package eu.faircode.email;

import android.text.TextUtils;
import android.util.Base64;
import j$.util.Objects;
import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import net.openid.appauth.AuthorizationRequest;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DLTaggedObject;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class EntityCertificate {
    static final String TABLE_NAME = "certificate";
    public Long after;
    public Long before;
    public String data;
    public String email;
    public String fingerprint;
    public Long id;
    public boolean intermediate;
    public String subject;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EntityCertificate from(X509Certificate x509Certificate, String str) {
        return from(x509Certificate, false, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EntityCertificate from(X509Certificate x509Certificate, boolean z5, String str) {
        EntityCertificate entityCertificate = new EntityCertificate();
        entityCertificate.fingerprint = getFingerprintSha256(x509Certificate);
        entityCertificate.intermediate = z5;
        entityCertificate.email = str;
        entityCertificate.subject = getSubject(x509Certificate);
        Date notBefore = x509Certificate.getNotBefore();
        Date notAfter = x509Certificate.getNotAfter();
        entityCertificate.after = notBefore == null ? null : Long.valueOf(notBefore.getTime());
        entityCertificate.before = notAfter != null ? Long.valueOf(notAfter.getTime()) : null;
        entityCertificate.data = Base64.encodeToString(x509Certificate.getEncoded(), 2);
        return entityCertificate;
    }

    public static EntityCertificate fromJSON(JSONObject jSONObject) {
        EntityCertificate entityCertificate = new EntityCertificate();
        entityCertificate.intermediate = jSONObject.optBoolean("intermediate");
        entityCertificate.email = jSONObject.getString(AuthorizationRequest.Scope.EMAIL);
        entityCertificate.data = jSONObject.getString("data");
        X509Certificate certificate = entityCertificate.getCertificate();
        entityCertificate.fingerprint = getFingerprintSha256(certificate);
        entityCertificate.subject = getSubject(certificate);
        Date notBefore = certificate.getNotBefore();
        Date notAfter = certificate.getNotAfter();
        entityCertificate.after = notBefore == null ? null : Long.valueOf(notBefore.getTime());
        entityCertificate.before = notAfter != null ? Long.valueOf(notAfter.getTime()) : null;
        return entityCertificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> getDnsNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return arrayList;
        }
        for (List<?> list : subjectAlternativeNames) {
            try {
                if (list.get(0).equals(2)) {
                    arrayList.add((String) list.get(1));
                } else if (list.get(0).equals(7)) {
                    if (list.get(1) instanceof String) {
                        arrayList.add((String) list.get(1));
                    } else {
                        Object obj = list.get(1);
                        StringBuilder sb = new StringBuilder();
                        sb.append("GeneralName.iPAddress type=");
                        sb.append(obj == null ? null : obj.getClass());
                        Log.e(sb.toString());
                    }
                }
            } catch (Throwable th) {
                Log.e(th);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> getEmailAddresses(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list.get(0).equals(1)) {
                        arrayList.add((String) list.get(1));
                    } else if (list.get(0).equals(0) && (list.get(1) instanceof byte[])) {
                        try {
                            String string = ASN1UTF8String.getInstance(((DLTaggedObject) ((DLSequence) ((DLTaggedObject) new ASN1InputStream((byte[]) list.get(1)).readObject()).getBaseObject()).getObjectAt(1)).getBaseObject()).getString();
                            if (Helper.EMAIL_ADDRESS.matcher(string).matches()) {
                                arrayList.add(string);
                            }
                        } catch (Throwable th) {
                            Log.w(th);
                        }
                    } else {
                        Log.i("Alt type=" + list.get(0) + " data=" + list.get(1));
                    }
                }
            }
        } catch (CertificateParsingException e5) {
            Log.e(e5);
        }
        try {
            X500Name subject = new JcaX509CertificateHolder(x509Certificate).getSubject();
            if (subject != null) {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(Arrays.asList(subject.getRDNs(BCStyle.CN)));
                arrayList2.addAll(Arrays.asList(subject.getRDNs(BCStyle.EmailAddress)));
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    for (AttributeTypeAndValue attributeTypeAndValue : ((RDN) it.next()).getTypesAndValues()) {
                        ASN1Encodable value = attributeTypeAndValue.getValue();
                        if (value != null) {
                            String lowerCase = value.toString().toLowerCase(Locale.ROOT);
                            if (!arrayList.contains(lowerCase) && Helper.EMAIL_ADDRESS.matcher(lowerCase).matches()) {
                                arrayList.add(lowerCase);
                            }
                        }
                    }
                }
            }
        } catch (Throwable th2) {
            Log.e(th2);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getFingerprintSha1(X509Certificate x509Certificate) {
        return Helper.sha1(x509Certificate.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getFingerprintSha256(X509Certificate x509Certificate) {
        return Helper.sha256(x509Certificate.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyFingerprint(X509Certificate x509Certificate) {
        String str;
        if (x509Certificate == null) {
            return null;
        }
        try {
            String keyId = getKeyId(x509Certificate);
            String fingerprintSha1 = getFingerprintSha1(x509Certificate);
            StringBuilder sb = new StringBuilder();
            sb.append(fingerprintSha1);
            if (keyId == null) {
                str = "";
            } else {
                str = "/" + keyId;
            }
            sb.append(str);
            return sb.toString();
        } catch (Throwable th) {
            Log.e(th);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyId(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return Helper.hex(SubjectKeyIdentifier.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets()).getKeyIdentifier());
        } catch (Throwable th) {
            Log.e(th);
            return null;
        }
    }

    static String getSubject(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal().getName("RFC2253");
    }

    private static boolean matches(String str, String str2) {
        int indexOf;
        if (!str2.startsWith("*.")) {
            return str.equalsIgnoreCase(str2);
        }
        String substring = str2.substring(2);
        if (TextUtils.isEmpty(substring) || (indexOf = str.indexOf(".")) < 0) {
            return false;
        }
        String substring2 = str.substring(indexOf + 1);
        if (TextUtils.isEmpty(substring2)) {
            return false;
        }
        return substring.equalsIgnoreCase(substring2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean matches(String str, List<String> list) {
        for (String str2 : list) {
            if (matches(str, str2)) {
                Log.i("Trusted server=" + str + " name=" + str2);
                return true;
            }
        }
        return false;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof EntityCertificate)) {
            return false;
        }
        EntityCertificate entityCertificate = (EntityCertificate) obj;
        return this.fingerprint.equals(entityCertificate.fingerprint) && this.intermediate == entityCertificate.intermediate && Objects.equals(this.email, entityCertificate.email) && Objects.equals(this.subject, entityCertificate.subject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getCertificate() {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(this.data, 2)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPem() {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(getCertificate());
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSigAlgName() {
        try {
            return getCertificate().getSigAlgName();
        } catch (Throwable unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isExpired() {
        return isExpired(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isExpired(Date date) {
        Long l5;
        if (date == null) {
            date = new Date();
        }
        long time = date.getTime();
        Long l6 = this.after;
        return (l6 != null && time <= l6.longValue()) || ((l5 = this.before) != null && time > l5.longValue());
    }

    public JSONObject toJSON() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("id", this.id);
        jSONObject.put("intermediate", this.intermediate);
        jSONObject.put(AuthorizationRequest.Scope.EMAIL, this.email);
        jSONObject.put("data", this.data);
        return jSONObject;
    }
}
