package org.jivesoftware.sparkimpl.certificates;

import java.io.IOException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyConstraints;
import org.bouncycastle.asn1.x509.SubjectDirectoryAttributes;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.util.encoders.Hex;
import org.jivesoftware.resource.Res;
import org.jivesoftware.spark.util.log.Log;

/* loaded from: input_file:org/jivesoftware/sparkimpl/certificates/CertificateModel.class */
public class CertificateModel {
    private final X509Certificate certificate;
    private String alias;
    private String subjectCommonName;
    private String issuerCommonName;
    private final int version;
    private final String serialNumber;
    private final String signatureValue;
    private final String signatureAlgorithm;
    private final String issuer;
    private final String subject;
    private final String notBefore;
    private final String notAfter;
    private final String publicKey;
    private final String publicKeyAlgorithm;
    private String issuerUniqueID;
    private String subjectUniqueID;
    private final boolean valid;
    private boolean revoked;
    private Set<String> criticalExtensionSet;
    private Set<String> nonCriticalExtensionSet;
    private final HashMap<String, String> extensions;
    private final ArrayList<String> unsupportedCriticalExtensions;
    private final ArrayList<String> unsupportedNonCriticalExtensions;

    public CertificateModel(X509Certificate x509Certificate, String str) {
        this(x509Certificate);
        this.alias = str;
    }

    public CertificateModel(X509Certificate x509Certificate) {
        this.extensions = new HashMap<>();
        this.unsupportedCriticalExtensions = new ArrayList<>();
        this.unsupportedNonCriticalExtensions = new ArrayList<>();
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Certificate cannot be null");
        }
        this.certificate = x509Certificate;
        this.version = x509Certificate.getVersion();
        this.serialNumber = x509Certificate.getSerialNumber().toString();
        this.signatureValue = Base64.getEncoder().encodeToString(x509Certificate.getSignature());
        this.signatureAlgorithm = x509Certificate.getSigAlgName();
        this.issuer = x509Certificate.getIssuerX500Principal().getName();
        this.subject = x509Certificate.getSubjectX500Principal().getName();
        this.notBefore = x509Certificate.getNotBefore().toString();
        this.notAfter = x509Certificate.getNotAfter().toString();
        this.publicKey = x509Certificate.getPublicKey().toString();
        this.publicKeyAlgorithm = x509Certificate.getPublicKey().getAlgorithm();
        if (this.version != 1 && ((x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[5]) || x509Certificate.getBasicConstraints() == -1)) {
            try {
                this.issuerUniqueID = Arrays.toString(x509Certificate.getIssuerUniqueID());
            } catch (NullPointerException e) {
                Log.warning("Certificate doesn't have issuerUniqueID: " + this.issuer, e);
            }
            try {
                this.subjectUniqueID = Arrays.toString(x509Certificate.getIssuerUniqueID());
            } catch (NullPointerException e2) {
                Log.warning("Certificate doesn't have subjectUniqueID: " + this.subject, e2);
            }
        }
        try {
            this.subjectCommonName = extractCommonName(this.subject);
        } catch (InvalidNameException e3) {
            Log.warning("Couldn't extract subject Common Name (CN)", e3);
        }
        try {
            this.issuerCommonName = extractCommonName(this.issuer);
        } catch (InvalidNameException e4) {
            Log.warning("Couldn't extract issuer Common Name (CN)", e4);
        }
        this.valid = checkValidity();
        setupExtensions(x509Certificate);
    }

    private void setupExtensions(X509Certificate x509Certificate) {
        this.criticalExtensionSet = x509Certificate.getCriticalExtensionOIDs();
        this.nonCriticalExtensionSet = x509Certificate.getNonCriticalExtensionOIDs();
        if (this.criticalExtensionSet != null) {
            Iterator<String> it = this.criticalExtensionSet.iterator();
            while (it.hasNext()) {
                extensionExtractHandler(x509Certificate, it.next(), true);
            }
        }
        if (this.nonCriticalExtensionSet != null) {
            Iterator<String> it2 = this.nonCriticalExtensionSet.iterator();
            while (it2.hasNext()) {
                extensionExtractHandler(x509Certificate, it2.next(), false);
            }
        }
    }

    private void extensionExtractHandler(X509Certificate x509Certificate, String str, boolean z) {
        try {
            ASN1Primitive parseExtensionValue = JcaX509ExtensionUtils.parseExtensionValue(x509Certificate.getExtensionValue(str));
            String str2 = Res.getString("cert.is.critical") + z + "\n";
            boolean z2 = true;
            if (str.equals(Extension.subjectDirectoryAttributes.toString())) {
                str2 = str2 + subjectDirectoryAttributesExtractor(parseExtensionValue);
            } else if (str.equals(Extension.subjectKeyIdentifier.toString())) {
                str2 = str2 + subjectKeyIdentifierExtractor(parseExtensionValue);
            } else if (str.equals(Extension.keyUsage.toString())) {
                str2 = str2 + keyUsageExtractor(x509Certificate);
            } else if (str.equals(Extension.subjectAlternativeName.toString())) {
                str2 = str2 + alternativeNameExtractor(x509Certificate.getSubjectAlternativeNames());
            } else if (str.equals(Extension.issuerAlternativeName.toString())) {
                str2 = str2 + alternativeNameExtractor(x509Certificate.getIssuerAlternativeNames());
            } else if (str.equals(Extension.basicConstraints.toString())) {
                str2 = str2 + basicConstraintsExtractor(parseExtensionValue);
            } else if (str.equals(Extension.nameConstraints.toString())) {
                str2 = str2 + NameConstraintsExtractor(parseExtensionValue);
            } else if (str.equals(Extension.cRLDistributionPoints.toString())) {
                str2 = str2 + CRLPointsExtractor(parseExtensionValue);
            } else if (str.equals(Extension.policyMappings.toString())) {
                str2 = str2 + policyMappingsExtractor(x509Certificate);
            } else if (str.equals(Extension.authorityKeyIdentifier.toString())) {
                str2 = str2 + authorityKeyIdentifierExtractor(parseExtensionValue);
            } else if (str.equals(Extension.policyConstraints.toString())) {
                str2 = str2 + policyConstraintsExtractor(parseExtensionValue);
            } else if (str.equals(Extension.extendedKeyUsage.toString())) {
                str2 = str2 + extendedKeyUsageExtractor(x509Certificate);
            } else {
                addToUnsupported(z, str);
                z2 = false;
            }
            if (z2) {
                this.extensions.put(str, str2);
            }
        } catch (IOException | NullPointerException | CertificateParsingException e) {
            Log.error("Couldn't extract " + str + ": " + OIDTranslator.getDescription(str) + "extension.", e);
            addToUnsupported(z, str);
        }
    }

    private String subjectDirectoryAttributesExtractor(ASN1Primitive aSN1Primitive) {
        return SubjectDirectoryAttributes.getInstance(aSN1Primitive).toString();
    }

    private String extendedKeyUsageExtractor(X509Certificate x509Certificate) throws CertificateParsingException {
        StringBuilder sb = new StringBuilder();
        for (String str : x509Certificate.getExtendedKeyUsage()) {
            sb.append(str).append(": ").append(OIDTranslator.getDescription(str)).append("\n");
        }
        return sb.toString();
    }

    private String policyConstraintsExtractor(ASN1Primitive aSN1Primitive) {
        String str;
        PolicyConstraints policyConstraints = PolicyConstraints.getInstance(aSN1Primitive);
        str = "";
        str = policyConstraints.getInhibitPolicyMapping() != null ? str + Res.getString("cert.extension.policy.constraints.inhibit.policy.mapping") + ": " + policyConstraints.getInhibitPolicyMapping() + "\n" : "";
        if (policyConstraints.getRequireExplicitPolicyMapping() != null) {
            str = str + Res.getString("cert.extension.policy.constraints.require.explicit.policy.mapping") + ": " + policyConstraints.getRequireExplicitPolicyMapping();
        }
        return str;
    }

    private String authorityKeyIdentifierExtractor(ASN1Primitive aSN1Primitive) {
        return Hex.toHexString(AuthorityKeyIdentifier.getInstance(aSN1Primitive).getKeyIdentifier());
    }

    private String subjectKeyIdentifierExtractor(ASN1Primitive aSN1Primitive) {
        return Hex.toHexString(SubjectKeyIdentifier.getInstance(aSN1Primitive).getKeyIdentifier());
    }

    private String policyMappingsExtractor(X509Certificate x509Certificate) {
        return ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.policyMappings.toString())).toString();
    }

    private String CRLPointsExtractor(ASN1Primitive aSN1Primitive) {
        return CRLDistPoint.getInstance(aSN1Primitive).toString();
    }

    private String NameConstraintsExtractor(ASN1Primitive aSN1Primitive) {
        NameConstraints nameConstraints = NameConstraints.getInstance(aSN1Primitive);
        StringBuilder sb = new StringBuilder();
        if (nameConstraints.getPermittedSubtrees() != null) {
            sb.append(Res.getString("cert.extension.name.constraints.permitted.subtrees")).append(": \n");
            for (GeneralSubtree generalSubtree : nameConstraints.getPermittedSubtrees()) {
                sb.append(generalSubtree.toString()).append("\n");
            }
        }
        if (nameConstraints.getExcludedSubtrees() != null) {
            sb.append(Res.getString("cert.extension.name.constraints.excluded.subtrees")).append(": \n");
            for (GeneralSubtree generalSubtree2 : nameConstraints.getExcludedSubtrees()) {
                sb.append(generalSubtree2.toString()).append("\n");
            }
        }
        return sb.toString();
    }

    private String basicConstraintsExtractor(ASN1Primitive aSN1Primitive) {
        BasicConstraints basicConstraints = BasicConstraints.getInstance(aSN1Primitive);
        String str = Res.getString("cert.extension.basic.constraints.is.ca") + ": " + basicConstraints.isCA();
        if (basicConstraints.getPathLenConstraint() != null) {
            str = str + "\n" + Res.getString("cert.extension.basic.constraints.path.length") + ": " + basicConstraints.getPathLenConstraint();
        }
        return str;
    }

    private String alternativeNameExtractor(Collection<List<?>> collection) {
        StringBuilder sb = new StringBuilder();
        if (collection != null) {
            for (List<?> list : collection) {
                if (list != null) {
                    Iterator<?> it = list.iterator();
                    while (it.hasNext()) {
                        sb.append(it.next().toString()).append("\n");
                    }
                }
            }
        }
        return sb.toString();
    }

    private String keyUsageExtractor(X509Certificate x509Certificate) {
        return ((((((((Res.getString("cert.extension.extended.usage.digital.signature") + ": " + x509Certificate.getKeyUsage()[0] + "\n") + Res.getString("cert.extension.extended.usage.non.repudiation") + ": " + x509Certificate.getKeyUsage()[1] + "\n") + Res.getString("cert.extension.extended.usage.key.encipherment") + ": " + x509Certificate.getKeyUsage()[2] + "\n") + Res.getString("cert.extension.extended.usage.data.encipherment") + ": " + x509Certificate.getKeyUsage()[3] + "\n") + Res.getString("cert.extension.extended.usage.key.agreement") + ": " + x509Certificate.getKeyUsage()[4] + "\n") + Res.getString("cert.extension.extended.usage.key.cert.sign") + ": " + x509Certificate.getKeyUsage()[5] + "\n") + Res.getString("cert.extension.extended.usage.crl.sign") + ": " + x509Certificate.getKeyUsage()[6] + "\n") + Res.getString("cert.extension.extended.usage.encipher.only") + ": " + x509Certificate.getKeyUsage()[7] + "\n") + Res.getString("cert.extension.extended.usage.decipher.only") + ": " + x509Certificate.getKeyUsage()[8];
    }

    private void addToUnsupported(boolean z, String str) {
        if (z) {
            this.unsupportedCriticalExtensions.add(str);
        } else {
            this.unsupportedNonCriticalExtensions.add(str);
        }
    }

    private String extractCommonName(String str) throws InvalidNameException {
        String str2 = null;
        for (Rdn rdn : new LdapName(str).getRdns()) {
            if (rdn.getType().equals("CN")) {
                str2 = rdn.getValue().toString();
            }
        }
        return str2;
    }

    public String getValidityStatus() {
        return isRevoked() ? Res.getString("cert.revoked") : isAfterNotAfter() ? Res.getString("cert.expired") : isBeforeNotBefore() ? "cert.not.valid.yet" : Res.getString("cert.valid");
    }

    public String getCertStatusAll() {
        String str;
        str = "";
        str = isRevoked() ? str + Res.getString("cert.revoked") + "\n" : "";
        if (isAfterNotAfter()) {
            str = str + Res.getString("cert.expired") + "\n";
        }
        if (isBeforeNotBefore()) {
            str = str + Res.getString("cert.not.valid.yet") + "\n";
        }
        if (!isRevoked() && !isAfterNotAfter() && !isBeforeNotBefore()) {
            str = str + Res.getString("cert.valid") + "\n";
        }
        if (isSelfSigned()) {
            str = str + Res.getString("cert.self.signed") + "\n";
        }
        return str;
    }

    public boolean isSelfSigned() {
        return this.subject.equals(this.issuer);
    }

    private boolean checkValidity() {
        return (isAfterNotAfter() || isBeforeNotBefore() || isRevoked()) ? false : true;
    }

    private boolean isBeforeNotBefore() {
        return new Date().before(this.certificate.getNotBefore());
    }

    private boolean isAfterNotAfter() {
        return new Date().after(this.certificate.getNotAfter());
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public String getAlias() {
        return this.alias;
    }

    public int getVersion() {
        return this.version;
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public String getSignatureValue() {
        return this.signatureValue;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public String getSubject() {
        return this.subject;
    }

    public String getNotBefore() {
        return this.notBefore;
    }

    public String getNotAfter() {
        return this.notAfter;
    }

    public String getPublicKey() {
        return this.publicKey;
    }

    public String getPublicKeyAlgorithm() {
        return this.publicKeyAlgorithm;
    }

    public String getIssuerUniqueID() {
        return this.issuerUniqueID;
    }

    public String getSubjectUniqueID() {
        return this.subjectUniqueID;
    }

    public boolean isValid() {
        return this.valid;
    }

    public String getSubjectCommonName() {
        return this.subjectCommonName;
    }

    public boolean isRevoked() {
        return this.revoked;
    }

    public void setRevoked(boolean z) {
        this.revoked = z;
    }

    public String getIssuerCommonName() {
        return this.issuerCommonName;
    }

    public Set<String> getCriticalExtensionSet() {
        return this.criticalExtensionSet;
    }

    public HashMap<String, String> getExtensions() {
        return this.extensions;
    }

    public ArrayList<String> getUnsupportedCriticalExtensions() {
        return this.unsupportedCriticalExtensions;
    }

    public ArrayList<String> getUnsupportedNonCriticalExtensions() {
        return this.unsupportedNonCriticalExtensions;
    }
}
