package de.mtg.jzlint.utils;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:BOOT-INF/lib/jzlint-1.1.0.jar:de/mtg/jzlint/utils/ASN1CertificateUtils.class */
public final class ASN1CertificateUtils {
    public static final int VALIDITY_POSITION_V2_V3 = 4;
    public static final int SERIAL_NUMBER_POSITION_V2_V3 = 1;
    public static final int SUBJECTPUBLICKEYINFO_POSITION_V2_V3 = 6;
    public static final int SUBJECT_POSITION_V2_V3 = 5;
    public static final int ISSUER_POSITION_V2_V3 = 3;
    public static final int SIGNATURE_POSITION_V2_V3 = 2;
    public static final int TBS_CERTIFICATE_POSITION = 0;

    private ASN1CertificateUtils() {
    }

    public static ASN1Sequence getCertificateAsSequence(X509Certificate x509Certificate) throws CertificateEncodingException {
        return ASN1Sequence.getInstance(x509Certificate.getEncoded());
    }

    public static ASN1Sequence getTBSCertificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        return (ASN1Sequence) getCertificateAsSequence(x509Certificate).getObjectAt(0);
    }

    public static ASN1Sequence getValidity(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? (ASN1Sequence) tBSCertificate.getObjectAt(3) : (ASN1Sequence) tBSCertificate.getObjectAt(4);
    }

    public static ASN1Encodable getNotBefore(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getValidity(x509Certificate).getObjectAt(0);
    }

    public static ASN1Encodable getNotAfter(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getValidity(x509Certificate).getObjectAt(1);
    }

    public static boolean notBeforeIsGeneralizedTime(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return getNotBefore(x509Certificate).toASN1Primitive().getEncoded(ASN1Encoding.DER)[0] == 24;
    }

    public static boolean notBeforeIsUTCTime(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return getNotBefore(x509Certificate).toASN1Primitive().getEncoded(ASN1Encoding.DER)[0] == 23;
    }

    public static boolean notAfterIsGeneralizedTime(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return getNotAfter(x509Certificate).toASN1Primitive().getEncoded(ASN1Encoding.DER)[0] == 24;
    }

    public static boolean notAfterIsUTCTime(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return getNotAfter(x509Certificate).toASN1Primitive().getEncoded(ASN1Encoding.DER)[0] == 23;
    }

    public static boolean generalizedTimeHasFractionSeconds(ASN1GeneralizedTime aSN1GeneralizedTime) {
        return aSN1GeneralizedTime.getTimeString().length() > 15;
    }

    public static boolean generalizedTimeHasNotSeconds(ASN1GeneralizedTime aSN1GeneralizedTime) {
        return !Pattern.compile("\\d{14}Z").matcher(aSN1GeneralizedTime.getTimeString()).matches();
    }

    public static boolean isZulu(ASN1GeneralizedTime aSN1GeneralizedTime) throws IOException {
        byte[] encoded = aSN1GeneralizedTime.getEncoded(ASN1Encoding.DER);
        return encoded[encoded.length - 1] == 90;
    }

    public static ASN1Integer getSerialNumber(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? (ASN1Integer) tBSCertificate.getObjectAt(0) : (ASN1Integer) tBSCertificate.getObjectAt(1);
    }

    public static ASN1Sequence getPublicKey(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? (ASN1Sequence) tBSCertificate.getObjectAt(5) : (ASN1Sequence) tBSCertificate.getObjectAt(6);
    }

    public static Optional<ASN1Encodable> getPublicKeyParameters(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence aSN1Sequence = (ASN1Sequence) getPublicKey(x509Certificate).getObjectAt(0);
        return aSN1Sequence.size() == 2 ? Optional.of(aSN1Sequence.getObjectAt(1)) : Optional.empty();
    }

    public static ASN1Sequence getPublicKeyAlgorithmIdentifier(X509Certificate x509Certificate) throws CertificateEncodingException {
        return (ASN1Sequence) getPublicKey(x509Certificate).getObjectAt(0);
    }

    public static byte[] getPublicKeySubjectPublicKey(X509Certificate x509Certificate) throws CertificateEncodingException {
        return ((ASN1BitString) getPublicKey(x509Certificate).getObjectAt(1)).getOctets();
    }

    public static String getPublicKeySubjectPublicKeyBase64Encoded(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new String(Base64.encode(getPublicKeySubjectPublicKey(x509Certificate)));
    }

    public static ASN1Encodable getSubject(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? tBSCertificate.getObjectAt(4) : tBSCertificate.getObjectAt(5);
    }

    public static ASN1Encodable getIssuer(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? tBSCertificate.getObjectAt(2) : tBSCertificate.getObjectAt(3);
    }

    public static ASN1Encodable getInnerSignature(X509Certificate x509Certificate) throws CertificateEncodingException {
        ASN1Sequence tBSCertificate = getTBSCertificate(x509Certificate);
        return !isVersionEncoded(tBSCertificate) ? tBSCertificate.getObjectAt(1) : tBSCertificate.getObjectAt(2);
    }

    public static String getInnerSignatureOID(X509Certificate x509Certificate) throws CertificateEncodingException {
        return ((ASN1ObjectIdentifier) ((ASN1Sequence) getInnerSignature(x509Certificate)).getObjectAt(0)).getId();
    }

    public static ASN1Encodable getOuterSignature(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getCertificateAsSequence(x509Certificate).getObjectAt(1);
    }

    private static boolean isVersionEncoded(ASN1Sequence aSN1Sequence) {
        return (aSN1Sequence.getObjectAt(0) instanceof ASN1TaggedObject) && ((ASN1TaggedObject) aSN1Sequence.getObjectAt(0)).getTagNo() == 0;
    }
}
