package org.nhindirect.stagent;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.nhindirect.stagent.cert.SignerCertPair;
import org.nhindirect.stagent.cert.Thumbprint;
import org.nhindirect.stagent.mail.MimeStandard;
import org.nhindirect.stagent.options.OptionsManager;
import org.nhindirect.stagent.options.OptionsParameter;

/* loaded from: input_file:org/nhindirect/stagent/CryptoExtensions.class */
public class CryptoExtensions {
    private static final String DEFAULT_JCE_PROVIDER_STRING = "BC";
    private static final int RFC822Name_TYPE = 1;
    private static final int DNSName_TYPE = 2;
    private static CertificateFactory certFactory;

    public static String getJCEProviderName() {
        OptionsParameter parameter = OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER);
        return (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? DEFAULT_JCE_PROVIDER_STRING : "";
    }

    public static void setJCEProviderName(String str) {
        OptionsManager.getInstance().setOptionsParameter((str == null || str.isEmpty()) ? new OptionsParameter(OptionsParameter.JCE_PROVIDER, DEFAULT_JCE_PROVIDER_STRING) : new OptionsParameter(OptionsParameter.JCE_PROVIDER, str));
    }

    public static boolean isEqualThumbprint(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return Thumbprint.toThumbprint(x509Certificate).equals(Thumbprint.toThumbprint(x509Certificate2));
    }

    public static boolean containsEmailAddressInSubjectAltName(X509Certificate x509Certificate, String str) {
        String replaceFirst = str.toLowerCase(Locale.getDefault()).startsWith("emailaddress=") ? str.toLowerCase().replaceFirst("^emailaddress=", "") : str;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return false;
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() >= DNSName_TYPE) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == RFC822Name_TYPE || num.intValue() == DNSName_TYPE) {
                        if (((String) list.get(RFC822Name_TYPE)).toLowerCase(Locale.getDefault()).equals(replaceFirst.toLowerCase())) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (CertificateParsingException e) {
            return false;
        }
    }

    public static boolean certSubjectContainsName(X509Certificate x509Certificate, String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Name cannot be null or empty.");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Certificate cannot be null.");
        }
        String replaceFirst = str.toLowerCase(Locale.getDefault()).startsWith("emailaddress=") ? str.toLowerCase().replaceFirst("^emailaddress=", "") : str;
        String subjectAddress = getSubjectAddress(x509Certificate);
        if (subjectAddress == null || subjectAddress.isEmpty()) {
            return false;
        }
        return replaceFirst.toLowerCase(Locale.getDefault()).equals(subjectAddress.toLowerCase(Locale.getDefault()));
    }

    public static boolean matchName(X509Certificate x509Certificate, String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        return x509Certificate.getSubjectDN().getName().toUpperCase(Locale.getDefault()).contains(("CN=" + str).toUpperCase(Locale.getDefault()));
    }

    public static Collection<SignerCertPair> findSignersByName(CMSSignedData cMSSignedData, String str, Collection<String> collection) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        ArrayList arrayList = null;
        try {
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", getJCEProviderName());
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                Collection<? extends Certificate> certificates = certificatesAndCRLs.getCertificates(signerInformation.getSID());
                if (certificates != null && certificates.size() > 0) {
                    X509Certificate x509Certificate = (X509Certificate) certificates.iterator().next();
                    if (certSubjectContainsName(x509Certificate, str)) {
                        boolean z = false;
                        if (collection != null) {
                            Iterator<String> it = collection.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (certSubjectContainsName(x509Certificate, it.next())) {
                                    z = RFC822Name_TYPE;
                                    break;
                                }
                            }
                        }
                        if (!z) {
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add(new SignerCertPair(signerInformation, convertToProfileProvidedCertImpl(x509Certificate)));
                        }
                    }
                }
            }
        } catch (Throwable th) {
        }
        return arrayList == null ? Collections.emptyList() : arrayList;
    }

    public static X509Certificate findCertByName(Collection<X509Certificate> collection, String str) {
        for (X509Certificate x509Certificate : collection) {
            if (certSubjectContainsName(x509Certificate, str)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static SignerCertPair findSignerByCert(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException();
        }
        try {
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                SignerId sid = signerInformation.getSID();
                if (sid.getIssuer().equals(x509Certificate.getIssuerX500Principal()) && sid.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                    return new SignerCertPair(signerInformation, x509Certificate);
                }
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private static X509Certificate convertToProfileProvidedCertImpl(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = null;
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(x509Certificate.getEncoded()));
            x509Certificate2 = (X509Certificate) certFactory.generateCertificate(bufferedInputStream);
            IOUtils.closeQuietly(bufferedInputStream);
        } catch (Exception e) {
        }
        return x509Certificate2;
    }

    public static String getSubjectAddress(X509Certificate x509Certificate) {
        String str = "";
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (list.size() >= DNSName_TYPE) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == RFC822Name_TYPE) {
                        str = (String) list.get(RFC822Name_TYPE);
                    } else if (num.intValue() == DNSName_TYPE && str.isEmpty()) {
                        str = (String) list.get(RFC822Name_TYPE);
                    }
                }
            }
        }
        if (!str.isEmpty()) {
            return str;
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        HashMap hashMap = new HashMap();
        hashMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
        String name = subjectX500Principal.getName("RFC1779", hashMap);
        String str2 = "EMAILADDRESS=";
        int indexOf = name.indexOf(str2);
        if (indexOf == -1) {
            str2 = "CN=";
            indexOf = name.indexOf(str2);
            if (indexOf == -1) {
                return "";
            }
        }
        int indexOf2 = name.indexOf(MimeStandard.MailAddressSeparator, indexOf);
        return indexOf2 > -1 ? name.substring(indexOf + str2.length(), indexOf2) : name.substring(indexOf + str2.length());
    }

    static {
        try {
            certFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
        }
    }
}
