package org.jacorb.security.util;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionException;
import iaik.x509.extensions.SubjectAltName;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import org.jacorb.util.Debug;

/* loaded from: input_file:org/jacorb/security/util/CertUtils.class */
public class CertUtils {
    public static X509Certificate createPublicKeyCert(Name name, Name name2, PublicKey publicKey, PrivateKey privateKey) throws X509ExtensionException, CertificateException, NoSuchAlgorithmException, InvalidKeyException {
        X509Certificate x509Certificate = new X509Certificate();
        if (name == null) {
            name = emptyName();
        }
        if (name2 == null) {
            name2 = emptyName();
        }
        x509Certificate.setIssuerDN(name2);
        x509Certificate.setSubjectDN(name);
        x509Certificate.setPublicKey(publicKey);
        Date date = new Date();
        x509Certificate.setSerialNumber(new BigInteger(Long.toString(date.getTime())));
        x509Certificate.setValidNotBefore(date);
        Calendar calendar = Calendar.getInstance();
        calendar.add(2, 12);
        x509Certificate.setValidNotAfter(calendar.getTime());
        if (privateKey instanceof DSAPrivateKey) {
            x509Certificate.sign(AlgorithmID.dsaWithSHA1, privateKey);
        } else {
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new InvalidKeyException(new StringBuffer("Unknown private key: ").append(privateKey.getClass().getName()).toString());
            }
            x509Certificate.sign(AlgorithmID.md5WithRSAEncryption, privateKey);
        }
        return x509Certificate;
    }

    public static X509Certificate certifyRoleMembership(String str, Name name, Name name2, PublicKey publicKey, PrivateKey privateKey) throws X509ExtensionException, CertificateException, NoSuchAlgorithmException, InvalidKeyException {
        X509Certificate x509Certificate = new X509Certificate();
        if (name == null) {
            name = emptyName();
        }
        if (name2 == null) {
            name2 = emptyName();
        }
        x509Certificate.setIssuerDN(name2);
        x509Certificate.setSubjectDN(name);
        x509Certificate.setPublicKey(publicKey);
        Date date = new Date();
        x509Certificate.setSerialNumber(new BigInteger(Long.toString(date.getTime())));
        x509Certificate.setValidNotBefore(date);
        Calendar calendar = Calendar.getInstance();
        calendar.add(2, 12);
        x509Certificate.setValidNotAfter(calendar.getTime());
        x509Certificate.addExtension(new SubjectAltName(new GeneralNames(new GeneralName(GeneralName.rfc822Name, new StringBuffer("role:").append(str).toString()))));
        if (privateKey instanceof DSAPrivateKey) {
            x509Certificate.sign(AlgorithmID.dsaWithSHA1, privateKey);
        } else if (privateKey instanceof RSAPrivateKey) {
            x509Certificate.sign(AlgorithmID.md5WithRSAEncryption, privateKey);
        }
        System.out.println("Cert signed");
        return x509Certificate;
    }

    public static Name emptyName() {
        Name name = new Name();
        name.addRDN(ObjectID.commonName, "");
        name.addRDN(ObjectID.organizationalUnit, "");
        name.addRDN(ObjectID.organization, "");
        name.addRDN(ObjectID.locality, "");
        name.addRDN(ObjectID.country, "");
        return name;
    }

    public static Name createName(String str) {
        Name name = new Name();
        name.addRDN(ObjectID.commonName, str);
        name.addRDN(ObjectID.organizationalUnit, "AGSS");
        name.addRDN(ObjectID.organization, "FU Berlin");
        name.addRDN(ObjectID.locality, "Berlin");
        name.addRDN(ObjectID.country, "DE");
        return name;
    }

    public static String getCertLabel(java.security.cert.X509Certificate x509Certificate) {
        String roleName = getRoleName(x509Certificate);
        if (roleName == null) {
            roleName = new StringBuffer().append(x509Certificate.getSubjectDN()).append(", signer: ").append(x509Certificate.getIssuerDN()).toString();
        }
        return roleName;
    }

    public static String getRoleName(java.security.cert.X509Certificate x509Certificate) {
        X509Certificate x509Certificate2;
        try {
            try {
                x509Certificate2 = (X509Certificate) x509Certificate;
            } catch (ClassCastException e) {
                x509Certificate2 = new X509Certificate(x509Certificate.getEncoded());
            }
            if (!x509Certificate2.hasExtensions()) {
                return null;
            }
            x509Certificate2.checkValidity();
            Enumeration listExtensions = x509Certificate2.listExtensions();
            while (listExtensions.hasMoreElements()) {
                SubjectAltName subjectAltName = (V3Extension) listExtensions.nextElement();
                if (subjectAltName instanceof SubjectAltName) {
                    Enumeration names = subjectAltName.getGeneralNames().getNames();
                    while (names.hasMoreElements()) {
                        GeneralName generalName = (GeneralName) names.nextElement();
                        if (generalName.getType() == GeneralName.rfc822Name) {
                            String str = (String) generalName.getName();
                            if (str.startsWith("role:")) {
                                return str.substring(5);
                            }
                        }
                    }
                }
            }
            return null;
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static boolean isRoleCert(java.security.cert.X509Certificate x509Certificate) {
        X509Certificate x509Certificate2;
        try {
            try {
                x509Certificate2 = (X509Certificate) x509Certificate;
            } catch (ClassCastException e) {
                x509Certificate2 = new X509Certificate(x509Certificate.getEncoded());
            }
            if (!x509Certificate2.hasExtensions()) {
                return false;
            }
            Enumeration listExtensions = x509Certificate2.listExtensions();
            while (listExtensions.hasMoreElements()) {
                SubjectAltName subjectAltName = (V3Extension) listExtensions.nextElement();
                if (subjectAltName instanceof SubjectAltName) {
                    Enumeration names = subjectAltName.getGeneralNames().getNames();
                    while (names.hasMoreElements()) {
                        GeneralName generalName = (GeneralName) names.nextElement();
                        if (generalName.getType() == GeneralName.rfc822Name && ((String) generalName.getName()).startsWith("role:")) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public static boolean verifyCertificateChain(java.security.cert.X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        int length = x509CertificateArr.length;
        try {
            x509CertificateArr[length - 1].verify(x509CertificateArr[length - 1].getPublicKey());
            for (int i = length - 1; i > 0; i--) {
                Debug.output(3, new StringBuffer().append("verifying chain[ ").append(i - 1).append(" ]").toString());
                x509CertificateArr[i - 1].verify(x509CertificateArr[i].getPublicKey());
            }
            String name = x509CertificateArr[length - 1].getIssuerDN().getName();
            int indexOf = name.indexOf("CN=") + 3;
            int length2 = name.length();
            Debug.output(4, new StringBuffer().append("index = ").append(indexOf).append(" l = ").append(length2).toString());
            String substring = name.substring(indexOf, length2);
            Debug.output(4, new StringBuffer().append("check if ").append(substring).append(" is a trusted certificate entry in key store").toString());
            return keyStore.isCertificateEntry(substring);
        } catch (Exception e) {
            Debug.output(3, new StringBuffer("exection: ").append(e.toString()).toString());
            return false;
        }
    }

    public static java.security.cert.X509Certificate readCertificate(String str) {
        try {
            return (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509", "IAIK").generateCertificate(new FileInputStream(str));
        } catch (Exception e) {
            Debug.output(1, e);
            return null;
        }
    }
}
