package com.adobe.internal.pdftoolkit.services.javascript;

import com.adobe.internal.pdftoolkit.core.credentials.impl.utils.CertUtils;
import com.adobe.internal.pdftoolkit.core.util.ByteOps;
import com.adobe.internal.pdftoolkit.services.javascript.model.ESObject;
import com.adobe.internal.pdftoolkit.services.javascript.model.Function;
import com.adobe.internal.pdftoolkit.services.javascript.model.Param;
import com.adobe.internal.pdftoolkit.services.javascript.model.Property;
import com.adobe.internal.pdftoolkit.services.javascript.model.ScriptTable;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import opennlp.tools.parser.AbstractBottomUpParser;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.Undefined;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/javascript/Certificate.class */
public class Certificate extends ESObject {
    private static final long serialVersionUID = -2751069164807460820L;
    static final String className = "Certificate";
    private static final String binary = "binary";
    private static final String md5Hash = "MD5Hash";
    private static final String sha1HashStr = "SHA1Hash";
    private static final String serialNumberStr = "serialNumber";
    private static final String subjectCNStr = "subjectCN";
    private static final String nameAtBirthStr = "nameAtBirth";
    private static final String certDERBytes = "derBytes";
    private static final String privateKeyUsagePeriodOID = "2.5.29.16";
    private static final String[] jsKeyUsages;
    protected static final ScriptTable scriptTable = new ScriptTable("Certificate.class", new HashMap<String, Function>(0) { // from class: com.adobe.internal.pdftoolkit.services.javascript.Certificate.1
        private static final long serialVersionUID = 1;
    }, new HashMap<String, Property>(14) { // from class: com.adobe.internal.pdftoolkit.services.javascript.Certificate.2
        private static final long serialVersionUID = 1;

        {
            put(Certificate.binary, new Property(Certificate.class, Certificate.binary, "getBinary", (String) null, (Param) null, false, false));
            put("ubRights", new Property(Certificate.class, "ubRights", "getUbRights", (String) null, (Param) null, false, false));
            put("usage", new Property(Certificate.class, "usage", "getUsage", (String) null, (Param) null, false, false));
            put("keyUsage", new Property(Certificate.class, "keyUsage", "getKeyUsage", (String) null, (Param) null, false, false));
            put("mD5Hash", new Property(Certificate.class, "mD5Hash", "getMD5Hash", (String) null, (Param) null, false, false));
            put("privateKeyValidityEnd", new Property(Certificate.class, "privateKeyValidityEnd", "getPrivateKeyValidityEnd", (String) null, (Param) null, false, false));
            put("validityEnd", new Property(Certificate.class, "validityEnd", "getValidityEnd", (String) null, (Param) null, false, false));
            put(Certificate.subjectCNStr, new Property(Certificate.class, Certificate.subjectCNStr, "getSubjectCN", (String) null, (Param) null, false, false));
            put(Certificate.serialNumberStr, new Property(Certificate.class, Certificate.serialNumberStr, "getSerialNumber", (String) null, (Param) null, false, false));
            put("sHA1Hash", new Property(Certificate.class, "sHA1Hash", "getSHA1Hash", (String) null, (Param) null, false, false));
            put("privateKeyValidityStart", new Property(Certificate.class, "privateKeyValidityStart", "getPrivateKeyValidityStart", (String) null, (Param) null, false, false));
            put("subjectDN", new Property(Certificate.class, "subjectDN", "getSubjectDN", (String) null, (Param) null, false, false));
            put("issuerDN", new Property(Certificate.class, "issuerDN", "getIssuerDN", (String) null, (Param) null, false, false));
            put("validityStart", new Property(Certificate.class, "validityStart", "getValidityStart", (String) null, (Param) null, false, false));
        }
    });
    private static final Set<String> certificateDNSet = new HashSet();
    private final SimpleDateFormat dateFormat = new SimpleDateFormat("EEE MMM dd yyyy HH:mm:ss 'GMT'Z");
    private X509Certificate x509Certificate = null;
    private Map<String, String> dnMap = new HashMap();
    private HashMap<String, Object> certificateMap = new HashMap<>();

    public Object get(String str, Scriptable scriptable) {
        return super.get(str, scriptable);
    }

    protected ScriptTable getScriptTable() {
        return scriptTable;
    }

    public String getClassName() {
        return className;
    }

    public String getBinary() {
        String str = (String) this.certificateMap.get(binary);
        if (str != null) {
            return str;
        }
        byte[] dEREncoding = getDEREncoding();
        if (dEREncoding != null) {
            str = ByteOps.getHexString(dEREncoding);
        }
        if (str != null) {
            this.certificateMap.put(binary, str);
        }
        return str;
    }

    public Object getIssuerDN() {
        certficateDN(this.x509Certificate.getIssuerX500Principal().getName());
        if (this.dnMap == null) {
            return Undefined.instance;
        }
        RDN create = ESObject.create(getParentScope(), true, "RDN", false, (String) null);
        create.setRDNMap(this.dnMap);
        return create;
    }

    public Object getKeyUsage() {
        ArrayList arrayList = new ArrayList();
        boolean[] keyUsage = this.x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            for (int i = 0; i < 9; i++) {
                if (keyUsage[i]) {
                    arrayList.add(jsKeyUsages[i]);
                }
            }
        }
        return Context.getCurrentContext().newArray(getParentScope(), arrayList.toArray());
    }

    public String getMD5Hash() {
        String str = (String) this.certificateMap.get(md5Hash);
        if (str != null) {
            return str;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] dEREncoding = getDEREncoding();
            if (dEREncoding != null) {
                str = ByteOps.getHexString(messageDigest.digest(dEREncoding));
            }
            if (str != null) {
                this.certificateMap.put(md5Hash, str);
            }
            return str;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public Object getPrivateKeyValidityEnd() {
        Date privateKeyDate = getPrivateKeyDate(false);
        return privateKeyDate != null ? this.dateFormat.format(privateKeyDate) : Undefined.instance;
    }

    public Object getPrivateKeyValidityStart() {
        Date privateKeyDate = getPrivateKeyDate(true);
        return privateKeyDate != null ? this.dateFormat.format(privateKeyDate) : Undefined.instance;
    }

    public String getSHA1Hash() {
        String str = (String) this.certificateMap.get(sha1HashStr);
        if (str != null) {
            return str;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            byte[] dEREncoding = getDEREncoding();
            if (dEREncoding != null) {
                str = ByteOps.getHexString(messageDigest.digest(dEREncoding));
            }
            if (str != null) {
                this.certificateMap.put(sha1HashStr, str);
            }
            return str;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String getSerialNumber() {
        String str = (String) this.certificateMap.get(serialNumberStr);
        if (str != null) {
            return str;
        }
        String hexString = ByteOps.getHexString(this.x509Certificate.getSerialNumber().toByteArray());
        if (hexString != null) {
            this.certificateMap.put(serialNumberStr, hexString);
        }
        return hexString;
    }

    public String getSubjectCN() {
        String str = (String) this.certificateMap.get(subjectCNStr);
        if (str != null) {
            return str;
        }
        String commonSubjectName = CertUtils.getCommonSubjectName(this.x509Certificate);
        this.certificateMap.put(subjectCNStr, commonSubjectName);
        return commonSubjectName;
    }

    public Object getSubjectDN() {
        certficateDN(this.x509Certificate.getSubjectX500Principal().getName());
        if (this.dnMap == null) {
            return Undefined.instance;
        }
        RDN create = ESObject.create(getParentScope(), true, "RDN", false, (String) null);
        create.setRDNMap(this.dnMap);
        return create;
    }

    public Rights getUbRights() {
        Rights create = ESObject.create(getParentScope(), true, "Rights", false, (String) null);
        create.setupRights(this.x509Certificate.getExtensionValue("1.2.840.113583.1.1.7.1"));
        return create;
    }

    public Usage getUsage() {
        Usage create = ESObject.create(getParentScope(), true, "Usage", false, (String) null);
        boolean z = true;
        try {
            this.x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            z = false;
        } catch (CertificateNotYetValidException e2) {
            z = false;
        }
        create.setX509V3Extensions(this.x509Certificate, !this.x509Certificate.getSigAlgOID().equals("1.2.840.113549.1.1.1"), z);
        return create;
    }

    public Object getValidityEnd() {
        return this.dateFormat.format(this.x509Certificate.getNotAfter());
    }

    public Object getValidityStart() {
        return this.dateFormat.format(this.x509Certificate.getNotBefore());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertificate(byte[] bArr) {
        if (bArr != null) {
            this.certificateMap.put(certDERBytes, bArr);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                try {
                    this.x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                } catch (CertificateException e2) {
                    throw new RuntimeException("Can not able to create the X509Certificate", e2);
                }
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                    throw th;
                } catch (IOException e3) {
                    throw new RuntimeException(e3);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getDEREncoding() {
        return (byte[]) this.certificateMap.get(certDERBytes);
    }

    private void certficateDN(String str) {
        String containsIgnoreCase;
        try {
            for (Rdn rdn : new LdapName(str).getRdns()) {
                String type = rdn.getType();
                if (type != null && (containsIgnoreCase = containsIgnoreCase(type)) != null) {
                    this.dnMap.put(containsIgnoreCase, rdn.getValue().toString());
                }
            }
            String str2 = null;
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
                while (stringTokenizer2.hasMoreTokens()) {
                    String nextToken = stringTokenizer2.nextToken();
                    if (nextToken.matches(nameAtBirthStr) || nextToken.matches("1.3.36.8.3.14")) {
                        str2 = stringTokenizer2.nextToken();
                        break;
                    }
                }
            }
            if (str2 != null) {
                this.dnMap.put(nameAtBirthStr, str2);
            }
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("Certificate DN is incorrectly formatted", e);
        }
    }

    private static String containsIgnoreCase(String str) {
        for (String str2 : certificateDNSet) {
            if (str2.equalsIgnoreCase(str)) {
                return str2;
            }
        }
        return null;
    }

    private Date getPrivateKeyDate(boolean z) {
        Date date = null;
        try {
            byte[] extensionValue = this.x509Certificate.getExtensionValue(privateKeyUsagePeriodOID);
            if (extensionValue != null) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss");
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
                int i = 2;
                while (i < extensionValue.length) {
                    if ((extensionValue[i] == Byte.MIN_VALUE && z) || (extensionValue[i] == -127 && !z)) {
                        int i2 = toInt(extensionValue[i + 1]);
                        String str = new String(extensionValue, i + 2, i2);
                        try {
                            date = simpleDateFormat.parse(str);
                        } catch (ParseException e) {
                            SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyMMddHHmmss");
                            simpleDateFormat2.setTimeZone(TimeZone.getTimeZone("GMT"));
                            date = simpleDateFormat2.parse(str);
                        }
                        i += i2;
                    }
                    i++;
                }
            }
            return z ? date != null ? date : this.x509Certificate.getNotBefore() : date != null ? date : this.x509Certificate.getNotAfter();
        } catch (ParseException e2) {
            throw new IllegalArgumentException("Encoding exception when extracting the bytes of the signing certificate", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int toInt(byte b) {
        return b < 0 ? 256 + b : b;
    }

    static {
        certificateDNSet.add("businessCategory");
        certificateDNSet.add("cn");
        certificateDNSet.add(AbstractBottomUpParser.COMPLETE);
        certificateDNSet.add("countryOfCitizenship");
        certificateDNSet.add("countryOfResidence");
        certificateDNSet.add("dateOfBirth");
        certificateDNSet.add("dc");
        certificateDNSet.add("dnQualifier");
        certificateDNSet.add("e");
        certificateDNSet.add("gender");
        certificateDNSet.add("generationQualifier");
        certificateDNSet.add("givenName");
        certificateDNSet.add("initials");
        certificateDNSet.add("l");
        certificateDNSet.add("name");
        certificateDNSet.add("o");
        certificateDNSet.add("ou");
        certificateDNSet.add("placeOfBirth");
        certificateDNSet.add("postalAddress");
        certificateDNSet.add("postalCode");
        certificateDNSet.add("pseudonym");
        certificateDNSet.add(serialNumberStr);
        certificateDNSet.add("sn");
        certificateDNSet.add("st");
        certificateDNSet.add("street");
        certificateDNSet.add("title");
        jsKeyUsages = new String[]{"kDigitalSignature", "kNonRepudiation", "kKeyEncipherment", "kDataEncipherment", "kKeyAgreement", "kKeyCertSign", "kCRLSign", "kEncipherOnly", "kDecipherOnly"};
    }
}
