package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyBoolean;
import org.jruby.RubyClass;
import org.jruby.RubyFixnum;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;
import org.jruby.runtime.Block;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.runtime.component.VariableEntry;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/X509Cert.class */
public class X509Cert extends RubyObject {
    private static final long serialVersionUID = -6524431607032364369L;
    private IRubyObject subject;
    private IRubyObject issuer;
    private BigInteger serial;
    private RubyTime not_before;
    private RubyTime not_after;
    private IRubyObject sig_alg;
    private IRubyObject version;
    private X509Certificate cert;
    private transient PKey public_key;
    private final List<X509Extension> extensions;
    private boolean changed;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void createX509Cert(Ruby ruby, RubyModule rubyModule, RubyClass rubyClass) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("Certificate", ruby.getObject(), (ruby2, rubyClass2) -> {
            return new X509Cert(ruby2, rubyClass2);
        });
        rubyModule.defineClassUnder("CertificateError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(X509Cert.class);
    }

    public X509Cert(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.serial = BigInteger.ZERO;
        this.extensions = new ArrayList(4);
        this.changed = true;
    }

    private X509Cert(Ruby ruby) {
        super(ruby, _Certificate(ruby));
        this.serial = BigInteger.ZERO;
        this.extensions = new ArrayList(4);
        this.changed = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final X509AuxCertificate getAuxCert() {
        if (this.cert == null) {
            return null;
        }
        return this.cert instanceof X509AuxCertificate ? (X509AuxCertificate) this.cert : new X509AuxCertificate(this.cert);
    }

    public static IRubyObject wrap(Ruby ruby, Certificate certificate) throws CertificateEncodingException {
        return wrap(ruby.getCurrentContext(), certificate);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Cert wrap(ThreadContext threadContext, Certificate certificate) throws CertificateEncodingException {
        if (!(certificate instanceof X509Certificate)) {
            return wrap(threadContext, certificate.getEncoded());
        }
        X509Cert x509Cert = new X509Cert(threadContext.runtime);
        x509Cert.initialize(threadContext, (X509Certificate) certificate);
        return x509Cert;
    }

    public static IRubyObject wrap(Ruby ruby, javax.security.cert.Certificate certificate) throws javax.security.cert.CertificateEncodingException {
        return wrap(ruby.getCurrentContext(), certificate.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Cert wrap(ThreadContext threadContext, byte[] bArr) {
        X509Cert x509Cert = new X509Cert(threadContext.runtime);
        x509Cert.initialize(threadContext, bArr);
        return x509Cert;
    }

    @JRubyMethod(name = {"initialize"}, optional = 1, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr, Block block) {
        if (iRubyObjectArr.length == 0) {
            this.subject = X509Name.newName(threadContext.runtime);
            this.issuer = X509Name.newName(threadContext.runtime);
            return this;
        }
        ByteList byteList = StringHelper.readPossibleDERInput(threadContext, iRubyObjectArr[0]).getByteList();
        initialize(threadContext, byteList.unsafeBytes(), byteList.getBegin(), byteList.getRealSize());
        return this;
    }

    private void initialize(ThreadContext threadContext, byte[] bArr) {
        initialize(threadContext, bArr, 0, bArr.length);
    }

    private void initialize(ThreadContext threadContext, byte[] bArr, int i, int i2) {
        try {
            initialize(threadContext, (X509Certificate) SecurityHelper.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(StringHelper.readX509PEM(bArr, i, i2))));
        } catch (CertificateException e) {
            throw newCertificateError(threadContext.runtime, e);
        }
    }

    private void initialize(ThreadContext threadContext, X509Certificate x509Certificate) {
        String oid2name;
        Ruby ruby = threadContext.runtime;
        if (x509Certificate == null) {
            throw newCertificateError(ruby, (String) null);
        }
        this.cert = x509Certificate;
        set_serial(RubyNumeric.str2inum(ruby, ruby.newString(x509Certificate.getSerialNumber().toString()), 10));
        set_not_before(threadContext, RubyTime.newTime(ruby, x509Certificate.getNotBefore().getTime()));
        set_not_after(threadContext, RubyTime.newTime(ruby, x509Certificate.getNotAfter().getTime()));
        this.subject = X509Name.newName(ruby, x509Certificate.getSubjectX500Principal());
        this.issuer = X509Name.newName(ruby, x509Certificate.getIssuerX500Principal());
        this.version = RubyFixnum.newFixnum(ruby, x509Certificate.getVersion() - 1);
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (sigAlgOID == null) {
            oid2name = x509Certificate.getSigAlgName();
        } else {
            oid2name = ASN1.oid2name(ruby, new ASN1ObjectIdentifier(sigAlgOID), true);
            if (oid2name == null) {
                oid2name = "0.0";
                if (x509Certificate.getSigAlgName() != null && !x509Certificate.getSigAlgOID().equals(x509Certificate.getSigAlgName())) {
                    oid2name = x509Certificate.getSigAlgName();
                }
            }
        }
        this.sig_alg = RubyString.newString(ruby, oid2name);
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            Iterator<String> it = criticalExtensionOIDs.iterator();
            while (it.hasNext()) {
                addExtension(threadContext, it.next(), true);
            }
        }
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs != null) {
            Iterator<String> it2 = nonCriticalExtensionOIDs.iterator();
            while (it2.hasNext()) {
                addExtension(threadContext, it2.next(), false);
            }
        }
        this.changed = false;
    }

    private void addExtension(ThreadContext threadContext, String str, boolean z) {
        try {
            byte[] extensionValue = this.cert.getExtensionValue(str);
            if (extensionValue == null) {
                return;
            }
            for (X509Extension x509Extension : X509Extension.newExtension(threadContext, str, extensionValue, z)) {
                this.extensions.add(x509Extension);
            }
        } catch (IOException e) {
            throw newCertificateError(threadContext.runtime, e);
        }
    }

    private static RubyClass _CertificateError(Ruby ruby) {
        return X509._X509(ruby).getClass("CertificateError");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RubyClass _Certificate(Ruby ruby) {
        return X509._X509(ruby).getClass("Certificate");
    }

    public static RaiseException newCertificateError(Ruby ruby, Exception exc) {
        return Utils.newError(ruby, _CertificateError(ruby), exc);
    }

    static RaiseException newCertificateError(Ruby ruby, String str) {
        return Utils.newError(ruby, _CertificateError(ruby), str);
    }

    static RaiseException newCertificateError(Ruby ruby, String str, Exception exc) {
        return Utils.newError(ruby, _CertificateError(ruby), str, exc);
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod(visibility = Visibility.PRIVATE)
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        if (this == iRubyObject) {
            return this;
        }
        checkFrozen();
        return this;
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            return StringHelper.newString(getRuntime(), this.cert.getEncoded());
        } catch (CertificateEncodingException e) {
            throw newCertificateError(getRuntime(), e);
        }
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem() {
        StringWriter stringWriter = new StringWriter();
        try {
            PEMInputOutput.writeX509Certificate(stringWriter, getAuxCert());
            return getRuntime().newString(stringWriter.toString());
        } catch (IOException e) {
            throw getRuntime().newIOErrorFromException(e);
        }
    }

    @JRubyMethod
    public IRubyObject to_text(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        char[] cArr = StringHelper.S20;
        StringBuilder sb = new StringBuilder(240);
        sb.append("Certificate:\n");
        sb.append(cArr, 0, 4).append("Data:\n");
        int fix2int = this.version == null ? 0 : RubyNumeric.fix2int(this.version);
        sb.append(cArr, 0, 8).append("Version: ").append(fix2int + 1).append(" (0x").append(Integer.toString(fix2int, 16)).append(")\n");
        sb.append(cArr, 0, 8).append("Serial Number:");
        if (this.serial.compareTo(new BigInteger("FFFFFFFFFFFFFFFF", 16)) > 0) {
            sb.append('\n');
            sb.append(cArr, 0, 12).append((CharSequence) StringHelper.lowerHexBytes(this.serial.toByteArray(), 1)).append('\n');
        } else {
            sb.append(' ').append(this.serial.toString(10)).append(' ');
            sb.append('(').append("0x").append(this.serial.toString(16)).append(')').append('\n');
        }
        sb.append(cArr, 0, 4).append("Signature Algorithm: ").append(signature_algorithm()).append('\n');
        sb.append(cArr, 0, 8).append("Issuer: ").append(this.issuer).append('\n');
        sb.append(cArr, 0, 8).append("Validity\n");
        sb.append(cArr, 0, 12).append("Not Before: ");
        StringHelper.appendGMTDateTime(sb, getNotBefore()).append('\n');
        sb.append(cArr, 0, 12).append("Not After : ");
        StringHelper.appendGMTDateTime(sb, getNotAfter()).append('\n');
        sb.append(cArr, 0, 8).append("Subject: ").append(subject()).append('\n');
        sb.append(cArr, 0, 8).append("Subject Public Key Info:\n");
        PublicKey publicKey = getPublicKey();
        sb.append(cArr, 0, 12).append("Public Key Algorithm: ").append(publicKey.getAlgorithm()).append('\n');
        if ("RSA".equals(publicKey.getAlgorithm())) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            sb.append(cArr, 0, 16).append("Public-Key: (").append(rSAPublicKey.getModulus().bitLength()).append(" bit)\n");
            sb.append(cArr, 0, 16).append("Modulus:\n");
            StringHelper.appendLowerHexValue(sb, rSAPublicKey.getModulus().toByteArray(), 20, 45);
            BigInteger publicExponent = rSAPublicKey.getPublicExponent();
            sb.append(cArr, 0, 16).append("Exponent: ").append(publicExponent).append(" (0x").append(publicExponent.toString(16)).append(")\n");
        } else if (ASN1Registry.SN_dsa.equals(publicKey.getAlgorithm())) {
            sb.append(cArr, 0, 16).append("Public-Key: (").append(((DSAPublicKey) publicKey).getY().bitLength()).append(" bit)\n");
            sb.append(cArr, 0, 16).append("TODO: not-implemented (PR HOME-WORK)").append('\n');
        } else {
            sb.append(cArr, 0, 16).append("TODO: not-implemented (PRs WELCOME!)").append('\n');
        }
        if (this.extensions != null && this.extensions.size() > 0) {
            sb.append(cArr, 0, 8).append("X509v3 extensions:\n");
            X509CRL.extensions_to_text(threadContext, this.extensions, sb, 12);
        }
        sb.append(cArr, 0, 4).append("Signature Algorithm: ").append(signature_algorithm()).append('\n');
        StringHelper.appendLowerHexValue(sb, getSignature(), 9, 54);
        return RubyString.newString(ruby, sb);
    }

    @Override // org.jruby.RubyBasicObject, org.jruby.runtime.builtin.IRubyObject
    @JRubyMethod
    public IRubyObject inspect() {
        ArrayList arrayList = new ArrayList(5);
        arrayList.add(new VariableEntry("subject", subject().isNil() ? "nil" : subject().asString().toString()));
        arrayList.add(new VariableEntry("issuer", issuer().isNil() ? "nil" : issuer().asString().toString()));
        arrayList.add(new VariableEntry("serial", serial().isNil() ? "nil" : serial().asString().toString()));
        arrayList.add(new VariableEntry("not_before", not_before().isNil() ? "nil" : not_before().toString()));
        arrayList.add(new VariableEntry("not_after", not_after().isNil() ? "nil" : not_after().toString()));
        return ObjectSupport.inspect(this, arrayList);
    }

    @JRubyMethod
    public IRubyObject version() {
        if (this.version != null) {
            return this.version;
        }
        RubyFixnum newFixnum = getRuntime().newFixnum(0);
        this.version = newFixnum;
        return newFixnum;
    }

    @JRubyMethod(name = {"version="})
    public IRubyObject set_version(IRubyObject iRubyObject) {
        if (!version().equals(iRubyObject)) {
            this.changed = true;
        }
        this.version = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject signature_algorithm() {
        return this.sig_alg;
    }

    private byte[] getSignature() {
        return this.cert.getSignature();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BigInteger getSerial() {
        return this.serial;
    }

    @JRubyMethod
    public IRubyObject serial() {
        return BN.newBN(getRuntime(), this.serial);
    }

    @JRubyMethod(name = {"serial="})
    public IRubyObject set_serial(IRubyObject iRubyObject) {
        String rubyString = iRubyObject.asString().toString();
        BigInteger bigInteger = rubyString.equals("0") ? BigInteger.ONE : new BigInteger(rubyString);
        this.changed = !bigInteger.equals(this.serial);
        this.serial = bigInteger;
        return iRubyObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Name getSubject() {
        return (X509Name) this.subject;
    }

    @JRubyMethod
    public IRubyObject subject() {
        return this.subject;
    }

    @JRubyMethod(name = {"subject="})
    public IRubyObject set_subject(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.subject)) {
            this.changed = true;
        }
        this.subject = iRubyObject;
        return iRubyObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Name getIssuer() {
        return (X509Name) this.issuer;
    }

    @JRubyMethod
    public IRubyObject issuer() {
        return this.issuer;
    }

    @JRubyMethod(name = {"issuer="})
    public IRubyObject set_issuer(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.issuer)) {
            this.changed = true;
        }
        this.issuer = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject not_before() {
        return this.not_before == null ? getRuntime().getNil() : this.not_before;
    }

    @JRubyMethod(name = {"not_before="})
    public IRubyObject set_not_before(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        this.not_before = (RubyTime) iRubyObject.callMethod(threadContext, "getutc");
        this.not_before.setMicroseconds(0L);
        return iRubyObject;
    }

    DateTime getNotBefore() {
        if (this.not_before == null) {
            return null;
        }
        return this.not_before.getDateTime();
    }

    @JRubyMethod
    public IRubyObject not_after() {
        return this.not_after == null ? getRuntime().getNil() : this.not_after;
    }

    @JRubyMethod(name = {"not_after="})
    public IRubyObject set_not_after(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        this.not_after = (RubyTime) iRubyObject.callMethod(threadContext, "getutc");
        this.not_after.setMicroseconds(0L);
        return iRubyObject;
    }

    DateTime getNotAfter() {
        if (this.not_after == null) {
            return null;
        }
        return this.not_after.getDateTime();
    }

    @JRubyMethod
    public IRubyObject public_key(ThreadContext threadContext) {
        if (this.public_key == null) {
            initializePublicKey();
        }
        return this.public_key;
    }

    @JRubyMethod(name = {"public_key="})
    public IRubyObject set_public_key(IRubyObject iRubyObject) {
        if (!(iRubyObject instanceof PKey)) {
            throw getRuntime().newTypeError("OpenSSL::PKey::PKey expected but got " + iRubyObject.getMetaClass().getName());
        }
        if (!iRubyObject.equals(this.public_key)) {
            this.changed = true;
        }
        PKey pKey = (PKey) iRubyObject;
        this.public_key = pKey;
        return pKey;
    }

    private PublicKey getPublicKey() {
        if (this.public_key == null) {
            initializePublicKey();
        }
        return this.public_key.getPublicKey();
    }

    private void initializePublicKey() throws RaiseException {
        String str;
        Ruby runtime = getRuntime();
        boolean z = this.changed;
        if (this.cert == null) {
            throw newCertificateError(runtime, "no certificate");
        }
        PublicKey publicKey = this.cert.getPublicKey();
        String algorithm = publicKey.getAlgorithm();
        if ("RSA".equalsIgnoreCase(algorithm)) {
            set_public_key(PKeyRSA.newInstance(runtime, publicKey));
        } else if (ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm)) {
            set_public_key(PKeyDSA.newInstance(runtime, publicKey));
        } else {
            if (!"EC".equalsIgnoreCase(algorithm)) {
                str = "unsupported algorithm";
                throw newCertificateError(runtime, algorithm != null ? str + " '" + algorithm + "'" : "unsupported algorithm");
            }
            set_public_key(PKeyEC.newInstance(runtime, publicKey));
        }
        this.changed = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.lang.Exception] */
    @JRubyMethod
    public IRubyObject sign(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        String asJavaString;
        String str;
        Ruby ruby = threadContext.runtime;
        if (!(iRubyObject instanceof PKey)) {
            throw ruby.newTypeError(iRubyObject, PKey._PKey(ruby).getClass("PKey"));
        }
        String algorithm = ((PKey) iRubyObject).getAlgorithm();
        if (iRubyObject2 instanceof Digest) {
            asJavaString = ((Digest) iRubyObject2).getShortAlgorithm();
            str = ((Digest) iRubyObject2).getName();
        } else {
            if (!(iRubyObject2 instanceof RubyString)) {
                throw ruby.newTypeError(iRubyObject2, Digest._Digest(ruby));
            }
            asJavaString = iRubyObject2.asJavaString();
            str = null;
        }
        if ((ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(asJavaString)) || ("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(str))) {
            throw newCertificateError(ruby, "signature_algorithm not supported");
        }
        X509v3CertificateBuilder newCertificateBuilder = newCertificateBuilder();
        for (X509Extension x509Extension : uniqueExtensions()) {
            try {
                newCertificateBuilder.addExtension(x509Extension.getRealObjectID(), x509Extension.isRealCritical(), x509Extension.getRealValueEncoded());
            } catch (IOException e) {
                throw newCertificateError(ruby, "invalid extension (" + e.getMessage() + ")", e);
            }
        }
        try {
            X509CertificateHolder build = newCertificateBuilder.build(new JcaContentSignerBuilder(asJavaString + "WITH" + algorithm).build(((PKey) iRubyObject).getPrivateKey()));
            try {
                this.cert = (X509Certificate) SecurityHelper.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(build.getEncoded()));
                String o2a = ASN1Registry.o2a(build.getSignatureAlgorithm().getAlgorithm());
                if (o2a == null) {
                    o2a = this.cert.getSigAlgOID();
                }
                this.sig_alg = ruby.newString(o2a);
                this.changed = false;
                return this;
            } catch (IOException | CertificateException e2) {
                throw newCertificateError(ruby, "could not re-generate certificate", e2);
            }
        } catch (IllegalStateException e3) {
            throw newCertificateError(ruby, "could not generate certificate", e3);
        } catch (RuntimeException e4) {
            throw newCertificateError(ruby, e4);
        } catch (OperatorCreationException e5) {
            OperatorCreationException operatorCreationException = (Exception) e5.getCause();
            if (operatorCreationException == null) {
                operatorCreationException = e5;
            }
            throw newCertificateError(ruby, "cannot create signer: " + operatorCreationException.getMessage(), operatorCreationException);
        }
    }

    private X509v3CertificateBuilder newCertificateBuilder() {
        try {
            return new X509v3CertificateBuilder(this.issuer == null ? null : ((X509Name) this.issuer).getX500Name(), this.serial.abs(), this.not_before.getJavaDate(), this.not_after.getJavaDate(), this.subject == null ? null : ((X509Name) this.subject).getX500Name(), SubjectPublicKeyInfo.getInstance(this.public_key.getPublicKey().getEncoded()));
        } catch (Exception e) {
            throw newCertificateError(getRuntime(), "invalid public key data", e);
        }
    }

    @JRubyMethod
    public RubyBoolean verify(IRubyObject iRubyObject) {
        Ruby runtime = getRuntime();
        if (this.changed) {
            return runtime.getFalse();
        }
        try {
            this.cert.verify(((PKey) iRubyObject).getPublicKey());
            return runtime.getTrue();
        } catch (InvalidKeyException e) {
            OpenSSL.debug(runtime, "Certificate#verify failed", e);
            return runtime.getFalse();
        } catch (NoSuchAlgorithmException e2) {
            OpenSSL.debugStackTrace(runtime, e2);
            throw newCertificateError(runtime, e2);
        } catch (NoSuchProviderException e3) {
            OpenSSL.debugStackTrace(runtime, e3);
            throw newCertificateError(runtime, e3);
        } catch (SignatureException e4) {
            OpenSSL.debug(runtime, "Certificate#verify failed", e4);
            return runtime.getFalse();
        } catch (CertificateException e5) {
            OpenSSL.debugStackTrace(runtime, "Certificate#verify failed", e5);
            throw newCertificateError(runtime, e5);
        }
    }

    @JRubyMethod
    public RubyBoolean check_private_key(IRubyObject iRubyObject) {
        return this.cert.getPublicKey().equals(((PKey) iRubyObject).getPublicKey()) ? getRuntime().getTrue() : getRuntime().getFalse();
    }

    @JRubyMethod
    public RubyArray extensions() {
        return getRuntime().newArray(this.extensions);
    }

    @JRubyMethod(name = {"extensions="})
    public IRubyObject set_extensions(IRubyObject iRubyObject) {
        this.extensions.clear();
        this.extensions.addAll((List) iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject add_extension(IRubyObject iRubyObject) {
        this.changed = true;
        this.extensions.add((X509Extension) iRubyObject);
        return iRubyObject;
    }

    private Collection<X509Extension> uniqueExtensions() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (X509Extension x509Extension : this.extensions) {
            ASN1ObjectIdentifier realObjectID = x509Extension.getRealObjectID();
            X509Extension x509Extension2 = (X509Extension) linkedHashMap.get(realObjectID);
            if (x509Extension2 == null) {
                linkedHashMap.put(realObjectID, x509Extension);
            } else if (ASN1Registry.OBJ_subject_alt_name.equals(realObjectID.getId()) || ASN1Registry.OBJ_issuer_alt_name.equals(realObjectID.getId())) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                try {
                    for (GeneralName generalName : extRealNames(x509Extension2)) {
                        aSN1EncodableVector.add(generalName);
                    }
                    for (GeneralName generalName2 : extRealNames(x509Extension)) {
                        aSN1EncodableVector.add(generalName2);
                    }
                    GeneralNames generalNames = GeneralNames.getInstance(new DLSequence(aSN1EncodableVector));
                    X509Extension m3378clone = x509Extension2.m3378clone();
                    m3378clone.setRealValue(generalNames);
                    linkedHashMap.put(realObjectID, m3378clone);
                } catch (IOException e) {
                    throw getRuntime().newIOErrorFromException(e);
                }
            } else {
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                try {
                    ASN1Encodable realValue = x509Extension2.getRealValue();
                    if (realValue instanceof ASN1Sequence) {
                        ASN1Sequence aSN1Sequence = (ASN1Sequence) realValue;
                        for (int i = 0; i < aSN1Sequence.size(); i++) {
                            aSN1EncodableVector2.add(aSN1Sequence.getObjectAt(i));
                        }
                    } else {
                        aSN1EncodableVector2.add(realValue);
                    }
                    aSN1EncodableVector2.add(x509Extension.getRealValue());
                    X509Extension m3378clone2 = x509Extension2.m3378clone();
                    m3378clone2.setRealValue(new DLSequence(aSN1EncodableVector2));
                    linkedHashMap.put(realObjectID, m3378clone2);
                } catch (IOException e2) {
                    throw getRuntime().newIOErrorFromException(e2);
                }
            }
        }
        return linkedHashMap.values();
    }

    private static GeneralName[] extRealNames(X509Extension x509Extension) throws IOException {
        ASN1Encodable realValue = x509Extension.getRealValue();
        return realValue instanceof GeneralName ? new GeneralName[]{(GeneralName) realValue} : GeneralNames.getInstance(realValue).getNames();
    }

    @Override // org.jruby.RubyBasicObject, org.jruby.runtime.builtin.IRubyObject
    public Object toJava(Class cls) {
        return cls.isAssignableFrom(X509Certificate.class) ? cls == X509AuxCertificate.class ? getAuxCert() : this.cert : super.toJava(cls);
    }
}
