package org.xbib.net.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Scanner;
import javax.crypto.NoSuchPaddingException;
import org.xbib.net.security.util.DistinguishedNameParser;

/* loaded from: input_file:org/xbib/net/security/CertificateReader.class */
public class CertificateReader {
    private static final String BEGIN_MARKER = "-----BEGIN CERTIFICATE-----";
    private static final String END_MARKER = "-----END CERTIFICATE-----";
    private static final PrivateKeyReader privateKeyReader = new PrivateKeyReader();

    public PrivateKey providePrivateKey(InputStream inputStream, String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException {
        return privateKeyReader.readPrivateKey(inputStream, str);
    }

    public X509Certificate readCertificate(String str) throws CertificateException, IOException {
        return readCertificate(new ByteArrayInputStream(readMaterial(str, BEGIN_MARKER, END_MARKER)));
    }

    public X509Certificate readCertificate(InputStream inputStream) throws CertificateException, IOException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public X509Certificate readCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public String getCertificateInPemFormat(X509Certificate x509Certificate) throws CertificateEncodingException {
        return derToPem(x509Certificate.getEncoded(), BEGIN_MARKER, END_MARKER);
    }

    public byte[] getCertificateInDerFormat(X509Certificate x509Certificate) throws CertificateEncodingException {
        return x509Certificate.getEncoded();
    }

    public BigInteger getModulus(X509Certificate x509Certificate) {
        return ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus();
    }

    public String getSha1Fingerprint(X509Certificate x509Certificate) throws CertificateEncodingException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(getCertificateInDerFormat(x509Certificate));
        return toHex(messageDigest.digest());
    }

    public String getSha256Fingerprint(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(getCertificateInDerFormat(x509Certificate));
        return toHex(messageDigest.digest());
    }

    public Collection<? extends X509Certificate> readChain(InputStream inputStream) throws CertificateException {
        return CertificateFactory.getInstance("X509").generateCertificates(inputStream);
    }

    public static String getServerName(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        return new DistinguishedNameParser(x509Certificate.getSubjectX500Principal()).findMostSpecific("CN");
    }

    public static List<String> getAlternativeServerNames(X509Certificate x509Certificate) throws CertificateParsingException {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    arrayList.add(list.get(1).toString());
                }
            }
        }
        return arrayList;
    }

    public static List<X509Certificate> parseCertificateChain(String str) throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(END_MARKER)) {
            arrayList.add(new CertificateReader().readCertificate(str2 + "-----END CERTIFICATE-----"));
        }
        return orderCertificateChain(arrayList);
    }

    public static List<X509Certificate> orderCertificateChain(Collection<? extends X509Certificate> collection) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        ArrayList arrayList = new ArrayList(collection);
        ArrayList arrayList2 = new ArrayList();
        X509Certificate findTopCertificate = findTopCertificate(arrayList);
        arrayList2.add(findTopCertificate);
        arrayList.remove(findTopCertificate);
        int size = arrayList.size();
        for (int i = 0; i < size; i++) {
            X509Certificate findNextCertificate = findNextCertificate((X509Certificate) arrayList2.get(0), arrayList);
            arrayList2.add(0, findNextCertificate);
            arrayList.remove(findNextCertificate);
        }
        return arrayList2;
    }

    private static X509Certificate findNextCertificate(X509Certificate x509Certificate, Collection<? extends X509Certificate> collection) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        for (X509Certificate x509Certificate2 : collection) {
            try {
                x509Certificate2.verify(x509Certificate.getPublicKey());
                return x509Certificate2;
            } catch (SignatureException e) {
            }
        }
        throw new CertificateException("chain doesn't contain a certificate that was signed by " + x509Certificate);
    }

    private static X509Certificate findTopCertificate(Collection<? extends X509Certificate> collection) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        for (X509Certificate x509Certificate : collection) {
            boolean z = false;
            for (X509Certificate x509Certificate2 : collection) {
                if (x509Certificate != x509Certificate2) {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        z = true;
                        break;
                    } catch (SignatureException e) {
                    }
                }
            }
            if (!z) {
                return x509Certificate;
            }
        }
        throw new CertificateException("could not find the top certificate of the chain");
    }

    private byte[] readMaterial(String str, String str2, String str3) throws IOException {
        StringBuilder sb = new StringBuilder();
        Scanner scanner = new Scanner(str);
        while (scanner.hasNextLine()) {
            String nextLine = scanner.nextLine();
            if (!nextLine.contains(str2)) {
                if (nextLine.contains(str3)) {
                    return Base64.getMimeDecoder().decode(sb.toString());
                }
                sb.append(nextLine.trim());
            }
        }
        throw new IOException("Invalid PEM file: No end marker");
    }

    private static String derToPem(byte[] bArr, String str, String str2) {
        String[] split = Base64.getEncoder().encodeToString(bArr).split("(?<=\\G.{64})");
        StringBuilder sb = new StringBuilder(str + "\n");
        for (String str3 : split) {
            sb.append(str3).append("\n");
        }
        sb.append(str2);
        return sb.toString();
    }

    private static String toHex(byte[] bArr) {
        return String.format("%0" + (bArr.length << 1) + "X", new BigInteger(1, bArr));
    }
}
