package org.jetbrains.zip.signer.signer;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.math.BigInteger;
import java.net.URI;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Triple;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.io.FilesKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Charsets;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CertificateUtils.kt */
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��R\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J&\u0010\u0005\u001a\u0004\u0018\u00010\u00062\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\n0\bH\u0007J\u000e\u0010\u000b\u001a\u00020\u00062\u0006\u0010\f\u001a\u00020\rJ\u0016\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000f0\b2\u0006\u0010\u0010\u001a\u00020\u0006H\u0007J\u001c\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\n0\b2\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00060\bH\u0007J \u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0010\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00062\u0006\u0010\u0015\u001a\u00020\nH\u0002J\u0018\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0017\u001a\u00020\n2\u0006\u0010\u0014\u001a\u00020\u0006H\u0002J\u0014\u0010\u0018\u001a\u00020\u00132\f\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\u00190\bJ\u0016\u0010\u001a\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\u0006\u0010\u0010\u001a\u00020\u001bH\u0007J\u0016\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00060\b2\u0006\u0010\u001d\u001a\u00020\u001eH\u0007J\u0014\u0010\u001f\u001a\u00020\u0013*\u00020\u00192\u0006\u0010 \u001a\u00020\u0019H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006!"}, d2 = {"Lorg/jetbrains/zip/signer/signer/CertificateUtils;", "", "()V", "farAwayDate", "Ljava/util/Date;", "findRevokedCertificate", "Ljava/security/cert/X509Certificate;", "certs", "", "revocationLists", "Ljava/security/cert/X509CRL;", "generateDummyCertificate", "keyPair", "Lorg/bouncycastle/openssl/PEMKeyPair;", "getCrlUris", "Ljava/net/URI;", "certificate", "getRevocationLists", "isCertificateRevoked", "", "certificateAuthority", "revocationList", "isCrlValid", "certificateRevocationList", "isValidCertificateChain", "Ljava/security/cert/Certificate;", "loadCertificates", "", "loadCertificatesFromFile", "file", "Ljava/io/File;", "isSignedBy", "other", "lib"})
@SourceDebugExtension({"SMAP\nCertificateUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 CertificateUtils.kt\norg/jetbrains/zip/signer/signer/CertificateUtils\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 _Arrays.kt\nkotlin/collections/ArraysKt___ArraysKt\n+ 4 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,209:1\n1549#2:210\n1620#2,3:211\n1726#2,3:214\n1549#2:217\n1620#2,3:218\n3433#2,7:225\n13309#3:221\n13309#3,2:222\n13310#3:224\n1#4:232\n*S KotlinDebug\n*F\n+ 1 CertificateUtils.kt\norg/jetbrains/zip/signer/signer/CertificateUtils\n*L\n56#1:210\n56#1:211,3\n88#1:214,3\n105#1:217\n105#1:218,3\n166#1:225,7\n130#1:221\n134#1:222,2\n130#1:224\n*E\n"})
/* loaded from: input_file:org/jetbrains/zip/signer/signer/CertificateUtils.class */
public final class CertificateUtils {

    @NotNull
    public static final CertificateUtils INSTANCE = new CertificateUtils();

    @NotNull
    private static final Date farAwayDate;

    private CertificateUtils() {
    }

    @JvmStatic
    @NotNull
    public static final List<X509Certificate> loadCertificatesFromFile(@NotNull File file) throws CertificateException {
        Intrinsics.checkNotNullParameter(file, "file");
        CertificateUtils certificateUtils = INSTANCE;
        return loadCertificates(FilesKt.readText$default(file, null, 1, null));
    }

    @JvmStatic
    @NotNull
    public static final List<X509Certificate> loadCertificates(@NotNull String certificate) throws CertificateException {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        byte[] bytes = certificate.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "getBytes(...)");
        Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(bytes));
        Intrinsics.checkNotNullExpressionValue(generateCertificates, "generateCertificates(...)");
        Collection<? extends Certificate> collection = generateCertificates;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(collection, 10));
        for (Certificate certificate2 : collection) {
            Intrinsics.checkNotNull(certificate2, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            arrayList.add((X509Certificate) certificate2);
        }
        return arrayList;
    }

    @NotNull
    public final X509Certificate generateDummyCertificate(@NotNull PEMKeyPair keyPair) {
        ContentSigner build;
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        X500Name x500Name = new X500Name("CN=Dummy Certificate");
        Date from = Date.from(Instant.now().minus((TemporalAmount) Duration.ofDays(1L)));
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivateKeyInfo());
        if (createKey instanceof RSAPrivateCrtKeyParameters) {
            build = new BcRSAContentSignerBuilder(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(createKey);
        } else {
            if (!(createKey instanceof DSAPrivateKeyParameters)) {
                throw new IllegalArgumentException("Unsupported key type: " + createKey.getClass().getSimpleName());
            }
            build = new BcDSAContentSignerBuilder(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256)).build(createKey);
        }
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), from, farAwayDate, x500Name, keyPair.getPublicKeyInfo()).build(build));
        Intrinsics.checkNotNullExpressionValue(certificate, "getCertificate(...)");
        return certificate;
    }

    public final boolean isValidCertificateChain(@NotNull List<? extends Certificate> certs) {
        Intrinsics.checkNotNullParameter(certs, "certs");
        List<Pair> zipWithNext = CollectionsKt.zipWithNext(certs);
        if ((zipWithNext instanceof Collection) && zipWithNext.isEmpty()) {
            return true;
        }
        for (Pair pair : zipWithNext) {
            if (!INSTANCE.isSignedBy((Certificate) pair.getFirst(), (Certificate) pair.getSecond())) {
                return false;
            }
        }
        return true;
    }

    @JvmStatic
    @NotNull
    public static final List<X509CRL> getRevocationLists(@NotNull List<? extends X509Certificate> certs) {
        Intrinsics.checkNotNullParameter(certs, "certs");
        List<? extends X509Certificate> subList = certs.subList(0, certs.size() - 1);
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(subList, 10));
        Iterator<T> it = subList.iterator();
        while (it.hasNext()) {
            List<URI> crlUris = getCrlUris((X509Certificate) it.next());
            if (crlUris.isEmpty()) {
                throw new IllegalArgumentException("CRL not found for certificate");
            }
            if (crlUris.size() > 1) {
                throw new IllegalArgumentException("Multiple CRL URI found in certificate");
            }
            CRL generateCRL = CertificateFactory.getInstance("X.509").generateCRL(((URI) CollectionsKt.first((List) crlUris)).toURL().openConnection().getInputStream());
            Intrinsics.checkNotNull(generateCRL, "null cannot be cast to non-null type java.security.cert.X509CRL");
            arrayList.add((X509CRL) generateCRL);
        }
        return arrayList;
    }

    @JvmStatic
    @NotNull
    public static final List<URI> getCrlUris(@NotNull X509Certificate certificate) {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(certificate.getExtensionValue(Extension.cRLDistributionPoints.getId())));
        Throwable th = null;
        try {
            try {
                ASN1Primitive readObject = aSN1InputStream.readObject();
                Intrinsics.checkNotNull(readObject, "null cannot be cast to non-null type org.bouncycastle.asn1.DEROctetString");
                DEROctetString dEROctetString = (DEROctetString) readObject;
                CloseableKt.closeFinally(aSN1InputStream, null);
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(dEROctetString.getOctets()));
                Throwable th2 = null;
            } finally {
            }
            try {
                try {
                    CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(aSN1InputStream.readObject());
                    CloseableKt.closeFinally(aSN1InputStream, null);
                    ArrayList arrayList = new ArrayList();
                    DistributionPoint[] distributionPoints = cRLDistPoint.getDistributionPoints();
                    Intrinsics.checkNotNullExpressionValue(distributionPoints, "getDistributionPoints(...)");
                    for (DistributionPoint distributionPoint : distributionPoints) {
                        DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                        if (distributionPoint2.getType() == 0) {
                            GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                            Intrinsics.checkNotNull(names);
                            for (GeneralName generalName : names) {
                                if (generalName.getTagNo() == 6) {
                                    arrayList.add(new URI(ASN1IA5String.getInstance(generalName.getName()).getString()));
                                }
                            }
                        }
                    }
                    return arrayList;
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @JvmStatic
    @Nullable
    public static final X509Certificate findRevokedCertificate(@NotNull List<? extends X509Certificate> certs, @NotNull List<? extends X509CRL> revocationLists) {
        Object obj;
        Intrinsics.checkNotNullParameter(certs, "certs");
        Intrinsics.checkNotNullParameter(revocationLists, "revocationLists");
        if (revocationLists.size() != certs.size() - 1) {
            throw new IllegalArgumentException("Number of revocation lists should be one less than the number of certificates");
        }
        List zipWithNext = CollectionsKt.zipWithNext(certs);
        Iterator it = zipWithNext.iterator();
        Iterator<T> it2 = revocationLists.iterator();
        ArrayList arrayList = new ArrayList(Math.min(CollectionsKt.collectionSizeOrDefault(zipWithNext, 10), CollectionsKt.collectionSizeOrDefault(revocationLists, 10)));
        while (it.hasNext() && it2.hasNext()) {
            Object next = it.next();
            Pair pair = (Pair) next;
            arrayList.add(new Triple(pair.getFirst(), pair.getSecond(), (X509CRL) it2.next()));
        }
        Iterator it3 = CollectionsKt.reversed(arrayList).iterator();
        while (true) {
            if (!it3.hasNext()) {
                obj = null;
                break;
            }
            Object next2 = it3.next();
            Triple triple = (Triple) next2;
            if (INSTANCE.isCertificateRevoked((X509Certificate) triple.component1(), (X509Certificate) triple.component2(), (X509CRL) triple.component3())) {
                obj = next2;
                break;
            }
        }
        Triple triple2 = (Triple) obj;
        if (triple2 != null) {
            return (X509Certificate) triple2.getFirst();
        }
        return null;
    }

    private final boolean isCertificateRevoked(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509CRL x509crl) {
        if (isCrlValid(x509crl, x509Certificate2)) {
            return x509crl.getRevokedCertificate(x509Certificate) != null;
        }
        throw new IllegalArgumentException("Invalid CRL provided");
    }

    private final boolean isCrlValid(X509CRL x509crl, X509Certificate x509Certificate) {
        boolean z;
        if (!Intrinsics.areEqual(x509crl.getIssuerDN(), x509Certificate.getSubjectDN())) {
            return false;
        }
        try {
            x509crl.verify(x509Certificate.getPublicKey());
            z = true;
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    private final boolean isSignedBy(Certificate certificate, Certificate certificate2) {
        boolean z;
        try {
            certificate.verify(certificate2.getPublicKey());
            z = true;
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    static {
        Date from = Date.from(LocalDate.of(9999, 12, 31).atStartOfDay().toInstant(ZoneOffset.UTC));
        Intrinsics.checkNotNullExpressionValue(from, "from(...)");
        farAwayDate = from;
    }
}
