package org.glite.voms;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.ListIterator;
import java.util.Vector;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.globus.gsi.gssapi.KeyPairCache;

/* loaded from: input_file:org/glite/voms/PKIUtils.class */
public class PKIUtils {
    private static final String SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
    private static final String AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
    private static final String PROXYCERTINFO = "1.3.6.1.5.5.7.1.14";
    private static final String PROXYCERTINFO_OLD = "1.3.6.1.4.1.3536.1.222";
    private static final String BASIC_CONSTRAINTS_IDENTIFIER = "2.5.29.19";
    private static final CertificateFactory factory;
    private static final int CERT = 1;
    private static final int CRL = 2;
    private static final int keyCertSign = 5;
    private static final int digitalSignature = 0;
    private static final Pattern emailPattern = Pattern.compile("/emailaddress", 2);
    private static final Pattern uidPattern = Pattern.compile("/USERID");
    private static final Pattern basename_pattern = Pattern.compile("(.*)\\.[^\\.]*");
    private static final Logger logger = Logger.getLogger(PKIUtils.class);

    public static String getHash(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Null certificate passed to getHash()");
        }
        logger.debug("Getting hash of: " + x509Certificate.getSubjectDN().getName());
        return getHash(x509Certificate.getSubjectX500Principal());
    }

    public static String getHash(X509CRL x509crl) {
        if (x509crl != null) {
            return getHash(x509crl.getIssuerX500Principal());
        }
        throw new IllegalArgumentException("Null CRL passed to getHash()");
    }

    public static String getHash(X509Principal x509Principal) {
        if (x509Principal != null) {
            return getHash(x509Principal.getEncoded());
        }
        throw new IllegalArgumentException("Null name passed to getHash()");
    }

    public static String getHash(X500Principal x500Principal) {
        logger.debug("Examining: " + x500Principal.getName());
        if (x500Principal != null) {
            return getHash(x500Principal.getEncoded());
        }
        throw new IllegalArgumentException("Null name passed to getHash()");
    }

    public static String getHash(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("Null certificate passed to getHash()");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr);
            ByteBuffer order = ByteBuffer.wrap(messageDigest.digest()).order(ByteOrder.LITTLE_ENDIAN);
            order.rewind();
            return Integer.toHexString(order.getInt());
        } catch (NoSuchAlgorithmException e) {
            logger.fatal("NO MD5! " + e.getMessage(), e);
            throw new IllegalStateException("NO MD5! " + e.getMessage());
        }
    }

    public static String getOpenSSLFormatPrincipal(Principal principal) {
        X509Name x509Name = new X509Name(principal.getName());
        Vector oIDs = x509Name.getOIDs();
        Vector values = x509Name.getValues();
        ListIterator listIterator = oIDs.listIterator();
        ListIterator listIterator2 = values.listIterator();
        String str = new String();
        while (true) {
            String str2 = str;
            if (!listIterator.hasNext()) {
                logger.debug("SSLFormat: " + str2);
                return str2;
            }
            DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) listIterator.next();
            String str3 = (String) listIterator2.next();
            str = dERObjectIdentifier.equals(X509Name.C) ? str2 + "/C=" + str3 : dERObjectIdentifier.equals(X509Name.CN) ? str2 + "/CN=" + str3 : dERObjectIdentifier.equals(X509Name.DC) ? str2 + "/DC=" + str3 : dERObjectIdentifier.equals(X509Name.E) ? str2 + "/E=" + str3 : dERObjectIdentifier.equals(X509Name.EmailAddress) ? str2 + "/Email=" + str3 : dERObjectIdentifier.equals(X509Name.L) ? str2 + "/L=" + str3 : dERObjectIdentifier.equals(X509Name.O) ? str2 + "/O=" + str3 : dERObjectIdentifier.equals(X509Name.OU) ? str2 + "/OU=" + str3 : dERObjectIdentifier.equals(X509Name.ST) ? str2 + "/ST=" + str3 : dERObjectIdentifier.equals(X509Name.UID) ? str2 + "/UID=" + str3 : str2 + "/" + dERObjectIdentifier.toString() + "=" + str3;
        }
    }

    public static boolean DNCompare(String str, String str2) {
        return uidPattern.matcher(emailPattern.matcher(str).replaceAll("/Email")).replaceAll("/UID").equals(uidPattern.matcher(emailPattern.matcher(str2).replaceAll("/Email")).replaceAll("/UID"));
    }

    public static String getBaseName(File file) {
        Matcher matcher = basename_pattern.matcher(file.getName());
        return matcher.matches() ? matcher.group(1) : file.getName();
    }

    public static boolean selfIssued(X509Certificate x509Certificate) {
        if (logger.isDebugEnabled()) {
            logger.debug("Checking self issued for: " + x509Certificate.getSubjectDN().getName());
        }
        boolean checkIssued = checkIssued(x509Certificate, x509Certificate);
        logger.debug("SelfIssued Result " + checkIssued);
        return checkIssued;
    }

    private static BigInteger getAuthorityCertificateSerialNumber(AuthorityKeyIdentifier authorityKeyIdentifier) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(authorityKeyIdentifier.toASN1Primitive());
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            ASN1TaggedObject aSN1TaggedObject = (ASN1Primitive) aSN1Sequence.getObjectAt(i);
            if ((aSN1TaggedObject instanceof ASN1TaggedObject) && aSN1TaggedObject.getTagNo() == 2) {
                DERInteger object = aSN1TaggedObject.getObject();
                if (object instanceof DERInteger) {
                    return object.getValue();
                }
            }
        }
        return null;
    }

    private static GeneralNames getAuthorityCertIssuer(AuthorityKeyIdentifier authorityKeyIdentifier) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(authorityKeyIdentifier.toASN1Primitive());
        for (int i = 0; i < aSN1Sequence.size(); i++) {
            DERTaggedObject dERTaggedObject = (ASN1Primitive) aSN1Sequence.getObjectAt(i);
            if ((dERTaggedObject instanceof ASN1TaggedObject) && ((ASN1TaggedObject) dERTaggedObject).getTagNo() == 1) {
                return GeneralNames.getInstance(dERTaggedObject, false);
            }
        }
        return null;
    }

    private static GeneralName[] getNames(GeneralNames generalNames) {
        ASN1Sequence aSN1Primitive = generalNames.toASN1Primitive();
        Vector vector = new Vector();
        ASN1Sequence aSN1Sequence = aSN1Primitive;
        int size = aSN1Sequence.size();
        for (int i = 0; i < size; i++) {
            vector.add(GeneralName.getInstance(aSN1Sequence.getObjectAt(i)));
        }
        return (GeneralName[]) vector.toArray(new GeneralName[0]);
    }

    public static boolean checkIssued(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        X500Principal issuerX500Principal = x509Certificate2.getIssuerX500Principal();
        if (logger.isDebugEnabled()) {
            logger.debug("Is: " + x509Certificate2.getSubjectDN().getName() + " issued by " + x509Certificate.getSubjectDN().getName() + "?");
            logger.debug("Is: " + issuerX500Principal.getName() + " issued by " + subjectX500Principal.getName() + "?");
            logger.debug("Is: " + x509Certificate2.getSubjectDN().getName() + " issued by " + x509Certificate.getSubjectDN().getName());
            logger.debug("[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[");
        }
        subjectX500Principal.equals(issuerX500Principal);
        if (!subjectX500Principal.equals(issuerX500Principal)) {
            logger.debug("Check Issued failed.");
            return false;
        }
        logger.debug("================================");
        logger.debug("issuersSubject = issuedIssuer");
        AuthorityKeyIdentifier akid = getAKID(x509Certificate2);
        if (logger.isDebugEnabled()) {
            logger.debug("akid = " + akid);
        }
        if (akid != null) {
            logger.debug("Authority Key Identifier extension found in issued certificate.");
            logger.debug("Entered.");
            SubjectKeyIdentifier skid = getSKID(x509Certificate);
            if (logger.isDebugEnabled()) {
                logger.debug("sid = " + skid);
            }
            if (skid != null) {
                logger.debug("subject Key Identifier extensions found in issuer certificate.");
                logger.debug("comparing skid to akid");
                byte[] keyIdentifier = skid.getKeyIdentifier();
                if (logger.isDebugEnabled()) {
                    logger.debug("skid");
                    String str = "";
                    for (byte b : keyIdentifier) {
                        str = str + Integer.toHexString(b) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR;
                    }
                    logger.debug(str);
                }
                byte[] keyIdentifier2 = akid.getKeyIdentifier();
                if (logger.isDebugEnabled()) {
                    logger.debug("akid");
                    String str2 = "";
                    for (byte b2 : keyIdentifier2) {
                        str2 = str2 + Integer.toHexString(b2) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR;
                    }
                    logger.debug(str2);
                }
                logger.debug("skid/akid checking.");
                if (!Arrays.equals(keyIdentifier, keyIdentifier2)) {
                    return false;
                }
                logger.debug("skid/akid check passed.");
            }
        }
        logger.debug("]]]]]]]]]]]]]]]]]]]]]]]]");
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (!isCA(x509Certificate) && ((keyUsage != null && !keyUsage[0]) || !isProxy(x509Certificate2))) {
            return false;
        }
        logger.debug("CHECK ISSUED PASSED");
        return true;
    }

    public static boolean isCA(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Examining " + x509Certificate.getSubjectDN().getName());
            logger.debug("Hash: " + getHash(x509Certificate));
        }
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.15");
        if (logger.isDebugEnabled()) {
            if (extensionValue != null) {
                String str = "Real value : ";
                for (byte b : extensionValue) {
                    str = str + Integer.toHexString(b) + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR;
                }
                logger.debug(str);
            }
            try {
                DEROctetString readObject = new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject();
                logger.debug("Class = " + readObject.getClass());
                DERBitString readObject2 = new ASN1InputStream(new ByteArrayInputStream(readObject.getOctets())).readObject();
                logger.debug("Class = " + readObject2.getClass());
                logger.debug("pad bits  : " + readObject2.getPadBits());
            } catch (Exception e) {
            }
        }
        if (logger.isDebugEnabled() && keyUsage != null) {
            for (int i = 0; i < keyUsage.length; i++) {
                logger.debug("Keyusage[" + i + "] = " + keyUsage[i]);
            }
        }
        if (keyUsage != null && !keyUsage[5]) {
            logger.error("keyUsage extension present, but CertSign bit not active.");
            return false;
        }
        if (x509Certificate.getBasicConstraints() == -1) {
            logger.debug("Is CA");
            return false;
        }
        logger.debug("Is not CA");
        return true;
    }

    public static boolean isProxy(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Check for proxyness: " + x509Certificate.getSubjectDN().getName());
        }
        byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.5.5.7.1.14");
        byte[] extensionValue2 = x509Certificate.getExtensionValue("1.3.6.1.4.1.3536.1.222");
        if (extensionValue != null || extensionValue2 != null) {
            logger.debug("Proxyness confirmed.");
            return true;
        }
        String name = x509Certificate.getSubjectX500Principal().getName();
        String name2 = x509Certificate.getIssuerX500Principal().getName();
        logger.debug("ENDNAME CHECK?");
        if (!name.endsWith(name2)) {
            return false;
        }
        logger.debug("ENDNAME CHECK OK");
        String replaceFirst = name.replaceFirst(name2, "");
        logger.debug("TO CHECK: " + replaceFirst);
        if (!replaceFirst.equals("CN=proxy,") && !replaceFirst.equals("CN=limited proxy,")) {
            return false;
        }
        logger.debug("Proxyness confirmed.");
        return true;
    }

    public static AuthorityKeyIdentifier getAKID(X509Certificate x509Certificate) {
        byte[] extensionValue;
        if (x509Certificate == null || (extensionValue = x509Certificate.getExtensionValue("2.5.29.35")) == null) {
            return null;
        }
        DEROctetString dEROctetString = new DEROctetString(extensionValue);
        new X509Extension(false, dEROctetString);
        try {
            return AuthorityKeyIdentifier.getInstance(ASN1Sequence.getInstance(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(dEROctetString.getOctets())).readObject().getOctets())).readObject()));
        } catch (ClassCastException e) {
            throw new IllegalArgumentException("Erroneous encoding in Authority Key Identifier " + e.getMessage());
        } catch (Exception e2) {
            throw new IllegalArgumentException("While extracting Authority Key Identifier " + e2.getMessage());
        }
    }

    public static SubjectKeyIdentifier getSKID(X509Certificate x509Certificate) {
        byte[] extensionValue;
        if (x509Certificate == null || (extensionValue = x509Certificate.getExtensionValue("2.5.29.14")) == null) {
            return null;
        }
        try {
            return SubjectKeyIdentifier.getInstance(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject());
        } catch (Exception e) {
            throw new IllegalArgumentException("While extracting Subject Key Identifier " + e.getMessage());
        }
    }

    public static BasicConstraints getBasicConstraints(X509Certificate x509Certificate) {
        byte[] extensionValue;
        if (x509Certificate == null || (extensionValue = x509Certificate.getExtensionValue("2.5.29.19")) == null) {
            return null;
        }
        try {
            return BasicConstraints.getInstance(ASN1Sequence.getInstance(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()));
        } catch (Exception e) {
            throw new IllegalArgumentException("While extracting Subject Key Identifier " + e.getMessage());
        }
    }

    public static X509Certificate[] loadCertificates(String str) throws CertificateException {
        return loadCertificates(new File(str));
    }

    public static X509Certificate[] loadCertificates(File file) throws CertificateException {
        X509Certificate[] x509CertificateArr;
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            try {
                x509CertificateArr = loadCertificates(bufferedInputStream);
                try {
                    bufferedInputStream.close();
                } catch (IOException e) {
                    logger.error("While closing: " + file.getName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + e.getMessage());
                }
            } catch (IOException e2) {
                x509CertificateArr = null;
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    logger.error("While closing: " + file.getName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + e3.getMessage());
                }
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e4) {
                    logger.error("While closing: " + file.getName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + e4.getMessage());
                }
                throw th;
            }
            return x509CertificateArr;
        } catch (FileNotFoundException e5) {
            throw new IllegalArgumentException("Cannot find file " + file.getName());
        }
    }

    private static X509Certificate[] loadCertificates(BufferedInputStream bufferedInputStream) throws CertificateException, IOException {
        Vector vector = new Vector();
        while (true) {
            int skipToCertBeginning = skipToCertBeginning(bufferedInputStream);
            if (skipToCertBeginning == -1) {
                return (X509Certificate[]) vector.toArray(new X509Certificate[0]);
            }
            if (skipToCertBeginning == 1) {
                vector.add(factory.generateCertificate(bufferedInputStream));
            }
        }
    }

    public static X509CRL loadCRL(String str) throws CRLException {
        return loadCRL(new File(str));
    }

    public static X509CRL loadCRL(File file) throws CRLException {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            try {
                try {
                    return loadCRL(bufferedInputStream);
                } catch (IOException e) {
                    throw new IllegalArgumentException("Cannot load CRL from file: " + file.getName() + " cause: " + e.getMessage());
                }
            } finally {
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e2) {
                        logger.error("While closing: " + file.getName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + e2.getMessage());
                    }
                }
            }
        } catch (FileNotFoundException e3) {
            throw new IllegalArgumentException("Cannot find file " + file.getName());
        }
    }

    private static X509CRL loadCRL(BufferedInputStream bufferedInputStream) throws CRLException, IOException {
        X509CRL x509crl = null;
        if (skipToCertBeginning(bufferedInputStream) == 2) {
            x509crl = (X509CRL) factory.generateCRL(bufferedInputStream);
        }
        return x509crl;
    }

    public static Object readObject(File file) throws IOException, CertificateException, CRLException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
        try {
            switch (skipToCertBeginning(bufferedInputStream)) {
                case 1:
                    Vector vector = new Vector(Arrays.asList(loadCertificates(bufferedInputStream)));
                    bufferedInputStream.close();
                    BufferedInputStream bufferedInputStream2 = null;
                    if (0 != 0) {
                        bufferedInputStream2.close();
                    }
                    return vector;
                case 2:
                    X509CRL loadCRL = loadCRL(bufferedInputStream);
                    bufferedInputStream.close();
                    BufferedInputStream bufferedInputStream3 = null;
                    if (0 != 0) {
                        bufferedInputStream3.close();
                    }
                    return loadCRL;
                default:
                    return null;
            }
        } finally {
            if (bufferedInputStream != null) {
                bufferedInputStream.close();
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0061, code lost:
    
        if (r11 != (-1)) goto L12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x006f, code lost:
    
        if (r0.charAt(r11 - 1) != '-') goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0074, code lost:
    
        if (r11 <= 0) goto L36;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0077, code lost:
    
        r11 = r11 - 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x007c, code lost:
    
        if (r11 != 0) goto L39;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0082, code lost:
    
        r6.reset();
        r6.skip(r11);
        r6.mark(10000);
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0096, code lost:
    
        return 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x00a2, code lost:
    
        if (r0.charAt(r12 - 1) != '-') goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x00a7, code lost:
    
        if (r12 <= 0) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x00aa, code lost:
    
        r12 = r12 - 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00af, code lost:
    
        if (r12 != 0) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00b5, code lost:
    
        r6.reset();
        r6.skip(r12);
        r6.mark(10000);
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x00c9, code lost:
    
        return 2;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int skipToCertBeginning(java.io.BufferedInputStream r6) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 207
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.glite.voms.PKIUtils.skipToCertBeginning(java.io.BufferedInputStream):int");
    }

    static {
        if (Security.getProvider(KeyPairCache.DEFAULT_PROVIDER) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            factory = CertificateFactory.getInstance("X.509", KeyPairCache.DEFAULT_PROVIDER);
        } catch (NoSuchProviderException e) {
            throw new ExceptionInInitializerError("Cannot find BouncyCastle provider: " + e.getMessage());
        } catch (CertificateException e2) {
            throw new ExceptionInInitializerError("X.509 Certificates unsupported. " + e2.getMessage());
        }
    }
}
