package de.rub.nds.tlsattacker.core.certificate.ocsp;

import com.google.common.io.ByteStreams;
import de.rub.nds.asn1.Asn1Encodable;
import de.rub.nds.asn1.model.Asn1EncapsulatingOctetString;
import de.rub.nds.asn1.model.Asn1Explicit;
import de.rub.nds.asn1.model.Asn1Integer;
import de.rub.nds.asn1.model.Asn1ObjectIdentifier;
import de.rub.nds.asn1.model.Asn1PrimitiveIa5String;
import de.rub.nds.asn1.model.Asn1Sequence;
import de.rub.nds.asn1.parser.Asn1Parser;
import de.rub.nds.asn1.translator.ParseOcspTypesContext;
import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.certificate.ExtensionObjectIdentifier;
import de.rub.nds.tlsattacker.core.util.Asn1ToolInitializer;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.x509.Certificate;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/certificate/ocsp/CertificateInformationExtractor.class */
public class CertificateInformationExtractor {
    private static final Logger LOGGER = LogManager.getLogger();
    private final Certificate certificate;
    private List<Asn1Encodable> x509ExtensionSequences;
    private Asn1Sequence authorityInfoAccessEntities;
    private Asn1Sequence tlsFeatureExtension;
    private Asn1Sequence precertificateSctListExtension;
    private Boolean mustStaple;
    private Boolean mustStaplev2;
    private String ocspServerUrl;
    private String certificateIssuerUrl;
    private static final int X509_EXTENSION_ASN1_EXPLICIT_OFFSET = 3;
    private static final int STATUS_REQUEST_TLS_EXTENSION_ID = 5;
    private static final int STATUS_REQUEST_V2_TLS_EXTENSION_ID = 17;

    public CertificateInformationExtractor(Certificate certificate) {
        this.certificate = certificate;
        Asn1ToolInitializer.initAsn1Tool();
    }

    public Certificate getCertificate() {
        return this.certificate;
    }

    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber().getValue();
    }

    public byte[] getIssuerNameHash() {
        try {
            return MessageDigest.getInstance("SHA-1").digest(this.certificate.getIssuer().getEncoded());
        } catch (IOException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] getIssuerKeyHash() {
        try {
            return MessageDigest.getInstance("SHA-1").digest(this.certificate.getSubjectPublicKeyInfo().getPublicKeyData().getBytes());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public Boolean getMustStaple() {
        if (this.mustStaple == null) {
            this.mustStaple = Boolean.valueOf(parseMustStaple());
        }
        return this.mustStaple;
    }

    public Boolean getMustStaplev2() {
        if (this.mustStaplev2 == null) {
            this.mustStaplev2 = Boolean.valueOf(parseMustStaplev2());
        }
        return this.mustStaplev2;
    }

    public String getOcspServerUrl() {
        if (this.ocspServerUrl == null) {
            this.ocspServerUrl = parseOcspServerUrl();
        }
        return this.ocspServerUrl;
    }

    public String getCertificateIssuerUrl() {
        if (this.certificateIssuerUrl == null) {
            this.certificateIssuerUrl = parseCertificateIssuerUrl();
        }
        return this.certificateIssuerUrl;
    }

    public Asn1Sequence getPrecertificateSCTs() {
        if (this.precertificateSctListExtension == null) {
            extractPrecertificateSCTs();
        }
        return this.precertificateSctListExtension;
    }

    private void extractX509Extensions() {
        try {
            Asn1Explicit asn1Explicit = null;
            Iterator it = ((Asn1Sequence) ((Asn1Sequence) new Asn1Parser(this.certificate.getEncoded(), false).parse(ParseOcspTypesContext.NAME).get(0)).getChildren().get(0)).getChildren().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Asn1Explicit asn1Explicit2 = (Asn1Encodable) it.next();
                if ((asn1Explicit2 instanceof Asn1Explicit) && asn1Explicit2.getOffset() == 3) {
                    asn1Explicit = asn1Explicit2;
                    break;
                }
            }
            this.x509ExtensionSequences = ((Asn1Sequence) asn1Explicit.getChildren().get(0)).getChildren();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void extractAuthorityInfoAccessEntities() throws CertificateException {
        Asn1Sequence asn1Sequence = null;
        Iterator<Asn1Encodable> it = this.x509ExtensionSequences.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Asn1Sequence asn1Sequence2 = (Asn1Encodable) it.next();
            if ((asn1Sequence2 instanceof Asn1Sequence) && ((Asn1ObjectIdentifier) asn1Sequence2.getChildren().get(0)).getValue().equals(ExtensionObjectIdentifier.AUTHORITY_INFO_ACCESS.getOID())) {
                asn1Sequence = asn1Sequence2;
                break;
            }
        }
        if (asn1Sequence == null) {
            throw new CertificateException("No 'Authority Info Access' entry found in certificate.");
        }
        this.authorityInfoAccessEntities = (Asn1Sequence) ((Asn1EncapsulatingOctetString) asn1Sequence.getChildren().get(1)).getChildren().get(0);
    }

    private void extractTlsFeatureExtension() {
        if (this.x509ExtensionSequences == null) {
            extractX509Extensions();
        }
        Iterator<Asn1Encodable> it = this.x509ExtensionSequences.iterator();
        while (it.hasNext()) {
            Asn1Sequence asn1Sequence = (Asn1Encodable) it.next();
            if ((asn1Sequence instanceof Asn1Sequence) && ((Asn1ObjectIdentifier) asn1Sequence.getChildren().get(0)).getValue().equals(ExtensionObjectIdentifier.TLS_FEATURE.getOID())) {
                this.tlsFeatureExtension = asn1Sequence;
                return;
            }
        }
    }

    private void extractPrecertificateSCTs() {
        if (this.x509ExtensionSequences == null) {
            extractX509Extensions();
        }
        Iterator<Asn1Encodable> it = this.x509ExtensionSequences.iterator();
        while (it.hasNext()) {
            Asn1Sequence asn1Sequence = (Asn1Encodable) it.next();
            if ((asn1Sequence instanceof Asn1Sequence) && ((Asn1ObjectIdentifier) asn1Sequence.getChildren().get(0)).getValue().equals(ExtensionObjectIdentifier.SIGNED_CERTIFICATE_TIMESTAMP_LIST.getOID())) {
                this.precertificateSctListExtension = asn1Sequence;
                return;
            }
        }
    }

    private boolean parseMustStaple() {
        if (this.tlsFeatureExtension == null) {
            extractTlsFeatureExtension();
        }
        boolean z = false;
        if (this.tlsFeatureExtension != null) {
            for (Asn1Integer asn1Integer : ((Asn1Sequence) ((Asn1EncapsulatingOctetString) this.tlsFeatureExtension.getChildren().get(1)).getChildren().get(0)).getChildren()) {
                if ((asn1Integer instanceof Asn1Integer) && asn1Integer.getValue().intValue() == 5) {
                    z = true;
                }
            }
        }
        return z;
    }

    private boolean parseMustStaplev2() {
        if (this.tlsFeatureExtension == null) {
            extractTlsFeatureExtension();
        }
        boolean z = false;
        if (this.tlsFeatureExtension != null) {
            for (Asn1Integer asn1Integer : ((Asn1Sequence) ((Asn1EncapsulatingOctetString) this.tlsFeatureExtension.getChildren().get(1)).getChildren().get(0)).getChildren()) {
                if ((asn1Integer instanceof Asn1Integer) && asn1Integer.getValue().intValue() == STATUS_REQUEST_V2_TLS_EXTENSION_ID) {
                    z = true;
                }
            }
        }
        return z;
    }

    private String getStringFromInformationAccessEntry(List<Asn1Encodable> list) {
        String str = null;
        if (list != null) {
            Asn1PrimitiveIa5String asn1PrimitiveIa5String = null;
            if (list.size() > 1 && (list.get(1) instanceof Asn1PrimitiveIa5String)) {
                asn1PrimitiveIa5String = (Asn1PrimitiveIa5String) list.get(1);
            }
            str = asn1PrimitiveIa5String.getValue();
        }
        return str;
    }

    private String parseOcspServerUrl() {
        if (this.x509ExtensionSequences == null) {
            extractX509Extensions();
        }
        if (this.authorityInfoAccessEntities == null) {
            try {
                extractAuthorityInfoAccessEntities();
            } catch (CertificateException e) {
                LOGGER.debug(e.getMessage());
                return null;
            }
        }
        List<Asn1Encodable> list = null;
        Iterator it = this.authorityInfoAccessEntities.getChildren().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Asn1Sequence asn1Sequence = (Asn1Encodable) it.next();
            if ((asn1Sequence instanceof Asn1Sequence) && ((Asn1ObjectIdentifier) asn1Sequence.getChildren().get(0)).getValue().equals(ExtensionObjectIdentifier.OCSP.getOID())) {
                list = asn1Sequence.getChildren();
                break;
            }
        }
        if (list != null) {
            return getStringFromInformationAccessEntry(list);
        }
        LOGGER.debug("No OCSP entry found in certificate.");
        return null;
    }

    private String parseCertificateIssuerUrl() {
        if (this.x509ExtensionSequences == null) {
            extractX509Extensions();
        }
        if (this.authorityInfoAccessEntities == null) {
            try {
                extractAuthorityInfoAccessEntities();
            } catch (CertificateException e) {
                LOGGER.debug(e.getMessage());
                return null;
            }
        }
        List<Asn1Encodable> list = null;
        Iterator it = this.authorityInfoAccessEntities.getChildren().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Asn1Sequence asn1Sequence = (Asn1Encodable) it.next();
            if ((asn1Sequence instanceof Asn1Sequence) && ((Asn1ObjectIdentifier) asn1Sequence.getChildren().get(0)).getValue().equals(ExtensionObjectIdentifier.CERTIFICATE_AUTHORITY_ISSUER.getOID())) {
                list = asn1Sequence.getChildren();
                break;
            }
        }
        if (list != null) {
            return getStringFromInformationAccessEntry(list);
        }
        LOGGER.debug("No Certificate Issuer entry found in certificate.");
        return null;
    }

    /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    public Certificate retrieveIssuerCertificate() {
        String certificateIssuerUrl = getCertificateIssuerUrl();
        try {
            if (certificateIssuerUrl == null) {
                LOGGER.debug("Didn't get any issuer certificate URL from certificate.");
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(certificateIssuerUrl).openConnection();
            httpURLConnection.setConnectTimeout(5000);
            httpURLConnection.setRequestMethod("GET");
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode != 200) {
                LOGGER.debug("Response not successful: Received status code " + responseCode);
                httpURLConnection.disconnect();
                return null;
            }
            byte[] byteArray = ByteStreams.toByteArray(httpURLConnection.getInputStream());
            httpURLConnection.disconnect();
            byte[] concatenate = ArrayConverter.concatenate((byte[][]) new byte[]{ArrayConverter.intToBytes(byteArray.length, 3), byteArray});
            return org.bouncycastle.crypto.tls.Certificate.parse(new ByteArrayInputStream(ArrayConverter.concatenate((byte[][]) new byte[]{ArrayConverter.intToBytes(concatenate.length, 3), concatenate}))).getCertificateAt(0);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
