package org.openscdp.pkidm;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.encoders.Base64;
import org.jdbi.v3.core.Handle;
import org.openscdp.pkidb.dao.CertificateDAO;
import org.openscdp.pkidb.dao.HolderDAO;
import org.openscdp.pkidb.dto.CertificateDTO;
import org.openscdp.pkidb.dto.HolderDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openscdp/pkidm/X509CertificateStore.class */
public class X509CertificateStore {
    static final Logger logger = LoggerFactory.getLogger(X509CertificateStore.class);

    public static boolean isRootCertificate(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
    }

    public static byte[] getSubjectKeyId(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        return SubjectKeyIdentifier.getInstance(DEROctetString.getInstance(extensionValue).getOctets()).getKeyIdentifier();
    }

    public static byte[] getAuthorityKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.35");
        if (extensionValue == null) {
            return null;
        }
        return AuthorityKeyIdentifier.getInstance(DEROctetString.getInstance(extensionValue).getOctets()).getKeyIdentifier();
    }

    public static CertificateDTO toCertificateDTO(X509Certificate x509Certificate, byte[] bArr, long j, long j2) throws CertificateEncodingException {
        CertificateDTO certificateDTO = new CertificateDTO();
        certificateDTO.setBytes(x509Certificate.getEncoded());
        certificateDTO.setKeyId(bArr);
        certificateDTO.setHolderId(Long.valueOf(j));
        certificateDTO.setExpiry(Long.valueOf(x509Certificate.getNotAfter().getTime()));
        if (isRootCertificate(x509Certificate)) {
            certificateDTO.setLinkDir(1);
        } else {
            certificateDTO.setLinkDir(0);
        }
        certificateDTO.setSerial(x509Certificate.getSerialNumber().toString());
        certificateDTO.setServiceRequestId(Long.valueOf(j2));
        return certificateDTO;
    }

    public static X509Certificate toX509Certificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(bArr)));
    }

    public static X509Certificate toX509Certificate(String str) throws CertificateException, IOException {
        return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) new PEMParser(new StringReader(str)).readObject());
    }

    public static CertificateDTO importCertificate(X509Certificate x509Certificate, Long l, boolean z, long j) throws CertificateException {
        CertificateDTO certificateDTO;
        boolean z2 = false;
        Handle open = PKIDMContext.getJDBI().open();
        try {
            CertificateDAO certificateDAO = (CertificateDAO) open.attach(CertificateDAO.class);
            byte[] authorityKeyIdentifier = getAuthorityKeyIdentifier(x509Certificate);
            byte[] subjectKeyId = getSubjectKeyId(x509Certificate);
            List<CertificateDTO> certificateByKeyId = certificateDAO.getCertificateByKeyId(subjectKeyId);
            Long l2 = null;
            if (certificateByKeyId.isEmpty()) {
                HolderDAO holderDAO = (HolderDAO) open.attach(HolderDAO.class);
                String name = x509Certificate.getSubjectX500Principal().getName();
                if (name.length() > 100) {
                    name = name.substring(0, 100);
                }
                if (isRootCertificate(x509Certificate)) {
                    l2 = holderDAO.getRootHolderId(2, name);
                    if (l2 == null) {
                        HolderDTO holderDTO = new HolderDTO();
                        holderDTO.setName(name);
                        holderDTO.setCertificateType(2);
                        if (l != null) {
                            holderDTO.setSubjectId(l);
                        }
                        l2 = holderDAO.insert(holderDTO);
                    }
                } else {
                    List certificateByKeyId2 = certificateDAO.getCertificateByKeyId(authorityKeyIdentifier);
                    if (certificateByKeyId2.isEmpty()) {
                        throw new CertificateException("Invalid certificate path for " + String.valueOf(x509Certificate));
                    }
                    long longValue = ((CertificateDTO) certificateByKeyId2.get(0)).getHolderId().longValue();
                    if (l != null) {
                        try {
                            l2 = holderDAO.getHolderId(2, Long.valueOf(longValue), l);
                        } catch (Exception e) {
                            new CertificateException(e);
                        }
                    } else {
                        l2 = holderDAO.getHolderId(2, Long.valueOf(longValue), name);
                    }
                    if (l2 == null) {
                        HolderDTO holderDTO2 = new HolderDTO();
                        holderDTO2.setName(name);
                        holderDTO2.setCertificateType(2);
                        holderDTO2.setParentId(Long.valueOf(longValue));
                        if (l != null) {
                            holderDTO2.setSubjectId(l);
                        }
                        l2 = holderDAO.insert(holderDTO2);
                    }
                }
                certificateDTO = toCertificateDTO(x509Certificate, subjectKeyId, l2.longValue(), j);
            } else {
                l2 = ((CertificateDTO) certificateByKeyId.get(0)).getHolderId();
                certificateDTO = toCertificateDTO(x509Certificate, subjectKeyId, l2.longValue(), j);
                CertificateDTO certificateDTO2 = null;
                for (CertificateDTO certificateDTO3 : certificateByKeyId) {
                    if (certificateDTO2 == null || certificateDTO3.getExpiry().longValue() > certificateDTO2.getExpiry().longValue()) {
                        certificateDTO2 = certificateDTO3;
                    }
                    if (Arrays.equals(certificateDTO.getBytes(), certificateDTO3.getBytes())) {
                        logger.debug("Certificate does already exists");
                        if (open != null) {
                            open.close();
                        }
                        return certificateDTO3;
                    }
                }
                if (certificateDTO.getExpiry().longValue() <= certificateDTO2.getExpiry().longValue()) {
                    logger.debug("The certificate " + String.valueOf(certificateDTO) + " is outdated by " + String.valueOf(certificateDTO2));
                    CertificateDTO certificateDTO4 = certificateDTO2;
                    if (open != null) {
                        open.close();
                    }
                    return certificateDTO4;
                }
                z2 = true;
            }
            if (z2 || certificateByKeyId.isEmpty()) {
                logger.info("Import certificate " + String.valueOf(certificateDTO));
                certificateDAO.create(certificateDTO);
                if (z) {
                    ((HolderDAO) open.attach(HolderDAO.class)).updateCurrentCertificate(certificateDTO.getId(), l2);
                }
            }
            CertificateDTO certificateDTO5 = certificateDTO;
            if (open != null) {
                open.close();
            }
            return certificateDTO5;
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
