package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRLException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.x509.X509V2CRLGenerator;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.OpenSSLReal;
import org.jruby.ext.openssl.X509Extensions;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:org/jruby/ext/openssl/X509CRL.class */
public class X509CRL extends RubyObject {
    private static final long serialVersionUID = -2463300006179688577L;
    private IRubyObject version;
    private IRubyObject issuer;
    private IRubyObject last_update;
    private IRubyObject next_update;
    private IRubyObject revoked;
    private List<IRubyObject> extensions;
    private IRubyObject sig_alg;
    private boolean changed;
    private X509V2CRLGenerator generator;
    private java.security.cert.X509CRL crl;
    private DERObject crl_v;
    private static final String IND8 = "        ";
    private static final String IND12 = "            ";
    private static final String IND16 = "                ";
    private static ObjectAllocator X509CRL_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509CRL.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new X509CRL(ruby, rubyClass);
        }
    };
    private static final DateFormat ASN_DATE = new SimpleDateFormat("MMM dd HH:mm:ss yyyy zzz");

    public static void createX509CRL(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("CRL", ruby.getObject(), X509CRL_ALLOCATOR);
        RubyClass rubyClass = ruby.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("CRLError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(X509CRL.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public java.security.cert.X509CRL getCRL() {
        return this.crl;
    }

    public X509CRL(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.changed = true;
        this.generator = new X509V2CRLGenerator();
    }

    @JRubyMethod(name = {"initialize"}, rest = true, frame = true)
    public IRubyObject _initialize(IRubyObject[] iRubyObjectArr, Block block) {
        Object newString;
        this.extensions = new ArrayList();
        if (Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 0, 1) == 0) {
            this.version = getRuntime().getNil();
            this.issuer = getRuntime().getNil();
            this.last_update = getRuntime().getNil();
            this.next_update = getRuntime().getNil();
            this.revoked = getRuntime().newArray();
            return this;
        }
        try {
            this.crl = (java.security.cert.X509CRL) OpenSSLReal.getX509CertificateFactoryBC().generateCRL(new ByteArrayInputStream(iRubyObjectArr[0].convertToString().getBytes()));
            try {
                this.crl_v = new ASN1InputStream(new ByteArrayInputStream(OpenSSLImpl.readX509PEM(iRubyObjectArr[0]))).readObject();
                DERInteger objectAt = this.crl_v.getObjectAt(0).getObjectAt(0);
                if (objectAt instanceof DERInteger) {
                    set_version(getRuntime().newFixnum(objectAt.getValue().intValue()));
                } else {
                    set_version(getRuntime().newFixnum(2));
                }
                set_last_update(RubyTime.newTime(getRuntime(), this.crl.getThisUpdate().getTime()));
                set_next_update(RubyTime.newTime(getRuntime(), this.crl.getNextUpdate().getTime()));
                set_issuer(Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Name", RubyString.newString(getRuntime(), this.crl.getIssuerX500Principal().getEncoded())));
                this.revoked = getRuntime().newArray();
                DERSequence objectAt2 = this.crl_v.getObjectAt(0);
                DERTaggedObject dERTaggedObject = (DERObject) objectAt2.getObjectAt(objectAt2.size() - 1);
                if ((dERTaggedObject instanceof DERTaggedObject) && dERTaggedObject.getTagNo() == 0) {
                    DERSequence object = dERTaggedObject.getObject();
                    for (int i = 0; i < object.size(); i++) {
                        DERSequence objectAt3 = object.getObjectAt(i);
                        String id = objectAt3.getObjectAt(0).getId();
                        boolean z = objectAt3.getObjectAt(1) == DERBoolean.TRUE;
                        byte[] extensionValue = this.crl.getExtensionValue(id);
                        RubyModule classFromPath = getRuntime().getClassFromPath("OpenSSL::ASN1");
                        try {
                            newString = ASN1.decode(classFromPath, ASN1.decode(classFromPath, RubyString.newString(getRuntime(), extensionValue)).callMethod(getRuntime().getCurrentContext(), "value"));
                        } catch (Exception e) {
                            newString = RubyString.newString(getRuntime(), extensionValue);
                        }
                        X509Extensions.Extension extension = (X509Extensions.Extension) Utils.newRubyInstance(getRuntime(), "OpenSSL::X509::Extension");
                        extension.setRealOid(extension.getObjectIdentifier(id));
                        extension.setRealValue(newString);
                        extension.setRealCritical(z);
                        add_extension(extension);
                    }
                }
                this.changed = false;
                return this;
            } catch (IOException e2) {
                throw newX509CRLError(getRuntime(), e2.getMessage());
            }
        } catch (GeneralSecurityException e3) {
            throw newX509CRLError(getRuntime(), e3.getMessage());
        }
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        System.err.println("WARNING: unimplemented method called: CRL#init_copy");
        if (this == iRubyObject) {
            return this;
        }
        checkFrozen();
        return this;
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem() {
        StringWriter stringWriter = new StringWriter();
        try {
            PEMInputOutput.writeX509CRL(stringWriter, this.crl);
            stringWriter.close();
            return getRuntime().newString(stringWriter.toString());
        } catch (IOException e) {
            throw newX509CRLError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            return RubyString.newString(getRuntime(), this.crl_v.getEncoded());
        } catch (IOException e) {
            throw newX509CRLError(getRuntime(), e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject to_text() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Certificate Revocation List (CRL):\n");
        stringBuffer.append(IND8).append("Version ").append(RubyNumeric.fix2int(this.version) + 1).append(" (0x");
        stringBuffer.append(Integer.toString(RubyNumeric.fix2int(this.version), 16)).append(")\n");
        stringBuffer.append(IND8).append("Signature Algorithm: ").append(ASN1.nid2ln(getRuntime(), ASN1.obj2nid(getRuntime(), this.crl_v.getObjectAt(1).getObjectAt(0)))).append("\n");
        stringBuffer.append(IND8).append("Issuer: ").append(issuer()).append("\n");
        stringBuffer.append(IND8).append("Last Update: ").append(ASN_DATE.format(((RubyTime) last_update()).getJavaDate())).append("\n");
        if (next_update().isNil()) {
            stringBuffer.append(IND8).append("Next Update: NONE\n");
        } else {
            stringBuffer.append(IND8).append("Next Update: ").append(ASN_DATE.format(((RubyTime) next_update()).getJavaDate())).append("\n");
        }
        if (this.extensions.size() > 0) {
            stringBuffer.append(IND8).append("CRL extensions\n");
            Iterator<IRubyObject> it = this.extensions.iterator();
            while (it.hasNext()) {
                X509Extensions.Extension extension = (X509Extensions.Extension) it.next();
                stringBuffer.append(IND12).append(ASN1.o2a(getRuntime(), extension.getRealOid())).append(": ");
                if (extension.getRealCritical()) {
                    stringBuffer.append("critical");
                }
                stringBuffer.append("\n");
                stringBuffer.append(IND16).append(extension.value()).append("\n");
            }
        }
        return getRuntime().newString(stringBuffer.toString());
    }

    @JRubyMethod
    public IRubyObject version() {
        return this.version;
    }

    @JRubyMethod(name = {"version="})
    public IRubyObject set_version(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.version)) {
            this.changed = true;
        }
        this.version = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject signature_algorithm() {
        return this.sig_alg;
    }

    @JRubyMethod
    public IRubyObject issuer() {
        return this.issuer;
    }

    @JRubyMethod(name = {"issuer="})
    public IRubyObject set_issuer(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.issuer)) {
            this.changed = true;
        }
        this.issuer = iRubyObject;
        this.generator.setIssuerDN(((X509Name) this.issuer).getRealName());
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject last_update() {
        return this.last_update;
    }

    @JRubyMethod(name = {"last_update="})
    public IRubyObject set_last_update(IRubyObject iRubyObject) {
        this.changed = true;
        this.last_update = iRubyObject.callMethod(getRuntime().getCurrentContext(), "getutc");
        ((RubyTime) this.last_update).setMicroseconds(0L);
        this.generator.setThisUpdate(((RubyTime) this.last_update).getJavaDate());
        this.last_update = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject next_update() {
        return this.next_update;
    }

    @JRubyMethod(name = {"next_update="})
    public IRubyObject set_next_update(IRubyObject iRubyObject) {
        this.changed = true;
        this.next_update = iRubyObject.callMethod(getRuntime().getCurrentContext(), "getutc");
        ((RubyTime) this.next_update).setMicroseconds(0L);
        this.generator.setNextUpdate(((RubyTime) this.next_update).getJavaDate());
        this.next_update = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject revoked() {
        return this.revoked;
    }

    @JRubyMethod(name = {"revoked="})
    public IRubyObject set_revoked(IRubyObject iRubyObject) {
        this.changed = true;
        this.revoked = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject add_revoked(IRubyObject iRubyObject) {
        this.changed = true;
        this.revoked.callMethod(getRuntime().getCurrentContext(), "<<", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject extensions() {
        return getRuntime().newArray(this.extensions);
    }

    @JRubyMethod(name = {"extensions="})
    public IRubyObject set_extensions(IRubyObject iRubyObject) {
        this.extensions = ((RubyArray) iRubyObject).getList();
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject add_extension(IRubyObject iRubyObject) {
        this.extensions.add(iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject sign(final IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        String algorithm = ((PKey) iRubyObject).getAlgorithm();
        String shortAlgorithm = ((Digest) iRubyObject2).getShortAlgorithm();
        if ((ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(shortAlgorithm)) || (("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(((Digest) iRubyObject2).name().toString())) || (ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "SHA1".equals(((Digest) iRubyObject2).name().toString())))) {
            throw newX509CRLError(getRuntime(), null);
        }
        this.sig_alg = getRuntime().newString(shortAlgorithm);
        this.generator.setSignatureAlgorithm(shortAlgorithm + "WITH" + algorithm);
        for (IRubyObject iRubyObject3 : ((RubyArray) this.revoked).toJavaArray()) {
            X509Revoked x509Revoked = (X509Revoked) iRubyObject3;
            BigInteger bigInteger = new BigInteger(x509Revoked.callMethod(getRuntime().getCurrentContext(), "serial").toString());
            IRubyObject callMethod = x509Revoked.callMethod(getRuntime().getCurrentContext(), "time").callMethod(getRuntime().getCurrentContext(), "getutc");
            ((RubyTime) callMethod).setMicroseconds(0L);
            this.generator.addCRLEntry(bigInteger, ((RubyTime) callMethod).getJavaDate(), new org.bouncycastle.asn1.x509.X509Extensions(new Hashtable()));
        }
        try {
            Iterator<IRubyObject> it = this.extensions.iterator();
            while (it.hasNext()) {
                X509Extensions.Extension extension = (X509Extensions.Extension) it.next();
                this.generator.addExtension(extension.getRealOid(), extension.getRealCritical(), extension.getRealValueBytes());
            }
            try {
                OpenSSLReal.doWithBCProvider(new OpenSSLReal.Runnable() { // from class: org.jruby.ext.openssl.X509CRL.2
                    @Override // org.jruby.ext.openssl.OpenSSLReal.Runnable
                    public void run() throws GeneralSecurityException {
                        X509CRL.this.crl = X509CRL.this.generator.generate(((PKey) iRubyObject).getPrivateKey(), "BC");
                    }
                });
                try {
                    this.crl_v = new ASN1InputStream(new ByteArrayInputStream(this.crl.getEncoded())).readObject();
                    DERSequence objectAt = this.crl_v.getObjectAt(0);
                    ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                    int i = objectAt.getObjectAt(0) instanceof DERInteger ? 0 + 1 : 0;
                    aSN1EncodableVector.add(new DERInteger(new BigInteger(this.version.toString())));
                    while (i < objectAt.size()) {
                        int i2 = i;
                        i++;
                        aSN1EncodableVector.add(objectAt.getObjectAt(i2));
                    }
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector));
                    aSN1EncodableVector2.add(this.crl_v.getObjectAt(1));
                    aSN1EncodableVector2.add(this.crl_v.getObjectAt(2));
                    this.crl_v = new DERSequence(aSN1EncodableVector2);
                    this.changed = false;
                    return this;
                } catch (IOException e) {
                    throw newX509CRLError(getRuntime(), e.getMessage());
                } catch (CRLException e2) {
                    throw newX509CRLError(getRuntime(), e2.getMessage());
                }
            } catch (GeneralSecurityException e3) {
                throw newX509CRLError(getRuntime(), e3.getMessage());
            }
        } catch (IOException e4) {
            throw newX509CRLError(getRuntime(), e4.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject verify(IRubyObject iRubyObject) {
        if (this.changed) {
            return getRuntime().getFalse();
        }
        try {
            this.crl.verify(((PKey) iRubyObject).getPublicKey());
            return getRuntime().getTrue();
        } catch (Exception e) {
            return getRuntime().getFalse();
        }
    }

    private static RaiseException newX509CRLError(Ruby ruby, String str) {
        return Utils.newError(ruby, "OpenSSL::X509::CRLError", str);
    }
}
