package org.adullact.parapheur.applets.splittedsign.utils;

import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/utils/X509Util.class */
public class X509Util {
    private static final Logger logger = Logger.getLogger("X509Util");

    public static String toString(X509PublicKeyCertificate x509PublicKeyCertificate, String str) {
        String str2 = null;
        if (x509PublicKeyCertificate != null) {
            try {
                str2 = toX509Certificate(x509PublicKeyCertificate.getValue().getByteArrayValue(), str).toString();
            } catch (Exception e) {
                logger.severe(e.getMessage());
                str2 = x509PublicKeyCertificate.toString();
            }
        }
        return str2;
    }

    public static X509Certificate toX509Certificate(InputStream inputStream, String str) throws CertificateException, IOException, NoSuchProviderException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", str);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(DERUtil.streamToByteArray(inputStream));
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    public static X509Certificate toX509Certificate(byte[] bArr, String str) throws CertificateException, IOException, NoSuchProviderException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            X509Certificate x509Certificate = toX509Certificate(byteArrayInputStream, str);
            byteArrayInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    public static String getDescrKeyUsage(X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder();
        String[] strArr = {"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"};
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            for (int i = 0; i < keyUsage.length; i++) {
                if (keyUsage[i]) {
                    if (sb.length() > 0) {
                        sb.append(",");
                    }
                    if (i > strArr.length) {
                        sb.append("unknow");
                    } else {
                        sb.append(strArr[i]);
                    }
                }
            }
        }
        return sb.toString();
    }

    public static Set<X509Certificate> loadKeyStore(String str, String str2) throws Exception {
        return loadKeyStore(str, str2, "JKS");
    }

    public static Set<X509Certificate> loadKeyStore(String str, String str2, String str3) throws Exception {
        HashSet hashSet = new HashSet();
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream inputStream = null;
        try {
            InputStream fileInputStream = new File(str).exists() ? new FileInputStream(str) : X509Util.class.getClassLoader().getResourceAsStream(str);
            if (fileInputStream == null) {
                throw new Exception("resource " + str + " not found");
            }
            keyStore.load(fileInputStream, str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain != null) {
                    for (Certificate certificate : certificateChain) {
                        if (certificate != null && (certificate instanceof X509Certificate) && !hashSet.contains((X509Certificate) certificate)) {
                            hashSet.add((X509Certificate) certificate);
                        }
                    }
                }
                Certificate certificate2 = keyStore.getCertificate(nextElement);
                if (certificate2 != null && (certificate2 instanceof X509Certificate) && !hashSet.contains((X509Certificate) certificate2)) {
                    hashSet.add((X509Certificate) certificate2);
                }
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e) {
                }
            }
            return hashSet;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (Exception e2) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static X509Certificate validateChain(X509Certificate x509Certificate, Set<X509Certificate> set, String str) throws Exception {
        return validateChain(x509Certificate, set, null, str);
    }

    public static X509Certificate validateChain(X509Certificate x509Certificate, Set<X509Certificate> set, PKIXCertPathChecker pKIXCertPathChecker, String str) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", str);
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", str);
        CertPath generateCertPath = certificateFactory.generateCertPath(Arrays.asList(x509Certificate));
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (X509Certificate x509Certificate2 : set) {
            if (isSelfSigned(x509Certificate2)) {
                hashSet.add(new TrustAnchor(x509Certificate2, null));
            } else {
                hashSet2.add(x509Certificate2);
            }
        }
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setRevocationEnabled(false);
        if (pKIXCertPathChecker != null) {
            pKIXParameters.addCertPathChecker(pKIXCertPathChecker);
        }
        pKIXParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), str));
        return ((PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters)).getTrustAnchor().getTrustedCert();
    }

    public static List<X509Certificate> buildAndValidateChain(X509Certificate x509Certificate, Set<X509Certificate> set, String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (isSelfSigned(x509Certificate)) {
            throw new Exception("The certificate is self-signed.");
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (X509Certificate x509Certificate2 : set) {
            if (isSelfSigned(x509Certificate2)) {
                hashSet.add(new TrustAnchor(x509Certificate2, null));
            } else {
                hashSet2.add(x509Certificate2);
            }
        }
        hashSet2.add(x509Certificate);
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), str));
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", str).build(pKIXBuilderParameters);
        arrayList.add(pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert());
        for (Certificate certificate : pKIXCertPathBuilderResult.getCertPath().getCertificates()) {
            if (certificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) certificate);
            } else {
                arrayList.add(toX509Certificate(certificate.getEncoded(), str));
            }
        }
        return arrayList;
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }
}
