package net.i2p.crypto;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import net.i2p.I2PAppContext;
import net.i2p.crypto.provider.I2PProvider;
import net.i2p.data.Base64;
import net.i2p.data.DataHelper;
import net.i2p.data.SigningPublicKey;
import net.i2p.util.FileSuffixFilter;
import net.i2p.util.SecureFileOutputStream;
import net.i2p.util.SystemVersion;

/* loaded from: input_file:net/i2p/crypto/CertUtil.class */
public final class CertUtil {
    private static final String CERT_DIR = "certificates";
    private static final String REVOCATION_DIR = "revocations";
    private static final int LINE_LENGTH = 64;
    private static final long CHECK = 10368000000L;

    public static boolean saveCert(Certificate certificate, File file) {
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(file);
                exportCert(certificate, fileOutputStream);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                    }
                }
                return true;
            } catch (IOException e2) {
                error("Error writing X509 Certificate " + file.getAbsolutePath(), e2);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e3) {
                        return false;
                    }
                }
                return false;
            } catch (CertificateEncodingException e4) {
                error("Error writing X509 Certificate " + file.getAbsolutePath(), e4);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e5) {
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e6) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static void exportPrivateKey(PrivateKey privateKey, Certificate[] certificateArr, OutputStream outputStream) throws IOException, GeneralSecurityException {
        exportPrivateKey(privateKey, outputStream);
        if (certificateArr == null) {
            return;
        }
        for (Certificate certificate : certificateArr) {
            exportCert(certificate, outputStream);
        }
    }

    public static void exportCert(Certificate certificate, OutputStream outputStream) throws IOException, CertificateEncodingException {
        writePEM(certificate.getEncoded(), "CERTIFICATE", outputStream);
    }

    private static void exportPrivateKey(PrivateKey privateKey, OutputStream outputStream) throws IOException, InvalidKeyException {
        byte[] encoded = privateKey.getEncoded();
        if (encoded == null) {
            throw new InvalidKeyException("encoding unsupported for this key");
        }
        writePEM(encoded, "PRIVATE KEY", outputStream);
    }

    private static void writePEM(byte[] bArr, String str, OutputStream outputStream) throws IOException {
        PrintWriter printWriter = new PrintWriter(new OutputStreamWriter(outputStream, "UTF-8"));
        printWriter.println("-----BEGIN " + str + "-----");
        String encode = Base64.encode(bArr, true);
        for (int i = 0; i < encode.length(); i += 64) {
            printWriter.println(encode.substring(i, Math.min(i + 64, encode.length())));
        }
        printWriter.println("-----END " + str + "-----");
        printWriter.flush();
        if (printWriter.checkError()) {
            throw new IOException("Failed write to " + outputStream);
        }
    }

    public static Set<String> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet(8);
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                Iterator<List<?>> it = subjectAlternativeNames.iterator();
                while (it.hasNext()) {
                    try {
                        hashSet.add((String) it.next().get(1));
                    } catch (ClassCastException e) {
                    }
                }
            }
        } catch (GeneralSecurityException e2) {
        }
        return hashSet;
    }

    public static String getSubjectValue(X509Certificate x509Certificate, String str) {
        return getValue(x509Certificate.getSubjectX500Principal(), str);
    }

    public static String getIssuerValue(X509Certificate x509Certificate, String str) {
        return getValue(x509Certificate.getIssuerX500Principal(), str);
    }

    private static String getValue(X500Principal x500Principal, String str) {
        if (SystemVersion.isAndroid()) {
            error("Don't call this in Android", new UnsupportedOperationException("I did it"));
            return null;
        }
        if (x500Principal == null) {
            return null;
        }
        String upperCase = str.toUpperCase(Locale.US);
        String name = x500Principal.getName();
        try {
            Class<?> cls = Class.forName("javax.naming.ldap.LdapName");
            Object newInstance = cls.getConstructor(String.class).newInstance(name);
            Method declaredMethod = cls.getDeclaredMethod("getRdns", new Class[0]);
            Class<?> cls2 = Class.forName("javax.naming.ldap.Rdn");
            Method declaredMethod2 = cls2.getDeclaredMethod("getType", new Class[0]);
            Method declaredMethod3 = cls2.getDeclaredMethod("getValue", new Class[0]);
            for (Object obj : (List) declaredMethod.invoke(newInstance, new Object[0])) {
                if (upperCase.equals(((String) declaredMethod2.invoke(obj, new Object[0])).toUpperCase(Locale.US))) {
                    return (String) declaredMethod3.invoke(obj, new Object[0]);
                }
            }
            return null;
        } catch (ClassNotFoundException e) {
            return null;
        } catch (IllegalAccessException e2) {
            return null;
        } catch (InstantiationException e3) {
            return null;
        } catch (NoSuchMethodException e4) {
            return null;
        } catch (InvocationTargetException e5) {
            return null;
        }
    }

    private static void error(String str, Throwable th) {
        log(I2PAppContext.getGlobalContext(), 40, str, th);
    }

    private static void log(I2PAppContext i2PAppContext, int i, String str, Throwable th) {
        i2PAppContext.logManager().getLog(CertUtil.class).log(i, str, th);
    }

    public static PublicKey loadKey(File file) throws IOException, GeneralSecurityException {
        X509Certificate loadCert = loadCert(file);
        if (isRevoked(loadCert)) {
            throw new CRLException("Certificate is revoked");
        }
        return loadCert.getPublicKey();
    }

    public static X509Certificate loadCert(File file) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                x509Certificate.checkValidity();
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                } catch (Exception e) {
                    System.out.println("Warning: Cert is not self-signed or has a bad signature: " + file + " - " + e);
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                return x509Certificate;
            } catch (IllegalArgumentException e3) {
                throw new GeneralSecurityException("cert error", e3);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream) throws IOException, GeneralSecurityException {
        String readLine;
        while (true) {
            try {
                readLine = DataHelper.readLine(inputStream);
                if (readLine == null || (readLine.startsWith("---") && readLine.contains("BEGIN") && readLine.contains("PRIVATE"))) {
                    break;
                }
            } catch (IllegalArgumentException e) {
                throw new GeneralSecurityException("key error", e);
            }
        }
        if (readLine == null) {
            throw new IOException("no private key found");
        }
        StringBuilder sb = new StringBuilder(128);
        while (true) {
            String readLine2 = DataHelper.readLine(inputStream);
            if (readLine2 == null || readLine2.startsWith("---")) {
                break;
            }
            sb.append(readLine2.trim());
        }
        if (sb.length() <= 0) {
            throw new IOException("no private key found");
        }
        byte[] decode = Base64.decode(sb.toString(), true);
        if (decode == null) {
            throw new CertificateEncodingException("bad base64 cert");
        }
        PrivateKey privateKey = null;
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
        Iterator it = EnumSet.allOf(SigAlgo.class).iterator();
        while (it.hasNext()) {
            try {
                privateKey = java.security.KeyFactory.getInstance(((SigAlgo) it.next()).getName()).generatePrivate(pKCS8EncodedKeySpec);
                break;
            } catch (GeneralSecurityException e2) {
            }
        }
        if (privateKey == null) {
            throw new InvalidKeyException("unsupported key type");
        }
        return privateKey;
    }

    public static List<X509Certificate> loadCerts(InputStream inputStream) throws IOException, GeneralSecurityException {
        try {
            try {
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
                ArrayList arrayList = new ArrayList(generateCertificates.size());
                for (Certificate certificate : generateCertificates) {
                    if (!(certificate instanceof X509Certificate)) {
                        throw new GeneralSecurityException("not a X.509 cert");
                    }
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    x509Certificate.checkValidity();
                    arrayList.add(x509Certificate);
                }
                if (arrayList.isEmpty()) {
                    throw new IOException("no certs found");
                }
                return arrayList;
            } catch (IllegalArgumentException e) {
                throw new GeneralSecurityException("cert error", e);
            }
        } finally {
            try {
                inputStream.close();
            } catch (IOException e2) {
            }
        }
    }

    public static boolean saveCRL(X509CRL x509crl, File file) {
        SecureFileOutputStream secureFileOutputStream = null;
        try {
            try {
                secureFileOutputStream = new SecureFileOutputStream(file);
                exportCRL(x509crl, secureFileOutputStream);
                if (secureFileOutputStream != null) {
                    try {
                        secureFileOutputStream.close();
                    } catch (IOException e) {
                    }
                }
                return true;
            } catch (IOException e2) {
                error("Error writing X509 CRL " + file.getAbsolutePath(), e2);
                if (secureFileOutputStream != null) {
                    try {
                        secureFileOutputStream.close();
                    } catch (IOException e3) {
                        return false;
                    }
                }
                return false;
            } catch (CRLException e4) {
                error("Error writing X509 CRL " + file.getAbsolutePath(), e4);
                if (secureFileOutputStream != null) {
                    try {
                        secureFileOutputStream.close();
                    } catch (IOException e5) {
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (secureFileOutputStream != null) {
                try {
                    secureFileOutputStream.close();
                } catch (IOException e6) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static void exportCRL(X509CRL x509crl, OutputStream outputStream) throws IOException, CRLException {
        writePEM(x509crl.getEncoded(), "X509 CRL", outputStream);
    }

    public static boolean isRevoked(Certificate certificate) {
        return isRevoked(I2PAppContext.getGlobalContext(), certificate);
    }

    public static boolean isRevoked(I2PAppContext i2PAppContext, Certificate certificate) {
        return isRevoked(loadCRLs(i2PAppContext), certificate);
    }

    public static boolean isRevoked(CertStore certStore, Certificate certificate) {
        try {
            Iterator<? extends CRL> it = certStore.getCRLs(null).iterator();
            while (it.hasNext()) {
                if (it.next().isRevoked(certificate)) {
                    return true;
                }
            }
            return false;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public static CertStore loadCRLs() {
        return loadCRLs(I2PAppContext.getGlobalContext());
    }

    public static CertStore loadCRLs(I2PAppContext i2PAppContext) {
        HashSet hashSet = new HashSet(8);
        loadCRLs(hashSet, new File(new File(i2PAppContext.getBaseDir(), CERT_DIR), REVOCATION_DIR));
        boolean z = true;
        try {
            z = !i2PAppContext.getBaseDir().getCanonicalPath().equals(i2PAppContext.getConfigDir().getCanonicalPath());
        } catch (IOException e) {
        }
        if (z) {
            loadCRLs(hashSet, new File(new File(i2PAppContext.getConfigDir(), CERT_DIR), REVOCATION_DIR));
        }
        try {
            return CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet));
        } catch (GeneralSecurityException e2) {
            error("CertStore", e2);
            throw new UnsupportedOperationException(e2);
        }
    }

    private static void loadCRLs(Set<X509CRL> set, File file) {
        File[] listFiles;
        if (file.exists() && file.isDirectory() && (listFiles = file.listFiles(new FileSuffixFilter(".crl"))) != null) {
            for (File file2 : listFiles) {
                try {
                    set.add(loadCRL(file2));
                } catch (IOException e) {
                    error("Cannot load CRL from " + file2, e);
                } catch (GeneralSecurityException e2) {
                    error("Cannot load CRL from " + file2, e2);
                }
            }
        }
    }

    private static X509CRL loadCRL(File file) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            X509CRL loadCRL = loadCRL(fileInputStream);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            return loadCRL;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public static X509CRL loadCRL(InputStream inputStream) throws GeneralSecurityException {
        return (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(inputStream);
    }

    public static final void main(String[] strArr) {
        if (strArr.length < 2) {
            System.out.println("Usage: [loadcert | loadcrl | loadcrldir | loadcrldirs | isrevoked | loadprivatekey | checkall] file");
            System.exit(1);
        }
        try {
            File file = new File(strArr[1]);
            if (strArr[0].equals("loadcert")) {
                SigningPublicKey fromJavaKey = SigUtil.fromJavaKey(loadCert(file).getPublicKey());
                System.out.println("Loaded " + fromJavaKey + ' ' + fromJavaKey.toBase64());
            } else if (strArr[0].equals("loadcrl")) {
                loadCRL(file);
            } else if (strArr[0].equals("loadcrldir")) {
                HashSet hashSet = new HashSet(8);
                loadCRLs(hashSet, file);
                System.out.println("Found " + hashSet.size() + " CRLs");
            } else if (strArr[0].equals("loadcrldirs")) {
                System.out.println("Found " + loadCRLs(I2PAppContext.getGlobalContext()).getCRLs(null).size() + " CRLs");
            } else if (strArr[0].equals("isrevoked")) {
                System.out.println("Revoked? " + isRevoked(I2PAppContext.getGlobalContext(), loadCert(file)));
            } else if (strArr[0].equals("loadprivatekey")) {
                System.out.println("Found private key: " + SigUtil.fromJavaKey(loadPrivateKey(new FileInputStream(file))));
            } else if (strArr[0].equals("checkall")) {
                checkAll(file);
            } else {
                System.out.println("Usage: [loadcert | loadcrl | loadcrldir | loadcrldirs | isrevoked | loadprivatekey | checkall] file");
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
    }

    private static int checkAll(File file) {
        File[] listFiles;
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        HashSet hashSet = new HashSet(8);
        loadCRLs(hashSet, new File(file, REVOCATION_DIR));
        try {
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet));
            long currentTimeMillis = System.currentTimeMillis();
            File[] listFiles2 = file.listFiles();
            if (listFiles2 != null) {
                for (File file2 : listFiles2) {
                    if (file2.isDirectory() && !file2.getName().equals(REVOCATION_DIR) && (listFiles = file2.listFiles(new FileSuffixFilter(".crt"))) != null) {
                        for (File file3 : listFiles) {
                            try {
                                X509Certificate loadCert = loadCert(file3);
                                if (isRevoked(certStore, loadCert)) {
                                    System.out.println("ERROR: Revoked cert " + file3);
                                    i3++;
                                } else {
                                    long time = loadCert.getNotAfter().getTime() - currentTimeMillis;
                                    if (time < CHECK) {
                                        System.out.println("**** WARNING: Cert " + file3 + " expires in " + DataHelper.formatDuration(time));
                                        i2++;
                                    } else {
                                        i++;
                                    }
                                }
                            } catch (IOException e) {
                                System.out.println("**** ERROR: Cannot load cert from " + file3 + ": " + e);
                                i3++;
                            } catch (CertificateExpiredException e2) {
                                System.out.println("**** WARNING: Cert expired " + file3 + ": " + e2);
                                i3++;
                            } catch (GeneralSecurityException e3) {
                                System.out.println("**** ERROR: Cannot load cert from " + file3 + ": " + e3);
                                i3++;
                            }
                        }
                    }
                }
            }
            System.out.println("Found " + i + " valid certs, " + i3 + " bad certs, " + i2 + " about to expire certs");
            return i3 > 0 ? 1 : 0;
        } catch (GeneralSecurityException e4) {
            error("CertStore", e4);
            throw new UnsupportedOperationException(e4);
        }
    }

    static {
        I2PProvider.addProvider();
    }
}
