package net.jsign;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jsign/CertificateUtils.class */
public class CertificateUtils {
    private CertificateUtils() {
    }

    public static Certificate[] loadCertificateChain(File file) throws IOException, CertificateException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            ArrayList arrayList = new ArrayList(CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream));
            arrayList.sort(getChainComparator());
            Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[0]);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return certificateArr;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static Comparator<X509Certificate> getChainComparator() {
        return Comparator.comparing((v0) -> {
            return v0.getBasicConstraints();
        }).thenComparing((v0) -> {
            return v0.getNotBefore();
        }, Comparator.reverseOrder()).thenComparing((v0) -> {
            return v0.getSubjectX500Principal();
        }, Comparator.comparing((v0) -> {
            return v0.getName();
        }));
    }

    public static AuthorityInformationAccess getAuthorityInformationAccess(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
        if (extensionValue != null) {
            return AuthorityInformationAccess.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets());
        }
        return null;
    }

    public static String getIssuerCertificateURL(X509Certificate x509Certificate) {
        AuthorityInformationAccess authorityInformationAccess = getAuthorityInformationAccess(x509Certificate);
        if (authorityInformationAccess == null) {
            return null;
        }
        for (AccessDescription accessDescription : authorityInformationAccess.getAccessDescriptions()) {
            if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessDescription.getAccessMethod())) {
                return accessDescription.getAccessLocation().getName().toString();
            }
        }
        return null;
    }

    public static Collection<X509Certificate> getIssuerCertificates(X509Certificate x509Certificate) throws IOException, CertificateException {
        String issuerCertificateURL = getIssuerCertificateURL(x509Certificate);
        if (issuerCertificateURL == null) {
            return Collections.emptyList();
        }
        InputStream inputStream = new HttpClient(new File(OSUtils.getCacheDirectory("jsign"), "certificates"), 7776000000L).getInputStream(new URL(issuerCertificateURL));
        Throwable th = null;
        try {
            try {
                Collection generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                return generateCertificates;
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    public static Collection<X509Certificate> getCertificateChain(X509Certificate x509Certificate, int i) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        if (i > 0 && !isSelfSigned(x509Certificate)) {
            try {
                Iterator<X509Certificate> it = getIssuerCertificates(x509Certificate).iterator();
                while (it.hasNext()) {
                    arrayList.addAll(getCertificateChain(it.next(), i - 1));
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return arrayList;
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static List<X509Certificate> getFullCertificateChain(Collection<X509Certificate> collection) {
        Set set = (Set) collection.stream().map(x509Certificate -> {
            return x509Certificate.getIssuerX500Principal().getName();
        }).collect(Collectors.toCollection(LinkedHashSet::new));
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            set.remove(it.next().getSubjectX500Principal().getName());
        }
        HashSet<X509Certificate> hashSet = new HashSet();
        for (X509Certificate x509Certificate2 : collection) {
            if (set.contains(x509Certificate2.getIssuerX500Principal().getName())) {
                hashSet.add(x509Certificate2);
            }
        }
        ArrayList arrayList = new ArrayList(collection);
        for (X509Certificate x509Certificate3 : hashSet) {
            arrayList.remove(x509Certificate3);
            arrayList.addAll(getCertificateChain(x509Certificate3, 10));
        }
        return arrayList;
    }
}
