package net.maritimeconnectivity.pki;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import net.maritimeconnectivity.pki.exception.PKIRuntimeException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/maritimeconnectivity/pki/CertificateHandler.class */
public class CertificateHandler {
    private static final Logger log = LoggerFactory.getLogger(CertificateHandler.class);

    private CertificateHandler() {
    }

    public static boolean verifyCertificate(PublicKey publicKey, X509Certificate x509Certificate, Date date) {
        try {
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
            try {
                ContentVerifierProvider build = new JcaContentVerifierProviderBuilder().setProvider(PKIConstants.BC_PROVIDER_NAME).build(publicKey);
                if (build == null) {
                    log.error("Created ContentVerifierProvider from root public key is null");
                    return false;
                }
                try {
                    if (!jcaX509CertificateHolder.isSignatureValid(build)) {
                        log.debug("Certificate does not seem to be valid!");
                        return false;
                    }
                    if (date == null) {
                        date = new Date();
                    }
                    if (date.after(x509Certificate.getNotBefore()) && date.before(x509Certificate.getNotAfter())) {
                        return true;
                    }
                    log.debug("Out of certificate validity period.");
                    return false;
                } catch (CertException e) {
                    log.error("Error when trying to validate signature", e);
                    return false;
                }
            } catch (OperatorCreationException e2) {
                log.error("Could not create ContentVerifierProvider from public key", e2);
                return false;
            }
        } catch (CertificateEncodingException e3) {
            log.error("Could not create JcaX509CertificateHolder", e3);
            return false;
        }
    }

    public static boolean verifyCertificateChain(X509Certificate x509Certificate, KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidAlgorithmParameterException, CertPathValidatorException {
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Collections.singletonList(x509Certificate));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.SOFT_FAIL));
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
        pKIXParameters.setRevocationEnabled(true);
        return ((PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters)) != null;
    }

    public static String getPemFromEncoded(String str, byte[] bArr) {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.flush();
            String stringWriter2 = stringWriter.toString();
            pemWriter.close();
            return stringWriter2;
        } catch (IOException e) {
            throw new PKIRuntimeException(e);
        }
    }

    public static byte[] createOutputKeystore(String str, String str2, String str3, PrivateKey privateKey, X509Certificate x509Certificate) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null);
            keyStore.setKeyEntry(str2, privateKey, str3.toCharArray(), new Certificate[]{x509Certificate});
            keyStore.store(byteArrayOutputStream, str3.toCharArray());
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new PKIRuntimeException(e);
        }
    }

    public static X509Certificate getCertFromNginxHeader(String str) {
        String replace = str.replaceAll("\\s+", System.lineSeparator().replaceAll("\\t+", System.lineSeparator())).replace("-----BEGIN" + System.lineSeparator() + "CERTIFICATE-----", "-----BEGIN CERTIFICATE-----").replace("-----END" + System.lineSeparator() + "CERTIFICATE-----", "-----END CERTIFICATE-----");
        if (!replace.trim().isEmpty() && replace.length() >= 10) {
            return getCertFromPem(replace);
        }
        log.debug("No certificate content found");
        return null;
    }

    public static X509Certificate getCertFromPem(String str) {
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("ISO-8859-11")));
                log.debug("Certificate was extracted from the header");
                return x509Certificate;
            } catch (UnsupportedEncodingException | CertificateException e) {
                log.error("Exception while converting certificate extracted from header", e);
                return null;
            }
        } catch (CertificateException e2) {
            log.error("Exception while creating CertificateFactory", e2);
            return null;
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x041c, code lost:
    
        if (r0.trim().isEmpty() != false) goto L151;
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x0424, code lost:
    
        if (r14.length() != 0) goto L134;
     */
    /* JADX WARN: Code restructure failed: missing block: B:107:0x0435, code lost:
    
        r14.append(',').append(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:110:0x0427, code lost:
    
        r14 = new java.lang.StringBuilder(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:115:0x0445, code lost:
    
        net.maritimeconnectivity.pki.CertificateHandler.log.error("Unknown OID!");
     */
    /* JADX WARN: Code restructure failed: missing block: B:118:0x03ac, code lost:
    
        r0.setFlagState(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x036d, code lost:
    
        switch(r22) {
            case 0: goto L131;
            case 1: goto L119;
            case 2: goto L120;
            case 3: goto L121;
            case 4: goto L122;
            case 5: goto L123;
            case 6: goto L124;
            case 7: goto L125;
            case 8: goto L126;
            case 9: goto L127;
            case 10: goto L128;
            case 11: goto L129;
            default: goto L130;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x03b5, code lost:
    
        r0.setCallSign(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x03be, code lost:
    
        r0.setImoNumber(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x03c7, code lost:
    
        r0.setMmsiNumber(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x03d0, code lost:
    
        r0.setAisShipType(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x03d9, code lost:
    
        r0.setPortOfRegister(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x03e2, code lost:
    
        r0.setMrn(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x03eb, code lost:
    
        r0.setMrnSubsidiary(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x03f4, code lost:
    
        r0.setHomeMmsUrl(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x03fd, code lost:
    
        r0.setShipMrn(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x0406, code lost:
    
        r0.setUrl(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0411, code lost:
    
        if (r0 == null) goto L150;
     */
    /* JADX WARN: Finally extract failed */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static net.maritimeconnectivity.pki.PKIIdentity getIdentityFromCert(java.security.cert.X509Certificate r5) {
        /*
            Method dump skipped, instructions count: 1156
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.maritimeconnectivity.pki.CertificateHandler.getIdentityFromCert(java.security.cert.X509Certificate):net.maritimeconnectivity.pki.PKIIdentity");
    }

    public static String getElement(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            return IETFUtils.valueToString(x500Name.getRDNs(aSN1ObjectIdentifier)[0].getFirst().getValue());
        } catch (ArrayIndexOutOfBoundsException e) {
            return null;
        }
    }
}
