package org.nhindirect.common.crypto;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Store;
import org.nhindirect.common.cert.SignerCertPair;
import org.nhindirect.common.cert.Thumbprint;
import org.nhindirect.common.options.OptionsManager;
import org.nhindirect.common.options.OptionsParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/direct-common-8.0.0.jar:org/nhindirect/common/crypto/CryptoExtensions.class */
public class CryptoExtensions {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CryptoExtensions.class);
    private static final String DEFAULT_JCE_PROVIDER_STRING = "BC";
    private static final String DEFAULT_SENSITIVE_JCE_PROVIDER_STRING = "BC";
    private static final String DEFAULT_JCE_PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final String DEFAULT_SENSITIVE_JCE_PROVIDER_CLASS = "org.bouncycastle.jce.provider.BouncyCastleProvider";
    private static final int RFC822Name_TYPE = 1;
    private static final int DNSName_TYPE = 2;
    private static CertificateFactory certFactory;

    public static void registerJCEProviders() {
        registerJCEProviders(null);
    }

    public static void registerJCEProviders(ClassLoader classLoader) {
        Class<?> loadClass;
        Class<?> loadClass2;
        OptionsParameter parameter = OptionsManager.getInstance().getParameter(OptionsParameter.JCE_PROVIDER_CLASSES);
        for (String str : (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? new String[]{"org.bouncycastle.jce.provider.BouncyCastleProvider"} : parameter.getParamValue().split(",")) {
            if (classLoader == null) {
                try {
                    loadClass2 = CryptoExtensions.class.getClassLoader().loadClass(str);
                } catch (Exception e) {
                    throw new IllegalStateException("Could not load and/or register JCE provider " + str, e);
                }
            } else {
                loadClass2 = classLoader.loadClass(str);
            }
            Provider provider = (Provider) Provider.class.cast(loadClass2.newInstance());
            if (Security.getProvider(provider.getName()) == null) {
                Security.addProvider(provider);
            }
        }
        OptionsParameter parameter2 = OptionsManager.getInstance().getParameter(OptionsParameter.JCE_SENSITIVE_PROVIDER_CLASSES);
        for (String str2 : (parameter2 == null || parameter2.getParamValue() == null || parameter2.getParamValue().isEmpty()) ? new String[]{"org.bouncycastle.jce.provider.BouncyCastleProvider"} : parameter2.getParamValue().split(",")) {
            try {
                Provider provider2 = null;
                String[] split = str2.split(";");
                if (split.length > 1) {
                    loadClass = CryptoExtensions.class.getClassLoader().loadClass(split[0]);
                    try {
                        provider2 = (Provider) ((Constructor) Constructor.class.cast(loadClass.getConstructor(String.class))).newInstance(split[1]);
                    } catch (InvocationTargetException e2) {
                        if (e2.getTargetException() instanceof IllegalStateException) {
                            log.warn("Could not create a JCE Provider with the specific parameter: {}", split[1], e2);
                        } else {
                            log.warn("JCE Provider param {} provided but not supported by JCE Provider implementation: {}", split[1], e2.getMessage(), e2);
                        }
                    }
                } else {
                    loadClass = CryptoExtensions.class.getClassLoader().loadClass(str2);
                }
                if (provider2 == null) {
                    provider2 = (Provider) Provider.class.cast(loadClass.newInstance());
                }
                if (Security.getProvider(provider2.getName()) == null) {
                    Security.addProvider(provider2);
                }
            } catch (Exception e3) {
                throw new IllegalStateException("Could not load and/or register sensitive JCE provider " + str2, e3);
            }
        }
    }

    public static String getJCEProviderName() {
        OptionsParameter parameter = OptionsManager.getInstance().getParameter("JCE_PROVIDER");
        return (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? BouncyCastleProvider.PROVIDER_NAME : parameter.getParamValue().split(",")[0];
    }

    public static String getJCESensitiveProviderName() {
        OptionsParameter parameter = OptionsManager.getInstance().getParameter("JCE_SENTITIVE_PROVIDER");
        return (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? BouncyCastleProvider.PROVIDER_NAME : parameter.getParamValue().split(",")[0];
    }

    public static String getJCEProviderNameForTypeAndAlgorithm(String str, String str2) {
        String str3 = "";
        OptionsParameter parameter = OptionsManager.getInstance().getParameter("JCE_PROVIDER");
        String[] split = (parameter == null || parameter.getParamValue() == null || parameter.getParamValue().isEmpty()) ? new String[]{BouncyCastleProvider.PROVIDER_NAME} : parameter.getParamValue().split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i < length) {
                String str4 = split[i];
                Provider provider = Security.getProvider(str4);
                if (provider != null && provider.getService(str, str2) != null) {
                    str3 = str4;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        return str3;
    }

    public static void setJCEProviderName(String str) {
        OptionsManager.getInstance().setOptionsParameter((str == null || str.isEmpty()) ? new OptionsParameter("JCE_PROVIDER", BouncyCastleProvider.PROVIDER_NAME) : new OptionsParameter("JCE_PROVIDER", str));
    }

    public static boolean isEqualThumbprint(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        return Thumbprint.toThumbprint(x509Certificate).equals(Thumbprint.toThumbprint(x509Certificate2));
    }

    public static boolean containsEmailAddressInSubjectAltName(X509Certificate x509Certificate, String str) {
        String replaceFirst = str.toLowerCase(Locale.getDefault()).startsWith("emailaddress=") ? str.toLowerCase().replaceFirst("^emailaddress=", "") : str;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return false;
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() >= 2) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 1 || num.intValue() == 2) {
                        if (((String) list.get(1)).toLowerCase(Locale.getDefault()).equals(replaceFirst.toLowerCase())) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (CertificateParsingException e) {
            return false;
        }
    }

    public static boolean certSubjectContainsName(X509Certificate x509Certificate, String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Name cannot be null or empty.");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Certificate cannot be null.");
        }
        String replaceFirst = str.toLowerCase(Locale.getDefault()).startsWith("emailaddress=") ? str.toLowerCase().replaceFirst("^emailaddress=", "") : str;
        String subjectAddress = getSubjectAddress(x509Certificate);
        if (subjectAddress == null || subjectAddress.isEmpty()) {
            return false;
        }
        return replaceFirst.toLowerCase(Locale.getDefault()).equals(subjectAddress.toLowerCase(Locale.getDefault()));
    }

    public static boolean matchName(X509Certificate x509Certificate, String str) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        return x509Certificate.getSubjectDN().getName().toUpperCase(Locale.getDefault()).contains(("CN=" + str).toUpperCase(Locale.getDefault()));
    }

    public static Collection<SignerCertPair> findSignersByName(CMSSignedData cMSSignedData, String str, Collection<String> collection) {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException();
        }
        ArrayList arrayList = null;
        try {
            Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
                if (matches != null && matches.size() > 0) {
                    X509Certificate x509Certificate = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(matches.iterator().next().getEncoded()));
                    if (certSubjectContainsName(x509Certificate, str)) {
                        boolean z = false;
                        if (collection != null) {
                            Iterator<String> it = collection.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                if (certSubjectContainsName(x509Certificate, it.next())) {
                                    z = true;
                                    break;
                                }
                            }
                        }
                        if (!z) {
                            if (arrayList == null) {
                                arrayList = new ArrayList();
                            }
                            arrayList.add(new SignerCertPair(signerInformation, convertToProfileProvidedCertImpl(x509Certificate)));
                        }
                    }
                }
            }
        } catch (Throwable th) {
        }
        return arrayList == null ? Collections.emptyList() : arrayList;
    }

    public static X509Certificate findCertByName(Collection<X509Certificate> collection, String str) {
        for (X509Certificate x509Certificate : collection) {
            if (certSubjectContainsName(x509Certificate, str)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static SignerCertPair findSignerByCert(CMSSignedData cMSSignedData, X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException();
        }
        try {
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                SignerId sid = signerInformation.getSID();
                if (sid.getIssuer().equals(x509Certificate.getIssuerX500Principal()) && sid.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                    return new SignerCertPair(signerInformation, x509Certificate);
                }
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private static X509Certificate convertToProfileProvidedCertImpl(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = null;
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(x509Certificate.getEncoded()));
            x509Certificate2 = (X509Certificate) certFactory.generateCertificate(bufferedInputStream);
            IOUtils.closeQuietly((InputStream) bufferedInputStream);
        } catch (Exception e) {
        }
        return x509Certificate2;
    }

    public static String getSubjectAddress(X509Certificate x509Certificate) {
        String str = "";
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (list.size() >= 2) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 1) {
                        str = (String) list.get(1);
                    } else if (num.intValue() == 2 && str.isEmpty()) {
                        str = (String) list.get(1);
                    }
                }
            }
        }
        return str;
    }

    static {
        try {
            certFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
        }
    }
}
