package se.vgregion.certificate;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.naming.NamingException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:se/vgregion/certificate/PkixUtil.class */
public class PkixUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(PkixUtil.class);

    public static KeyStore.PrivateKeyEntry getPrivateKeyEntry(InputStream inputStream, String str, String str2, String str3) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, str3.toCharArray());
            return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str2, new KeyStore.PasswordProtection(str3.toCharArray()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (KeyStoreException e2) {
            throw new RuntimeException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException(e3);
        } catch (UnrecoverableEntryException e4) {
            throw new RuntimeException(e4);
        } catch (CertificateException e5) {
            throw new RuntimeException(e5);
        }
    }

    public static void validateCertificate(X509Certificate x509Certificate) throws CertificateException {
        x509Certificate.checkValidity();
        verifyCertificateCRLs(x509Certificate);
    }

    public static void verifyCertificateCRLs(X509Certificate x509Certificate) throws CertificateException {
        try {
            for (String str : getCrlDistributionPoints(x509Certificate)) {
                if (downloadCRL(str).isRevoked(x509Certificate)) {
                    throw new CertificateException("The certificate is revoked by CRL: " + str);
                }
            }
        } catch (Exception e) {
            if (!(e instanceof CertificateException)) {
                throw new CertificateException("Can not verify CRL for certificate: " + x509Certificate.getSubjectX500Principal());
            }
            throw ((CertificateException) e);
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject().getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }

    public static X509Certificate base64ToCertificate(String str) {
        String property = System.getProperty("line.separator");
        if (!str.startsWith("-----BEGIN CERTIFICATE-----")) {
            str = "-----BEGIN CERTIFICATE-----" + property + str + property + "-----END CERTIFICATE-----";
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static X509CRL downloadCRL(String str) throws IOException, CertificateException, CRLException, NamingException {
        if (str.startsWith("http://") || str.startsWith("https://") || str.startsWith("ftp://")) {
            return downloadCRLFromWeb(str);
        }
        if (!str.startsWith("ldap://")) {
            throw new CertificateException("Can not download CRL from certificate distribution point: " + str);
        }
        LOGGER.warn("Certificate revocation URL has ldap protocol which is not supported. Cannot verify CRL.");
        throw new CertificateException("Can not download CRL from certificate distribution point: " + str);
    }

    private static X509CRL downloadCRLFromWeb(String str) throws MalformedURLException, IOException, CertificateException, CRLException {
        InputStream openStream = new URL(str).openStream();
        try {
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
            openStream.close();
            return x509crl;
        } catch (Throwable th) {
            openStream.close();
            throw th;
        }
    }
}
