package org.jetbrains.zip.signer.signer;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.math.BigInteger;
import java.net.URI;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import thirdparty.bouncycastle.asn1.ASN1InputStream;
import thirdparty.bouncycastle.asn1.ASN1Primitive;
import thirdparty.bouncycastle.asn1.DERIA5String;
import thirdparty.bouncycastle.asn1.DEROctetString;
import thirdparty.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import thirdparty.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import thirdparty.bouncycastle.asn1.x500.X500Name;
import thirdparty.bouncycastle.asn1.x509.AlgorithmIdentifier;
import thirdparty.bouncycastle.asn1.x509.CRLDistPoint;
import thirdparty.bouncycastle.asn1.x509.DistributionPoint;
import thirdparty.bouncycastle.asn1.x509.DistributionPointName;
import thirdparty.bouncycastle.asn1.x509.Extension;
import thirdparty.bouncycastle.asn1.x509.GeneralName;
import thirdparty.bouncycastle.asn1.x509.GeneralNames;
import thirdparty.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import thirdparty.bouncycastle.cert.X509v3CertificateBuilder;
import thirdparty.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import thirdparty.bouncycastle.crypto.params.AsymmetricKeyParameter;
import thirdparty.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import thirdparty.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import thirdparty.bouncycastle.crypto.util.PrivateKeyFactory;
import thirdparty.bouncycastle.openssl.PEMKeyPair;
import thirdparty.bouncycastle.operator.ContentSigner;
import thirdparty.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import thirdparty.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import thirdparty.kotlin.Metadata;
import thirdparty.kotlin.Pair;
import thirdparty.kotlin.Triple;
import thirdparty.kotlin.collections.CollectionsKt;
import thirdparty.kotlin.io.CloseableKt;
import thirdparty.kotlin.io.FilesKt;
import thirdparty.kotlin.jvm.JvmStatic;
import thirdparty.kotlin.jvm.internal.Intrinsics;
import thirdparty.kotlin.text.Charsets;

/* compiled from: CertificateUtils.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J&\u0010\u0005\u001a\u0004\u0018\u00010\u00062\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\n0\bH\u0007J\u000e\u0010\u000b\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\rJ\u0016\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000f0\b2\u0006\u0010\u0010\u001a\u00020\u0006H\u0007J\u001c\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\n0\b2\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00060\bH\u0007J \u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0010\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\nH\u0002J\u0018\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\n2\u0006\u0010\u0014\u001a\u00020\u0006H\u0002J\u0014\u0010\u0018\u001a\u00020\u00132\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00190\bJ\u0016\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\u0006\u0010\u0010\u001a\u00020\u001bH\u0007J\u0016\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\u0006\u0010\u001d\u001a\u00020\u001eH\u0007J\u0014\u0010\u001f\u001a\u00020\u0013*\u00020\u00192\u0006\u0010 \u001a\u00020\u0019H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006!"}, d2 = {"Lorg/jetbrains/zip/signer/signer/CertificateUtils;", "", "()V", "farAwayDate", "Ljava/util/Date;", "findRevokedCertificate", "Ljava/security/cert/X509Certificate;", "certs", "", "revocationLists", "Ljava/security/cert/X509CRL;", "generateDummyCertificate", "keyPair", "Lthirdparty/bouncycastle/openssl/PEMKeyPair;", "getCrlUris", "Ljava/net/URI;", "certificate", "getRevocationLists", "isCertificateRevoked", "", "certificateAuthority", "revocationList", "isCrlValid", "certificateRevocationList", "isValidCertificateChain", "Ljava/security/cert/Certificate;", "loadCertificates", "", "loadCertificatesFromFile", "file", "Ljava/io/File;", "isSignedBy", "other", "lib"})
/* loaded from: input_file:org/jetbrains/zip/signer/signer/CertificateUtils.class */
public final class CertificateUtils {

    @NotNull
    public static final CertificateUtils INSTANCE = new CertificateUtils();

    @NotNull
    private static final Date farAwayDate;

    private CertificateUtils() {
    }

    @JvmStatic
    @NotNull
    public static final List<X509Certificate> loadCertificatesFromFile(@NotNull File file) throws CertificateException {
        Intrinsics.checkNotNullParameter(file, "file");
        CertificateUtils certificateUtils = INSTANCE;
        return loadCertificates(FilesKt.readText$default(file, null, 1, null));
    }

    @JvmStatic
    @NotNull
    public static final List<X509Certificate> loadCertificates(@NotNull String str) throws CertificateException {
        Intrinsics.checkNotNullParameter(str, "certificate");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(bytes));
        Intrinsics.checkNotNullExpressionValue(generateCertificates, "certificateFactory.generateCertificates(certificate.byteInputStream())");
        Collection<? extends Certificate> collection = generateCertificates;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(collection, 10));
        for (Certificate certificate : collection) {
            if (certificate == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            arrayList.add((X509Certificate) certificate);
        }
        return arrayList;
    }

    @NotNull
    public final X509Certificate generateDummyCertificate(@NotNull PEMKeyPair pEMKeyPair) {
        ContentSigner build;
        Intrinsics.checkNotNullParameter(pEMKeyPair, "keyPair");
        X500Name x500Name = new X500Name("CN=Dummy Certificate");
        Date from = Date.from(Instant.now().minus((TemporalAmount) Duration.ofDays(1L)));
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(pEMKeyPair.getPrivateKeyInfo());
        if (createKey instanceof RSAPrivateCrtKeyParameters) {
            build = new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(createKey);
        } else {
            if (!(createKey instanceof DSAPrivateKeyParameters)) {
                throw new IllegalArgumentException(Intrinsics.stringPlus("Unsupported key type: ", createKey.getClass().getSimpleName()));
            }
            build = new BcDSAContentSignerBuilder(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(createKey);
        }
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), from, farAwayDate, x500Name, pEMKeyPair.getPublicKeyInfo()).build(build));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConverter()\n            .getCertificate(\n                X509v3CertificateBuilder(\n                    dummyName,\n                    BigInteger.valueOf(System.currentTimeMillis()),\n                    yesterday,\n                    farAwayDate,\n                    dummyName,\n                    keyPair.publicKeyInfo\n                ).build(contentSigner)\n            )");
        return certificate;
    }

    public final boolean isValidCertificateChain(@NotNull List<? extends Certificate> list) {
        Intrinsics.checkNotNullParameter(list, "certs");
        List<Pair> zipWithNext = CollectionsKt.zipWithNext(list);
        if ((zipWithNext instanceof Collection) && zipWithNext.isEmpty()) {
            return true;
        }
        for (Pair pair : zipWithNext) {
            if (!INSTANCE.isSignedBy((Certificate) pair.getFirst(), (Certificate) pair.getSecond())) {
                return false;
            }
        }
        return true;
    }

    @JvmStatic
    @NotNull
    public static final List<X509CRL> getRevocationLists(@NotNull List<? extends X509Certificate> list) {
        Intrinsics.checkNotNullParameter(list, "certs");
        List<? extends X509Certificate> subList = list.subList(0, list.size() - 1);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(subList, 10));
        Iterator<T> it = subList.iterator();
        while (it.hasNext()) {
            List<URI> crlUris = getCrlUris((X509Certificate) it.next());
            if (crlUris.isEmpty()) {
                throw new IllegalArgumentException("CRL not found for certificate");
            }
            if (crlUris.size() > 1) {
                throw new IllegalArgumentException("Multiple CRL URI found in certificate");
            }
            CRL generateCRL = CertificateFactory.getInstance("X.509").generateCRL(((URI) CollectionsKt.first((List) crlUris)).toURL().openConnection().getInputStream());
            if (generateCRL == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509CRL");
            }
            arrayList.add((X509CRL) generateCRL);
        }
        return arrayList;
    }

    @JvmStatic
    @NotNull
    public static final List<URI> getCrlUris(@NotNull X509Certificate x509Certificate) {
        Intrinsics.checkNotNullParameter(x509Certificate, "certificate");
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId())));
        Throwable th = (Throwable) null;
        try {
            ASN1Primitive readObject = aSN1InputStream.readObject();
            if (readObject == null) {
                throw new NullPointerException("null cannot be cast to non-null type org.bouncycastle.asn1.DEROctetString");
            }
            DEROctetString dEROctetString = (DEROctetString) readObject;
            CloseableKt.closeFinally(aSN1InputStream, th);
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(dEROctetString.getOctets()));
            Throwable th2 = (Throwable) null;
            try {
                try {
                    CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(aSN1InputStream2.readObject());
                    CloseableKt.closeFinally(aSN1InputStream2, th2);
                    ArrayList arrayList = new ArrayList();
                    DistributionPoint[] distributionPoints = cRLDistPoint.getDistributionPoints();
                    Intrinsics.checkNotNullExpressionValue(distributionPoints, "crlDistPoint.distributionPoints");
                    for (DistributionPoint distributionPoint : distributionPoints) {
                        DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                        if (distributionPoint2.getType() == 0) {
                            GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                            Intrinsics.checkNotNullExpressionValue(names, "generalNames");
                            for (GeneralName generalName : names) {
                                if (generalName.getTagNo() == 6) {
                                    arrayList.add(new URI(DERIA5String.getInstance(generalName.getName()).getString()));
                                }
                            }
                        }
                    }
                    return arrayList;
                } finally {
                }
            } catch (Throwable th3) {
                CloseableKt.closeFinally(aSN1InputStream2, th2);
                throw th3;
            }
        } catch (Throwable th4) {
            CloseableKt.closeFinally(aSN1InputStream, th);
            throw th4;
        }
    }

    @JvmStatic
    @Nullable
    public static final X509Certificate findRevokedCertificate(@NotNull List<? extends X509Certificate> list, @NotNull List<? extends X509CRL> list2) {
        Object obj;
        Intrinsics.checkNotNullParameter(list, "certs");
        Intrinsics.checkNotNullParameter(list2, "revocationLists");
        if (list2.size() != list.size() - 1) {
            throw new IllegalArgumentException("Number of revocation lists should be one less than the number of certificates");
        }
        List zipWithNext = CollectionsKt.zipWithNext(list);
        Iterator it = zipWithNext.iterator();
        Iterator<T> it2 = list2.iterator();
        ArrayList arrayList = new ArrayList(Math.min(CollectionsKt.collectionSizeOrDefault(zipWithNext, 10), CollectionsKt.collectionSizeOrDefault(list2, 10)));
        while (it.hasNext() && it2.hasNext()) {
            Object next = it.next();
            Pair pair = (Pair) next;
            arrayList.add(new Triple(pair.getFirst(), pair.getSecond(), (X509CRL) it2.next()));
        }
        Iterator it3 = CollectionsKt.reversed(arrayList).iterator();
        while (true) {
            if (!it3.hasNext()) {
                obj = null;
                break;
            }
            Object next2 = it3.next();
            Triple triple = (Triple) next2;
            if (INSTANCE.isCertificateRevoked((X509Certificate) triple.component1(), (X509Certificate) triple.component2(), (X509CRL) triple.component3())) {
                obj = next2;
                break;
            }
        }
        Triple triple2 = (Triple) obj;
        if (triple2 == null) {
            return null;
        }
        return (X509Certificate) triple2.getFirst();
    }

    private final boolean isCertificateRevoked(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509CRL x509crl) {
        if (isCrlValid(x509crl, x509Certificate2)) {
            return x509crl.getRevokedCertificate(x509Certificate) != null;
        }
        throw new IllegalArgumentException("Invalid CRL provided");
    }

    private final boolean isCrlValid(X509CRL x509crl, X509Certificate x509Certificate) {
        boolean z;
        if (!Intrinsics.areEqual(x509crl.getIssuerDN(), x509Certificate.getSubjectDN())) {
            return false;
        }
        try {
            x509crl.verify(x509Certificate.getPublicKey());
            z = true;
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    private final boolean isSignedBy(Certificate certificate, Certificate certificate2) {
        boolean z;
        try {
            certificate.verify(certificate2.getPublicKey());
            z = true;
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    static {
        Date from = Date.from(LocalDate.of(9999, 12, 31).atStartOfDay().toInstant(ZoneOffset.UTC));
        Intrinsics.checkNotNullExpressionValue(from, "from(\n        LocalDate.of(9999, 12, 31).atStartOfDay().toInstant(ZoneOffset.UTC)\n    )");
        farAwayDate = from;
    }
}
