package ghidra.net;

import ghidra.util.Msg;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;

/* loaded from: input_file:ghidra/net/ApplicationKeyStore.class */
class ApplicationKeyStore {
    private ApplicationKeyStore() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore getCertificateStoreInstance(String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        int i = 0;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                    if (generateCertificate instanceof X509Certificate) {
                        keyStore.setCertificateEntry(getCommonName(((X509Certificate) generateCertificate).getSubjectDN()), generateCertificate);
                        i++;
                    }
                } catch (CertificateException e) {
                    Throwable cause = e.getCause();
                    if (cause == null || !"Empty input".equals(cause.getMessage())) {
                        throw e;
                    }
                }
            }
            return i == 0 ? getKeyStoreInstance(str, null) : keyStore;
        } finally {
            bufferedInputStream.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore getKeyStoreInstance(String str, char[] cArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(ApplicationKeyManagerUtils.PKCS_FILENAME_FILTER.accept(new File(str)) ? "PKCS12" : SslConfigurationDefaults.KEYSTORE_TYPE);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
        try {
            keyStore.load(bufferedInputStream, cArr);
            bufferedInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            bufferedInputStream.close();
            throw th;
        }
    }

    private static String getCommonName(Principal principal) {
        String name = principal.getName();
        int indexOf = name.indexOf(44);
        String substring = indexOf < 0 ? name : name.substring(0, indexOf);
        int indexOf2 = substring.indexOf(61);
        if (indexOf2 <= 0) {
            return name;
        }
        return !substring.substring(0, indexOf2).trim().equalsIgnoreCase("CN") ? name : substring.substring(indexOf2 + 1).trim();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logCerts(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null) {
                    if (certificate instanceof X509Certificate) {
                        logCert(nextElement, (X509Certificate) certificate);
                    } else {
                        Msg.warn(ApplicationKeyStore.class, "Ignore unrecognized certificate: alias=" + nextElement + ", type=" + certificate.getType());
                    }
                }
            }
        } catch (KeyStoreException e) {
            Msg.error(ApplicationKeyStore.class, "KeyStore failure", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logCerts(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            logCert(null, x509Certificate);
        }
    }

    static void logCert(String str, X509Certificate x509Certificate) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        Date date = new Date();
        String str2 = str != null ? str + ": " : "";
        if (date.compareTo(x509Certificate.getNotAfter()) > 0) {
            Msg.warn(ApplicationKeyStore.class, "   " + str2 + getCommonName(subjectX500Principal) + ", issued by " + getCommonName(issuerX500Principal) + ", S/N " + x509Certificate.getSerialNumber().toString(16) + ", expired " + String.valueOf(x509Certificate.getNotAfter()) + " **EXPIRED**");
        } else {
            Msg.info(ApplicationKeyStore.class, "   " + str2 + getCommonName(subjectX500Principal) + ", issued by " + getCommonName(issuerX500Principal) + ", S/N " + x509Certificate.getSerialNumber().toString(16) + ", expires " + String.valueOf(x509Certificate.getNotAfter()));
        }
    }
}
