package org.apache.servicecomb.foundation.ssl;

import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:org/apache/servicecomb/foundation/ssl/CertificateUtil.class */
public final class CertificateUtil {
    private static final int SUBALTNAME_DNSNAME = 2;
    private static final int SUBALTNAME_IPADDRESS = 7;

    private CertificateUtil() {
    }

    private static X509Certificate[] sort(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        x509CertificateArr2[0] = findRootCA(x509CertificateArr);
        for (int i = 1; i < x509CertificateArr2.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr2[i - 1];
            int length = x509CertificateArr.length;
            int i2 = 0;
            while (true) {
                if (i2 < length) {
                    X509Certificate x509Certificate2 = x509CertificateArr[i2];
                    String name = x509Certificate.getSubjectX500Principal().getName();
                    if (!name.equals(x509Certificate2.getSubjectX500Principal().getName()) && name.equals(x509Certificate2.getIssuerX500Principal().getName())) {
                        x509CertificateArr2[i] = x509Certificate2;
                        break;
                    }
                    i2++;
                }
            }
        }
        return x509CertificateArr2;
    }

    private static X509Certificate findRootCA(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr.length == 1) {
            return x509CertificateArr[0];
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate.getSubjectX500Principal().getName().equals(x509Certificate.getIssuerX500Principal().getName())) {
                return x509Certificate;
            }
        }
        throw new IllegalArgumentException("bad certificate chain: no root CA.");
    }

    public static X509Certificate findOwner(X509Certificate[] x509CertificateArr) {
        X509Certificate[] sort = sort(x509CertificateArr);
        return sort[sort.length - 1];
    }

    public static Set<String> getCN(X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        for (String str : x509Certificate.getSubjectX500Principal().getName().split(",")) {
            String[] split = str.split("=");
            if (split.length == SUBALTNAME_DNSNAME && split[0].equals("CN")) {
                hashSet.add(split[1]);
            }
        }
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list.size() == SUBALTNAME_DNSNAME) {
                        Object obj = list.get(0);
                        Object obj2 = list.get(1);
                        if ((obj instanceof Integer) && (obj2 instanceof String)) {
                            int intValue = ((Integer) obj).intValue();
                            String str2 = (String) obj2;
                            if (intValue == SUBALTNAME_DNSNAME || intValue == SUBALTNAME_IPADDRESS) {
                                hashSet.add(str2);
                            }
                        }
                    }
                }
            }
            return hashSet;
        } catch (CertificateParsingException e) {
            throw new IllegalArgumentException("can not read AlternativeNames.");
        }
    }
}
