package org.adullact.parapheur.applets.splittedsign;

import java.io.IOException;
import java.lang.reflect.Field;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/CertListUtil.class */
public class CertListUtil {
    private KeyStore ks;
    private KeyStore macTokenks = null;
    private Enumeration<String> macTokenaliases = null;
    protected PrivateKey signatureKey_;
    protected PublicKey verificationKey_;

    public CertListUtil() {
        this.ks = null;
        try {
            Configurator.reset();
            this.ks = Configurator.getInstance().getKeyStore();
        } catch (KeyStoreException e) {
            System.out.println("## WARN!! getKeyStore-ops: " + e.getLocalizedMessage());
        }
    }

    public PrivateKey getKey(X509Certificate x509Certificate) {
        Certificate certificate;
        int i = 0;
        do {
            try {
                try {
                    String certificateAlias = this.ks.getCertificateAlias(x509Certificate);
                    if (i > 0) {
                        certificateAlias = certificateAlias + " (" + i + ")";
                    }
                    certificate = this.ks.getCertificate(certificateAlias);
                    if (certificate != null && certificate.hashCode() == x509Certificate.hashCode()) {
                        return (PrivateKey) this.ks.getKey(certificateAlias, Configurator.getInstance().getPassword(false));
                    }
                    i++;
                } catch (NoSuchAlgorithmException e) {
                    System.out.println(e.getLocalizedMessage());
                    return null;
                }
            } catch (KeyStoreException | UnrecoverableKeyException e2) {
                System.out.println(e2.getLocalizedMessage());
                return null;
            }
        } while (certificate != null);
        throw new KeyStoreException("Certificat " + this.ks.getCertificateAlias(x509Certificate) + " introuvable");
    }

    private static void _fixAliases(KeyStore keyStore) {
        try {
            Field declaredField = keyStore.getClass().getDeclaredField("keyStoreSpi");
            declaredField.setAccessible(true);
            KeyStoreSpi keyStoreSpi = (KeyStoreSpi) declaredField.get(keyStore);
            if ("sun.security.mscapi.KeyStore$MY".equals(keyStoreSpi.getClass().getName())) {
                Field declaredField2 = keyStoreSpi.getClass().getEnclosingClass().getDeclaredField("entries");
                declaredField2.setAccessible(true);
                Object obj = declaredField2.get(keyStoreSpi);
                if (obj instanceof HashMap) {
                    return;
                }
                for (Object obj2 : (Collection) obj) {
                    Field declaredField3 = obj2.getClass().getDeclaredField("certChain");
                    declaredField3.setAccessible(true);
                    String num = Integer.toString(((X509Certificate[]) declaredField3.get(obj2))[0].hashCode());
                    Field declaredField4 = obj2.getClass().getDeclaredField("alias");
                    declaredField4.setAccessible(true);
                    String str = (String) declaredField4.get(obj2);
                    if (!str.equals(num)) {
                        declaredField4.set(obj2, str.concat(" - ").concat(num));
                    }
                }
            }
        } catch (Exception e) {
            System.err.println(e);
            System.out.println(e.getLocalizedMessage());
        }
    }

    private boolean certIsNotCA(String str, X509Certificate x509Certificate) throws IOException {
        return x509Certificate.getBasicConstraints() == -1;
    }

    private boolean certIsGoodForSignature(String str, X509Certificate x509Certificate) {
        boolean z = false;
        try {
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (x509Certificate.hasUnsupportedCriticalExtension()) {
                System.out.print("# (info: alias  [" + str + "] has unsupported critical extension) ");
            }
            if (criticalExtensionOIDs == null || criticalExtensionOIDs.isEmpty()) {
                System.out.print("# (info: no critical ext.) ");
                if (!certIsNotCA(str, x509Certificate)) {
                    System.out.println("Alias [" + str + "] est une AC.");
                } else if (x509Certificate.getKeyUsage() == null) {
                    System.out.print(" (info: no keyUsage) ");
                    z = true;
                } else if (x509Certificate.getKeyUsage()[1]) {
                    z = true;
                } else {
                    HashMap<String, String> makeIssuerInfos = CertificateInfosExtractor.makeIssuerInfos(x509Certificate);
                    if (makeIssuerInfos != null && makeIssuerInfos.containsKey("CN") && makeIssuerInfos.get("CN").contains("CSF - Classe III - Sign et Crypt") && x509Certificate.getKeyUsage()[0]) {
                        z = true;
                        System.out.print("WARN cert CSF Classe III, on accepte quand meme. ");
                    } else {
                        System.out.println("Alias [" + str + "]: keyUsage présent, non critique, mais 'nonRepudiation' absent...");
                    }
                }
            } else if (criticalExtensionOIDs.contains("2.5.29.15")) {
                if (x509Certificate.getKeyUsage() == null) {
                    System.out.println("# Alias  [" + str + "]: keyUsage critique mais absent??? NON RETENU !");
                    List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                    if (extendedKeyUsage != null) {
                        Iterator<String> it = extendedKeyUsage.iterator();
                        while (it.hasNext()) {
                            System.out.println("\textKeyUsage: " + it.next());
                        }
                    } else {
                        System.out.println("\t(pour info: pas de ExtendedKeyUsage non plus.)");
                    }
                } else if (x509Certificate.getKeyUsage()[1]) {
                    if (certIsNotCA(str, x509Certificate)) {
                        z = true;
                    } else {
                        System.out.println("# Alias [" + str + "] est une AC.");
                    }
                } else if (CertificateInfosExtractor.makeIssuerInfos(x509Certificate).get("CN").contains("CSF - Classe III - Sign et Crypt") && x509Certificate.getKeyUsage()[0]) {
                    z = true;
                    System.out.print("# cert CSF Classe III, on accepte quand meme. ");
                } else {
                    System.out.println("# Alias sans droit de signature: [" + str + "], serial= " + x509Certificate.getSerialNumber().toString(16));
                }
            } else if (!certIsNotCA(str, x509Certificate)) {
                System.out.println("# Alias [" + str + "] est une AC.");
            } else if (x509Certificate.getKeyUsage() == null) {
                System.out.print("# (info: no keyUsage) ");
                z = true;
            } else if (x509Certificate.getKeyUsage()[1]) {
                z = true;
            } else {
                System.out.println("# Alias [" + str + "]: keyUsage présent, non critique, mais champ nonRepudiation absent...");
            }
        } catch (IOException e) {
            System.out.println("ça a chié dans le ventilo: " + e.getLocalizedMessage());
        } catch (CertificateParsingException e2) {
            System.out.println("incapable de lire le certificat.");
        }
        return z;
    }

    public List<Certificate> getAvailableCertificates() {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> enumeration = null;
        try {
            if (Configurator.isWindows()) {
                _fixAliases(this.ks);
            }
            enumeration = this.ks.aliases();
        } catch (KeyStoreException e) {
            System.out.println("## Sync-op: " + e.getLocalizedMessage());
        }
        System.out.println("########################### init aliases");
        while (enumeration.hasMoreElements()) {
            String nextElement = enumeration.nextElement();
            if (nextElement == null) {
                System.out.println("##  WTF??? Null alias in keystore??");
            } else {
                try {
                    Certificate certificate = this.ks.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (certIsGoodForSignature(nextElement, x509Certificate)) {
                            x509Certificate.checkValidity();
                            System.out.println("ALIAS RETENU: [" + nextElement + "] , serial= " + x509Certificate.getSerialNumber().toString(16));
                            arrayList.add(certificate);
                        }
                    }
                } catch (KeyStoreException e2) {
                    System.out.println("Probleme de Keystore: " + e2.getLocalizedMessage());
                } catch (CertificateExpiredException e3) {
                    System.out.println("Certificat expiré détecté dans Keystore");
                } catch (CertificateNotYetValidException e4) {
                    System.out.println("Certificat pas encore valide détecté dans Keystore");
                }
            }
        }
        return arrayList;
    }
}
