package asia.dbt.thundercrypt.core.utils;

import asia.dbt.thundercrypt.core.exceptions.certificates.IssuerCertificateNotFoundException;
import asia.dbt.thundercrypt.core.exceptions.certificates.IssuerCertificateSerialnumberNotFoundException;
import asia.dbt.thundercrypt.core.exceptions.certificates.OcspNotFoundInCertificateException;
import asia.dbt.thundercrypt.core.exceptions.certificates.RootCheckCertificateException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Optional;
import java.util.function.Predicate;
import javax.security.auth.x500.X500Principal;
import kz.gov.pki.kalkan.asn1.ASN1Sequence;
import kz.gov.pki.kalkan.asn1.DEREncodable;
import kz.gov.pki.kalkan.asn1.DERSequence;
import kz.gov.pki.kalkan.asn1.x509.X509Extension;
import kz.gov.pki.kalkan.util.encoders.Hex;

/* loaded from: input_file:asia/dbt/thundercrypt/core/utils/CertificateUtil.class */
public class CertificateUtil {
    public static String getCertificateSerialNumber(X509Certificate x509Certificate) {
        return Hex.encodeStr(x509Certificate.getSerialNumber().toByteArray());
    }

    public static X509Certificate getIssuerCertificate(X509Certificate x509Certificate) throws IssuerCertificateNotFoundException {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        Optional<X509Certificate> findCertificate = findCertificate(x509Certificate2 -> {
            return x509Certificate2.getSubjectX500Principal().equals(issuerX500Principal);
        });
        if (findCertificate.isPresent()) {
            return findCertificate.get();
        }
        try {
            String issuerCertificateSerialNumber = getIssuerCertificateSerialNumber(x509Certificate);
            Optional<X509Certificate> findCertificate2 = findCertificate(x509Certificate3 -> {
                return getCertificateSerialNumber(x509Certificate3).equals(issuerCertificateSerialNumber);
            });
            if (findCertificate2.isPresent()) {
                return findCertificate2.get();
            }
            throw new IssuerCertificateNotFoundException(issuerX500Principal.toString());
        } catch (Exception e) {
            throw new IssuerCertificateNotFoundException(e);
        }
    }

    private static Optional<X509Certificate> findCertificate(Predicate<? super X509Certificate> predicate) {
        return KeyStoreUtil.getCaCerts().stream().filter(predicate).findFirst();
    }

    public static String getUrlToOcsp(X509Certificate x509Certificate) throws OcspNotFoundInCertificateException {
        try {
            return getUrlToOcspFromAuthorityInfoAccessExtension(CertificateExtensionsUtil.getExtensionFromCertificate(x509Certificate, CertificateExtensionsUtil.AUTHORITY_INFO_ACCESS));
        } catch (Exception e) {
            throw new OcspNotFoundInCertificateException(e);
        }
    }

    public static String getIssuerCertificateSerialNumber(X509Certificate x509Certificate) throws IssuerCertificateSerialnumberNotFoundException {
        try {
            return Hex.encodeStr(CertificateExtensionsUtil.getExtensionObjectFromCertificate(x509Certificate, CertificateExtensionsUtil.AUTHORITY_KEY_IDENTIFIER).getObjectAt(2).getObject().getOctets());
        } catch (Exception e) {
            throw new IssuerCertificateSerialnumberNotFoundException(e);
        }
    }

    public static boolean isRoot(X509Certificate x509Certificate) throws RootCheckCertificateException {
        try {
            return x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
        } catch (Exception e) {
            throw new RootCheckCertificateException(e);
        }
    }

    public static void validateCertificateExpire(X509Certificate x509Certificate, Date date) throws CertificateNotYetValidException, CertificateExpiredException {
        x509Certificate.checkValidity(date);
    }

    public static String getCertificateIssuerNameRFC2253(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().getName("RFC2253");
    }

    public static boolean checkCertficateIssuer(X509Certificate x509Certificate, String str) {
        return getCertificateIssuerNameRFC2253(x509Certificate).equals(str);
    }

    private static String getUrlToOcspFromAuthorityInfoAccessExtension(X509Extension x509Extension) throws IOException {
        return parseUrl(ASN1Sequence.getInstance(DERSequence.fromByteArray(x509Extension.getValue().getOctets())).getObjectAt(1));
    }

    private static String parseUrl(DEREncodable dEREncodable) throws IOException {
        return new String(ASN1Sequence.getInstance(dEREncodable).getObjectAt(1).getObject().getEncoded(), StandardCharsets.UTF_8).substring(2);
    }
}
