package org.wso2.carbon.identity.relyingparty.saml;

import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocket;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.components.crypto.X509NameTokenizer;
import org.wso2.carbon.identity.relyingparty.RelyingPartyException;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/saml/IssuerCertificateUtil.class */
public class IssuerCertificateUtil {
    private static final Log log = LogFactory.getLog(IssuerCertificateUtil.class);

    private IssuerCertificateUtil() {
    }

    public static boolean checkSystemStore(X509Certificate x509Certificate, KeyStore keyStore) throws RelyingPartyException {
        if (x509Certificate == null || keyStore == null) {
            throw new RelyingPartyException("invalidInputParams");
        }
        try {
            x509Certificate.checkValidity();
            return keyStore.containsAlias(x509Certificate.getIssuerDN().getName());
        } catch (KeyStoreException | CertificateExpiredException | CertificateNotYetValidException e) {
            throw new RelyingPartyException("Error while loading trusted key store", e);
        }
    }

    public static boolean isBlackListed(List[] listArr, X509Certificate x509Certificate) throws RelyingPartyException {
        if (x509Certificate == null) {
            throw new RelyingPartyException("noCertInToken");
        }
        if (listArr == null || listArr.length <= 0) {
            return false;
        }
        List<String> dNOfIssuer = getDNOfIssuer(x509Certificate.getIssuerDN().getName());
        for (List list : listArr) {
            if (dNOfIssuer.equals(list)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isWhiteListed(List[] listArr, X509Certificate x509Certificate) throws RelyingPartyException {
        if (x509Certificate == null) {
            throw new RelyingPartyException("noCertInToken");
        }
        if (listArr == null || listArr.length <= 0) {
            return false;
        }
        List<String> dNOfIssuer = getDNOfIssuer(x509Certificate.getIssuerDN().getName());
        for (List list : listArr) {
            if (dNOfIssuer.equals(list)) {
                return true;
            }
        }
        return false;
    }

    public static String getCNOfSubject(X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerDN().getName();
        if (!name.contains("CN=")) {
            return null;
        }
        int indexOf = name.indexOf("CN=");
        return name.substring(indexOf + 3, name.indexOf(",", indexOf)).trim();
    }

    public static List<String> getDNOfIssuer(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        ArrayList arrayList = new ArrayList();
        while (x509NameTokenizer.hasMoreTokens()) {
            arrayList.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(arrayList);
        return arrayList;
    }

    public static boolean isWhiteListed(String str, KeyStore keyStore) throws Exception {
        return isInKeyStore((X509Certificate) readCertFromUrl(str), keyStore);
    }

    public static boolean isBlackListed(String str, KeyStore keyStore) throws Exception {
        return isInKeyStore((X509Certificate) readCertFromUrl(str), keyStore);
    }

    private static boolean isInKeyStore(X509Certificate x509Certificate, KeyStore keyStore) throws RelyingPartyException {
        if (x509Certificate == null || keyStore == null) {
            throw new RelyingPartyException("invalidInputParams");
        }
        try {
            x509Certificate.checkValidity();
            return keyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException | CertificateExpiredException | CertificateNotYetValidException e) {
            throw new RelyingPartyException("Error while loading trusted key store", e);
        }
    }

    public static Certificate readCertFromUrl(String str) throws Exception {
        SSLSocket sSLSocket = null;
        try {
            URL url = new URL(str);
            String host = url.getHost();
            int port = url.getPort();
            if (port == -1) {
                port = 443;
            }
            SSLSocket sSLSocket2 = (SSLSocket) HttpsURLConnection.getDefaultSSLSocketFactory().createSocket(host, port);
            sSLSocket2.startHandshake();
            Certificate[] peerCertificates = sSLSocket2.getSession().getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length <= 0) {
                if (log.isDebugEnabled()) {
                    log.debug("Does not return any associated certificates" + str);
                }
                if (sSLSocket2 != null) {
                    sSLSocket2.close();
                }
                return null;
            }
            if (log.isDebugEnabled()) {
                log.debug("Return any associated certificates suceessfully" + str);
            }
            Certificate certificate = peerCertificates[0];
            if (sSLSocket2 != null) {
                sSLSocket2.close();
            }
            return certificate;
        } catch (Throwable th) {
            if (0 != 0) {
                sSLSocket.close();
            }
            throw th;
        }
    }
}
