath certPath) {
        List<? extends Certificate> certificates;
        return certPath == null || (certificates = certPath.getCertificates()) == null || certificates.size() <= 0;
    }

    public static boolean containsNonX509Certificate(CertPath certPath) {
        if (isEmpty(certPath)) {
            return false;
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        for (int i = 0; i < certificates.size(); i++) {
            if (!(certificates.get(i) instanceof X509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public static X509Certificate[] getCertificates(CertPath certPath) {
        if (isEmpty(certPath)) {
            return new X509Certificate[0];
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        return (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
    }

    public static void validateOrdered(CertPath certPath) throws CertificateException {
        if (isEmpty(certPath)) {
            return;
        }
        if (containsNonX509Certificate(certPath)) {
            throw new AssertionError("Received a cert path containing a non-X509 certificate");
        }
        X509Certificate[] certificates = getCertificates(certPath);
        if (certificates == null || certificates.length < 2) {
            return;
        }
        for (int i = 0; i < certificates.length - 1; i++) {
            if (isSelfSigned(certificates[i])) {
                throw new CertificateException(certificates[i].toString());
            }
            validateIssuedBy(certificates[i], certificates[i + 1]);
        }
    }

    public static boolean isOrdered(CertPath certPath) {
        try {
            validateOrdered(certPath);
            return true;
        } catch (CertificateException e) {
            e.printStackTrace();
            return false;
        }
    }

    public static String getName(X500Principal x500Principal) {
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getName("RFC2253");
    }

    public static boolean sameX500Principal(X500Principal x500Principal, X500Principal x500Principal2) {
        if (x500Principal == null && x500Principal2 == null) {
            return true;
        }
        if (x500Principal != null && x500Principal2 == null) {
            return false;
        }
        if (x500Principal != null || x500Principal2 == null) {
            return getName(x500Principal).equals(getName(x500Principal2));
        }
        return false;
    }

    public static String getSubjectDN(X509Certificate x509Certificate) {
        return getName(x509Certificate.getSubjectX500Principal());
    }

    public static String getIssuerDN(X509Certificate x509Certificate) {
        return getName(x509Certificate.getIssuerX500Principal());
    }

    public static String getIssuerDNAndSerialNo(X509Certificate x509Certificate) {
        return getIssuerDN(x509Certificate) + x509Certificate.getSerialNumber();
    }

    public static void validateIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (!getIssuerDN(x509Certificate).equals(getSubjectDN(x509Certificate2))) {
            throw new CertificateException(x509Certificate.toString() + ":" + x509Certificate2.toString());
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
        } catch (Exception e) {
            throw new CertificateException(x509Certificate.toString() + ":" + x509Certificate2.toString());
        }
    }

    public static boolean isIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            validateIssuedBy(x509Certificate, x509Certificate2);
            return true;
        } catch (CertificateException e) {
            e.printStackTrace();
            return false;
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return isIssuedBy(x509Certificate, x509Certificate);
    }

    public static byte[] getSKIBytesFromCert(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (x509Certificate.getVersion() >= 3 && extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            System.err.println("Support for RSA key only");
            return null;
        }
        byte[] encoded = publicKey.getEncoded();
        byte[] bArr2 = new byte[encoded.length - 22];
        System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getCertInTrustStore(KeyStore keyStore, String str) throws KeyStoreException {
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain != null) {
            return (X509Certificate) certificateChain[0];
        }
        return null;
    }

    public static String getAliasInTrustStore(KeyStore keyStore, X509Certificate x509Certificate) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
                if (x509Certificate.getIssuerDN().equals(x509Certificate2.getIssuerDN())) {
                    try {
                        try {
                            try {
                                x509Certificate.verify(x509Certificate2.getPublicKey());
                                return nextElement;
                            } catch (NoSuchProviderException e) {
                                e.printStackTrace();
                            }
                        } catch (InvalidKeyException e2) {
                            e2.printStackTrace();
                        } catch (SignatureException e3) {
                            e3.printStackTrace();
                        }
                    } catch (NoSuchAlgorithmException e4) {
                        e4.printStackTrace();
                    } catch (CertificateException e5) {
                        e5.printStackTrace();
                    }
                }
            }
            return null;
        } catch (KeyStoreException e6) {
            e6.printStackTrace();
            return null;
        }
    }

    public static CertPath createCertPath(Certificate[] certificateArr) {
        if (certificateArr == null) {
            return null;
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertPath(java.util.Arrays.asList(certificateArr));
        } catch (CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static X509Certificate getCertInTrustStore(KeyStore keyStore, Principal principal) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
            if (x509Certificate != null && x509Certificate.getSubjectDN().equals(principal)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static SKI[] getSKIsInTrustStore(KeyStore keyStore) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            arrayList.add(new SKI(Base64Coder.byteArrayToBase64(getSKIBytesFromCert((X509Certificate) keyStore.getCertificate(aliases.nextElement())))));
        }
        return (SKI[]) arrayList.toArray(new SKI[0]);
    }

    public static X509Certificate getCertInTrustStore(KeyStore keyStore, SKI ski) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
            if (Arrays.compareByteArrays(Base64Coder.base64ToByteArray(ski.getValue()), getSKIBytesFromCert(x509Certificate))) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static X509Certificate getCertInTrustStore(KeyStore keyStore, Principal principal, BigInteger bigInteger) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
            if (x509Certificate.getIssuerDN().equals(principal) && x509Certificate.getSerialNumber().equals(bigInteger)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static X509Certificate getCertInKeyStore(Map map, KeyStore keyStore, String str) throws KeyStoreException, SecurityException {
        UserCertInfo userCertInfo = (UserCertInfo) map.get(str);
        if (userCertInfo == null) {
            throw new SecurityException("Could not get Certificate: the alias does not exist for user{" + str + "}");
        }
        String alias = userCertInfo.getAlias();
        if (alias == null) {
            throw new SecurityException("Could not get Certificate: the alias does not exist for user{" + str + "}");
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(alias);
        return (certificateChain == null || certificateChain.length == 0) ? (X509Certificate) keyStore.getCertificate(alias) : (X509Certificate) certificateChain[0];
    }

    public static SKI[] getSKIsInKeyStore(KeyStore keyStore) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
            X509Certificate x509Certificate = (certificateChain == null || certificateChain.length == 0) ? (X509Certificate) keyStore.getCertificate(nextElement) : (X509Certificate) certificateChain[0];
            if (x509Certificate != null) {
                arrayList.add(new SKI(Base64Coder.byteArrayToBase64(getSKIBytesFromCert(x509Certificate))));
            }
        }
        return (SKI[]) arrayList.toArray(new SKI[arrayList.size()]);
    }

    public static X509Certificate getCertInKeyStore(KeyStore keyStore, SKI ski) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        byte[] base64ToByteArray = Base64Coder.base64ToByteArray(ski.getValue());
        while (aliases.hasMoreElements()) {
            Certificate[] certificateChain = keyStore.getCertificateChain(aliases.nextElement());
            if (certificateChain != null && certificateChain.length > 0) {
                X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                if (Arrays.compareByteArrays(base64ToByteArray, getSKIBytesFromCert(x509Certificate))) {
                    return x509Certificate;
                }
            }
        }
        return null;
    }

    public static X509Certificate getCertInKeyStore(KeyStore keyStore, Principal principal, BigInteger bigInteger) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate[] certificateChain = keyStore.getCertificateChain(aliases.nextElement());
            if (certificateChain != null && certificateChain.length > 0) {
                X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                if (x509Certificate.getIssuerDN().equals(principal) && x509Certificate.getSerialNumber().equals(bigInteger)) {
                    return x509Certificate;
                }
            }
        }
        return null;
    }

    public static X509Certificate getCertInKeyStore(KeyStore keyStore, Principal principal) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate[] certificateChain = keyStore.getCertificateChain(aliases.nextElement());
            if (certificateChain != null && certificateChain.length > 0) {
                X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                if (x509Certificate.getSubjectDN().equals(principal)) {
                    return x509Certificate;
                }
            }
        }
        return null;
    }

    public static List getCertificates(Map map, KeyStore keyStore, String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SecurityException {
        UserCertInfo userCertInfo = (UserCertInfo) map.get(str);
        if (userCertInfo == null) {
            throw new SecurityException("Could not get PrivateKey: the alias does not exist for user{" + str + "}");
        }
        String alias = userCertInfo.getAlias();
        if (userCertInfo.getKeyPassword() == null) {
        }
        return java.util.Arrays.asList(keyStore.getCertificateChain(alias));
    }

    public static PrivateKey getPrivateKey(Map map, KeyStore keyStore, String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SecurityException {
        UserCertInfo userCertInfo = (UserCertInfo) map.get(str);
        if (userCertInfo == null) {
            throw new SecurityException("Could not get PrivateKey: the alias does not exist for user{" + str + "}");
        }
        String alias = userCertInfo.getAlias();
        char[] keyPassword = userCertInfo.getKeyPassword();
        if (keyPassword == null) {
            keyPassword = cArr;
        }
        return (PrivateKey) keyStore.getKey(alias, keyPassword);
    }

    private static char[] getKeyPasswordInUserCertInfo(Map map, String str) {
        for (UserCertInfo userCertInfo : map.values()) {
            if (userCertInfo.getAlias().equals(str)) {
                return userCertInfo.getKeyPassword();
            }
        }
        return null;
    }

    public static PrivateKey getPrivateKey(Map map, KeyStore keyStore, Principal principal, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, SecurityException {
        String aliasForDN = getAliasForDN(keyStore, principal.getName());
        char[] cArr2 = null;
        if (map.size() > 0) {
            cArr2 = getKeyPasswordInUserCertInfo(map, aliasForDN);
        }
        if (cArr2 == null) {
            cArr2 = cArr;
        }
        return (PrivateKey) keyStore.getKey(aliasForDN, cArr2);
    }

    public static PrivateKey getPrivateKey(Map map, KeyStore keyStore, SKI ski, char[] cArr) throws Exception {
        String aliasForX509Cert = getAliasForX509Cert(keyStore, Base64Coder.base64ToByteArray(ski.getValue()));
        char[] cArr2 = null;
        if (map.size() > 0) {
            cArr2 = getKeyPasswordInUserCertInfo(map, aliasForX509Cert);
        }
        if (cArr2 == null) {
            cArr2 = cArr;
        }
        return (PrivateKey) keyStore.getKey(aliasForX509Cert, cArr2);
    }

    public static PrivateKey getPrivateKey(Map map, KeyStore keyStore, Principal principal, BigInteger bigInteger, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, SecurityException {
        String aliasForX509Cert = getAliasForX509Cert(keyStore, principal.getName(), bigInteger);
        char[] cArr2 = null;
        if (map.size() > 0) {
            cArr2 = getKeyPasswordInUserCertInfo(map, aliasForX509Cert);
        }
        if (cArr2 == null) {
            cArr2 = cArr;
        }
        return (PrivateKey) keyStore.getKey(aliasForX509Cert, cArr2);
    }

    public static boolean isValid(KeyStore keyStore, KeyStore keyStore2, X509Certificate x509Certificate, boolean z) throws KeyStoreException {
        return (keyStore.getCertificateAlias(x509Certificate) == null && keyStore2.getCertificateAlias(x509Certificate) == null) ? false : true;
    }

    public static String getAliasForX509Cert(KeyStore keyStore, byte[] bArr) throws SecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate);
                    if (sKIBytesFromCert.length == bArr.length && java.util.Arrays.equals(sKIBytesFromCert, bArr)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new SecurityException(e.getMessage(), e);
        }
    }

    public static String getAliasForDN(KeyStore keyStore, String str) throws SecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getSubjectDN().getName().equals(str)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new SecurityException(e.getMessage(), e);
        }
    }

    public static String getAliasForX509Cert(KeyStore keyStore, String str, BigInteger bigInteger) throws SecurityException {
        Certificate certificate;
        Vector splitAndTrim = splitAndTrim(str);
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if ((1 == 0 || (1 != 0 && x509Certificate.getSerialNumber().compareTo(bigInteger) == 0)) && splitAndTrim(x509Certificate.getIssuerX500Principal().getName()).equals(splitAndTrim)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new SecurityException(e.getMessage(), e);
        }
    }

    private static Vector splitAndTrim(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        Vector vector = new Vector();
        while (x509NameTokenizer.hasMoreTokens()) {
            vector.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(vector);
        return vector;
    }

    public static String getAliasForX509CertThumb(KeyStore keyStore, byte[] bArr) throws SecurityException {
        Certificate certificate;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain == null || certificateChain.length == 0) {
                        certificate = keyStore.getCertificate(nextElement);
                        if (certificate == null) {
                            return null;
                        }
                    } else {
                        certificate = certificateChain[0];
                    }
                    if (certificate instanceof X509Certificate) {
                        messageDigest.reset();
                        try {
                            messageDigest.update(certificate.getEncoded());
                            if (java.util.Arrays.equals(messageDigest.digest(), bArr)) {
                                return nextElement;
                            }
                        } catch (CertificateEncodingException e) {
                            throw new SecurityException(e.getMessage(), e);
                        }
                    }
                }
                return null;
            } catch (KeyStoreException e2) {
                throw new SecurityException(e2.getMessage(), e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new SecurityException(e3.getMessage(), e3);
        }
    }

    public static String getSubjectDNFromCertificate(X509Certificate x509Certificate, String str, String str2) {
        String str3 = "";
        StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectDN().getName(), str2);
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            int indexOf = trim.indexOf("=");
            String substring = trim.substring(0, indexOf);
            str3 = trim.substring(indexOf + 1);
            if (substring.equals(str)) {
                break;
            }
        }
        if (str2 != null && str2.length() > 0 && str3.indexOf(str2) != -1) {
            str3 = str3.substring(0, str3.indexOf(str2));
        }
        return str3;
    }
}
