package by.avest.certstore;

import by.avest.certstore.dir.SingleDirectoryCertStoreParameters;
import by.avest.crypto.pkcs11.provider.ByteArrayUtil;
import by.avest.crypto.x509.GeneralName;
import by.avest.crypto.x509.GeneralNames;
import by.avest.crypto.x509.ObjectDigestInfo;
import by.avest.crypto.x509.X509AttributeCertificate;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.x509.X500Name;

/* loaded from: input_file:by/avest/certstore/Util.class */
public class Util {
    static final String hexChars = "0123456789ABCDEF";
    private static Debug debug = Debug.getInstance("avstores");
    private static final SimpleDateFormat logSDF = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss:SSS");
    static final SimpleDateFormat SDF = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

    public static void log(Debug debug2, String str) {
        if (debug2 != null) {
            debug2.println(logSDF.format(new Date()) + " [" + Thread.currentThread().getName() + "]  " + str);
        }
    }

    public static void log(String str) {
        if (debug != null) {
            debug.println(logSDF.format(new Date()) + " [" + Thread.currentThread().getName() + "]  " + str);
        }
    }

    public static boolean isDebug() {
        return debug != null;
    }

    public static String getClassName(Object obj) {
        return obj == null ? "null" : obj.getClass().getName();
    }

    public static final String array2hex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(2 * bArr.length);
        for (byte b : bArr) {
            stringBuffer.append("0123456789ABCDEF".charAt((b >> 4) & 15));
            stringBuffer.append("0123456789ABCDEF".charAt(b & 15));
        }
        return stringBuffer.toString();
    }

    public static void debug(X509Certificate x509Certificate) {
        try {
            log("X509Certificate, from: " + formatDate(x509Certificate.getNotBefore()) + ", to: " + formatDate(x509Certificate.getNotAfter()) + ", serial: " + ByteArrayUtil.toHexString(x509Certificate.getSerialNumber().toByteArray()) + ", length: " + x509Certificate.getEncoded().length + ", subject: " + x509Certificate.getSubjectDN().getName() + ", issuer: " + x509Certificate.getIssuerDN().getName());
        } catch (Throwable th) {
            log("Error while printing cert");
            th.printStackTrace();
        }
    }

    public static void debug(X509CRL x509crl) {
        try {
            Set<? extends X509CRLEntry> revokedCertificates = x509crl.getRevokedCertificates();
            log("X509CRL, from: " + formatDate(x509crl.getThisUpdate()) + ", to: " + formatDate(x509crl.getNextUpdate()) + ", certs: " + (revokedCertificates == null ? 0 : revokedCertificates.size()) + ", length: " + x509crl.getEncoded().length + ", issuer: " + x509crl.getIssuerDN().getName());
        } catch (Throwable th) {
            log("Error while printing crl");
            th.printStackTrace();
        }
    }

    public static void debug(X509AttributeCertificate x509AttributeCertificate) {
        try {
            log("X509AttributeCertificate, from: " + formatDate(x509AttributeCertificate.getNotBefore()) + ", to: " + formatDate(x509AttributeCertificate.getNotAfter()) + ", serial: " + array2hex(x509AttributeCertificate.getSerialNumber().getNumber().toByteArray()) + ", length: " + x509AttributeCertificate.getEncoded().length + ", holder: " + x509AttributeCertificate.getHolder().toString() + ", issuer: " + x509AttributeCertificate.getIssuer().toString());
        } catch (Throwable th) {
            log("Error while printing attr cert");
            th.printStackTrace();
        }
    }

    private static String formatDate(Date date) {
        return date == null ? "null" : SDF.format(date);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean digestMatches(X509Certificate x509Certificate, ObjectDigestInfo objectDigestInfo) {
        byte[] bArr = null;
        switch (objectDigestInfo.getDigestedObjectType()) {
            case 0:
                bArr = x509Certificate.getPublicKey().getEncoded();
                break;
            case 1:
                try {
                    bArr = x509Certificate.getEncoded();
                    break;
                } catch (CertificateEncodingException e) {
                    if (!isDebug()) {
                        return false;
                    }
                    e.printStackTrace();
                    return false;
                }
        }
        if (bArr == null) {
            return false;
        }
        try {
            return Arrays.equals(objectDigestInfo.getObjectDigest().toByteArray(), MessageDigest.getInstance(objectDigestInfo.getDigestAlgorithm().getName()).digest(bArr));
        } catch (NoSuchAlgorithmException e2) {
            if (!isDebug()) {
                return false;
            }
            e2.printStackTrace();
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean nameMatches(X500Name x500Name, GeneralNames generalNames) {
        for (GeneralName generalName : generalNames.names()) {
            if (generalName.getType() == 4 && x500Name.equals(generalName.getName())) {
                return true;
            }
        }
        return false;
    }

    public static Set<TrustAnchor> loadTrustAnchorsFromDirectory(String str) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException {
        HashSet hashSet = new HashSet();
        Iterator<? extends Certificate> it = CertStore.getInstance("AvDirSingle", new SingleDirectoryCertStoreParameters(str)).getCertificates(null).iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor((X509Certificate) it.next(), null));
        }
        return hashSet;
    }

    public static X500Principal getX500Principal(GeneralNames generalNames) {
        if (generalNames == null) {
            return null;
        }
        for (GeneralName generalName : generalNames.names()) {
            if (generalName.getType() == 4) {
                try {
                    return new X500Principal(generalName.getName().getEncoded());
                } catch (IOException e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            }
        }
        return null;
    }

    public static Set<X509Certificate> findCerts(X509CertSelector x509CertSelector, PKIXBuilderParameters pKIXBuilderParameters) throws GeneralCertPathException {
        HashSet hashSet = new HashSet();
        Iterator<CertStore> it = pKIXBuilderParameters.getCertStores().iterator();
        while (it.hasNext()) {
            try {
                hashSet.addAll(it.next().getCertificates(x509CertSelector));
            } catch (CertStoreException e) {
                throw new GeneralCertPathException(e.getMessage(), e);
            }
        }
        return hashSet;
    }

    public static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set<TrustAnchor> set, String str) throws GeneralCertPathException {
        TrustAnchor trustAnchor = null;
        PublicKey publicKey = null;
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        try {
            x509CertSelector.setSubject(issuerX500Principal.getEncoded());
            Iterator<TrustAnchor> it = set.iterator();
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    } else {
                        trustAnchor = null;
                    }
                } else if (trustAnchor.getCAName() == null || trustAnchor.getCAPublicKey() == null) {
                    trustAnchor = null;
                } else {
                    try {
                        if (issuerX500Principal.equals(new X500Principal(trustAnchor.getCAName()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        } else {
                            trustAnchor = null;
                        }
                    } catch (IllegalArgumentException e) {
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey, str);
                    } catch (Exception e2) {
                        exc = e2;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new GeneralCertPathException("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e3) {
            throw new GeneralCertPathException(e3.getMessage(), e3);
        }
    }

    public static Set<X509CRL> findCRLs(PKIXBuilderParameters pKIXBuilderParameters, X509CRLSelector x509CRLSelector) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        Iterator<CertStore> it = pKIXBuilderParameters.getCertStores().iterator();
        while (it.hasNext()) {
            try {
                hashSet.addAll(it.next().getCRLs(x509CRLSelector));
            } catch (CertStoreException e) {
                throw new CertPathValidatorException(e.getMessage(), e);
            }
        }
        return hashSet;
    }
}
