package com.logica.security.util;

import com.logica.apps.ivs.client.manager.PKIMgrConstants;
import com.logica.asn1.ASN1OctetString;
import com.logica.asn1.ASN1Sequence;
import com.logica.asn1.DERConstructedSequence;
import com.logica.asn1.DEREncodable;
import com.logica.asn1.DEREnumerated;
import com.logica.asn1.DERInteger;
import com.logica.asn1.DERObject;
import com.logica.asn1.DERObjectIdentifier;
import com.logica.asn1.DEROctetString;
import com.logica.asn1.DERString;
import com.logica.asn1.DERTaggedObject;
import com.logica.asn1.x509.AuthorityKeyIdentifier;
import com.logica.asn1.x509.GeneralName;
import com.logica.asn1.x509.GeneralNames;
import com.logica.asn1.x509.SubjectKeyIdentifier;
import com.logica.asn1.x509.X509Extensions;
import com.logica.common.logging.LLogger;
import com.logica.common.logging.LLoggerFactory;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: input_file:com/logica/security/util/X509Utils.class */
public class X509Utils {
    private static final LLogger logger;
    private static boolean bJCryptoCertAvailable;
    static Class class$com$logica$security$util$X509Utils;

    public static String getSubjectEmailAddress(X509Certificate x509Certificate) {
        GeneralName element;
        if (x509Certificate == null) {
            throw new NullPointerException("certificate cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue(X509Extensions.SubjectAlternativeName.getId()));
        if (parseDERObjectFromExtension == null || (element = GeneralNames.getInstance(ASN1Sequence.getInstance(parseDERObjectFromExtension)).getElement(1)) == null) {
            return null;
        }
        return new String(((DEROctetString) element.getName()).getOctets());
    }

    public static String getOtherName(X509Certificate x509Certificate) {
        GeneralName element;
        if (x509Certificate == null) {
            throw new NullPointerException("certificate cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue(X509Extensions.SubjectAlternativeName.getId()));
        if (parseDERObjectFromExtension == null || (element = GeneralNames.getInstance(ASN1Sequence.getInstance(parseDERObjectFromExtension)).getElement(0)) == null) {
            return null;
        }
        return ((DERString) ((DERTaggedObject) ((ASN1Sequence) element.getName()).getObjectAt(1)).getObject()).getString();
    }

    private static ASN1Sequence getPolicyInfos(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("certificate cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue(X509Extensions.CertificatePolicies.getId()));
        if (parseDERObjectFromExtension != null) {
            return ASN1Sequence.getInstance(parseDERObjectFromExtension);
        }
        return null;
    }

    public static String getCertificatePolicy(X509Certificate x509Certificate) {
        ASN1Sequence policyInfos = getPolicyInfos(x509Certificate);
        if (policyInfos == null || policyInfos.getSize() < 1) {
            return null;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) policyInfos.getObjectAt(0);
        if (aSN1Sequence.getSize() < 1) {
            return null;
        }
        return ((DERObjectIdentifier) aSN1Sequence.getObjectAt(0)).getId();
    }

    public static String getCertPolicyUserNotice(X509Certificate x509Certificate) {
        ASN1Sequence policyInfos = getPolicyInfos(x509Certificate);
        if (policyInfos == null || policyInfos.getSize() < 1) {
            return null;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) policyInfos.getObjectAt(0);
        if (aSN1Sequence.getSize() < 2) {
            return null;
        }
        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) ((ASN1Sequence) aSN1Sequence.getObjectAt(1)).getObjectAt(0);
        if (!((DERObjectIdentifier) aSN1Sequence2.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.2.2") || aSN1Sequence2.getSize() < 1) {
            return null;
        }
        ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence2.getObjectAt(1);
        if (aSN1Sequence3.getSize() < 1) {
            return null;
        }
        DEREncodable objectAt = aSN1Sequence3.getObjectAt(0);
        if (objectAt instanceof ASN1Sequence) {
            return null;
        }
        try {
            return ((DERString) objectAt).getString();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static Hashtable getExtKeyUsageIDs(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("cert cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue(X509Extensions.ExtendedKeyUsage.getId()));
        if (parseDERObjectFromExtension == null) {
            return null;
        }
        Enumeration objects = ASN1Sequence.getInstance(parseDERObjectFromExtension).getObjects();
        if (!objects.hasMoreElements()) {
            return null;
        }
        Hashtable hashtable = new Hashtable();
        while (objects.hasMoreElements()) {
            String id = DERObjectIdentifier.getInstance(objects.nextElement()).getId();
            hashtable.put(id, id);
        }
        return hashtable;
    }

    public static BigInteger getCRLNumber(X509CRL x509crl) {
        if (x509crl == null) {
            throw new NullPointerException("cert cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509crl.getExtensionValue(X509Extensions.CRLNumber.getId()));
        if (parseDERObjectFromExtension != null) {
            return DERInteger.getInstance(parseDERObjectFromExtension).getValue();
        }
        return null;
    }

    public static BigInteger getCRLReasonCode(X509CRLEntry x509CRLEntry) {
        if (x509CRLEntry == null) {
            throw new NullPointerException("crlEntry cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509CRLEntry.getExtensionValue(X509Extensions.ReasonCode.getId()));
        if (parseDERObjectFromExtension == null) {
            return null;
        }
        if (parseDERObjectFromExtension instanceof DEROctetString) {
            try {
                parseDERObjectFromExtension = ASN1Utils.readASN1Object(((DEROctetString) parseDERObjectFromExtension).getOctets());
            } catch (IOException e) {
                throw new IllegalArgumentException(new StringBuffer().append("failed to parse from DEROctedString due to - ").append(e).toString(), e);
            }
        }
        return DEREnumerated.getInstance(parseDERObjectFromExtension).getValue();
    }

    public static byte[] getPKCS1EncodedPublicKey(PublicKey publicKey) {
        if (publicKey == null) {
            throw new NullPointerException("publicKey cannot be null");
        }
        String format = publicKey.getFormat();
        if (format == null) {
            throw new IllegalArgumentException("this public key format does not support encoding ");
        }
        if (!format.equals("X509") && !format.equals("X.509")) {
            if (format.equals("PKCS#1")) {
                return publicKey.getEncoded();
            }
            throw new UnsupportedOperationException(new StringBuffer().append("unsupported public key format - ").append(format).toString());
        }
        BigInteger modulus = ((RSAPublicKey) publicKey).getModulus();
        BigInteger publicExponent = ((RSAPublicKey) publicKey).getPublicExponent();
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        dERConstructedSequence.addObject(new DERInteger(modulus));
        dERConstructedSequence.addObject(new DERInteger(publicExponent));
        return dERConstructedSequence.getDERObject().toDERBytes();
    }

    public static byte[] toPEM(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("cert cannot be null");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write("-----BEGIN CERTIFICATE-----\n".getBytes("ASCII"));
                byteArrayOutputStream.write(Base64Coder.encode(x509Certificate.getEncoded()));
                byteArrayOutputStream.write("-----END CERTIFICATE-----\n".getBytes("ASCII"));
                return byteArrayOutputStream.toByteArray();
            } finally {
                byteArrayOutputStream.close();
            }
        } catch (IOException e) {
            throw new IllegalStateException(new StringBuffer().append("unable to encode to PEM due to - ").append(e).toString(), e);
        } catch (CertificateEncodingException e2) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to encode certificate to bytes due to - ").append(e2).toString(), e2);
        }
    }

    public static byte[] toPEM(X509CRL x509crl) {
        if (x509crl == null) {
            throw new NullPointerException("crl cannot be null");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write("-----BEGIN X509 CRL-----\n".getBytes("ASCII"));
                byteArrayOutputStream.write(Base64Coder.encode(x509crl.getEncoded()));
                byteArrayOutputStream.write("-----END X509 CRL-----\n".getBytes("ASCII"));
                return byteArrayOutputStream.toByteArray();
            } finally {
                byteArrayOutputStream.close();
            }
        } catch (IOException e) {
            throw new IllegalStateException(new StringBuffer().append("unable to encode to PEM due to - ").append(e).toString(), e);
        } catch (CRLException e2) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to encode CRL to bytes due to - ").append(e2).toString(), e2);
        }
    }

    public static byte[] getCertificateFingerprint(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        try {
            messageDigest.update(x509Certificate.getEncoded());
            return messageDigest.digest();
        } catch (CertificateEncodingException e) {
            throw new IllegalArgumentException(new StringBuffer().append("unable to encode certificate to bytes due to - ").append(e).toString(), e);
        }
    }

    public static byte[] getPublicKeyFingerprint(PublicKey publicKey, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(getPKCS1EncodedPublicKey(publicKey));
        return messageDigest.digest();
    }

    public static AuthorityKeyIdentifier getAuthorityKeyId(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("cert cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue("2.5.29.35"));
        if (parseDERObjectFromExtension != null) {
            return AuthorityKeyIdentifier.getInstance(parseDERObjectFromExtension);
        }
        return null;
    }

    public static AuthorityKeyIdentifier getAuthorityKeyId(X509CRL x509crl) {
        if (x509crl == null) {
            throw new NullPointerException("crl cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509crl.getExtensionValue("2.5.29.35"));
        if (parseDERObjectFromExtension != null) {
            return AuthorityKeyIdentifier.getInstance(parseDERObjectFromExtension);
        }
        return null;
    }

    public static byte[] getSubjectKeyId(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("certificate cannot be null");
        }
        DERObject parseDERObjectFromExtension = parseDERObjectFromExtension(x509Certificate.getExtensionValue("2.5.29.14"));
        if (parseDERObjectFromExtension != null) {
            return SubjectKeyIdentifier.getInstance(parseDERObjectFromExtension).getKeyIdentifier();
        }
        return null;
    }

    private static final DERObject parseDERObjectFromExtension(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        try {
            return ASN1Utils.readASN1Object(ASN1OctetString.getInstance(ASN1Utils.readASN1Object(bArr)).getOctets());
        } catch (IOException e) {
            throw new IllegalArgumentException(new StringBuffer().append("failed to parse DER from  extension due to - ").append(e).toString(), e);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:12:0x0041
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public static java.security.cert.X509Certificate buildX509Certificate(byte[] r5, java.lang.String r6) throws java.security.cert.CertificateException, java.security.NoSuchProviderException {
        /*
            r0 = r5
            if (r0 != 0) goto Le
            java.lang.NullPointerException r0 = new java.lang.NullPointerException
            r1 = r0
            java.lang.String r2 = "certificate bytes cannot be null"
            r1.<init>(r2)
            throw r0
        Le:
            java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream
            r1 = r0
            r2 = r5
            r1.<init>(r2)
            r7 = r0
            r0 = r7
            r1 = r6
            java.security.cert.X509Certificate r0 = buildX509Certificate(r0, r1)     // Catch: java.lang.Exception -> L22 java.lang.Throwable -> L30
            r8 = r0
            r0 = jsr -> L38
        L20:
            r1 = r8
            return r1
        L22:
            r8 = move-exception
            r0 = r5
            r1 = r8
            java.security.cert.X509Certificate r0 = tryAlternativeParser(r0, r1)     // Catch: java.lang.Throwable -> L30
            r9 = r0
            r0 = jsr -> L38
        L2d:
            r1 = r9
            return r1
        L30:
            r10 = move-exception
            r0 = jsr -> L38
        L35:
            r1 = r10
            throw r1
        L38:
            r11 = r0
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L41
            goto L61
        L41:
            r12 = move-exception
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "cert stream couldn't be closed - "
            java.lang.StringBuffer r2 = r2.append(r3)
            r3 = r12
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r12
            r1.<init>(r2, r3)
            throw r0
        L61:
            ret r11
        */
        throw new UnsupportedOperationException("Method not decompiled: com.logica.security.util.X509Utils.buildX509Certificate(byte[], java.lang.String):java.security.cert.X509Certificate");
    }

    private static X509Certificate tryAlternativeParser(byte[] bArr, Exception exc) throws CertificateException {
        logger.logApp(4, "X.509 Certificate build failed, trying another parser.", exc);
        try {
            if (Security.getProvider(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) != null) {
                X509Certificate x509Certificate = (X509Certificate) Class.forName("com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate").getDeclaredConstructor(Class.forName("[B")).newInstance(bArr);
                logger.logApp(1, "Alternative parser successfull with JCRYPTO.", null);
                return x509Certificate;
            }
            if (Security.getProvider("BC") == null) {
                throw exc;
            }
            X509Certificate x509Certificate2 = (X509Certificate) Class.forName("org.bouncycastle.jce.provider.X509CertificateObject").getDeclaredConstructor(Class.forName("org.bouncycastle.asn1.x509.X509CertificateStructure")).newInstance(Class.forName("org.bouncycastle.asn1.x509.X509CertificateStructure").getMethod("getInstance", Class.forName("java.lang.Object")).invoke(null, ASN1Utils.readASN1Object(bArr)));
            logger.logApp(1, "Alternative parser successfull with BC.", null);
            return x509Certificate2;
        } catch (Throwable th) {
            logger.logApp(3, "certificate is corrupted, other parsers failed or are not available, giving up.", th);
            throw new CertificateException(th.getMessage());
        }
    }

    public static X509Certificate buildX509Certificate(InputStream inputStream, String str) throws CertificateException, NoSuchProviderException {
        CertificateFactory certificateFactory;
        if (inputStream == null) {
            throw new NullPointerException("certificate bytes stream cannot be null");
        }
        if (str != null) {
            try {
                if (!str.equalsIgnoreCase(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER)) {
                    certificateFactory = CertificateFactory.getInstance("X.509", str);
                    return (X509Certificate) certificateFactory.generateCertificate(inputStream);
                }
            } catch (CertificateException e) {
                throw new IllegalStateException(new StringBuffer().append("unable to create CertificateFactory due to - ").append(e).toString(), e);
            }
        }
        certificateFactory = (str != null && str.equalsIgnoreCase(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) && bJCryptoCertAvailable) ? CertificateFactory.getInstance("X.509", str) : CertificateFactory.getInstance("X.509");
        return (X509Certificate) certificateFactory.generateCertificate(inputStream);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:12:0x0033
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    public static final java.security.cert.X509CRL buildX509CRL(byte[] r5, java.lang.String r6) throws java.security.NoSuchProviderException, java.security.cert.CRLException {
        /*
            r0 = r5
            if (r0 != 0) goto Le
            java.lang.NullPointerException r0 = new java.lang.NullPointerException
            r1 = r0
            java.lang.String r2 = "crlBytes cannot be null"
            r1.<init>(r2)
            throw r0
        Le:
            java.io.ByteArrayInputStream r0 = new java.io.ByteArrayInputStream
            r1 = r0
            r2 = r5
            r1.<init>(r2)
            r7 = r0
            r0 = r7
            r1 = r6
            java.security.cert.X509CRL r0 = buildX509CRL(r0, r1)     // Catch: java.lang.Throwable -> L22
            r8 = r0
            r0 = jsr -> L2a
        L20:
            r1 = r8
            return r1
        L22:
            r9 = move-exception
            r0 = jsr -> L2a
        L27:
            r1 = r9
            throw r1
        L2a:
            r10 = r0
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L33
            goto L53
        L33:
            r11 = move-exception
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            r1 = r0
            java.lang.StringBuffer r2 = new java.lang.StringBuffer
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "crl's stream could not be closed due to - "
            java.lang.StringBuffer r2 = r2.append(r3)
            r3 = r11
            java.lang.StringBuffer r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r3 = r11
            r1.<init>(r2, r3)
            throw r0
        L53:
            ret r10
        */
        throw new UnsupportedOperationException("Method not decompiled: com.logica.security.util.X509Utils.buildX509CRL(byte[], java.lang.String):java.security.cert.X509CRL");
    }

    public static final X509CRL buildX509CRL(InputStream inputStream, String str) throws NoSuchProviderException, CRLException {
        if (inputStream == null) {
            throw new NullPointerException("crl bytes stream cannot be null");
        }
        try {
            return (X509CRL) (str == null ? CertificateFactory.getInstance("X.509") : CertificateFactory.getInstance("X.509", str)).generateCRL(inputStream);
        } catch (CertificateException e) {
            throw new IllegalStateException(new StringBuffer().append("failed to creat CertificateFactory due to - ").append(e).toString(), e);
        }
    }

    public static void initSecProvider(String str) throws Exception, Error {
        boolean z;
        String str2;
        if (str.equals(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER)) {
            z = true;
            str2 = "com.baltimore.jcrypto.provider.JCRYPTO";
        } else {
            if (!str.equals("BC")) {
                throw new Exception(new StringBuffer().append("Unknown provider name: ").append(str).toString());
            }
            z = true;
            str2 = "org.bouncycastle.jce.provider.BouncyCastleProvider";
        }
        Object newInstance = Class.forName(str2).newInstance();
        if (!(newInstance instanceof Provider)) {
            throw new Exception(new StringBuffer().append("Class ").append(str2).append(" exists, but is not the java.security.Provider instance.").toString());
        }
        Provider provider = (Provider) newInstance;
        if (z) {
            Security.addProvider(provider);
        } else {
            Security.insertProviderAt(provider, 1);
        }
    }

    public static void addMissingKTClasses() {
        Provider provider = Security.getProvider(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
        if (bJCryptoCertAvailable) {
            return;
        }
        provider.put("CertificateFactory.X.509", "sun.security.provider.X509Factory");
        provider.put("MessageDigest.SHA-1", "sun.security.provider.SHA");
        provider.put("MessageDigest.MD5", "sun.security.provider.MD5");
        provider.put("Alg.Alias.MessageDigest.SHA", "SHA-1");
        provider.put("Alg.Alias.MessageDigest.SHA1", "SHA-1");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$logica$security$util$X509Utils == null) {
            cls = class$("com.logica.security.util.X509Utils");
            class$com$logica$security$util$X509Utils = cls;
        } else {
            cls = class$com$logica$security$util$X509Utils;
        }
        logger = LLoggerFactory.getLogger(cls);
        bJCryptoCertAvailable = true;
        try {
            CertificateFactory.getInstance("X.509", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
        } catch (NoSuchProviderException e) {
            logger.logApp(2, "JCRYPTO provider not available.", null);
            bJCryptoCertAvailable = false;
        } catch (CertificateException e2) {
            logger.logApp(2, "JCRYPTO X.509 certificate implementation not available.", null);
            bJCryptoCertAvailable = false;
        }
    }
}
