package iaik.pki.utils;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.store.certinfo.CertInfo;
import iaik.pki.store.certinfo.CertInfoStore;
import iaik.pki.store.certinfo.CertInfoStoreException;
import iaik.pki.store.certinfo.CertIssuer;
import iaik.utils.Util;
import iaik.x509.V3Extension;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.AuthorityKeyIdentifier;
import iaik.x509.extensions.SubjectAltName;
import iaik.x509.extensions.SubjectKeyIdentifier;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/utils/CertUtil.class */
public class CertUtil {
    protected static Log log_ = LogFactory.getLog(Constants.MODULE_NAME);
    private static final int A = 65521;
    private static final int B = 3854;

    private CertUtil() {
    }

    public static X509Certificate makeIaikCertificate(java.security.cert.X509Certificate x509Certificate) {
        if (x509Certificate instanceof X509Certificate) {
            return (X509Certificate) x509Certificate;
        }
        try {
            return new X509Certificate(x509Certificate.getEncoded());
        } catch (CertificateException e) {
            throw new RuntimeException("Could not parse certificate: " + e.getMessage());
        }
    }

    public static X509CRL makeIaikCRL(java.security.cert.X509CRL x509crl) {
        if (x509crl instanceof X509CRL) {
            return (X509CRL) x509crl;
        }
        try {
            return new X509CRL(x509crl.getEncoded());
        } catch (CRLException e) {
            throw new RuntimeException("Could not parse certificate" + e.getMessage());
        }
    }

    public static byte[] getCertId(java.security.cert.X509Certificate x509Certificate) {
        return makeIaikCertificate(x509Certificate).getFingerprintSHA();
    }

    public static byte[] getCRLId(java.security.cert.X509CRL x509crl) {
        return makeIaikCRL(x509crl).getFingerprintSHA();
    }

    public static Name getSubjectDN(java.security.cert.X509Certificate x509Certificate) {
        return (Name) makeIaikCertificate(x509Certificate).getSubjectDN();
    }

    public static Enumeration<?> getIssuerDNs(java.security.cert.X509CRL x509crl) {
        return makeIaikCRL(x509crl).getIssuerDNs();
    }

    public static Collection<String> getEmailAddresses(java.security.cert.X509Certificate x509Certificate) {
        X509Certificate makeIaikCertificate = makeIaikCertificate(x509Certificate);
        HashSet hashSet = new HashSet();
        String[] rDNs = ((Name) makeIaikCertificate.getSubjectDN()).getRDNs(ObjectID.emailAddress);
        if (rDNs != null) {
            for (String str : rDNs) {
                hashSet.add(str.toLowerCase().trim());
            }
        }
        try {
            Enumeration names = ((SubjectAltName) makeIaikCertificate.getExtension(SubjectAltName.oid)).getGeneralNames().getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 1) {
                    hashSet.add(((String) generalName.getName()).toLowerCase().trim());
                }
            }
        } catch (Exception e) {
        }
        return hashSet;
    }

    public static byte[] toUTF8(String str) {
        try {
            return str.getBytes("UTF8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("UTF8 encoding not found" + e.getMessage());
        }
    }

    public static String toString(int i) {
        return Util.toString(i);
    }

    public static int hashCode(byte[] bArr) {
        int length = bArr.length;
        int length2 = bArr.length >= 48 ? 48 : bArr.length;
        for (int i = 0; i < length2; i++) {
            length = ((length << 7) | (length >>> 25)) ^ (bArr[i] & 255);
        }
        return length;
    }

    public static int adler32(byte[] bArr, int i, int i2) {
        int i3 = 1;
        int i4 = 0;
        while (i2 > 0) {
            int i5 = i2 <= B ? i2 : B;
            for (int i6 = 0; i6 < i5; i6++) {
                i3 += bArr[i + i6] & 255;
                i4 += i3;
            }
            i3 %= A;
            i4 %= A;
            i2 -= i5;
            i += i5;
        }
        return (i4 << 16) | i3;
    }

    public static byte[] readStream(InputStream inputStream) throws IOException {
        return Util.readStream(inputStream);
    }

    public static V3Extension getExtension(X509Certificate x509Certificate, ObjectID objectID) {
        try {
            return x509Certificate.getExtension(objectID);
        } catch (X509ExtensionInitException e) {
            return null;
        }
    }

    public static String getURL(GeneralNames generalNames) {
        if (generalNames == null) {
            return null;
        }
        Enumeration names = generalNames.getNames();
        while (names.hasMoreElements()) {
            GeneralName generalName = (GeneralName) names.nextElement();
            if (generalName.getType() == 6) {
                return (String) generalName.getName();
            }
        }
        return null;
    }

    public static List<String> getURLs(GeneralNames generalNames) {
        ArrayList arrayList = new ArrayList();
        if (generalNames != null) {
            Enumeration names = generalNames.getNames();
            while (names.hasMoreElements()) {
                GeneralName generalName = (GeneralName) names.nextElement();
                if (generalName.getType() == 6) {
                    String str = (String) generalName.getName();
                    if (!arrayList.contains(str)) {
                        arrayList.add(str);
                    }
                }
            }
        }
        return arrayList;
    }

    public static Name getName(GeneralNames generalNames) {
        if (generalNames == null) {
            return null;
        }
        Enumeration names = generalNames.getNames();
        while (names.hasMoreElements()) {
            GeneralName generalName = (GeneralName) names.nextElement();
            if (generalName.getType() == 4) {
                return (Name) generalName.getName();
            }
        }
        return null;
    }

    public static String getFingerPrintSHA(X509Certificate x509Certificate) {
        byte[] fingerprintSHA = x509Certificate.getFingerprintSHA();
        return Util.toString(fingerprintSHA, 0, fingerprintSHA.length, "");
    }

    public static boolean checkIssuer(X509Certificate x509Certificate, X509Certificate x509Certificate2, boolean z, Date date, TransactionId transactionId) {
        if (log_.isDebugEnabled()) {
            log_.debug(transactionId, "Checking " + (date == null ? "" : "validity and") + " key id for issuer \"" + x509Certificate.getSubjectDN() + " (serial number: " + x509Certificate.getSerialNumber() + ")\".", null);
        }
        if ((date == null ? 0 : checkValidity(x509Certificate, date, transactionId)) != 0) {
            return false;
        }
        try {
            AuthorityKeyIdentifier authorityKeyIdentifier = (AuthorityKeyIdentifier) x509Certificate2.getExtension(AuthorityKeyIdentifier.oid);
            if (authorityKeyIdentifier == null) {
                if (z) {
                    log_.debug(transactionId, "No AuthorityKeyIdentifier included, but certificate is self issued.", null);
                    return true;
                }
                log_.debug(transactionId, "Cert chaining invalid, no AuthorityKeyidentifier included.", null);
                return false;
            }
            byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
            if (keyIdentifier != null) {
                SubjectKeyIdentifier subjectKeyIdentifier = (SubjectKeyIdentifier) x509Certificate.getExtension(SubjectKeyIdentifier.oid);
                if (subjectKeyIdentifier == null) {
                    log_.debug(transactionId, "Could not compare key identifiers. No SubjectKeyidentifier included in issuer certificate.", null);
                    return false;
                }
                if (Arrays.equals(keyIdentifier, subjectKeyIdentifier.get())) {
                    log_.debug(transactionId, "Key Identifiers match.", null);
                    return true;
                }
                log_.debug(transactionId, "Cert chaining invalid, key identifiers don't match.", null);
                return false;
            }
            GeneralName[] names = authorityKeyIdentifier.getAuthorityCertIssuer().getNames(4);
            if (names == null) {
                log_.debug(transactionId, "Neither a KeyIdentifier nor a AuthorityCertIssuer included in AuthorityKeyIdentifier extension.", null);
                return false;
            }
            if (names.length != 1) {
                log_.debug(transactionId, "More than one Directory Name included in AuthorityCertIssuer of AuthorityKeyIdentifier extension.", null);
                return false;
            }
            try {
                try {
                    if (!NameUtils.getNormalizedName((Name) names[0].getName()).equals(NameUtils.getNormalizedName((Name) x509Certificate.getSubjectDN()))) {
                        log_.debug(transactionId, "AuthorityCertIssuer in AuthorityKeyIdentifier of certificate does not match SubjectDN of issuer certificate.", null);
                        return false;
                    }
                    BigInteger authorityCertSerialNumber = authorityKeyIdentifier.getAuthorityCertSerialNumber();
                    if (authorityCertSerialNumber == null) {
                        log_.debug(transactionId, "AuthorityCertIssuer but no AuthorityCertSerialNumber included in AuthorityKeyIdentifier extension.", null);
                        return false;
                    }
                    if (authorityCertSerialNumber.equals(x509Certificate.getSerialNumber())) {
                        log_.debug(transactionId, "AuthorityCertIssuer and AuthorityCertSerialNumber in AuthorityKeyIdentifier of certificate match SubjectDN and serial number of issuer certificate.", null);
                        return true;
                    }
                    log_.debug(transactionId, "AuthorityCertSerialNumber in AuthorityKeyIdentifier of certificate does not match serial number of issuer certificate.", null);
                    return false;
                } catch (UtilsException e) {
                    log_.debug(transactionId, "Could not compare AuthorityCertIssuer in AuthorityKeyIdentifier extension of certificate with SubjectDN of issuer certificate.", null);
                    return false;
                }
            } catch (ClassCastException e2) {
                log_.debug(transactionId, "AuthorityCertIssuer in AuthorityKeyIdentifier extension is not a Directory Name.", null);
                return false;
            }
        } catch (X509ExtensionInitException e3) {
            log_.info(transactionId, "CertIssuer: exception parsing extensions", e3);
            return false;
        }
    }

    public static Set<CertIssuer> checkIssuers(CertInfo[] certInfoArr, X509Certificate x509Certificate, boolean z, CertInfoStore certInfoStore, Date date, TransactionId transactionId) {
        HashSet hashSet = new HashSet();
        for (CertInfo certInfo : certInfoArr) {
            CertIssuer checkIssuer = checkIssuer(certInfo, x509Certificate, z, certInfoStore, date, transactionId);
            if (checkIssuer != null) {
                hashSet.add(checkIssuer);
            }
        }
        return hashSet;
    }

    public static CertIssuer checkIssuer(CertInfo certInfo, X509Certificate x509Certificate, boolean z, CertInfoStore certInfoStore, Date date, TransactionId transactionId) {
        CertIssuer certIssuer = null;
        try {
            if (checkIssuer(certInfo.getCertificate(transactionId), x509Certificate, z, date, transactionId)) {
                certIssuer = certInfoStore.createCertIssuer(certInfo, 1, transactionId);
                certIssuer.setStatus(2);
            }
        } catch (CertInfoStoreException e) {
        }
        return certIssuer;
    }

    public static Set<CertIssuer> checkIssuers(Set<CertIssuer> set, X509Certificate x509Certificate, boolean z, Date date, TransactionId transactionId) {
        HashSet hashSet = new HashSet();
        for (CertIssuer certIssuer : set) {
            try {
                if (checkIssuer(certIssuer.getCertificate(transactionId), x509Certificate, z, date, transactionId)) {
                    certIssuer.setStatus(2);
                    hashSet.add(certIssuer);
                }
            } catch (CertInfoStoreException e) {
            }
        }
        return hashSet;
    }

    public static int checkValidity(java.security.cert.X509Certificate x509Certificate, Date date, TransactionId transactionId) {
        try {
            x509Certificate.checkValidity(date);
            log_.debug(transactionId, "Certificate valid at " + date + ".", null);
            return 0;
        } catch (CertificateExpiredException e) {
            log_.debug(transactionId, "Certificate expired.", null);
            return -1;
        } catch (CertificateNotYetValidException e2) {
            log_.debug(transactionId, "Certificate not yet valid.", null);
            return 1;
        }
    }

    public static boolean checkPKIXChainNaming(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws UtilsException {
        return NameUtils.getNormalizedName((Name) x509Certificate.getSubjectDN()).equals(NameUtils.getNormalizedName((Name) x509Certificate2.getIssuerDN()));
    }
}
