package com.rabbitmq.client.impl;

import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.stream.Collectors;
import javax.net.ssl.SSLSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:BOOT-INF/lib/amqp-client-5.16.0.jar:com/rabbitmq/client/impl/TlsUtils.class */
public class TlsUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TlsUtils.class);
    private static final List<String> KEY_USAGE = Collections.unmodifiableList(Arrays.asList("digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"));
    private static final Map<String, String> EXTENDED_KEY_USAGE = Collections.unmodifiableMap(new HashMap<String, String>() { // from class: com.rabbitmq.client.impl.TlsUtils.1
        {
            put("1.3.6.1.5.5.7.3.1", "TLS Web server authentication");
            put("1.3.6.1.5.5.7.3.2", "TLS Web client authentication");
            put("1.3.6.1.5.5.7.3.3", "Signing of downloadable executable code");
            put("1.3.6.1.5.5.7.3.4", "E-mail protection");
            put("1.3.6.1.5.5.7.3.8", "Binding the hash of an object to a time from an agreed-upon time");
        }
    });
    private static String PARSING_ERROR = "<parsing-error>";
    private static final Map<String, BiFunction<byte[], X509Certificate, String>> EXTENSIONS = Collections.unmodifiableMap(new HashMap<String, BiFunction<byte[], X509Certificate, String>>() { // from class: com.rabbitmq.client.impl.TlsUtils.2
        {
            put("2.5.29.14", (bArr, x509Certificate) -> {
                return "SubjectKeyIdentifier = " + TlsUtils.octetStringHexDump(bArr);
            });
            put("2.5.29.15", (bArr2, x509Certificate2) -> {
                return "KeyUsage = " + TlsUtils.keyUsageBitString(x509Certificate2.getKeyUsage(), bArr2);
            });
            put("2.5.29.16", (bArr3, x509Certificate3) -> {
                return "PrivateKeyUsage = " + TlsUtils.hexDump(0, bArr3);
            });
            put("2.5.29.17", (bArr4, x509Certificate4) -> {
                try {
                    return "SubjectAlternativeName = " + TlsUtils.sans(x509Certificate4, "/");
                } catch (CertificateParsingException e) {
                    return "SubjectAlternativeName = " + TlsUtils.PARSING_ERROR;
                }
            });
            put("2.5.29.18", (bArr5, x509Certificate5) -> {
                return "IssuerAlternativeName = " + TlsUtils.hexDump(0, bArr5);
            });
            put("2.5.29.19", (bArr6, x509Certificate6) -> {
                return "BasicConstraints = " + TlsUtils.basicConstraints(bArr6);
            });
            put("2.5.29.30", (bArr7, x509Certificate7) -> {
                return "NameConstraints = " + TlsUtils.hexDump(0, bArr7);
            });
            put("2.5.29.33", (bArr8, x509Certificate8) -> {
                return "PolicyMappings = " + TlsUtils.hexDump(0, bArr8);
            });
            put("2.5.29.35", (bArr9, x509Certificate9) -> {
                return "AuthorityKeyIdentifier = " + TlsUtils.authorityKeyIdentifier(bArr9);
            });
            put("2.5.29.36", (bArr10, x509Certificate10) -> {
                return "PolicyConstraints = " + TlsUtils.hexDump(0, bArr10);
            });
            put("2.5.29.37", (bArr11, x509Certificate11) -> {
                return "ExtendedKeyUsage = " + TlsUtils.extendedKeyUsage(bArr11, x509Certificate11);
            });
        }
    });

    public static void logPeerCertificateInfo(SSLSession sSLSession) {
        if (LOGGER.isDebugEnabled()) {
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if (peerCertificates != null && peerCertificates.length > 0) {
                    LOGGER.debug(peerCertificateInfo(peerCertificates[0], "Peer's leaf certificate"));
                    for (int i = 1; i < peerCertificates.length; i++) {
                        LOGGER.debug(peerCertificateInfo(peerCertificates[i], "Peer's certificate chain entry"));
                    }
                }
            } catch (Exception e) {
                LOGGER.debug("Error while logging peer certificate info: {}", e.getMessage());
            }
        }
    }

    public static String peerCertificateInfo(Certificate certificate, String str) {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            return String.format("%s subject: %s, subject alternative names: %s, issuer: %s, not valid after: %s, X.509 usage extensions: %s", stripCRLF(str), stripCRLF(x509Certificate.getSubjectX500Principal().getName()), stripCRLF(sans(x509Certificate, StringArrayPropertyEditor.DEFAULT_SEPARATOR)), stripCRLF(x509Certificate.getIssuerX500Principal().getName()), x509Certificate.getNotAfter(), stripCRLF(extensions(x509Certificate)));
        } catch (Exception e) {
            return "Error while retrieving " + str + " certificate information";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String sans(X509Certificate x509Certificate, String str) throws CertificateParsingException {
        return String.join(str, (Iterable<? extends CharSequence>) ((Collection) Optional.ofNullable(x509Certificate.getSubjectAlternativeNames()).orElse(new ArrayList())).stream().map(list -> {
            return list.toString();
        }).collect(Collectors.toList()));
    }

    public static String extensionPrettyPrint(String str, byte[] bArr, X509Certificate x509Certificate) {
        try {
            return EXTENSIONS.getOrDefault(str, (bArr2, x509Certificate2) -> {
                return str + " = " + hexDump(0, bArr);
            }).apply(bArr, x509Certificate);
        } catch (Exception e) {
            return str + " = " + PARSING_ERROR;
        }
    }

    public static String stripCRLF(String str) {
        return str.replaceAll(StringUtils.CR, "").replaceAll(StringUtils.LF, "");
    }

    private static String extensions(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        for (String str : x509Certificate.getCriticalExtensionOIDs()) {
            arrayList.add(extensionPrettyPrint(str, x509Certificate.getExtensionValue(str), x509Certificate) + " (critical)");
        }
        for (String str2 : x509Certificate.getNonCriticalExtensionOIDs()) {
            arrayList.add(extensionPrettyPrint(str2, x509Certificate.getExtensionValue(str2), x509Certificate) + " (non-critical)");
        }
        return String.join(", ", arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String octetStringHexDump(byte[] bArr) {
        return (bArr.length > 4 && bArr[0] == 4 && bArr[2] == 4) ? hexDump(4, bArr) : hexDump(0, bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String hexDump(int i, byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        for (int i2 = i; i2 < bArr.length; i2++) {
            arrayList.add(String.format("%02X", Byte.valueOf(bArr[i2])));
        }
        return String.join(":", arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String keyUsageBitString(boolean[] zArr, byte[] bArr) {
        if (zArr == null) {
            return hexDump(0, bArr);
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < zArr.length; i++) {
            if (zArr[i]) {
                arrayList.add(KEY_USAGE.get(i));
            }
        }
        return String.join("/", arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String basicConstraints(byte[] bArr) {
        if (bArr.length == 4 && bArr[3] == 0) {
            return "CA:FALSE";
        }
        if (bArr.length >= 7 && bArr[2] == 48 && bArr[4] == 1) {
            return "CA:" + (bArr[6] == 0 ? "FALSE" : "TRUE");
        }
        return hexDump(0, bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String authorityKeyIdentifier(byte[] bArr) {
        return (bArr.length == 26 && bArr[0] == 4) ? "keyid:" + hexDump(6, bArr) : hexDump(0, bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String extendedKeyUsage(byte[] bArr, X509Certificate x509Certificate) {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            return extendedKeyUsage == null ? hexDump(0, bArr) : String.join("/", (Iterable<? extends CharSequence>) extendedKeyUsage.stream().map(str -> {
                return EXTENDED_KEY_USAGE.getOrDefault(str, str);
            }).collect(Collectors.toList()));
        } catch (CertificateParsingException e) {
            return PARSING_ERROR;
        }
    }
}
