package net.maritimeconnectivity.pki;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.List;
import net.maritimeconnectivity.pki.exception.PKIRuntimeException;
import org.apache.commons.cli.HelpFormatter;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: input_file:net/maritimeconnectivity/pki/CertificateHandler.class */
public class CertificateHandler {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateHandler.class);

    public static boolean verifyCertificate(PublicKey publicKey, X509Certificate x509Certificate, Date date) {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            try {
                ContentVerifierProvider build = new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey);
                if (build == null) {
                    log.error("Created ContentVerifierProvider from root public key is null");
                    return false;
                }
                try {
                    if (!jcaX509CertificateHolder.isSignatureValid(build)) {
                        log.debug("Certificate does not seem to be valid!");
                        return false;
                    }
                    if (date == null) {
                        date = Date.from(Instant.now());
                    }
                    if (date.after(x509Certificate.getNotBefore()) && date.before(x509Certificate.getNotAfter())) {
                        return true;
                    }
                    log.debug("Out of certificate validity period.");
                    return false;
                } catch (CertException e) {
                    log.error("Error when trying to validate signature", (Throwable) e);
                    return false;
                }
            } catch (OperatorCreationException e2) {
                log.error("Could not create ContentVerifierProvider from public key", (Throwable) e2);
                return false;
            }
        } catch (CertificateEncodingException e3) {
            log.error("Could not create JcaX509CertificateHolder", (Throwable) e3);
            return false;
        }
    }

    public static boolean verifyCertificateChain(X509Certificate x509Certificate, KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidAlgorithmParameterException, CertPathValidatorException {
        CertPath generateCertPath = CertificateFactory.getInstance(PKIConstants.X509).generateCertPath(Collections.singletonList(x509Certificate));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.SOFT_FAIL));
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
        pKIXParameters.setRevocationEnabled(true);
        return ((PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters)) != null;
    }

    public static String getPemFromEncoded(String str, byte[] bArr) {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.flush();
            String stringWriter2 = stringWriter.toString();
            pemWriter.close();
            return stringWriter2;
        } catch (IOException e) {
            throw new PKIRuntimeException(e);
        }
    }

    public static byte[] createOutputKeystore(String str, String str2, String str3, PrivateKey privateKey, X509Certificate x509Certificate) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            KeyStore keyStore = str.equals("JKS") ? KeyStore.getInstance(str) : KeyStore.getInstance(str, "BC");
            keyStore.load(null);
            keyStore.setKeyEntry(str2, privateKey, str3.toCharArray(), new Certificate[]{x509Certificate});
            keyStore.store(byteArrayOutputStream, str3.toCharArray());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new PKIRuntimeException(e);
        }
    }

    public static X509Certificate getCertFromNginxHeader(String str) throws UnsupportedEncodingException {
        String decode = URLDecoder.decode(str, StandardCharsets.UTF_8);
        if (decode.startsWith(PKIConstants.CERT_HEADER) && decode.contains(PKIConstants.CERT_FOOTER)) {
            String str2 = decode.split(PKIConstants.CERT_HEADER)[1].split(PKIConstants.CERT_FOOTER)[0];
            if (str2.contains(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR)) {
                decode = "-----BEGIN CERTIFICATE-----" + str2.replace(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR, Marker.ANY_NON_NULL_MARKER) + "-----END CERTIFICATE-----";
            }
        }
        if (!decode.trim().isEmpty() && decode.length() >= 10) {
            return getCertFromPem(decode);
        }
        log.debug("No certificate content found");
        return null;
    }

    public static X509Certificate getCertFromPem(String str) {
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(PKIConstants.X509).generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
                log.debug("Certificate was extracted from the header");
                return x509Certificate;
            } catch (CertificateException e) {
                log.error("Exception while converting certificate extracted from header", (Throwable) e);
                return null;
            }
        } catch (CertificateException e2) {
            log.error("Exception while creating CertificateFactory", (Throwable) e2);
            return null;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:25:0x01c4. Please report as an issue. */
    public static PKIIdentity getIdentityFromCert(X509Certificate x509Certificate) {
        String str;
        PKIIdentity pKIIdentity = new PKIIdentity();
        String name = x509Certificate.getSubjectX500Principal().getName();
        RDN[] rDNsFromString = IETFUtils.rDNsFromString(name, BCStyle.INSTANCE);
        String element = getElement(rDNsFromString, BCStyle.CN);
        pKIIdentity.setMrn(getElement(rDNsFromString, BCStyle.UID));
        pKIIdentity.setDn(name);
        pKIIdentity.setCn(element);
        pKIIdentity.setSn(element);
        pKIIdentity.setO(getElement(rDNsFromString, BCStyle.O));
        pKIIdentity.setOu(getElement(rDNsFromString, BCStyle.OU));
        pKIIdentity.setCountry(getElement(rDNsFromString, BCStyle.C));
        pKIIdentity.setEmail(getElement(rDNsFromString, BCStyle.EmailAddress));
        String str2 = "";
        if (element == null || element.split("\\w +\\w").length <= 1) {
            str = element;
        } else {
            str2 = element.substring(element.lastIndexOf(32) + 1);
            str = element.substring(0, element.lastIndexOf(32));
        }
        pKIIdentity.setFirstName(str);
        pKIIdentity.setLastName(str2);
        log.debug("Parsed certificate, name: " + element);
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            log.warn("could not extract info from Subject Alternative Names - will be ignored.");
        }
        if (collection != null) {
            StringBuilder sb = new StringBuilder();
            for (List<?> list : collection) {
                Integer num = (Integer) list.get(0);
                if (num.intValue() == 0) {
                    try {
                        ASN1InputStream aSN1InputStream = new ASN1InputStream((byte[]) list.toArray()[1]);
                        try {
                            DLSequence dLSequence = (DLSequence) aSN1InputStream.readObject();
                            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) dLSequence.getObjectAt(0);
                            ASN1Encodable objectAt = dLSequence.getObjectAt(1);
                            String id = aSN1ObjectIdentifier.getId();
                            String string = ((DERUTF8String) getBaseObject(objectAt)).getString();
                            aSN1InputStream.close();
                            log.debug("oid: " + id + ", value: " + string);
                            boolean z = -1;
                            switch (id.hashCode()) {
                                case -1279185773:
                                    if (id.equals(PKIConstants.MC_OID_SHIP_MRN)) {
                                        z = 9;
                                        break;
                                    }
                                    break;
                                case -961569035:
                                    if (id.equals(PKIConstants.MC_OID_MRN)) {
                                        z = 6;
                                        break;
                                    }
                                    break;
                                case -560737933:
                                    if (id.equals(PKIConstants.MC_OID_PORT_OF_REGISTER)) {
                                        z = 5;
                                        break;
                                    }
                                    break;
                                case -543368061:
                                    if (id.equals(PKIConstants.MC_OID_FLAGSTATE)) {
                                        z = false;
                                        break;
                                    }
                                    break;
                                case -253989548:
                                    if (id.equals(PKIConstants.MC_OID_IMO_NUMBER)) {
                                        z = 2;
                                        break;
                                    }
                                    break;
                                case -185548705:
                                    if (id.equals(PKIConstants.MC_OID_CALLSIGN)) {
                                        z = true;
                                        break;
                                    }
                                    break;
                                case 115521355:
                                    if (id.equals(PKIConstants.MC_OID_HOME_MMS_URL)) {
                                        z = 8;
                                        break;
                                    }
                                    break;
                                case 409599326:
                                    if (id.equals(PKIConstants.MC_OID_AIS_SHIPTYPE)) {
                                        z = 4;
                                        break;
                                    }
                                    break;
                                case 441473192:
                                    if (id.equals(PKIConstants.MC_OID_MMSI_NUMBER)) {
                                        z = 3;
                                        break;
                                    }
                                    break;
                                case 850879735:
                                    if (id.equals(PKIConstants.MC_OID_MRN_SUBSIDIARY)) {
                                        z = 7;
                                        break;
                                    }
                                    break;
                                case 1757760977:
                                    if (id.equals(PKIConstants.MC_OID_URL)) {
                                        z = 10;
                                        break;
                                    }
                                    break;
                                case 1945395661:
                                    if (id.equals(PKIConstants.MC_OID_PERMISSIONS)) {
                                        z = 11;
                                        break;
                                    }
                                    break;
                            }
                            switch (z) {
                                case false:
                                    pKIIdentity.setFlagState(string);
                                    break;
                                case true:
                                    pKIIdentity.setCallSign(string);
                                    break;
                                case true:
                                    pKIIdentity.setImoNumber(string);
                                    break;
                                case true:
                                    pKIIdentity.setMmsiNumber(string);
                                    break;
                                case true:
                                    pKIIdentity.setAisShipType(string);
                                    break;
                                case true:
                                    pKIIdentity.setPortOfRegister(string);
                                    break;
                                case true:
                                    pKIIdentity.setMrn(string);
                                    break;
                                case true:
                                    pKIIdentity.setMrnSubsidiary(string);
                                    break;
                                case true:
                                    pKIIdentity.setHomeMmsUrl(string);
                                    break;
                                case true:
                                    pKIIdentity.setShipMrn(string);
                                    break;
                                case true:
                                    pKIIdentity.setUrl(string);
                                    break;
                                case true:
                                    if (string.trim().isEmpty()) {
                                        break;
                                    } else if (sb.length() == 0) {
                                        sb = new StringBuilder(string);
                                        break;
                                    } else {
                                        sb.append(',').append(string);
                                        break;
                                    }
                                default:
                                    log.error("Unknown OID!");
                                    break;
                            }
                        } catch (Throwable th) {
                            try {
                                aSN1InputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } catch (IOException e2) {
                        log.error("Error decoding subjectAltName" + e2.getLocalizedMessage(), (Throwable) e2);
                    }
                } else {
                    log.warn("SubjectAltName of invalid type found: " + num);
                }
            }
            if (sb.length() > 0) {
                pKIIdentity.setPermissions(sb.toString());
            }
        }
        return pKIIdentity;
    }

    private static ASN1Encodable getBaseObject(ASN1Encodable aSN1Encodable) {
        try {
            aSN1Encodable = ((ASN1TaggedObject) ((ASN1TaggedObject) aSN1Encodable).getBaseObject()).getBaseObject();
        } catch (NoSuchMethodError e) {
            aSN1Encodable = ((ASN1TaggedObject) ((ASN1TaggedObject) aSN1Encodable).getObject()).getObject();
        }
        return aSN1Encodable;
    }

    public static String getElement(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            return IETFUtils.valueToString(x500Name.getRDNs(aSN1ObjectIdentifier)[0].getFirst().getValue());
        } catch (ArrayIndexOutOfBoundsException e) {
            return null;
        }
    }

    public static String getElement(RDN[] rdnArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        for (RDN rdn : rdnArr) {
            if (rdn.getFirst().getType().equals((ASN1Primitive) aSN1ObjectIdentifier)) {
                return ((ASN1String) rdn.getFirst().getValue()).getString();
            }
        }
        return null;
    }

    private CertificateHandler() {
    }
}
