package org.apache.commons.ssl;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.axis2.dataretrieval.DRConstants;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.eclipse.osgi.framework.internal.reliablefile.ReliableFile;
import org.eclipse.osgi.internal.signedcontent.SignedContentConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/commons-httpclient-3.1.0.wso2v6.jar:org/apache/commons/ssl/Certificates.class
 */
/* loaded from: input_file:WEB-INF/lib/axis2-client-1.6.1-wso2v40.jar:org/apache/commons/ssl/Certificates.class */
public class Certificates {
    public static final CertificateFactory CF;
    public static final String CRL_EXTENSION = "2.5.29.31";
    public static final String OCSP_EXTENSION = "1.3.6.1.5.5.7.1.1";
    public static final String LINE_ENDING = System.getProperty("line.separator");
    private static final HashMap crl_cache = new HashMap();
    private static final DateFormat DF = new SimpleDateFormat("yyyy/MMM/dd");
    public static final SerializableComparator COMPARE_BY_EXPIRY = new SerializableComparator() { // from class: org.apache.commons.ssl.Certificates.1
        @Override // java.util.Comparator
        public int compare(Object obj, Object obj2) {
            X509Certificate x509Certificate = (X509Certificate) obj;
            X509Certificate x509Certificate2 = (X509Certificate) obj2;
            if (x509Certificate == x509Certificate2) {
                return 0;
            }
            if (x509Certificate == null) {
                return -1;
            }
            if (x509Certificate2 == null) {
                return 1;
            }
            if (x509Certificate.equals(x509Certificate2)) {
                return 0;
            }
            int compareTo = x509Certificate.getNotAfter().compareTo(x509Certificate2.getNotAfter());
            if (compareTo == 0) {
                compareTo = JavaImpl.getSubjectX500(x509Certificate).compareTo(JavaImpl.getSubjectX500(x509Certificate2));
                if (compareTo == 0) {
                    compareTo = JavaImpl.getIssuerX500(x509Certificate).compareTo(JavaImpl.getIssuerX500(x509Certificate2));
                    if (compareTo == 0) {
                        compareTo = x509Certificate.getSerialNumber().compareTo(x509Certificate2.getSerialNumber());
                        if (compareTo == 0) {
                            try {
                                byte[] encoded = x509Certificate.getEncoded();
                                byte[] encoded2 = x509Certificate2.getEncoded();
                                int length = encoded.length;
                                int length2 = encoded2.length;
                                for (int i = 0; i < length && i < length2; i++) {
                                    compareTo = encoded[i] - encoded2[i];
                                    if (compareTo != 0) {
                                        break;
                                    }
                                }
                                if (compareTo == 0) {
                                    compareTo = encoded.length - encoded2.length;
                                }
                            } catch (CertificateEncodingException e) {
                                compareTo = 0;
                            }
                        }
                    }
                }
            }
            return compareTo;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/commons-httpclient-3.1.0.wso2v6.jar:org/apache/commons/ssl/Certificates$CRLHolder.class
     */
    /* loaded from: input_file:WEB-INF/lib/axis2-client-1.6.1-wso2v40.jar:org/apache/commons/ssl/Certificates$CRLHolder.class */
    public static class CRLHolder {
        private final String urlString;
        private File tempCRLFile;
        private long creationTime;
        private Set passedTest = new HashSet();
        private Set failedTest = new HashSet();

        CRLHolder(String str) {
            if (str == null) {
                throw new NullPointerException("urlString can't be null");
            }
            this.urlString = str;
        }

        public synchronized boolean checkCRL(X509Certificate x509Certificate) throws CertificateException {
            CRL crl = null;
            if (System.currentTimeMillis() - this.creationTime > 86400000) {
                if (this.tempCRLFile != null && this.tempCRLFile.exists()) {
                    this.tempCRLFile.delete();
                }
                this.tempCRLFile = null;
                this.passedTest.clear();
            }
            BigInteger fingerprint = Certificates.getFingerprint(x509Certificate);
            if (this.failedTest.contains(fingerprint)) {
                throw new CertificateException("Revoked by CRL (cached response)");
            }
            if (this.passedTest.contains(fingerprint)) {
                return true;
            }
            if (this.tempCRLFile == null) {
                try {
                    URL url = new URL(this.urlString);
                    File createTempFile = File.createTempFile("crl", ReliableFile.tmpExt);
                    createTempFile.deleteOnExit();
                    try {
                        Util.pipeStream(new BufferedInputStream(url.openStream()), new BufferedOutputStream(new FileOutputStream(createTempFile)));
                        this.tempCRLFile = createTempFile;
                        this.creationTime = System.currentTimeMillis();
                    } catch (IOException e) {
                        createTempFile.delete();
                        throw e;
                    }
                } catch (IOException e2) {
                }
            }
            if (this.tempCRLFile != null && this.tempCRLFile.exists()) {
                try {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(this.tempCRLFile));
                    synchronized (Certificates.CF) {
                        crl = Certificates.CF.generateCRL(bufferedInputStream);
                    }
                    bufferedInputStream.close();
                    if (crl.isRevoked(x509Certificate)) {
                        this.passedTest.remove(fingerprint);
                        this.failedTest.add(fingerprint);
                        throw new CertificateException("Revoked by CRL");
                    }
                    this.passedTest.add(fingerprint);
                } catch (IOException e3) {
                } catch (CRLException e4) {
                }
            }
            return crl != null;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/commons-httpclient-3.1.0.wso2v6.jar:org/apache/commons/ssl/Certificates$SerializableComparator.class
     */
    /* loaded from: input_file:WEB-INF/lib/axis2-client-1.6.1-wso2v40.jar:org/apache/commons/ssl/Certificates$SerializableComparator.class */
    public interface SerializableComparator extends Comparator, Serializable {
    }

    public static String toPEMString(X509Certificate x509Certificate) throws CertificateEncodingException {
        return toString(x509Certificate.getEncoded());
    }

    public static String toString(byte[] bArr) {
        byte[] encodeBase64 = Base64.encodeBase64(bArr);
        StringBuffer stringBuffer = new StringBuffer(encodeBase64.length + 100);
        stringBuffer.append("-----BEGIN CERTIFICATE-----\n");
        for (int i = 0; i < encodeBase64.length; i += 64) {
            if (encodeBase64.length - i >= 64) {
                stringBuffer.append(new String(encodeBase64, i, 64));
            } else {
                stringBuffer.append(new String(encodeBase64, i, encodeBase64.length - i));
            }
            stringBuffer.append(LINE_ENDING);
        }
        stringBuffer.append("-----END CERTIFICATE-----");
        stringBuffer.append(LINE_ENDING);
        return stringBuffer.toString();
    }

    public static String toString(X509Certificate x509Certificate) {
        return toString(x509Certificate, false);
    }

    public static String toString(X509Certificate x509Certificate, boolean z) {
        String cn = getCN(x509Certificate);
        String format = DF.format(x509Certificate.getNotBefore());
        String format2 = DF.format(x509Certificate.getNotAfter());
        String subjectX500 = JavaImpl.getSubjectX500(x509Certificate);
        String issuerX500 = JavaImpl.getIssuerX500(x509Certificate);
        Iterator it = getCRLs(x509Certificate).iterator();
        if (subjectX500.equals(issuerX500)) {
            issuerX500 = "self-signed";
        }
        StringBuffer stringBuffer = new StringBuffer(128);
        if (z) {
            stringBuffer.append("<strong class=\"cn\">");
        }
        stringBuffer.append(cn);
        if (z) {
            stringBuffer.append("</strong>");
        }
        stringBuffer.append(LINE_ENDING);
        stringBuffer.append("Valid: ");
        stringBuffer.append(format);
        stringBuffer.append(" - ");
        stringBuffer.append(format2);
        stringBuffer.append(LINE_ENDING);
        stringBuffer.append("s: ");
        stringBuffer.append(subjectX500);
        stringBuffer.append(LINE_ENDING);
        stringBuffer.append("i: ");
        stringBuffer.append(issuerX500);
        while (it.hasNext()) {
            stringBuffer.append(LINE_ENDING);
            stringBuffer.append("CRL: ");
            stringBuffer.append((String) it.next());
        }
        stringBuffer.append(LINE_ENDING);
        return stringBuffer.toString();
    }

    public static List getCRLs(X509Extension x509Extension) {
        String str;
        byte[] extensionValue = x509Extension.getExtensionValue(CRL_EXTENSION);
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        LinkedList linkedList3 = new LinkedList();
        if (extensionValue == null) {
            return linkedList;
        }
        try {
            str = new String(extensionValue, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            str = new String(extensionValue);
        }
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 < 0) {
                linkedList.addAll(linkedList2);
                linkedList.addAll(linkedList3);
                return linkedList;
            }
            int i3 = -1;
            int[] iArr = {str.indexOf("http", i2), str.indexOf("ldap", i2), str.indexOf(DRConstants.SERVICE_DATA.FILE, i2), str.indexOf("ftp", i2)};
            Arrays.sort(iArr);
            int i4 = 0;
            while (true) {
                if (i4 >= iArr.length) {
                    break;
                }
                if (iArr[i4] >= 0) {
                    i3 = iArr[i4];
                    break;
                }
                i4++;
            }
            if (i3 >= 0) {
                int indexOf = str.indexOf(65533, i3);
                String substring = indexOf > i3 ? str.substring(i3, indexOf - 1) : str.substring(i3);
                if (indexOf > i3 && substring.endsWith(SchemaSymbols.ATTVAL_FALSE_0)) {
                    substring = substring.substring(0, substring.length() - 1);
                }
                String lowerCase = substring.trim().toLowerCase();
                if (lowerCase.startsWith("http")) {
                    linkedList.add(substring);
                } else if (lowerCase.startsWith("ftp")) {
                    linkedList2.add(substring);
                } else {
                    linkedList3.add(substring);
                }
                i = indexOf;
            } else {
                i = -1;
            }
        }
    }

    public static void checkCRL(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate.getExtensionValue(CRL_EXTENSION) == null) {
            return;
        }
        for (String str : getCRLs(x509Certificate)) {
            CRLHolder cRLHolder = (CRLHolder) crl_cache.get(str);
            if (cRLHolder == null) {
                cRLHolder = new CRLHolder(str);
                crl_cache.put(str, cRLHolder);
            }
            if (cRLHolder.checkCRL(x509Certificate)) {
                return;
            }
        }
    }

    public static BigInteger getFingerprint(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getFingerprint(x509Certificate.getEncoded());
    }

    public static BigInteger getFingerprint(byte[] bArr) throws CertificateEncodingException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignedContentConstants.SHA1_STR);
            messageDigest.reset();
            return new BigInteger(messageDigest.digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw JavaImpl.newRuntimeException(e);
        }
    }

    public static String getCN(X509Certificate x509Certificate) {
        String[] cNs = getCNs(x509Certificate);
        if (cNs != null && cNs.length >= 1) {
            return cNs[0];
        }
        return null;
    }

    public static String[] getCNs(X509Certificate x509Certificate) {
        LinkedList linkedList = new LinkedList();
        StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectX500Principal().toString(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int indexOf = nextToken.indexOf("CN=");
            if (indexOf >= 0) {
                linkedList.add(nextToken.substring(indexOf + 3));
            }
        }
        if (linkedList.isEmpty()) {
            return null;
        }
        String[] strArr = new String[linkedList.size()];
        linkedList.toArray(strArr);
        return strArr;
    }

    public static String[] getDNSSubjectAlts(X509Certificate x509Certificate) {
        LinkedList linkedList = new LinkedList();
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    linkedList.add((String) list.get(1));
                }
            }
        }
        if (linkedList.isEmpty()) {
            return null;
        }
        String[] strArr = new String[linkedList.size()];
        linkedList.toArray(strArr);
        return strArr;
    }

    public static X509Certificate[] trimChain(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509CertificateArr[i] == null) {
                X509Certificate[] x509CertificateArr2 = new X509Certificate[i];
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, i);
                return x509CertificateArr2;
            }
        }
        return x509CertificateArr;
    }

    public static X509Certificate[] x509ifyChain(Certificate[] certificateArr) {
        if (certificateArr instanceof X509Certificate[]) {
            return (X509Certificate[]) certificateArr;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        System.arraycopy(certificateArr, 0, x509CertificateArr, 0, certificateArr.length);
        return x509CertificateArr;
    }

    public static void main(String[] strArr) throws Exception {
        for (String str : strArr) {
            Iterator it = new TrustMaterial(new FileInputStream(str)).getCertificates().iterator();
            while (it.hasNext()) {
                System.out.println(toString((X509Certificate) it.next()));
            }
        }
    }

    static {
        CertificateFactory certificateFactory = null;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                CF = certificateFactory;
            } catch (CertificateException e) {
                e.printStackTrace(System.out);
                CF = certificateFactory;
            }
        } catch (Throwable th) {
            CF = certificateFactory;
            throw th;
        }
    }
}
