package net.stuff.servoy.signing.utils;

import java.io.File;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:net/stuff/servoy/signing/utils/CertificateVerifier.class */
public class CertificateVerifier {
    public static CertificateVerificationResult verifyCertificate(X509Certificate x509Certificate, Set<X509Certificate> set) {
        try {
            if (isSelfSigned(x509Certificate)) {
                throw new CertificateVerificationException("The certificate is self-signed.");
            }
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            for (X509Certificate x509Certificate2 : set) {
                if (isSelfSigned(x509Certificate2)) {
                    hashSet.add(x509Certificate2);
                } else {
                    hashSet2.add(x509Certificate2);
                }
            }
            return new CertificateVerificationResult(verifyCertificate(x509Certificate, hashSet, hashSet2));
        } catch (CertPathBuilderException e) {
            return new CertificateVerificationResult(new CertificateVerificationException("Error building certification path: " + x509Certificate.getSubjectX500Principal(), e));
        } catch (CertificateVerificationException e2) {
            return new CertificateVerificationResult(e2);
        } catch (Exception e3) {
            return new CertificateVerificationResult(new CertificateVerificationException("Error verifying the certificate: " + x509Certificate.getSubjectX500Principal(), e3));
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }

    private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate x509Certificate, Set<X509Certificate> set, Set<X509Certificate> set2) throws GeneralSecurityException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next(), null));
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(set2)));
        return (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
    }

    private static Set<X509Certificate> getTrustedRoots() throws Exception {
        FileInputStream fileInputStream = new FileInputStream(String.valueOf(System.getProperty("java.home")) + "/lib/security/cacerts");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(fileInputStream, "changeit".toCharArray());
        PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
        HashSet hashSet = new HashSet();
        Iterator<TrustAnchor> it = pKIXParameters.getTrustAnchors().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getTrustedCert());
        }
        return hashSet;
    }

    public static List<X509Certificate> verifyChain(File file, String str, String str2) throws Throwable {
        Set<X509Certificate> trustedRoots = getTrustedRoots();
        Map<String, X509Certificate> readKeyStoreCertificates = CertUtils.readKeyStoreCertificates(file.getAbsolutePath(), str);
        if (readKeyStoreCertificates == null || readKeyStoreCertificates.size() <= 0) {
            return null;
        }
        X509Certificate x509Certificate = readKeyStoreCertificates.get(str2);
        if (readKeyStoreCertificates.size() > 1) {
            for (String str3 : readKeyStoreCertificates.keySet()) {
                if (!str2.equalsIgnoreCase(str3)) {
                    trustedRoots.add(readKeyStoreCertificates.get(str3));
                }
            }
        }
        CertificateVerificationResult verifyCertificate = verifyCertificate(x509Certificate, trustedRoots);
        if (!verifyCertificate.isValid()) {
            throw verifyCertificate.getException();
        }
        ArrayList arrayList = null;
        List<? extends Certificate> certificates = verifyCertificate.getResult().getCertPath().getCertificates();
        if (certificates.size() > 0) {
            arrayList = new ArrayList();
            for (int i = 0; i < certificates.size(); i++) {
                arrayList.add((X509Certificate) certificates.get(i));
            }
        }
        return arrayList;
    }

    public static void main(String[] strArr) throws Exception {
        Set<X509Certificate> trustedRoots = getTrustedRoots();
        Map<String, X509Certificate> readKeyStoreCertificates = CertUtils.readKeyStoreCertificates("keystore", "p64att06");
        if (readKeyStoreCertificates == null || readKeyStoreCertificates.size() <= 0) {
            return;
        }
        X509Certificate x509Certificate = readKeyStoreCertificates.get("servoy-stuff");
        if (readKeyStoreCertificates.size() > 1) {
            for (String str : readKeyStoreCertificates.keySet()) {
                if (!"servoy-stuff".equalsIgnoreCase(str)) {
                    trustedRoots.add(readKeyStoreCertificates.get(str));
                }
            }
        }
        CertificateVerificationResult verifyCertificate = verifyCertificate(x509Certificate, trustedRoots);
        if (!verifyCertificate.isValid()) {
            System.out.println(verifyCertificate.getException().toString());
            return;
        }
        Object obj = null;
        for (Object obj2 : verifyCertificate.getResult().getCertPath().getCertificates()) {
            System.out.println(((X509Certificate) obj2).getSubjectX500Principal());
            obj = obj2;
        }
        if (obj != null) {
            System.out.println(((X509Certificate) obj).getIssuerX500Principal());
        }
    }
}
