package org.adullact.iparapheur.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import org.apache.commons.ssl.KeyMaterial;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.cert.X509CertificateHolder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/adullact/iparapheur/util/X509Util.class */
public class X509Util {
    public static final String beginString = "-----BEGIN CERTIFICATE-----";
    public static final String endString = "-----END CERTIFICATE-----";
    private static final Logger logger = Logger.getLogger(X509Util.class);
    public static final String CERT_POLICY_EXTENSION_OID = "2.5.29.32";
    public static final String MIMETYPE_X509_CA_CERT = "application/x-x509-ca-cert";

    public static Map<String, String> getPolicyProperties(X509Certificate x509Certificate) {
        byte[] extensionValue;
        HashMap hashMap = new HashMap();
        if (x509Certificate != null && (extensionValue = x509Certificate.getExtensionValue(CERT_POLICY_EXTENSION_OID)) != null) {
            try {
                ASN1Sequence fromByteArray = ASN1Sequence.fromByteArray(ASN1Object.fromByteArray(extensionValue).getOctets());
                int size = fromByteArray.size();
                for (int i = 0; i < size; i++) {
                    PolicyInformation policyInformation = PolicyInformation.getInstance(fromByteArray.getObjectAt(i));
                    hashMap.put("pPolicyIdentifierID", policyInformation.getPolicyIdentifier().getId());
                    ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
                    if (policyQualifiers != null) {
                        int size2 = policyQualifiers.size();
                        for (int i2 = 0; i2 < size2; i2++) {
                            ASN1Sequence objectAt = policyQualifiers.getObjectAt(i2);
                            String id = objectAt.getObjectAt(0).getId();
                            DERString objectAt2 = objectAt.getObjectAt(1);
                            if (id.equals("1.3.6.1.5.5.7.2.1")) {
                                hashMap.put("pSPURI", objectAt2.getString());
                            } else if (id.equals("1.3.6.1.5.5.7.2.2")) {
                                ASN1Sequence aSN1Sequence = (ASN1Sequence) objectAt2;
                                int size3 = aSN1Sequence.size();
                                for (int i3 = 0; i3 < size3; i3++) {
                                    hashMap.put("pPolicyIdentifierDescription", aSN1Sequence.getObjectAt(i3).getString());
                                }
                            }
                        }
                    }
                }
            } catch (IOException e) {
                logger.error("Error getting policy properties from certificate", e);
            }
            return hashMap;
        }
        return hashMap;
    }

    public static Map<String, String> getUsefulCertProps(X509CertificateHolder x509CertificateHolder) {
        HashMap hashMap = new HashMap();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd MMM yyyy 'à' HH:mm", Locale.FRENCH);
        hashMap.put("issuer_name", extractCNIssuer(x509CertificateHolder.getIssuer().toString()));
        String x500Name = x509CertificateHolder.getSubject().toString();
        if (logger.isDebugEnabled()) {
            logger.debug("X509Util::getUsefulCertProps subjectDN=" + x500Name);
        }
        hashMap.put("subject_name", extractCN(x500Name));
        String extractE = extractE(x500Name);
        if ("_inconnu_".equals(extractE)) {
            hashMap.put("email", extractEmail(x500Name));
        } else {
            hashMap.put("email", extractE);
        }
        hashMap.put("organization", extractO(x500Name));
        hashMap.put("title", extractT(x500Name));
        hashMap.put("certificate_valid_from", simpleDateFormat.format(x509CertificateHolder.getNotBefore()));
        hashMap.put("certificate_valid_to", simpleDateFormat.format(x509CertificateHolder.getNotAfter()));
        return hashMap;
    }

    public static Map<String, String> getUsefulCertProps(X509Certificate x509Certificate) {
        HashMap hashMap = new HashMap();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd MMM yyyy 'à' HH:mm", Locale.FRENCH);
        hashMap.put("issuer_name", extractCNIssuer(x509Certificate.getIssuerX500Principal().getName()));
        String x500Principal = x509Certificate.getSubjectX500Principal().toString();
        if (logger.isDebugEnabled()) {
            logger.debug("X509Util::getUsefulCertProps subjectDN=" + x500Principal);
        }
        HashMap<String, String> dnTokenizer = dnTokenizer(x500Principal);
        if (dnTokenizer.containsKey("CN")) {
            hashMap.put("subject_name", dnTokenizer.get("CN"));
        } else {
            hashMap.put("subject_name", extractCN(x500Principal));
        }
        if (dnTokenizer.containsKey("EMAILADDRESS")) {
            hashMap.put("email", dnTokenizer.get("EMAILADDRESS"));
        } else {
            hashMap.put("email", extractEmail(x500Principal));
        }
        if (dnTokenizer.containsKey("O")) {
            hashMap.put("organization", dnTokenizer.get("O"));
        } else {
            hashMap.put("organization", extractO(x500Principal));
        }
        if (dnTokenizer.containsKey("T")) {
            hashMap.put("title", dnTokenizer.get("T"));
        } else {
            hashMap.put("title", extractT(x500Principal));
        }
        hashMap.put("certificate_valid_from", simpleDateFormat.format(x509Certificate.getNotBefore()));
        hashMap.put("certificate_valid_to", simpleDateFormat.format(x509Certificate.getNotAfter()));
        return hashMap;
    }

    private static HashMap<String, String> dnTokenizer(String str) {
        HashMap<String, String> hashMap = new HashMap<>();
        int i = 0;
        String str2 = "";
        String[] strArr = new String[2];
        boolean z = false;
        while (i < str.length()) {
            if (str.charAt(i) == '=') {
                strArr[0] = str2;
                str2 = "";
                i++;
            } else if (str.charAt(i) == '\"') {
                z = !z;
                i++;
            } else if (i + 1 < str.length() && str.charAt(i) == '\\' && str.charAt(i + 1) == ',') {
                i += 2;
                str2 = str2 + ",";
            } else if (z || str.charAt(i) != ',') {
                str2 = str2 + str.charAt(i);
                i++;
            } else {
                strArr[1] = str2;
                hashMap.put(strArr[0], strArr[1]);
                strArr = new String[2];
                str2 = "";
                do {
                    i++;
                } while (str.charAt(i) == ' ');
            }
        }
        if (str2.length() > 0) {
            strArr[1] = str2;
            hashMap.put(strArr[0], strArr[1]);
        }
        return hashMap;
    }

    public static String extractCN(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("extractCN: [" + str + "], length=" + str.length());
        }
        if (str == null || str.length() < 4) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("CN=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 3;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static String extractCNIssuer(String str) {
        if (str == null || str.length() < 4) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("CN=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 3;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static String extractO(String str) {
        if (str == null || str.length() < 3) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("O=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 2;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static String extractT(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("extractT: [" + str + "], length=" + str.length());
        }
        if (str == null || str.length() < 3) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("T=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 2;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static String extractE(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("extractE: [" + str + "], length=" + str.length());
        }
        if (str == null || str.length() < 3) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("E=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 2;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static String extractEmail(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("extractEmail: [" + str + "], length=" + str.length());
        }
        if (str == null || str.length() < 4) {
            return "_inconnu_";
        }
        int indexOf = str.indexOf("EMAILADDRESS=");
        if (indexOf < 0) {
            return "_inconnu_";
        }
        int i = indexOf + 13;
        int indexOf2 = str.indexOf(",", i);
        return indexOf2 == -1 ? str.substring(i).trim() : indexOf2 - 1 < 0 ? "_inconnu_" : str.substring(i, indexOf2).trim();
    }

    public static X509Certificate getX509CertificateFromString(String str) {
        X509Certificate x509Certificate = null;
        if (str != null && !str.trim().isEmpty()) {
            try {
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream((str.contains(beginString) ? str.substring(str.indexOf(beginString), str.indexOf(endString) + endString.length()) : str).getBytes()));
                if (generateCertificates != null && generateCertificates.size() > 0) {
                    x509Certificate = (X509Certificate) generateCertificates.toArray()[0];
                }
            } catch (CertificateException e) {
            }
        }
        return x509Certificate;
    }

    public static String getUniqueId(X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            return x509Certificate.getSerialNumber().toString() + "/" + x509Certificate.getIssuerDN().toString();
        }
        return null;
    }

    @NotNull
    public static String checkPasswordForCertificate(@Nullable InputStream inputStream, @NotNull String str) {
        String str2 = "ko";
        if (inputStream == null) {
            logger.error("No certificate found");
            return str2;
        }
        try {
            KeyMaterial keyMaterial = new KeyMaterial(inputStream, str.toCharArray());
            if (keyMaterial == null) {
                logger.error("No certificate found, KeyMaterial for certificate', '" + str + "') is null.");
            } else if (keyMaterial.getKeyStore() != null) {
                ArrayList list = Collections.list(keyMaterial.getKeyStore().aliases());
                if (list.isEmpty()) {
                    logger.error("No certificate found, km.getCertificates() for ('" + str + "') is empty.");
                } else {
                    str2 = "ok";
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) keyMaterial.getKeyStore().getCertificate((String) it.next());
                        try {
                            x509Certificate.checkValidity();
                        } catch (CertificateExpiredException e) {
                            logger.error("Open PKCS#12 impossible, CertificateExpiredException " + e.getLocalizedMessage());
                            str2 = "ex";
                        } catch (CertificateNotYetValidException e2) {
                            logger.error("Open PKCS#12 impossible, CertificateNotYetValidException " + e2.getLocalizedMessage());
                            str2 = "ex";
                        }
                        str2 = str2 + new SimpleDateFormat("E dd MMM yyyy 'à' HH:mm", Locale.FRENCH).format(x509Certificate.getNotAfter());
                    }
                    logger.info("Cert is good !, sending to display '" + str2 + "'");
                }
            } else {
                logger.error("No certificate found, as KeyMaterial for ('" + str + "') has no keystore.");
            }
        } catch (IOException e3) {
            logger.error("Open PKCS#12 impossible, IOException", e3);
        } catch (KeyStoreException e4) {
            logger.error("Open PKCS#12 impossible, KeyStoreException");
        } catch (NoSuchAlgorithmException e5) {
            logger.error("Open PKCS#12 impossible, NoSuchAlgorithmException");
        } catch (UnrecoverableKeyException e6) {
            logger.error("Open PKCS#12 impossible, UnrecoverableKeyException");
        } catch (CertificateExpiredException e7) {
            logger.error("Open PKCS#12 impossible, CertificateExpiredException " + e7.getLocalizedMessage());
            str2 = "expire";
        } catch (CertificateNotYetValidException e8) {
            logger.error("Open PKCS#12 impossible, CertificateNotYetValidException " + e8.getLocalizedMessage());
            str2 = "expire";
        } catch (CertificateException e9) {
            logger.error("Open PKCS#12 impossible, CertificateException");
        } catch (Exception e10) {
            logger.error("Open PKCS#12 impossible, GenericException " + e10.getLocalizedMessage(), e10);
        }
        return str2;
    }
}
