package org.demoiselle.signer.core.ca.manager;

import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import org.demoiselle.signer.core.ca.provider.ProviderCA;
import org.demoiselle.signer.core.ca.provider.ProviderCAFactory;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/demoiselle/signer/core/ca/manager/CAManager.class */
public class CAManager {
    private static final String CN = "CN";
    private static final CAManager instance = new CAManager();
    private static final Logger LOGGER = LoggerFactory.getLogger(CAManager.class);
    private static MessagesBundle coreMessagesBundle = new MessagesBundle();

    private CAManager() {
    }

    public static CAManager getInstance() {
        return instance;
    }

    public boolean validateRootCAs(Collection<X509Certificate> collection, X509Certificate x509Certificate) {
        boolean z = false;
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            try {
                validateRootCA(it.next(), x509Certificate);
                z = true;
                break;
            } catch (CAManagerException e) {
                LOGGER.debug(e.getMessage());
            }
        }
        if (z) {
            return true;
        }
        LOGGER.error(coreMessagesBundle.getString("error.no.authority"));
        throw new CAManagerException(coreMessagesBundle.getString("error.no.authority"));
    }

    public boolean validateRootCA(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (x509Certificate == null) {
            LOGGER.error(coreMessagesBundle.getString("error.root.ca.not.informed"));
            throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.informed"));
        }
        if (!isRootCA(x509Certificate)) {
            LOGGER.error(coreMessagesBundle.getString("error.not.root"));
            throw new CAManagerException(coreMessagesBundle.getString("error.not.root"));
        }
        Collection<X509Certificate> certificateChain = getCertificateChain(x509Certificate2);
        if (certificateChain == null || certificateChain.isEmpty()) {
            LOGGER.error(coreMessagesBundle.getString("error.get.chain"));
            throw new CAManagerException(coreMessagesBundle.getString("error.get.chain"));
        }
        X509Certificate x509Certificate3 = null;
        Iterator<X509Certificate> it = certificateChain.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate next = it.next();
            if (isRootCA(next)) {
                x509Certificate3 = next;
                break;
            }
        }
        if (x509Certificate3 == null) {
            LOGGER.error(coreMessagesBundle.getString("error.root.ca.not.found"));
            throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.found"));
        }
        if (isCAofCertificate(x509Certificate3, x509Certificate)) {
            return true;
        }
        LOGGER.error(coreMessagesBundle.getString("error.root.ca.not.chain"));
        throw new CAManagerException(coreMessagesBundle.getString("error.root.ca.not.chain"));
    }

    public boolean isRootCA(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        return isCAofCertificate(x509Certificate, x509Certificate);
    }

    public boolean isCAofCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        Boolean isCAofCertificate;
        CAManagerCache cAManagerCache = CAManagerCache.getInstance();
        boolean isCached = CAManagerConfiguration.getInstance().isCached();
        try {
            try {
                LOGGER.debug(coreMessagesBundle.getString("info.ca.cache", Boolean.valueOf(isCached)));
                if (isCached && null != (isCAofCertificate = cAManagerCache.getIsCAofCertificate(x509Certificate, x509Certificate2))) {
                    return isCAofCertificate.booleanValue();
                }
                x509Certificate2.verify(x509Certificate.getPublicKey());
                LOGGER.debug(coreMessagesBundle.getString("info.ca.validated"));
                if (!isCached) {
                    return true;
                }
                cAManagerCache.setIsCAofCertificate(x509Certificate, x509Certificate2, true);
                return true;
            } catch (InvalidKeyException | SignatureException e) {
                LOGGER.debug(coreMessagesBundle.getString("error.ca.verify.certificate.signature", e.getMessage()));
                if (!isCached) {
                    return false;
                }
                cAManagerCache.setIsCAofCertificate(x509Certificate, x509Certificate2, false);
                return false;
            }
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
        } catch (NoSuchProviderException e3) {
            LOGGER.error(coreMessagesBundle.getString("error.no.such.provider"), e3);
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.provider"), e3);
        } catch (CertificateException e4) {
            LOGGER.error(coreMessagesBundle.getString("error.certificate.exception"), e4);
            throw new CAManagerException(coreMessagesBundle.getString("error.certificate.exception"), e4);
        }
    }

    public Certificate[] getCertificateChainArray(X509Certificate x509Certificate) {
        LinkedList linkedList = (LinkedList) getCertificateChain(x509Certificate);
        if (linkedList == null || linkedList.isEmpty()) {
            return new Certificate[0];
        }
        Certificate[] certificateArr = new Certificate[linkedList.size()];
        for (int i = 0; i < linkedList.size(); i++) {
            certificateArr[i] = (Certificate) linkedList.get(i);
        }
        return certificateArr;
    }

    public Collection<X509Certificate> getCertificateChain(X509Certificate x509Certificate) {
        CAManagerConfiguration cAManagerConfiguration = CAManagerConfiguration.getInstance();
        LinkedList linkedList = new LinkedList();
        if (cAManagerConfiguration.isCached()) {
            LOGGER.debug(coreMessagesBundle.getString("info.cache.mode", Boolean.valueOf(cAManagerConfiguration.isCached())));
            Collection<X509Certificate> cachedCertificatesFor = CAManagerCache.getInstance().getCachedCertificatesFor(x509Certificate);
            if (cachedCertificatesFor != null) {
                return cachedCertificatesFor;
            }
        }
        linkedList.add(x509Certificate);
        if (isRootCA(x509Certificate)) {
            return linkedList;
        }
        boolean z = false;
        for (ProviderCA providerCA : ProviderCAFactory.getInstance().factory()) {
            try {
                LOGGER.debug(coreMessagesBundle.getString("info.searching.on.provider", providerCA.getName()));
                Collection<X509Certificate> cAs = providerCA.getCAs();
                for (X509Certificate x509Certificate2 : cAs) {
                    if (x509Certificate.getIssuerX500Principal() != null) {
                        if (getCN(x509Certificate.getIssuerX500Principal().getName()).equalsIgnoreCase(getCN(x509Certificate2.getSubjectX500Principal().getName())) && isCAofCertificate(x509Certificate2, x509Certificate)) {
                            linkedList.add(x509Certificate2);
                            X509Certificate x509Certificate3 = null;
                            for (X509Certificate x509Certificate4 : cAs) {
                                if (getCN(x509Certificate2.getIssuerX500Principal().getName()).equalsIgnoreCase(getCN(x509Certificate4.getSubjectX500Principal().getName())) && isCAofCertificate(x509Certificate4, x509Certificate2)) {
                                    x509Certificate3 = x509Certificate4;
                                }
                            }
                            while (true) {
                                if (x509Certificate3 == null) {
                                    break;
                                }
                                linkedList.add(x509Certificate3);
                                if (isRootCA(x509Certificate3)) {
                                    z = true;
                                    break;
                                }
                                for (X509Certificate x509Certificate5 : cAs) {
                                    if (getCN(x509Certificate3.getIssuerX500Principal().getName()).equalsIgnoreCase(getCN(x509Certificate5.getSubjectX500Principal().getName())) && isCAofCertificate(x509Certificate5, x509Certificate3)) {
                                        x509Certificate3 = x509Certificate5;
                                    }
                                }
                            }
                        }
                        if (z) {
                            break;
                        }
                    }
                }
                LOGGER.debug(coreMessagesBundle.getString("info.found.levels", Integer.valueOf(linkedList.size()), providerCA.getName()));
            } catch (Exception e) {
                LOGGER.warn(coreMessagesBundle.getString("error.no.ca", providerCA.getName()));
            }
            if (z) {
                break;
            }
            LOGGER.info(coreMessagesBundle.getString("warn.no.chain.on.provider", providerCA.getName()));
        }
        if (!z) {
            LOGGER.error(coreMessagesBundle.getString("erro.no.chain.provided", x509Certificate.getSubjectDN()));
        }
        if (cAManagerConfiguration.isCached() && !linkedList.isEmpty()) {
            CAManagerCache.getInstance().addCertificate(x509Certificate, linkedList);
        }
        return linkedList;
    }

    private X509Certificate getCAFromCertificate(Collection<X509Certificate> collection, X509Certificate x509Certificate) {
        if (isRootCA(x509Certificate) || collection == null || collection.isEmpty()) {
            return null;
        }
        for (X509Certificate x509Certificate2 : collection) {
            if (isCAofCertificate(x509Certificate2, x509Certificate)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    public Certificate[] getCertificateChainArray(KeyStore keyStore, String str, String str2) {
        try {
            keyStore.getKey(str2, str.toCharArray());
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain != null) {
                return certificateChain;
            }
            LOGGER.error(coreMessagesBundle.getString("error.no.chain.alias", str2));
            throw new CAManagerException(coreMessagesBundle.getString("error.no.chain.alias", str2));
        } catch (KeyStoreException e) {
            LOGGER.error(coreMessagesBundle.getString("error.keystore.type"), e);
            throw new CAManagerException(coreMessagesBundle.getString("error.keystore.type"), e);
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
            throw new CAManagerException(coreMessagesBundle.getString("error.no.such.algorithm"), e2);
        } catch (UnrecoverableKeyException e3) {
            LOGGER.error(coreMessagesBundle.getString("error.unrecoverable.key"), e3);
            throw new CAManagerException(coreMessagesBundle.getString("error.unrecoverable.key"), e3);
        }
    }

    public Collection<X509Certificate> getCertificateChain(KeyStore keyStore, String str, String str2) {
        Certificate[] certificateChainArray = getCertificateChainArray(keyStore, str, str2);
        if (certificateChainArray == null) {
            LOGGER.error(coreMessagesBundle.getString("error.no.chain.alias"));
            throw new CAManagerException(coreMessagesBundle.getString("error.no.chain.alias"));
        }
        LinkedList linkedList = new LinkedList();
        for (Certificate certificate : certificateChainArray) {
            linkedList.add((X509Certificate) certificate);
        }
        return linkedList;
    }

    private String getCN(String str) {
        int indexOf = str.indexOf(CN);
        if (indexOf < 0) {
            return str;
        }
        int indexOf2 = str.indexOf(44, indexOf);
        return indexOf2 < 0 ? str.substring(indexOf) : str.substring(indexOf, indexOf2);
    }
}
