package df.sign.utils;

import com.itextpdf.text.pdf.PdfBoolean;
import com.itextpdf.text.pdf.PdfObject;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import javax.naming.directory.InitialDirContext;

/* loaded from: input_file:df/sign/utils/X509Utils.class */
public class X509Utils {
    public static boolean checkValidity(X509Certificate x509Certificate, Date date) {
        try {
            if (date != null) {
                x509Certificate.checkValidity(date);
                return true;
            }
            x509Certificate.checkValidity();
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean checkIsForSigning(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage()[0];
    }

    public static boolean checkIsNonRepudiation(X509Certificate x509Certificate) {
        return x509Certificate.getKeyUsage()[1];
    }

    public static X509Certificate getX509Certificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String getCN(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectDN().getName();
        if (name.indexOf("CN=") == -1) {
            return PdfObject.NOTHING;
        }
        String substring = name.substring(name.indexOf("CN=") + 3);
        int indexOf = substring.indexOf(44);
        if (indexOf == -1) {
            indexOf = substring.length();
        }
        return substring.substring(0, indexOf);
    }

    public static String getCFFromCertSubject(String str) {
        if (str.contains("CN=")) {
            String substring = str.substring(str.indexOf("CN=") + 3);
            int length = substring.length();
            if (substring.indexOf(44) != -1) {
                length = substring.indexOf(44);
            }
            String substring2 = substring.substring(0, length);
            if (substring2.contains("/")) {
                substring2 = substring2.split("/")[0].substring(1);
            }
            if (substring2.matches("\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Digit}\\p{Upper}")) {
                return substring2;
            }
        }
        if (!str.contains("SERIALNUMBER=")) {
            return PdfObject.NOTHING;
        }
        String substring3 = str.substring(str.indexOf("SERIALNUMBER=") + 13);
        int length2 = substring3.length();
        if (substring3.indexOf(44) != -1) {
            length2 = substring3.indexOf(44);
        }
        String substring4 = substring3.substring(0, length2);
        if (substring4.contains(":")) {
            substring4 = substring4.split(":")[1];
        }
        return substring4.matches("\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Upper}\\p{Digit}\\p{Digit}\\p{Digit}\\p{Upper}") ? substring4 : PdfObject.NOTHING;
    }

    public static ArrayList<String> getDistributionPointUrls(X509Certificate x509Certificate) {
        String x509Certificate2;
        ArrayList<String> arrayList = new ArrayList<>();
        try {
            x509Certificate2 = x509Certificate.toString();
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (x509Certificate2.indexOf("CRLDistributionPoints") == -1) {
            return arrayList;
        }
        String substring = x509Certificate2.substring(x509Certificate2.indexOf("CRLDistributionPoints"));
        String substring2 = substring.substring(0, substring.indexOf("]]") + 2);
        while (substring2.indexOf("URIName") != -1) {
            String substring3 = substring2.substring(substring2.indexOf("URIName") + 9);
            String substring4 = substring3.substring(0, substring3.indexOf("]"));
            if (substring4.contains(", URIName: ")) {
                for (String str : substring4.split(", URIName: ")) {
                    arrayList.add(str);
                }
            } else {
                arrayList.add(substring4);
            }
            substring2 = substring3.substring(substring3.indexOf("]") + 1);
        }
        return arrayList;
    }

    public static X509CRL getX509CRLFromURL(String str) {
        InputStream openStream;
        try {
            System.setProperty("java.net.useSystemProxies", PdfBoolean.TRUE);
            try {
                if (str.toLowerCase().startsWith("ldap")) {
                    Hashtable hashtable = new Hashtable();
                    hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                    hashtable.put("java.naming.provider.url", str);
                    byte[] bArr = (byte[]) new InitialDirContext(hashtable).getAttributes(PdfObject.NOTHING).get("certificateRevocationList;binary").get();
                    if (bArr == null || bArr.length == 0) {
                        throw new Exception("Can not download CRL from: " + str);
                    }
                    openStream = new ByteArrayInputStream(bArr);
                } else {
                    openStream = new URL(str).openStream();
                }
                System.out.println("CRL download correctly from : " + str);
                X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
                openStream.close();
                return x509crl;
            } catch (Exception e) {
                throw new Exception("Can not download CRL from: " + str + "\n" + e.getMessage());
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static boolean checkIsSelfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean checkIsRevoked(X509Certificate x509Certificate) {
        ArrayList<String> distributionPointUrls = getDistributionPointUrls(x509Certificate);
        X509CRL x509crl = null;
        Iterator<String> it = distributionPointUrls.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (!next.toLowerCase().startsWith("ldap")) {
                x509crl = getX509CRLFromURL(next);
                if (x509crl != null) {
                    break;
                }
            }
        }
        if (x509crl == null) {
            Iterator<String> it2 = distributionPointUrls.iterator();
            while (it2.hasNext()) {
                String next2 = it2.next();
                if (next2.toLowerCase().startsWith("ldap")) {
                    x509crl = getX509CRLFromURL(next2);
                    if (x509crl != null) {
                        break;
                    }
                }
            }
        }
        if (x509crl != null) {
            return x509crl.isRevoked(x509Certificate);
        }
        try {
            throw new Exception("Impossible to get the Certificate Revocation List from the URLs provided.");
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public static void checkAllOnCertificate(X509Certificate x509Certificate) throws Exception {
        boolean z = true;
        String str = "\n";
        String cFFromCertSubject = getCFFromCertSubject(x509Certificate.getSubjectDN().getName());
        if (checkIsSelfSigned(x509Certificate)) {
            z = false;
            str = String.valueOf(str) + "The certificate is Self Signed\n";
        }
        if (!checkIsNonRepudiation(x509Certificate)) {
            z = false;
            str = String.valueOf(str) + "The certificate is not valid for 'Non Repudiation'\n";
        }
        if (!checkValidity(x509Certificate, new Date())) {
            z = false;
            str = String.valueOf(str) + "The certificate is currently expired\n";
        }
        if (checkIsRevoked(x509Certificate)) {
            z = false;
            str = String.valueOf(str) + "The certificate has been revoked\n";
        }
        if (!z) {
            throw new Exception("Errors on validating certificate for " + cFFromCertSubject + ":" + str);
        }
    }
}
