package eu.europa.esig.dss.x509;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.EncryptionAlgorithm;
import eu.europa.esig.dss.Normalizer;
import eu.europa.esig.dss.SignatureAlgorithm;
import eu.europa.esig.dss.tsl.KeyUsageBit;
import eu.europa.esig.dss.tsl.ServiceInfo;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:eu/europa/esig/dss/x509/CertificateToken.class */
public class CertificateToken extends Token {
    private String dssId;
    private X509Certificate x509Certificate;
    private DigestAlgorithm digestAlgorithm;
    private EncryptionAlgorithm encryptionAlgorithm;
    private RevocationToken revocationToken;
    private Boolean selfSigned;
    protected CertificateTokenValidationExtraInfo extraInfo;
    private String xmlId;
    private Set<KeyUsageBit> keyUsageBits;
    private Set<CertificateSourceType> sources = new HashSet();
    private Set<ServiceInfo> associatedTSPS = new HashSet();
    private X500Principal subjectX500PrincipalNormalized = null;

    static CertificateToken newInstance(X509Certificate x509Certificate) {
        return new CertificateToken(x509Certificate);
    }

    public CertificateToken(X509Certificate x509Certificate) {
        this.digestAlgorithm = DigestAlgorithm.SHA1;
        if (x509Certificate == null) {
            throw new NullPointerException("X509 certificate is missing");
        }
        this.x509Certificate = x509Certificate;
        this.issuerX500Principal = Normalizer.getNormalizedX500Principal(x509Certificate.getIssuerX500Principal());
        this.signatureAlgorithm = SignatureAlgorithm.forOID(x509Certificate.getSigAlgOID());
        this.digestAlgorithm = this.signatureAlgorithm.getDigestAlgorithm();
        this.encryptionAlgorithm = this.signatureAlgorithm.getEncryptionAlgorithm();
        CertificateTokenValidationExtraInfo certificateTokenValidationExtraInfo = new CertificateTokenValidationExtraInfo();
        this.extraInfo = certificateTokenValidationExtraInfo;
        super.extraInfo = certificateTokenValidationExtraInfo;
    }

    public void addSourceType(CertificateSourceType certificateSourceType) {
        if (certificateSourceType != null) {
            this.sources.add(certificateSourceType);
        }
    }

    public void addServiceInfo(ServiceInfo serviceInfo) {
        if (serviceInfo != null) {
            this.associatedTSPS.add(serviceInfo);
        }
    }

    public String getDSSIdAsString() {
        if (this.dssId == null) {
            this.dssId = getDSSId().asXmlId();
        }
        return this.dssId;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public String getAbbreviation() {
        return getDSSIdAsString();
    }

    public void setRevocationToken(RevocationToken revocationToken) {
        this.revocationToken = revocationToken;
    }

    public RevocationToken getRevocationToken() {
        return this.revocationToken;
    }

    public PublicKey getPublicKey() {
        return this.x509Certificate.getPublicKey();
    }

    public Date getNotAfter() {
        return this.x509Certificate.getNotAfter();
    }

    public Date getNotBefore() {
        return this.x509Certificate.getNotBefore();
    }

    public boolean isExpiredOn(Date date) {
        if (this.x509Certificate == null || date == null) {
            return true;
        }
        return this.x509Certificate.getNotAfter().before(date);
    }

    public boolean isValidOn(Date date) {
        if (this.x509Certificate == null || date == null) {
            return false;
        }
        try {
            this.x509Certificate.checkValidity(date);
            return true;
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    public Boolean isRevoked() {
        Boolean status;
        if (isTrusted()) {
            return false;
        }
        if (this.revocationToken == null || (status = this.revocationToken.getStatus()) == null) {
            return null;
        }
        return Boolean.valueOf(!status.booleanValue());
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isTrusted() {
        return this.sources.contains(CertificateSourceType.TRUSTED_LIST) || this.sources.contains(CertificateSourceType.TRUSTED_STORE);
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isSelfSigned() {
        if (this.selfSigned == null) {
            this.selfSigned = Boolean.valueOf(this.x509Certificate.getSubjectX500Principal().getName("CANONICAL").equals(this.x509Certificate.getIssuerX500Principal().getName("CANONICAL")));
        }
        return this.selfSigned.booleanValue();
    }

    public X509Certificate getCertificate() {
        return this.x509Certificate;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public byte[] getEncoded() {
        try {
            return this.x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new DSSException(e);
        }
    }

    public Set<CertificateSourceType> getSources() {
        return this.sources;
    }

    public Set<ServiceInfo> getAssociatedTSPS() {
        if (isTrusted()) {
            return this.associatedTSPS;
        }
        return null;
    }

    public BigInteger getSerialNumber() {
        return this.x509Certificate.getSerialNumber();
    }

    public X500Principal getSubjectX500Principal() {
        if (this.subjectX500PrincipalNormalized == null) {
            this.subjectX500PrincipalNormalized = Normalizer.getNormalizedX500Principal(this.x509Certificate.getSubjectX500Principal());
        }
        return this.subjectX500PrincipalNormalized;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public boolean isSignedBy(CertificateToken certificateToken) {
        this.signatureValid = false;
        this.signatureInvalidityReason = "";
        try {
            this.x509Certificate.verify(certificateToken.getCertificate().getPublicKey());
            this.signatureValid = true;
            if (!isSelfSigned()) {
                this.issuerToken = certificateToken;
            }
        } catch (InvalidKeyException e) {
            this.signatureInvalidityReason = "InvalidKeyException - on incorrect key.";
        } catch (NoSuchAlgorithmException e2) {
            this.signatureInvalidityReason = "NoSuchAlgorithmException - on unsupported signature algorithms.";
        } catch (NoSuchProviderException e3) {
            throw new DSSException(e3);
        } catch (SignatureException e4) {
            this.signatureInvalidityReason = "SignatureException - on signature errors.";
        } catch (CertificateException e5) {
            this.signatureInvalidityReason = "CertificateException -  on encoding errors.";
        }
        return this.signatureValid;
    }

    @Override // eu.europa.esig.dss.x509.Token
    public CertificateTokenValidationExtraInfo extraInfo() {
        return this.extraInfo;
    }

    public DigestAlgorithm getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public EncryptionAlgorithm getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public CertificateToken getTrustAnchor() {
        if (isSelfSigned() && isTrusted()) {
            return this;
        }
        CertificateToken issuerToken = getIssuerToken();
        while (true) {
            CertificateToken certificateToken = issuerToken;
            if (certificateToken == null) {
                return null;
            }
            if (certificateToken.isTrusted()) {
                return certificateToken;
            }
            issuerToken = certificateToken.getIssuerToken();
        }
    }

    public boolean checkKeyUsage(KeyUsageBit keyUsageBit) {
        return getKeyUsageBits().contains(keyUsageBit);
    }

    @Override // eu.europa.esig.dss.x509.Token
    public String toString(String str) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str).append("CertificateToken[\n");
            String str2 = str + "\t";
            String x500Principal = this.issuerToken == null ? isSelfSigned() ? "[SELF-SIGNED]" : getIssuerX500Principal().toString() : this.issuerToken.getDSSIdAsString();
            String str3 = "UNKNOWN";
            if (this.sources.size() > 0) {
                Iterator<CertificateSourceType> it = this.sources.iterator();
                while (it.hasNext()) {
                    String name = it.next().name();
                    str3 = "UNKNOWN".equals(str3) ? name : str3 + "/" + name;
                }
            }
            stringBuffer.append(str2).append(getDSSIdAsString()).append("<--").append(x500Principal).append(", source=").append(str3);
            stringBuffer.append(", serial=" + this.x509Certificate.getSerialNumber()).append('\n');
            stringBuffer.append(str2).append("Validity period    : ").append(this.x509Certificate.getNotBefore()).append(" - ").append(this.x509Certificate.getNotAfter()).append('\n');
            stringBuffer.append(str2).append("Subject name       : ").append(getSubjectX500Principal()).append('\n');
            stringBuffer.append(str2).append("Issuer subject name: ").append(getIssuerX500Principal()).append('\n');
            if (this.sources.contains(CertificateSourceType.TRUSTED_LIST)) {
                for (ServiceInfo serviceInfo : this.associatedTSPS) {
                    stringBuffer.append(str2).append("Service Info      :\n");
                    String str4 = str2 + "\t";
                    stringBuffer.append(serviceInfo.toString(str4));
                    str2 = str4.substring(1);
                }
            }
            stringBuffer.append(str2).append("Signature algorithm: ").append(this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm).append('\n');
            if (isTrusted()) {
                stringBuffer.append(str2).append("Signature validity : Signature verification is not needed: trusted certificate\n");
            } else if (this.signatureValid) {
                stringBuffer.append(str2).append("Signature validity : VALID").append('\n');
            } else if (!this.signatureInvalidityReason.isEmpty()) {
                stringBuffer.append(str2).append("Signature validity : INVALID").append(" - ").append(this.signatureInvalidityReason).append('\n');
            }
            if (this.revocationToken != null) {
                stringBuffer.append(str2).append("Revocation data[\n");
                String str5 = str2 + "\t";
                CertificateToken issuerToken = this.revocationToken.getIssuerToken();
                stringBuffer.append(str5).append("Status: ").append(this.revocationToken.getStatus()).append(" / ").append(this.revocationToken.getIssuingTime()).append(" / issuer's certificate ").append(issuerToken != null ? issuerToken.getDSSIdAsString() : "null").append('\n');
                str2 = str5.substring(1);
                stringBuffer.append(str2).append("]\n");
            } else if (isSelfSigned()) {
                stringBuffer.append(str2).append("Verification of revocation data is not necessary: self-signed certificate.\n");
            } else if (isTrusted()) {
                stringBuffer.append(str2).append("Verification of revocation data is not necessary: trusted certificate.\n");
            } else {
                stringBuffer.append(str2).append("There is no revocation data available!\n");
            }
            if (this.issuerToken != null) {
                stringBuffer.append(str2).append("Issuer certificate[\n");
                String str6 = str2 + "\t";
                if (this.issuerToken.isSelfSigned()) {
                    stringBuffer.append(str6).append(this.issuerToken.getDSSIdAsString()).append(" SELF-SIGNED");
                } else {
                    stringBuffer.append(this.issuerToken.toString(str6));
                }
                stringBuffer.append('\n');
                str2 = str6.substring(1);
                stringBuffer.append(str2).append("]\n");
            }
            Iterator<String> it2 = this.extraInfo.getValidationInfo().iterator();
            while (it2.hasNext()) {
                stringBuffer.append(str2).append("- ").append(it2.next()).append('\n');
            }
            stringBuffer.append(str2.substring(1)).append("]");
            return stringBuffer.toString();
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    public String getXmlId() {
        return this.xmlId;
    }

    public void setXmlId(String str) {
        this.xmlId = str;
    }

    public Set<KeyUsageBit> getKeyUsageBits() {
        if (this.keyUsageBits == null) {
            boolean[] keyUsage = this.x509Certificate.getKeyUsage();
            this.keyUsageBits = new HashSet();
            if (keyUsage != null) {
                for (KeyUsageBit keyUsageBit : KeyUsageBit.values()) {
                    if (keyUsage[keyUsageBit.getIndex()]) {
                        this.keyUsageBits.add(keyUsageBit);
                    }
                }
            }
        }
        return this.keyUsageBits;
    }

    public byte[] getSignature() {
        return this.x509Certificate.getSignature();
    }

    public Principal getIssuerDN() {
        return this.x509Certificate.getIssuerDN();
    }

    public Principal getSubjectDN() {
        return this.x509Certificate.getSubjectDN();
    }

    private String extractCNName(X500Principal x500Principal) {
        String name = x500Principal.getName();
        int indexOf = name.indexOf("CN=") + 3;
        if (indexOf == -1) {
            return name;
        }
        int indexOf2 = name.indexOf(",", indexOf);
        return indexOf2 == -1 ? name.substring(indexOf) : name.substring(indexOf, indexOf2);
    }

    public String getSubjectShortName() {
        return extractCNName(getSubjectX500Principal());
    }

    public String getBase64Encoded() {
        return DatatypeConverter.printBase64Binary(getEncoded());
    }

    public String getReadableCertificate() {
        String name = this.x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf("CN=") + 3;
        if (indexOf > 0 && name.indexOf(",", indexOf) > 0) {
            name = name.substring(indexOf, name.indexOf(",", indexOf)) + " (SN:" + getSerialNumber() + ")";
        }
        return name;
    }
}
