package eu.europa.ec.markt.dss.validation102853;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.DigestAlgorithm;
import eu.europa.ec.markt.dss.OID;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSourceType;
import eu.europa.ec.markt.dss.validation102853.condition.ServiceInfo;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.spi.LocationInfo;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROctetString;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/CertificateToken.class */
public class CertificateToken extends Token {
    private static final Logger LOG = Logger.getLogger(CertificateToken.class.getName());
    private X509Certificate cert;
    private int dssId;
    private Map<DigestAlgorithm, String> digests;
    private RevocationToken revocationToken;
    private Boolean selfSigned;
    protected CertificateTokenValidationExtraInfo extraInfo;
    private List<CertificateSourceType> sources = new ArrayList();
    private List<ServiceInfo> associatedTSPS = new ArrayList();
    private DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA1;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CertificateToken newInstance(X509Certificate x509Certificate, int i) {
        return new CertificateToken(x509Certificate, i);
    }

    protected CertificateToken(X509Certificate x509Certificate, int i) {
        this.dssId = i;
        this.cert = x509Certificate;
        this.issuerX500Principal = x509Certificate.getIssuerX500Principal();
        this.algoOIDUsedToSignToken = x509Certificate.getSigAlgOID();
        this.algoUsedToSignToken = x509Certificate.getSigAlgName();
        CertificateTokenValidationExtraInfo certificateTokenValidationExtraInfo = new CertificateTokenValidationExtraInfo();
        this.extraInfo = certificateTokenValidationExtraInfo;
        super.extraInfo = certificateTokenValidationExtraInfo;
    }

    public void addSourceType(CertificateSourceType certificateSourceType) {
        if (certificateSourceType == null || this.sources.contains(certificateSourceType)) {
            return;
        }
        this.sources.add(certificateSourceType);
    }

    public void addServiceInfo(ServiceInfo serviceInfo) {
        if (serviceInfo == null || this.associatedTSPS.contains(serviceInfo)) {
            return;
        }
        this.associatedTSPS.add(serviceInfo);
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public int getDSSId() {
        return this.dssId;
    }

    public String getDSSIdAsString() {
        return this.dssId == 0 ? PropertyAccessor.PROPERTY_KEY_PREFIX + this.cert.getSubjectX500Principal().getName("CANONICAL") + "]" : PropertyAccessor.PROPERTY_KEY_PREFIX + this.dssId + "]";
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public String getAbbreviation() {
        return getDSSIdAsString();
    }

    public void setRevocationToken(RevocationToken revocationToken) {
        this.revocationToken = revocationToken;
    }

    public RevocationToken getRevocationToken() {
        return this.revocationToken;
    }

    public PublicKey getPublicKey() {
        return this.cert.getPublicKey();
    }

    public Date getNotAfter() {
        return this.cert.getNotAfter();
    }

    public Date getNotBefore() {
        return this.cert.getNotBefore();
    }

    public boolean isExpired() {
        return this.cert.getNotAfter().before(new Date());
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public boolean isTrusted() {
        return this.sources.contains(CertificateSourceType.TRUSTED_LIST) || this.sources.contains(CertificateSourceType.TRUSTED_STORE);
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public boolean isSelfSigned() {
        if (this.selfSigned == null) {
            this.selfSigned = Boolean.valueOf(this.cert.getSubjectX500Principal().getName("CANONICAL").equals(this.cert.getIssuerX500Principal().getName("CANONICAL")));
        }
        return this.selfSigned.booleanValue();
    }

    public boolean equals(int i) {
        return this.dssId == i;
    }

    public int hashCode() {
        return this.dssId;
    }

    public boolean equals(Object obj) {
        return obj != null && getClass() == obj.getClass() && this.dssId == ((CertificateToken) obj).dssId;
    }

    public X509Certificate getCertificate() {
        return this.cert;
    }

    public List<CertificateSourceType> getSource() {
        return this.sources;
    }

    public List<ServiceInfo> getAssociatedTSPS() {
        if (isTrusted()) {
            return this.associatedTSPS;
        }
        return null;
    }

    public BigInteger getSerialNumber() {
        return this.cert.getSerialNumber();
    }

    public X500Principal getSubjectX500Principal() {
        return this.cert.getSubjectX500Principal();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public boolean isSignedBy(CertificateToken certificateToken) {
        this.signatureIntact = false;
        this.signatureInvalidityReason = "";
        try {
            this.cert.verify(certificateToken.getCertificate().getPublicKey());
            this.signatureIntact = true;
            if (!isSelfSigned()) {
                this.issuerToken = certificateToken;
            }
        } catch (InvalidKeyException e) {
            this.signatureInvalidityReason = "InvalidKeyException - on incorrect key.";
        } catch (NoSuchAlgorithmException e2) {
            this.signatureInvalidityReason = "InvalidKeyException - on unsupported signature algorithms.";
        } catch (NoSuchProviderException e3) {
            throw new RuntimeException(e3);
        } catch (SignatureException e4) {
            this.signatureInvalidityReason = "InvalidKeyException - on signature errors.";
        } catch (CertificateException e5) {
            this.signatureInvalidityReason = "InvalidKeyException -  on encoding errors.";
        }
        return this.signatureIntact;
    }

    public boolean isOCSPSigning() {
        try {
            List<String> extendedKeyUsage = this.cert.getExtendedKeyUsage();
            if (extendedKeyUsage != null) {
                return extendedKeyUsage.contains(OID._1_3_6_1_5_5_7_3_9.getName());
            }
            return false;
        } catch (CertificateParsingException e) {
            LOG.warning(e.getMessage());
            return false;
        }
    }

    public boolean hasIdPkixOcspNoCheckExtension() {
        byte[] extensionValue = this.cert.getExtensionValue(OID._1_3_6_1_5_5_7_48_1_5.getName());
        if (extensionValue == null) {
            return false;
        }
        try {
            DERObject dERObject = toDERObject(extensionValue);
            if (dERObject instanceof DEROctetString) {
                return ((DEROctetString) dERObject).getOctets().length == 0;
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean hasExpiredCertOnCRLExtension() {
        byte[] extensionValue = this.cert.getExtensionValue(OID._2_5_29_60.getName());
        if (extensionValue == null) {
            return false;
        }
        try {
            DERObject dERObject = toDERObject(extensionValue);
            if (dERObject instanceof DEROctetString) {
                return ((DEROctetString) dERObject).getOctets().length == 0;
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private DERObject toDERObject(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
        DERObject readObject = aSN1InputStream.readObject();
        aSN1InputStream.close();
        return readObject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public CertificateTokenValidationExtraInfo extraInfo() {
        return this.extraInfo;
    }

    public DigestAlgorithm getDigestAlgorithm() {
        return this.digestAlgorithm;
    }

    public String getDigestValue(DigestAlgorithm digestAlgorithm) {
        String str = null;
        if (this.digests == null) {
            this.digests = new HashMap();
            str = this.digests.get(digestAlgorithm);
            if (str == null) {
                try {
                    MessageDigest messageDigest = MessageDigest.getInstance(digestAlgorithm.getName());
                    messageDigest.update(this.cert.getEncoded());
                    str = DSSUtils.base64Encode(messageDigest.digest());
                    this.digests.put(digestAlgorithm, str);
                } catch (NoSuchAlgorithmException e) {
                    throw new DSSException("Error when computing the digest of the certificate.", e);
                } catch (CertificateEncodingException e2) {
                    throw new DSSException("Error when computing the digest of the certificate.", e2);
                }
            }
        }
        return str;
    }

    public CertificateToken getTrustAnchor() {
        CertificateToken issuerToken = getIssuerToken();
        while (true) {
            CertificateToken certificateToken = issuerToken;
            if (certificateToken == null) {
                return null;
            }
            if (certificateToken.isTrusted()) {
                return certificateToken;
            }
            issuerToken = certificateToken.getIssuerToken();
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.Token
    public String toString(String str) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str).append("CertificateToken[\n");
            String str2 = str + "\t";
            stringBuffer.append(str2).append(getDSSIdAsString()).append("<--").append(this.issuerToken == null ? isSelfSigned() ? "[SELF-SIGNED]" : getIssuerX500Principal().toString() : this.issuerToken.getDSSIdAsString()).append(", source=").append(this.sources.size() > 0 ? this.sources.get(0).name() : "UNKNOWN");
            stringBuffer.append(", serial=" + this.cert.getSerialNumber()).append('\n');
            stringBuffer.append(str2).append("Validity period: ").append(DSSUtils.formatInternal(this.cert.getNotBefore())).append(" - ").append(DSSUtils.formatInternal(this.cert.getNotAfter())).append('\n');
            if (this.sources.contains(CertificateSourceType.TRUSTED_LIST)) {
                for (ServiceInfo serviceInfo : this.associatedTSPS) {
                    stringBuffer.append(str2).append("Service Info:\n");
                    String str3 = str2 + "\t";
                    stringBuffer.append(serviceInfo.toString(str3));
                    str2 = str3.substring(1);
                }
            }
            stringBuffer.append(str2).append("Signature algorithm: ").append(this.algoUsedToSignToken == null ? LocationInfo.NA : this.algoUsedToSignToken).append('\n');
            if (isTrusted()) {
                stringBuffer.append(str2).append("Signature verification is not needed (from TSL)\n");
            } else if (this.signatureIntact) {
                stringBuffer.append(str2).append("Signature validity: VALID").append('\n');
            } else if (!this.signatureInvalidityReason.isEmpty()) {
                stringBuffer.append(str2).append("Signature validity: INVALID").append(" - ").append(this.signatureInvalidityReason).append('\n');
            }
            if (this.revocationToken != null) {
                stringBuffer.append(str2).append("Revocation data[\n");
                String str4 = str2 + "\t";
                stringBuffer.append(str4).append("Status: ").append(this.revocationToken.getStatus()).append(" / ").append(this.revocationToken.getIssuingTime()).append(" / issuer's certificate ").append(this.revocationToken.getIssuerToken().getDSSIdAsString()).append('\n');
                str2 = str4.substring(1);
                stringBuffer.append(str2).append("]\n");
            } else if (isSelfSigned()) {
                stringBuffer.append(str2).append("Verification of revocation data is not necessary in the case of a SELF-SIGNED certificate.\n");
            } else if (isTrusted()) {
                stringBuffer.append(str2).append("Verification of revocation data is not necessary in the case of a TRUSTED certificate.\n");
            } else {
                stringBuffer.append(str2).append("There is no revocation data available!\n");
            }
            if (this.issuerToken != null) {
                stringBuffer.append(str2).append("Issuer certificate[\n");
                String str5 = str2 + "\t";
                if (this.issuerToken.isSelfSigned()) {
                    stringBuffer.append(str5).append(this.issuerToken.getDSSIdAsString()).append(" SELF-SIGNED");
                } else {
                    stringBuffer.append(this.issuerToken.toString(str5));
                }
                stringBuffer.append('\n');
                str2 = str5.substring(1);
                stringBuffer.append(str2).append("]\n");
            }
            Iterator<String> it2 = this.extraInfo.getValidationInfo().iterator();
            while (it2.hasNext()) {
                stringBuffer.append(str2).append("- ").append(it2.next()).append('\n');
            }
            stringBuffer.append(str2.substring(1)).append("]");
            return stringBuffer.toString();
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    public int superHashCode() {
        return super.hashCode();
    }
}
