package io.intino.alexandria.http.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:io/intino/alexandria/http/security/CertificateVerifier.class */
public class CertificateVerifier {

    /* loaded from: input_file:io/intino/alexandria/http/security/CertificateVerifier$TYPE_PKCS.class */
    public enum TYPE_PKCS {
        PKCS7,
        PKCS12
    }

    public static String getOriginalContentFromSignature(byte[] bArr) throws Exception {
        return new String((byte[]) new CMSSignedData(bArr).getSignedContent().getContent());
    }

    public static boolean checkRootCertificate(byte[] bArr, File file, TYPE_PKCS type_pkcs, String str) {
        KeyStore keyStore;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            byte[] storeBytes = storeBytes(file);
            Enumeration objects = SignedData.getInstance(ContentInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject()).getContent()).getCertificates().getObjects();
            ArrayList arrayList = new ArrayList();
            while (objects.hasMoreElements()) {
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(((DERObject) objects.nextElement()).getDEREncoded())));
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
            if (type_pkcs == TYPE_PKCS.PKCS7) {
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(new ByteArrayInputStream(storeBytes));
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                Iterator<? extends Certificate> it = generateCertificates.iterator();
                while (it.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it.next();
                    keyStore.setCertificateEntry(x509Certificate.getSerialNumber().toString(36), x509Certificate);
                }
            } else {
                keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(new ByteArrayInputStream(storeBytes), null);
            }
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public KeyPair create() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public void save(Key key, File file) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(key.getEncoded());
            fileOutputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public void store(KeyPair keyPair) throws NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] encoded = keyPair.getPrivate().getEncoded();
        byte[] encoded2 = keyPair.getPublic().getEncoded();
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encoded));
        keyFactory.generatePublic(new X509EncodedKeySpec(encoded2));
    }

    private static byte[] storeBytes(File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            byte[] readAllBytes = fileInputStream.readAllBytes();
            fileInputStream.close();
            return readAllBytes;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
