package uk.ac.starlink.auth.ssl;

import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.x500.X500Principal;
import uk.ac.starlink.topcat.contrib.gavo.GavoCSVTableParser;

/* loaded from: input_file:uk/ac/starlink/auth/ssl/X509CertificateChain.class */
public class X509CertificateChain {
    public static final String CERT_BEGIN = "-----BEGIN CERTIFICATE-----";
    public static final String CERT_END = "-----END CERTIFICATE-----";
    public static final String PRIVATE_KEY_BEGIN = "-----BEGIN RSA PRIVATE KEY-----";
    public static final String PRIVATE_KEY_END = "-----END RSA PRIVATE KEY-----";
    public static final String NEW_LINE = System.getProperty("line.separator");
    private X500Principal principal;
    private X509Certificate endEntity;
    private X509Certificate[] chain;
    private PrivateKey key;
    private boolean isProxy;
    private Date expiryDate;
    private String csrString;
    private String hashKey;

    public X509CertificateChain(X500Principal x500Principal, PrivateKey privateKey, String str) {
        this.principal = x500Principal;
        this.csrString = str;
        this.key = privateKey;
        this.hashKey = genHashKey(x500Principal);
        this.chain = null;
        this.endEntity = null;
    }

    public X509CertificateChain(Collection<X509Certificate> collection) {
        if (collection == null || collection.isEmpty()) {
            throw new IllegalArgumentException("cannot create X509CertificateChain with no certficates");
        }
        this.chain = (X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]);
        genExpiryDate();
        initPrincipal();
        this.hashKey = genHashKey(this.principal);
    }

    public X509CertificateChain(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("cannot create X509CertificateChain with no certficates");
        }
        this.chain = x509CertificateArr;
        genExpiryDate();
        this.key = privateKey;
        initPrincipal();
        this.hashKey = genHashKey(this.principal);
    }

    private void initPrincipal() {
        for (X509Certificate x509Certificate : this.chain) {
            this.endEntity = x509Certificate;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            String name = subjectX500Principal.getName("RFC1779");
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (name.endsWith(issuerX500Principal.getName("RFC1779"))) {
                this.principal = issuerX500Principal;
                this.isProxy = true;
            } else {
                this.principal = subjectX500Principal;
            }
        }
        String canonizeDistinguishedName = canonizeDistinguishedName(this.principal.getName());
        if (canonizeDistinguishedName.lastIndexOf("cn=") > -1) {
            canonizeDistinguishedName = canonizeDistinguishedName.substring(canonizeDistinguishedName.lastIndexOf("cn="));
        }
        this.principal = new X500Principal(canonizeDistinguishedName);
    }

    public static X509CertificateChain findPrivateKeyChain(Set<Object> set) {
        for (Object obj : set) {
            if (obj instanceof X509CertificateChain) {
                X509CertificateChain x509CertificateChain = (X509CertificateChain) obj;
                if (x509CertificateChain.getPrivateKey() != null) {
                    return x509CertificateChain;
                }
            }
        }
        return null;
    }

    public String certificateString() {
        if (this.chain == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (X509Certificate x509Certificate : this.chain) {
            try {
                stringBuffer.append(CERT_BEGIN);
                stringBuffer.append(NEW_LINE);
                stringBuffer.append(Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
                stringBuffer.append(CERT_END);
                stringBuffer.append(NEW_LINE);
            } catch (CertificateEncodingException e) {
                e.printStackTrace();
                throw new RuntimeException("Cannot encode X509Certificate to byte[].", e);
            }
        }
        stringBuffer.deleteCharAt(stringBuffer.length() - 1);
        return stringBuffer.toString();
    }

    public static String genHashKey(X500Principal x500Principal) {
        return Integer.toString(canonizeDistinguishedName(x500Principal.getName()).hashCode());
    }

    private void genExpiryDate() {
        Date date = null;
        for (X509Certificate x509Certificate : this.chain) {
            Date notAfter = x509Certificate.getNotAfter();
            if (notAfter != null && (date == null || notAfter.before(date))) {
                date = notAfter;
            }
        }
        this.expiryDate = date;
    }

    public void setExpiryDate(Date date) {
        this.expiryDate = date;
    }

    public Date getExpiryDate() {
        return this.expiryDate;
    }

    public void setCsrString(String str) {
        this.csrString = str;
    }

    public String getCsrString() {
        return this.csrString;
    }

    public X500Principal getPrincipal() {
        return this.principal;
    }

    public void setPrincipal(X500Principal x500Principal) {
        this.principal = x500Principal;
    }

    public PrivateKey getKey() {
        return this.key;
    }

    public void setKey(PrivateKey privateKey) {
        this.key = privateKey;
    }

    public void setChain(X509Certificate[] x509CertificateArr) {
        this.chain = x509CertificateArr;
        genExpiryDate();
    }

    public void setHashKey(String str) {
        this.hashKey = str;
    }

    public String getHashKey() {
        return this.hashKey;
    }

    public X500Principal getX500Principal() {
        return this.principal;
    }

    public X509Certificate[] getChain() {
        return this.chain;
    }

    public PrivateKey getPrivateKey() {
        return this.key;
    }

    public boolean isProxy() {
        return this.isProxy;
    }

    public X509Certificate getEndEntity() {
        return this.endEntity;
    }

    private static String canonizeDistinguishedName(String str) {
        try {
            return getOrderedForm(new X500Principal(str)).getName().trim().toLowerCase();
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid DN: " + str, e);
        }
    }

    private static X500Principal getOrderedForm(X500Principal x500Principal) {
        try {
            List rdns = new LdapName(x500Principal.getName("RFC2253")).getRdns();
            boolean z = "CN".equalsIgnoreCase(((Rdn) rdns.get(0)).getType()) || "C".equalsIgnoreCase(((Rdn) rdns.get(rdns.size() - 1)).getType());
            StringBuilder sb = new StringBuilder();
            if (z) {
                Iterator it = rdns.iterator();
                while (it.hasNext()) {
                    sb.append(((Rdn) it.next()).toString());
                    sb.append(GavoCSVTableParser.DEFAULT_DELIMITER);
                }
            } else {
                for (int size = rdns.size() - 1; size >= 0; size--) {
                    sb.append(rdns.get(size));
                    sb.append(GavoCSVTableParser.DEFAULT_DELIMITER);
                }
            }
            return new X500Principal(sb.substring(0, sb.length() - 1));
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("invalid DN: " + x500Principal.getName(), e);
        }
    }
}
