package coop.libriciel.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.adullact.parapheur.applets.splittedsign.CRLNotFoundException;
import org.adullact.parapheur.applets.splittedsign.CertificateVerificationException;
import org.adullact.parapheur.applets.splittedsign.CertificateVerifier;
import org.adullact.parapheur.applets.splittedsign.Main;

/* loaded from: input_file:coop/libriciel/util/CertVerifier.class */
public class CertVerifier {
    static KeyStore RGS_ROOTS;
    static KeyStore LIBRICIEL_ROOTS;
    static KeyStore EIDAS_ROOTS;
    static KeyStore ADULLACT_ROOTS;
    static KeyStore ETAT_ROOTS;
    static KeyStore SANTE_ROOTS;
    static Map<String, KeyStore> rootKeystores;
    static byte[] crlListContent;
    static String RGS_ROOTS_NAME = "RGS";
    static String LIBRICIEL_ROOTS_NAME = "LIBRICIEL";
    static String ADULLACT_ROOTS_NAME = "ADULLACT";
    static String ETAT_ROOTS_NAME = "ETAT";
    static String EIDAS_ROOTS_NAME = "EIDAS";
    static String SANTE_ROOTS_NAME = "SANTE";
    private static boolean isLoaded = false;

    public static void loadAuthorizedCertificated() {
        if (isLoaded) {
            return;
        }
        try {
            rootKeystores = new HashMap();
            InputStream resourceAsStream = CertVerifier.class.getResourceAsStream("/certificates/rgs.jks");
            RGS_ROOTS = KeyStore.getInstance("JKS");
            RGS_ROOTS.load(resourceAsStream, "certificate-rgs".toCharArray());
            rootKeystores.put(RGS_ROOTS_NAME, RGS_ROOTS);
            InputStream resourceAsStream2 = CertVerifier.class.getResourceAsStream("/certificates/libriciel.jks");
            LIBRICIEL_ROOTS = KeyStore.getInstance("JKS");
            LIBRICIEL_ROOTS.load(resourceAsStream2, "certificate-libriciel".toCharArray());
            rootKeystores.put(LIBRICIEL_ROOTS_NAME, LIBRICIEL_ROOTS);
            InputStream resourceAsStream3 = CertVerifier.class.getResourceAsStream("/certificates/eidas.jks");
            EIDAS_ROOTS = KeyStore.getInstance("JKS");
            EIDAS_ROOTS.load(resourceAsStream3, "certificate-eidas".toCharArray());
            rootKeystores.put(EIDAS_ROOTS_NAME, EIDAS_ROOTS);
            InputStream resourceAsStream4 = CertVerifier.class.getResourceAsStream("/certificates/adullact.jks");
            ADULLACT_ROOTS = KeyStore.getInstance("JKS");
            ADULLACT_ROOTS.load(resourceAsStream4, "certificate-adullact".toCharArray());
            rootKeystores.put(ADULLACT_ROOTS_NAME, ADULLACT_ROOTS);
            InputStream resourceAsStream5 = CertVerifier.class.getResourceAsStream("/certificates/etat.jks");
            ETAT_ROOTS = KeyStore.getInstance("JKS");
            ETAT_ROOTS.load(resourceAsStream5, "certificate-etat".toCharArray());
            rootKeystores.put(ETAT_ROOTS_NAME, ETAT_ROOTS);
            InputStream resourceAsStream6 = CertVerifier.class.getResourceAsStream("/certificates/sante.jks");
            SANTE_ROOTS = KeyStore.getInstance("JKS");
            SANTE_ROOTS.load(resourceAsStream6, "certificate-sante".toCharArray());
            rootKeystores.put(SANTE_ROOTS_NAME, SANTE_ROOTS);
            crlListContent = toByteArray(Main.class.getResourceAsStream("/crl-list.conf"));
        } catch (Exception e) {
            e.printStackTrace();
        }
        isLoaded = true;
    }

    public static List<String> getVerifiedWith(X509Certificate x509Certificate) {
        loadAuthorizedCertificated();
        ArrayList arrayList = new ArrayList();
        if (verifyWith(x509Certificate, EIDAS_ROOTS)) {
            arrayList.add(EIDAS_ROOTS_NAME);
        }
        if (verifyWith(x509Certificate, RGS_ROOTS)) {
            arrayList.add(RGS_ROOTS_NAME);
        }
        if (verifyWith(x509Certificate, ETAT_ROOTS)) {
            arrayList.add(ETAT_ROOTS_NAME);
        }
        if (verifyWith(x509Certificate, LIBRICIEL_ROOTS)) {
            arrayList.add(LIBRICIEL_ROOTS_NAME);
        }
        if (verifyWith(x509Certificate, ADULLACT_ROOTS)) {
            arrayList.add(ADULLACT_ROOTS_NAME);
        }
        if (verifyWith(x509Certificate, SANTE_ROOTS)) {
            arrayList.add(SANTE_ROOTS_NAME);
        }
        return arrayList;
    }

    public static boolean verifyWith(X509Certificate x509Certificate, KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate);
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "SUN");
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, x509CertSelector);
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setRevocationEnabled(false);
            ((PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "SUN").build(pKIXBuilderParameters)).getCertPath();
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public static boolean isCRLCheckOkWithPriveleged(final X509Certificate x509Certificate, final String str, final List<String> list) {
        System.out.println("isCRLCheckOkWithPriveleged");
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: coop.libriciel.util.CertVerifier.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                try {
                    return Boolean.valueOf(CertVerifier.isCRLCheckOk(x509Certificate, str, list));
                } catch (CertificateException e) {
                    throw new RuntimeException(e);
                }
            }
        })).booleanValue();
    }

    public static boolean isCRLCheckOk(X509Certificate x509Certificate, String str, List<String> list) throws CertificateException {
        System.out.println("isCRLCheckOk");
        if (rootKeystores.containsKey(str)) {
            return checkCrlWithKeystore(x509Certificate, rootKeystores.get(str), list);
        }
        System.err.println("Invalid root keystore name : " + str);
        return false;
    }

    static boolean checkCrlWithKeystore(X509Certificate x509Certificate, KeyStore keyStore, List<String> list) throws CertificateException {
        System.out.println("checkCrlWithKeystore");
        try {
            CertificateVerifier.loadCRLsFromStreamAndCheckCert(x509Certificate, new ByteArrayInputStream(crlListContent), list);
        } catch (CRLException | CRLNotFoundException e) {
            e.printStackTrace();
        }
        try {
            CertificateVerifier.validateCertAndACsAgainstProvidedCRL(x509Certificate, keyStore, list);
            return true;
        } catch (KeyStoreException | CertPathBuilderException | CRLNotFoundException | CertificateVerificationException e2) {
            e2.printStackTrace();
            return true;
        }
    }

    private static byte[] toByteArray(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }
}
