package de.mtg.jzlint;

import de.mtg.jzlint.utils.DateUtils;
import inet.ipaddr.Address;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.Callable;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import picocli.CommandLine;

@CommandLine.Command(name = "jzlint", mixinStandardHelpOptions = true, version = {"1.0"}, description = {"Lints a certificate, CRL, or OCSP response with jzlint"})
/* loaded from: input_file:BOOT-INF/classes/de/mtg/jzlint/JZLintCli.class */
public class JZLintCli implements Callable<Integer> {

    @CommandLine.Parameters(index = Address.OCTAL_PREFIX, description = {"The certificate, CRL, or OCSP response to lint."})
    private File pkiObject;

    @CommandLine.Parameters(arity = "0..1", index = "1", description = {"The issuer of a certificate, CRL, or OCSP response which is linted."})
    private Optional<File> issuer;

    @CommandLine.Option(arity = "0..1", names = {"-includeNames"}, split = ",", description = {"Comma-separated names of the lints to use."})
    private List<String> includeNames = new ArrayList();

    @CommandLine.Option(arity = "0..1", names = {"-excludeSources"}, split = ",", description = {"Comma-separated name of the sources to exclude."})
    private List<String> excludeSources = new ArrayList();

    @CommandLine.Option(arity = "0..1", names = {"-includeSources"}, split = ",", description = {"Comma-separated name of the sources to include."})
    private List<String> includeSources = new ArrayList();

    @CommandLine.Option(arity = "0..1", names = {"-excludeNames"}, split = ",", description = {"Comma-separated names of the lints to exclude."})
    private List<String> excludeNames = new ArrayList();

    @CommandLine.Option(arity = "0..1", names = {"-p"}, description = {"A pretty output format"})
    private boolean pretty;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Integer call() throws Exception {
        byte[] readAllBytes = Files.readAllBytes(this.pkiObject.toPath());
        byte[] bArr = null;
        if (this.issuer.isPresent()) {
            bArr = Files.readAllBytes(this.issuer.get().toPath());
        }
        LintJSONResults lint = lint(readAllBytes, bArr, this.includeNames, this.includeSources, this.excludeSources, this.excludeNames);
        if (this.pretty) {
            System.out.println(lint.getResultPrettyString());
        } else {
            System.out.println(lint.getResultString());
        }
        return 0;
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        System.exit(new CommandLine(new JZLintCli()).execute(strArr));
    }

    public static X509Certificate getCertificate(byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | NoSuchProviderException | CertificateException e) {
            return null;
        }
    }

    public static X509CRL getCRL(byte[] bArr) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCRL(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509crl;
            } finally {
            }
        } catch (IOException | NoSuchProviderException | CRLException | CertificateException e) {
            return null;
        }
    }

    public static OCSPResponse getOCSPResponse(byte[] bArr) {
        try {
            return OCSPResponse.getInstance(bArr);
        } catch (Exception e) {
            return null;
        }
    }

    private static LintJSONResults lint(byte[] bArr, byte[] bArr2, List<String> list, List<String> list2, List<String> list3, List<String> list4) throws NoSuchMethodException, IllegalAccessException, InstantiationException, InvocationTargetException {
        List<Class<?>> lintClasses = LintClassesContainer.getInstance().getLintClasses();
        ArrayList arrayList = new ArrayList();
        boolean z = bArr2 != null && bArr2.length > 0;
        boolean z2 = getCertificate(bArr) != null;
        boolean z3 = getCRL(bArr) != null;
        boolean z4 = getOCSPResponse(bArr) != null;
        for (Class<?> cls : lintClasses) {
            if (cls.isAnnotationPresent(Lint.class)) {
                Lint lint = (Lint) cls.getAnnotation(Lint.class);
                String name = lint.name();
                if (list == null || list.isEmpty() || list.contains(name)) {
                    if (list4 == null || list4.isEmpty() || !list4.contains(name)) {
                        if (CliUtils.includeLint(lint.source(), list2, list3)) {
                            boolean isCertificateIssuerLint = CliUtils.isCertificateIssuerLint(cls);
                            boolean isCRLIssuerLint = CliUtils.isCRLIssuerLint(cls);
                            boolean isOCSPResponseIssuerLint = CliUtils.isOCSPResponseIssuerLint(cls);
                            if (z2) {
                                X509Certificate certificate = getCertificate(bArr);
                                ZonedDateTime notBefore = DateUtils.getNotBefore(certificate);
                                if (z && isCertificateIssuerLint) {
                                    arrayList.add(getLintResult(certificate, getCertificate(bArr2), notBefore, X509Certificate.class, cls, lint));
                                } else if (CliUtils.isCertificateLint(cls)) {
                                    arrayList.add(getLintResult(certificate, null, notBefore, X509Certificate.class, cls, lint));
                                }
                            }
                            if (z3) {
                                X509CRL crl = getCRL(bArr);
                                ZonedDateTime thisUpdate = DateUtils.getThisUpdate(crl);
                                if (z && isCRLIssuerLint) {
                                    arrayList.add(getLintResult(crl, getCertificate(bArr2), thisUpdate, X509CRL.class, cls, lint));
                                } else if (CliUtils.isCRLLint(cls)) {
                                    arrayList.add(getLintResult(crl, null, thisUpdate, X509CRL.class, cls, lint));
                                }
                            }
                            if (z4) {
                                ZonedDateTime producedAt = DateUtils.getProducedAt(OCSPResponse.getInstance(bArr));
                                if (z && isOCSPResponseIssuerLint) {
                                    arrayList.add(getLintResult(bArr, getCertificate(bArr2), producedAt, byte[].class, cls, lint));
                                } else if (CliUtils.isOCSPResponseLint(cls)) {
                                    arrayList.add(getLintResult(bArr, null, producedAt, byte[].class, cls, lint));
                                }
                            }
                        }
                    }
                }
            }
        }
        return new LintJSONResults(arrayList);
    }

    private static LintJSONResult getLintResult(Object obj, X509Certificate x509Certificate, ZonedDateTime zonedDateTime, Class<?> cls, Class<?> cls2, Lint lint) throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
        Method method;
        Method method2;
        if (x509Certificate == null) {
            method = cls2.getMethod("checkApplies", cls);
            method2 = cls2.getMethod("execute", cls);
        } else {
            method = cls2.getMethod("checkApplies", cls, x509Certificate.getClass());
            method2 = cls2.getMethod("execute", cls, x509Certificate.getClass());
        }
        Object newInstance = cls2.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        if (!(x509Certificate == null ? ((Boolean) method.invoke(newInstance, obj)).booleanValue() : ((Boolean) method.invoke(newInstance, obj, x509Certificate)).booleanValue())) {
            return new LintJSONResult(lint.name(), Status.NA);
        }
        if (!DateUtils.isIssuedOnOrAfter(zonedDateTime, lint.effectiveDate().getZonedDateTime())) {
            return new LintJSONResult(lint.name(), Status.NE);
        }
        if (IneffectiveDate.EMPTY == lint.ineffectiveDate() || !DateUtils.isIssuedOnOrAfter(zonedDateTime, lint.ineffectiveDate().getZonedDateTime())) {
            return new LintJSONResult(lint.name(), (x509Certificate == null ? (LintResult) method2.invoke(newInstance, obj) : (LintResult) method2.invoke(newInstance, obj, x509Certificate)).getStatus());
        }
        return new LintJSONResult(lint.name(), Status.NE);
    }
}
