package be.fedict.eidviewer.lib;

import be.fedict.trust.client.TrustServiceDomains;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:be/fedict/eidviewer/lib/X509Utilities.class */
public class X509Utilities {
    private static final int CONSTRAINT_DIGITALSIGNATURE = 0;
    private static final int CONSTRAINT_NONREPUDIATION = 1;
    private static final Logger logger = Logger.getLogger(X509Utilities.class.getName());
    private static final List<String> keyUsageStringNames = new ArrayList(9);

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN());
    }

    public static boolean isCertificateAuthority(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() != -1 && isSelfSigned(x509Certificate);
    }

    public static String getCN(X509Certificate x509Certificate) {
        for (String str : x509Certificate.getSubjectDN().getName().split("\\s*,\\s*")) {
            String[] split = str.trim().split("=");
            if (split.length == 2 && split[0].equalsIgnoreCase("CN")) {
                return split[1].trim();
            }
        }
        return null;
    }

    public static String getHumanReadableName(X509Certificate x509Certificate) {
        String cn = getCN(x509Certificate);
        ResourceBundle bundle = ResourceBundle.getBundle("be/fedict/eidviewer/lib/resources/X509Utilities");
        if (bundle != null) {
            try {
                return bundle.getString(cn);
            } catch (MissingResourceException e) {
            }
        }
        return cn;
    }

    public static List<String> getKeyUsageStrings(ResourceBundle resourceBundle, boolean[] zArr) {
        ArrayList arrayList = new ArrayList(9);
        for (int i = 0; i < zArr.length; i++) {
            if (zArr[i]) {
                arrayList.add(resourceBundle.getString(keyUsageStringNames.get(i)));
            }
        }
        return arrayList;
    }

    public static boolean hasDigitalSignatureConstraint(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage()[0];
    }

    public static boolean hasNonRepudiationConstraint(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage()[1];
    }

    public static void setCertificateChainsFromCertificates(EidData eidData, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, X509Certificate x509Certificate4, X509Certificate x509Certificate5) {
        if (x509Certificate == null || x509Certificate2 == null) {
            return;
        }
        if (x509Certificate3 != null) {
            logger.fine("Setting Authentication Certificate Chain");
            LinkedList linkedList = new LinkedList();
            linkedList.add(x509Certificate3);
            linkedList.add(x509Certificate2);
            linkedList.add(x509Certificate);
            eidData.setAuthCertChain(new X509CertificateChainAndTrust(TrustServiceDomains.BELGIAN_EID_AUTH_TRUST_DOMAIN, linkedList));
        }
        if (x509Certificate4 != null) {
            logger.fine("Setting Signing Certificate Chain");
            LinkedList linkedList2 = new LinkedList();
            linkedList2.add(x509Certificate4);
            linkedList2.add(x509Certificate2);
            linkedList2.add(x509Certificate);
            eidData.setSignCertChain(new X509CertificateChainAndTrust(TrustServiceDomains.BELGIAN_EID_NON_REPUDIATION_TRUST_DOMAIN, linkedList2));
        }
        if (x509Certificate5 != null) {
            logger.fine("Setting RRN Certificate Chain");
            LinkedList linkedList3 = new LinkedList();
            linkedList3.add(x509Certificate5);
            linkedList3.add(x509Certificate);
            eidData.setRRNCertChain(new X509CertificateChainAndTrust(TrustServiceDomains.BELGIAN_EID_NATIONAL_REGISTRY_TRUST_DOMAIN, linkedList3));
        }
    }

    public static boolean isValidSignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            if (bArr2 != null) {
                signature.update(bArr2);
            }
            return signature.verify(bArr3);
        } catch (SignatureException e) {
            try {
                Signature signature2 = Signature.getInstance("SHA256withRSA");
                signature2.initVerify(x509Certificate);
                signature2.update(bArr);
                if (bArr2 != null) {
                    signature2.update(bArr2);
                }
                return signature2.verify(bArr3);
            } catch (Exception e2) {
                return false;
            }
        } catch (Exception e3) {
            return false;
        }
    }

    public static boolean isValidSignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) {
        return isValidSignature(x509Certificate, bArr, null, bArr2);
    }

    public static void certificateToDERFile(X509Certificate x509Certificate, File file) throws CertificateEncodingException, IOException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(x509Certificate.getEncoded());
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    public static void certificateToPEMFile(X509Certificate x509Certificate, File file) throws CertificateEncodingException, IOException {
        PEMWriter pEMWriter = null;
        try {
            pEMWriter = new PEMWriter(new OutputStreamWriter(new FileOutputStream(file)));
            pEMWriter.writeObject(x509Certificate);
            if (pEMWriter != null) {
                pEMWriter.close();
            }
        } catch (Throwable th) {
            if (pEMWriter != null) {
                pEMWriter.close();
            }
            throw th;
        }
    }

    public static void certificateChainToPEMFile(List<X509Certificate> list, File file) throws IOException {
        PEMWriter pEMWriter = null;
        try {
            pEMWriter = new PEMWriter(new OutputStreamWriter(new FileOutputStream(file)));
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                pEMWriter.writeObject(it.next());
            }
            if (pEMWriter != null) {
                pEMWriter.close();
            }
        } catch (Throwable th) {
            if (pEMWriter != null) {
                pEMWriter.close();
            }
            throw th;
        }
    }

    public static String eidBase64Encode(byte[] bArr) {
        return new String(new Base64(60, new byte[]{32}, false).encode(bArr)).trim();
    }

    public static String X509CertToBase64String(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return eidBase64Encode(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            return null;
        }
    }

    static {
        keyUsageStringNames.add("constraint_digitalSignature");
        keyUsageStringNames.add("constraint_nonRepudiation");
        keyUsageStringNames.add("constraint_keyEncipherment");
        keyUsageStringNames.add("constraint_dataEncipherment");
        keyUsageStringNames.add("constraint_keyAgreement");
        keyUsageStringNames.add("constraint_keyCertSign");
        keyUsageStringNames.add("constraint_cRLSignKey");
        keyUsageStringNames.add("constraint_encipherOnly");
        keyUsageStringNames.add("constraint_decipherOnly");
    }
}
