package io.mosip.kernel.partnercertservice.util;

import io.mosip.kernel.core.keymanager.model.CertificateParameters;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.keymanagerservice.entity.CACertificateStore;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import io.mosip.kernel.partnercertservice.constant.PartnerCertManagerConstants;
import io.mosip.kernel.partnercertservice.constant.PartnerCertManagerErrorConstants;
import io.mosip.kernel.partnercertservice.exception.PartnerCertManagerException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;

/* loaded from: input_file:io/mosip/kernel/partnercertservice/util/PartnerCertificateManagerUtil.class */
public class PartnerCertificateManagerUtil {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(PartnerCertificateManagerUtil.class);

    public static boolean isSelfSignedCertificate(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            LOGGER.info(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.UPLOAD_CA_CERT, PartnerCertManagerConstants.PCM_UTIL, "Ignore this exception, the exception thrown when signature validation failed.");
            return false;
        }
    }

    public static String formatCertificateDN(String str) {
        X500Name x500Name = new X500Name(str);
        StringBuilder sb = new StringBuilder();
        sb.append(getAttributeIfExist(x500Name, BCStyle.CN));
        sb.append(getAttributeIfExist(x500Name, BCStyle.OU));
        sb.append(getAttributeIfExist(x500Name, BCStyle.O));
        sb.append(getAttributeIfExist(x500Name, BCStyle.L));
        sb.append(getAttributeIfExist(x500Name, BCStyle.ST));
        sb.append(getAttributeIfExist(x500Name, BCStyle.C));
        return (sb.length() <= 0 || !sb.toString().endsWith(PartnerCertManagerConstants.COMMA)) ? sb.toString() : sb.substring(0, sb.length() - 1);
    }

    private static String getAttributeIfExist(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        return rDNs.length == 0 ? "" : BCStyle.INSTANCE.oidToDisplayName(aSN1ObjectIdentifier) + "=" + IETFUtils.valueToString(rDNs[0].getFirst().getValue()) + ",";
    }

    public static String getCertificateThumbprint(X509Certificate x509Certificate) {
        try {
            return DigestUtils.sha1Hex(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            LOGGER.error(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.UPLOAD_CA_CERT, PartnerCertManagerConstants.PCM_UTIL, "Error generating certificate thumbprint.");
            throw new PartnerCertManagerException(PartnerCertManagerErrorConstants.CERTIFICATE_THUMBPRINT_ERROR.getErrorCode(), PartnerCertManagerErrorConstants.CERTIFICATE_THUMBPRINT_ERROR.getErrorMessage());
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.time.ZonedDateTime] */
    public static boolean isCertificateDatesValid(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity(Date.from(DateUtils.getUTCCurrentDateTime().atZone(ZoneId.systemDefault()).toInstant()));
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            LOGGER.info(PartnerCertManagerConstants.SESSIONID, PartnerCertManagerConstants.UPLOAD_CA_CERT, PartnerCertManagerConstants.PCM_UTIL, "Ignore this exception, the exception thrown when signature validation failed.");
            return false;
        }
    }

    public static boolean isValidTimestamp(LocalDateTime localDateTime, CACertificateStore cACertificateStore) {
        return localDateTime.isEqual(cACertificateStore.getCertNotBefore()) || localDateTime.isEqual(cACertificateStore.getCertNotAfter()) || (localDateTime.isAfter(cACertificateStore.getCertNotBefore()) && localDateTime.isBefore(cACertificateStore.getCertNotAfter()));
    }

    public static String getCertificateOrgName(X500Principal x500Principal) {
        RDN[] rDNs = new X500Name(x500Principal.getName()).getRDNs(BCStyle.O);
        return rDNs.length == 0 ? "" : IETFUtils.valueToString(rDNs[0].getFirst().getValue());
    }

    public static boolean isValidCertificateID(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public static CertificateParameters getCertificateParameters(X500Principal x500Principal, LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        CertificateParameters certificateParameters = new CertificateParameters();
        X500Name x500Name = new X500Name(x500Principal.getName());
        certificateParameters.setCommonName(IETFUtils.valueToString(x500Name.getRDNs(BCStyle.CN)[0].getFirst().getValue()));
        certificateParameters.setOrganizationUnit(getAttributeValueIfExist(x500Name, BCStyle.OU));
        certificateParameters.setOrganization(getAttributeValueIfExist(x500Name, BCStyle.O));
        certificateParameters.setLocation(getAttributeValueIfExist(x500Name, BCStyle.L));
        certificateParameters.setState(getAttributeValueIfExist(x500Name, BCStyle.ST));
        certificateParameters.setCountry(getAttributeValueIfExist(x500Name, BCStyle.C));
        certificateParameters.setNotBefore(localDateTime);
        certificateParameters.setNotAfter(localDateTime2);
        return certificateParameters;
    }

    private static String getAttributeValueIfExist(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        return rDNs.length == 0 ? "" : IETFUtils.valueToString(rDNs[0].getFirst().getValue());
    }
}
