package qz.auth;

import com.estontorise.simplersa.RSAKeyImpl;
import com.estontorise.simplersa.RSAToolFactory;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.logging.Logger;
import javax.security.cert.CertificateParsingException;
import org.apache.commons.ssl.X509CertificateChainBuilder;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PrincipalUtil;
import qz.common.Base64;
import qz.common.Constants;
import qz.common.LogIt;
import qz.common.TrayManager;
import qz.utils.ByteUtilities;
import qz.utils.FileUtilities;

/* loaded from: input_file:qz/auth/Certificate.class */
public class Certificate {
    public static Certificate trustedRootCert;
    private static final Logger log = Logger.getLogger(TrayManager.class.getName());
    private static boolean overrideTrustedRootCert;
    X509Certificate theCertificate;
    X509Certificate theIntermediateCertificate;
    private String fingerprint;
    private String commonName;
    private String organization;
    private Date validFrom;
    private Date validTo;
    private boolean valid;
    private static SimpleDateFormat dateFormat;
    public static final String[] saveFields;

    public Certificate(String str) throws CertificateParsingException {
        this.valid = false;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            String[] split = str.split(X509Constants.INTERMEDIATE_CERT);
            this.theCertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(split[0].replaceAll(X509Constants.BEGIN_CERT, "").replaceAll(X509Constants.END_CERT, ""))));
            if (split.length == 2) {
                this.theIntermediateCertificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(split[1].replaceAll(X509Constants.BEGIN_CERT, "").replaceAll(X509Constants.END_CERT, ""))));
            } else {
                this.theIntermediateCertificate = null;
            }
            this.commonName = String.valueOf(PrincipalUtil.getSubjectX509Principal(this.theCertificate).getValues(X509Name.CN).get(0));
            this.fingerprint = makeThumbPrint(this.theCertificate);
            this.organization = String.valueOf(PrincipalUtil.getSubjectX509Principal(this.theCertificate).getValues(X509Name.O).get(0));
            this.validFrom = this.theCertificate.getNotBefore();
            this.validTo = this.theCertificate.getNotAfter();
            if (trustedRootCert != null) {
                HashSet hashSet = new HashSet();
                try {
                    hashSet.add(trustedRootCert.theCertificate);
                    if (this.theIntermediateCertificate != null) {
                        hashSet.add(this.theIntermediateCertificate);
                    }
                    for (X509Certificate x509Certificate : X509CertificateChainBuilder.buildPath(this.theCertificate, hashSet)) {
                        if (x509Certificate.equals(trustedRootCert.theCertificate)) {
                            Date date = new Date();
                            this.valid = getValidFromDate().compareTo(date) <= 0 && getValidToDate().compareTo(date) > 0;
                        }
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            if (trustedRootCert != null && !overrideTrustedRootCert) {
                CRL crl = CRL.getInstance();
                if (!crl.isLoaded()) {
                    log.warning("Failed to retrieve QZ CRL, skipping CRL check");
                } else if (crl.isRevoked(getFingerprint()) || this.theIntermediateCertificate == null || crl.isRevoked(makeThumbPrint(this.theIntermediateCertificate))) {
                    log.warning("Problem verifying certificate with CRL");
                    this.valid = false;
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            CertificateParsingException certificateParsingException = new CertificateParsingException();
            certificateParsingException.initCause(e2);
            throw certificateParsingException;
        }
    }

    private Certificate() {
        this.valid = false;
    }

    public static Certificate loadCertificate(HashMap<String, String> hashMap) {
        Certificate certificate = new Certificate();
        certificate.fingerprint = hashMap.get("fingerprint");
        certificate.commonName = hashMap.get("commonName");
        certificate.organization = hashMap.get("organization");
        try {
            certificate.validFrom = dateFormat.parse(hashMap.get("validFrom"));
            certificate.validTo = dateFormat.parse(hashMap.get("validTo"));
        } catch (ParseException e) {
            certificate.validFrom = new Date(0L);
            certificate.validTo = new Date(0L);
            LogIt.log(e);
        }
        certificate.valid = Boolean.parseBoolean(hashMap.get("valid"));
        return certificate;
    }

    public boolean isSignatureValid(String str, String str2) {
        if (str.length() == 0) {
            return false;
        }
        try {
            return RSAToolFactory.getRSATool().verifyWithKey(str2.getBytes(), Base64.decode(str), new RSAKeyImpl(this.theCertificate.getPublicKey()));
        } catch (Exception e) {
            log.warning(e.getMessage());
            return false;
        }
    }

    public boolean isSaved() {
        String readLine;
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(FileUtilities.getFile(Constants.ALLOW_FILE)));
                do {
                    readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        if (bufferedReader == null) {
                            return false;
                        }
                        try {
                            bufferedReader.close();
                            return false;
                        } catch (Exception e) {
                            return false;
                        }
                    }
                } while (!readLine.substring(0, readLine.indexOf("\t")).equals(getFingerprint()));
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e3) {
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            e4.printStackTrace();
            if (bufferedReader == null) {
                return false;
            }
            try {
                bufferedReader.close();
                return false;
            } catch (Exception e5) {
                return false;
            }
        }
    }

    public boolean isBlocked() {
        String readLine;
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(FileUtilities.getFile(Constants.BLOCK_FILE)));
                do {
                    readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        if (bufferedReader == null) {
                            return false;
                        }
                        try {
                            bufferedReader.close();
                            return false;
                        } catch (Exception e) {
                            return false;
                        }
                    }
                } while (!readLine.substring(0, readLine.indexOf("\t")).equals(getFingerprint()));
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e3) {
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            e4.printStackTrace();
            if (bufferedReader == null) {
                return false;
            }
            try {
                bufferedReader.close();
                return false;
            } catch (Exception e5) {
                return false;
            }
        }
    }

    public String getFingerprint() {
        return this.fingerprint;
    }

    public String getCommonName() {
        return this.commonName;
    }

    public String getOrganization() {
        return this.organization;
    }

    public String getValidFrom() {
        return dateFormat.format(this.validFrom);
    }

    public String getValidTo() {
        return dateFormat.format(this.validTo);
    }

    public Date getValidFromDate() {
        return this.validFrom;
    }

    public Date getValidToDate() {
        return this.validTo;
    }

    public boolean isTrusted() {
        return this.valid;
    }

    public static String makeThumbPrint(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(x509Certificate.getEncoded());
        return ByteUtilities.bytesToHex(messageDigest.digest(), false);
    }

    public String data() {
        return getFingerprint() + "\t" + getCommonName() + "\t" + getOrganization() + "\t" + getValidFrom() + "\t" + getValidTo() + "\t" + isTrusted();
    }

    public static Logger getLogger() {
        return log;
    }

    public String toString() {
        return getOrganization() + " (" + getCommonName() + ")";
    }

    public boolean equals(Object obj) {
        return obj instanceof Certificate ? ((Certificate) obj).data().equals(data()) : super.equals(obj);
    }

    static {
        trustedRootCert = null;
        overrideTrustedRootCert = false;
        try {
            String property = System.getProperty("trustedRootCert");
            if (property != null) {
                try {
                    trustedRootCert = new Certificate(FileUtilities.readLocalFile(property));
                    overrideTrustedRootCert = true;
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            if (trustedRootCert == null) {
                trustedRootCert = new Certificate("-----BEGIN CERTIFICATE-----\nMIIELzCCAxegAwIBAgIJALm151zCHDxiMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCTlkxEjAQBgNVBAcMCUNhbmFzdG90YTEbMBkGA1UE\nCgwSUVogSW5kdXN0cmllcywgTExDMRswGQYDVQQLDBJRWiBJbmR1c3RyaWVzLCBM\nTEMxGTAXBgNVBAMMEHF6aW5kdXN0cmllcy5jb20xJzAlBgkqhkiG9w0BCQEWGHN1\ncHBvcnRAcXppbmR1c3RyaWVzLmNvbTAgFw0xNTAzMDEyMzM4MjlaGA8yMTE1MDMw\nMjIzMzgyOVowgawxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTESMBAGA1UEBwwJ\nQ2FuYXN0b3RhMRswGQYDVQQKDBJRWiBJbmR1c3RyaWVzLCBMTEMxGzAZBgNVBAsM\nElFaIEluZHVzdHJpZXMsIExMQzEZMBcGA1UEAwwQcXppbmR1c3RyaWVzLmNvbTEn\nMCUGCSqGSIb3DQEJARYYc3VwcG9ydEBxemluZHVzdHJpZXMuY29tMIIBIjANBgkq\nhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWsBa6uk+RM4OKBZTRfIIyqaaFD71FAS\n7kojAQ+ySMpYuqLjIVZuCh92o1FGBvyBKUFc6knAHw5749yhLCYLXhzWwiNW2ri1\nJwx/d83Wnaw6qA3lt++u3tmiA8tsFtss0QZW0YBpFsIqhamvB3ypwu0bdUV/oH7g\n/s8TFR5LrDfnfxlLFYhTUVWuWzMqEFAGnFG3uw/QMWZnQgkGbx0LMcYzdqFb7/vz\nrTSHfjJsisUTWPjo7SBnAtNYCYaGj0YH5RFUdabnvoTdV2XpA5IPYa9Q597g/M0z\nicAjuaK614nKXDaAUCbjki8RL3OK9KY920zNFboq/jKG6rKW2t51ZQIDAQABo1Aw\nTjAdBgNVHQ4EFgQUA0XGTcD6jqkL2oMPQaVtEgZDqV4wHwYDVR0jBBgwFoAUA0XG\nTcD6jqkL2oMPQaVtEgZDqV4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\nAQEAijcT5QMVqrWWqpNEe1DidzQfSnKo17ZogHW+BfUbxv65JbDIntnk1XgtLTKB\nVAdIWUtGZbXxrp16NEsh96V2hjDIoiAaEpW+Cp6AHhIVgVh7Q9Knq9xZ1t6H8PL5\nQiYQKQgJ0HapdCxlPKBfUm/Mj1ppNl9mPFJwgHmzORexbxrzU/M5i2jlies+CXNq\ncvmF2l33QNHnLwpFGwYKs08pyHwUPp6+bfci6lRvavztgvnKroWWIRq9ZPlC0yVK\nFFemhbCd7ZVbrTo0NcWZM1PTAbvlOikV9eh3i1Vot+3dJ8F27KwUTtnV0B9Jrxum\nW9P3C48mvwTxYZJFOu0N9UBLLg==\n-----END CERTIFICATE-----");
                CRL.getInstance();
            }
            trustedRootCert.valid = true;
            log.info("Using trusted root certificate: CN=" + trustedRootCert.getCommonName() + ", O=" + trustedRootCert.getOrganization() + " (" + trustedRootCert.getFingerprint() + ")");
        } catch (CertificateParsingException e2) {
            e2.printStackTrace();
        }
        dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        saveFields = new String[]{"fingerprint", "commonName", "organization", "validFrom", "validTo", "valid"};
    }
}
