package org.xipki.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Hex;

/* loaded from: input_file:WEB-INF/lib/security-5.3.11.jar:org/xipki/security/X509Cert.class */
public class X509Cert {
    private final Object sync;
    private X509CertificateHolder bcInstance;
    private X509Certificate jceInstance;
    private final boolean selfSigned;
    private final X500Name issuer;
    private final BigInteger serialNumber;
    private final X500Name subject;
    private final Date notBefore;
    private final Date notAfter;
    private String issuerRfc4519Text;
    private String subjectRfc4519Text;
    private byte[] subjectKeyId;
    private byte[] authorityKeyId;
    private int basicConstrains;
    private boolean keyUsageProcessed;
    private boolean[] keyUsage;
    private SubjectPublicKeyInfo subjectPublicKeyInfo;
    private PublicKey publicKey;
    private byte[] encoded;

    public X509Cert(Certificate certificate) {
        this(new X509CertificateHolder(certificate), (byte[]) null);
    }

    public X509Cert(Certificate certificate, byte[] bArr) {
        this(new X509CertificateHolder(certificate), bArr);
    }

    public X509Cert(X509Certificate x509Certificate) {
        this(x509Certificate, (byte[]) null);
    }

    public X509Cert(X509Certificate x509Certificate, byte[] bArr) {
        this.sync = new Object();
        this.basicConstrains = -2;
        this.bcInstance = null;
        this.jceInstance = (X509Certificate) Args.notNull(x509Certificate, "cert");
        this.encoded = bArr;
        this.notBefore = x509Certificate.getNotBefore();
        this.notAfter = x509Certificate.getNotAfter();
        this.serialNumber = x509Certificate.getSerialNumber();
        this.issuer = X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded());
        this.subject = X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded());
        this.selfSigned = this.subject.equals(this.issuer);
    }

    public X509Cert(X509CertificateHolder x509CertificateHolder) {
        this(x509CertificateHolder, (byte[]) null);
    }

    public X509Cert(X509CertificateHolder x509CertificateHolder, byte[] bArr) {
        this.sync = new Object();
        this.basicConstrains = -2;
        this.bcInstance = (X509CertificateHolder) Args.notNull(x509CertificateHolder, "cert");
        this.jceInstance = null;
        this.encoded = bArr;
        this.notBefore = x509CertificateHolder.getNotBefore();
        this.notAfter = x509CertificateHolder.getNotAfter();
        this.serialNumber = x509CertificateHolder.getSerialNumber();
        this.issuer = x509CertificateHolder.getIssuer();
        this.subject = x509CertificateHolder.getSubject();
        this.selfSigned = this.subject.equals(this.issuer);
    }

    public int getBasicConstraints() {
        if (this.basicConstrains == -2) {
            synchronized (this.sync) {
                if (this.bcInstance != null) {
                    byte[] coreExtValue = getCoreExtValue(Extension.basicConstraints);
                    if (coreExtValue == null) {
                        this.basicConstrains = -1;
                    } else {
                        BasicConstraints basicConstraints = BasicConstraints.getInstance(coreExtValue);
                        if (basicConstraints.isCA()) {
                            BigInteger pathLenConstraint = basicConstraints.getPathLenConstraint();
                            this.basicConstrains = pathLenConstraint == null ? Integer.MAX_VALUE : pathLenConstraint.intValueExact();
                        } else {
                            this.basicConstrains = -1;
                        }
                    }
                } else {
                    this.basicConstrains = this.jceInstance.getBasicConstraints();
                }
            }
        }
        return this.basicConstrains;
    }

    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public String getSerialNumberHex() {
        return "0x" + Hex.encode(this.serialNumber.toByteArray());
    }

    public PublicKey getPublicKey() {
        if (this.publicKey == null) {
            synchronized (this.sync) {
                if (this.bcInstance != null) {
                    try {
                        this.publicKey = KeyUtil.generatePublicKey(this.bcInstance.getSubjectPublicKeyInfo());
                    } catch (InvalidKeySpecException e) {
                        throw new IllegalStateException(e.getMessage(), e);
                    }
                } else {
                    this.publicKey = this.jceInstance.getPublicKey();
                }
            }
        }
        return this.publicKey;
    }

    public boolean[] getKeyUsage() {
        if (!this.keyUsageProcessed) {
            synchronized (this.sync) {
                if (this.bcInstance != null) {
                    byte[] coreExtValue = getCoreExtValue(Extension.keyUsage);
                    if (coreExtValue == null) {
                        this.keyUsage = null;
                    } else {
                        org.bouncycastle.asn1.x509.KeyUsage keyUsage = org.bouncycastle.asn1.x509.KeyUsage.getInstance(coreExtValue);
                        this.keyUsage = new boolean[9];
                        for (KeyUsage keyUsage2 : KeyUsage.values()) {
                            this.keyUsage[keyUsage2.getBit()] = keyUsage.hasUsages(keyUsage2.getBcUsage());
                        }
                    }
                } else {
                    this.keyUsage = this.jceInstance.getKeyUsage();
                }
            }
            this.keyUsageProcessed = true;
        }
        return this.keyUsage;
    }

    public X500Name getIssuer() {
        return this.issuer;
    }

    public X500Name getSubject() {
        return this.subject;
    }

    public byte[] getSubjectKeyId() {
        if (this.subjectKeyId == null) {
            synchronized (this.sync) {
                byte[] coreExtValue = getCoreExtValue(Extension.subjectKeyIdentifier);
                if (coreExtValue != null) {
                    this.subjectKeyId = ASN1OctetString.getInstance(coreExtValue).getOctets();
                }
            }
        }
        return this.subjectKeyId;
    }

    public byte[] getAuthorityKeyId() {
        if (this.authorityKeyId == null) {
            synchronized (this.sync) {
                byte[] coreExtValue = getCoreExtValue(Extension.authorityKeyIdentifier);
                if (coreExtValue != null) {
                    this.authorityKeyId = AuthorityKeyIdentifier.getInstance(coreExtValue).getKeyIdentifier();
                }
            }
        }
        return this.authorityKeyId;
    }

    public String getSubjectRfc4519Text() {
        if (this.subjectRfc4519Text == null) {
            synchronized (this.sync) {
                this.subjectRfc4519Text = RFC4519Style.INSTANCE.toString(this.subject);
            }
        }
        return this.subjectRfc4519Text;
    }

    public String getIssuerRfc4519Text() {
        if (this.issuerRfc4519Text == null) {
            synchronized (this.sync) {
                this.issuerRfc4519Text = RFC4519Style.INSTANCE.toString(this.subject);
            }
        }
        return this.issuerRfc4519Text;
    }

    public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
        if (this.subjectPublicKeyInfo == null) {
            synchronized (this.sync) {
                if (this.bcInstance != null) {
                    this.subjectPublicKeyInfo = this.bcInstance.getSubjectPublicKeyInfo();
                } else {
                    try {
                        this.subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(this.jceInstance.getPublicKey());
                    } catch (InvalidKeyException e) {
                        throw new IllegalStateException("error creating SubjectPublicKeyInfo from PublicKey", e);
                    }
                }
            }
        }
        return this.subjectPublicKeyInfo;
    }

    public X509Certificate toJceCert() {
        if (this.jceInstance == null) {
            synchronized (this.sync) {
                this.encoded = getEncoded();
                try {
                    this.jceInstance = X509Util.parseX509Certificate(new ByteArrayInputStream(this.encoded));
                } catch (CertificateException e) {
                    throw new IllegalStateException("error converting to X509Certificate", e);
                }
            }
        }
        return this.jceInstance;
    }

    public X509CertificateHolder toBcCert() {
        if (this.bcInstance == null) {
            synchronized (this.sync) {
                try {
                    this.encoded = this.jceInstance.getEncoded();
                    this.bcInstance = new X509CertificateHolder(this.encoded);
                } catch (IOException | CertificateEncodingException e) {
                    throw new IllegalStateException("error encoding certificate", e);
                }
            }
        }
        return this.bcInstance;
    }

    public boolean isSelfSigned() {
        return this.selfSigned;
    }

    public Date getNotBefore() {
        return this.notBefore;
    }

    public Date getNotAfter() {
        return this.notAfter;
    }

    public byte[] getEncoded() {
        if (this.encoded == null) {
            synchronized (this.sync) {
                try {
                    this.encoded = this.bcInstance != null ? this.bcInstance.getEncoded() : this.jceInstance.getEncoded();
                } catch (IOException | CertificateEncodingException e) {
                    throw new IllegalStateException("error encoding certificate", e);
                }
            }
        }
        return this.encoded;
    }

    public String getCommonName() {
        return X509Util.getCommonName(this.subject);
    }

    public void verify(PublicKey publicKey) throws SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        if (this.jceInstance != null) {
            this.jceInstance.verify(publicKey);
        } else {
            checkBcSignature(publicKey, Signature.getInstance(AlgorithmUtil.getSignatureAlgoName(this.bcInstance.getSignatureAlgorithm())));
        }
    }

    public void verify(PublicKey publicKey, Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (provider == null) {
            verify(publicKey);
        } else if (this.jceInstance != null) {
            this.jceInstance.verify(publicKey, provider);
        } else {
            checkBcSignature(publicKey, Signature.getInstance(AlgorithmUtil.getSignatureAlgoName(this.bcInstance.getSignatureAlgorithm()), provider));
        }
    }

    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (str == null) {
            verify(publicKey);
        } else if (this.jceInstance != null) {
            this.jceInstance.verify(publicKey, str);
        } else {
            checkBcSignature(publicKey, Signature.getInstance(AlgorithmUtil.getSignatureAlgoName(this.bcInstance.getSignatureAlgorithm()), str));
        }
    }

    private void checkBcSignature(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Certificate aSN1Structure = this.bcInstance.toASN1Structure();
        if (!aSN1Structure.getSignatureAlgorithm().equals(aSN1Structure.getTBSCertificate().getSignature())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        signature.initVerify(publicKey);
        try {
            signature.update(aSN1Structure.getTBSCertificate().getEncoded());
            if (!signature.verify(aSN1Structure.getSignature().getBytes())) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateException("error encoding TBSCertificate");
        }
    }

    public byte[] getExtensionCoreValue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (this.bcInstance != null) {
            Extension extension = this.bcInstance.getExtensions().getExtension(aSN1ObjectIdentifier);
            if (extension == null) {
                return null;
            }
            return extension.getExtnValue().getOctets();
        }
        byte[] extensionValue = this.jceInstance.getExtensionValue(aSN1ObjectIdentifier.getId());
        if (extensionValue == null) {
            return null;
        }
        return ASN1OctetString.getInstance(extensionValue).getOctets();
    }

    public boolean hasKeyusage(KeyUsage keyUsage) {
        boolean[] keyUsage2 = getKeyUsage();
        if (keyUsage2 == null) {
            return true;
        }
        return keyUsage2[keyUsage.getBit()];
    }

    public int hashCode() {
        return Arrays.hashCode(getEncoded());
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof X509Cert) {
            return Arrays.equals(getEncoded(), ((X509Cert) obj).getEncoded());
        }
        return false;
    }

    private byte[] getCoreExtValue(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extension extension;
        if (this.bcInstance == null) {
            byte[] extensionValue = this.jceInstance.getExtensionValue(aSN1ObjectIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return ASN1OctetString.getInstance(extensionValue).getOctets();
        }
        Extensions extensions = this.bcInstance.getExtensions();
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return extension.getExtnValue().getOctets();
    }
}
