package utils.init;

import java.io.CharArrayWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringReader;
import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import resources.Consts;
import resources.Im;
import sun.security.x509.X500Name;
import utils.Base64Coder;
import utils.CdecLogger;
import view.Utils;
import view.userMsg.Msg;

/* loaded from: input_file:utils/init/CertValidator.class */
public final class CertValidator {
    public static final String AES_CERT = "docrypt.aes";
    private static CertValidator certValidator;
    private final X509Certificate dcSignerCert;
    private final X509Certificate unUsed_CodeSignerCert;
    private final X509Certificate caSignerCert;
    private final X509Certificate caSubCert;
    private final X509Certificate caCert;
    private final X509Certificate X509_CLIENT;
    private final CertPathValidatorResult CPV_RESULT;
    private static boolean certValidatorCtorTried = false;
    private static final Logger log = CdecLogger.getLogger(CertValidator.class);

    public static final CertPathValidatorResult getCPVR() {
        if (System.getProperty("cpvr", "").length() > 0) {
            return null;
        }
        if (certValidator == null) {
            if (certValidatorCtorTried) {
                return null;
            }
            try {
                certValidator = new CertValidator();
            } catch (IOException e) {
                log.severe(e.getMessage());
                return null;
            } catch (GeneralSecurityException e2) {
                log.severe(e2.getMessage());
                return null;
            }
        }
        return certValidator.CPV_RESULT;
    }

    public static final X509Certificate getCA() {
        if (certValidator == null) {
            return null;
        }
        return certValidator.caCert;
    }

    public static final String[] getUserEmailCostSNExpire() {
        if (certValidator == null || certValidator.CPV_RESULT == null) {
            return null;
        }
        return getCertAttrib(certValidator.X509_CLIENT);
    }

    private static final String[] getCertAttrib(X509Certificate x509Certificate) {
        String[] certAttrib = getCertAttrib(x509Certificate.getSubjectX500Principal());
        String[] split = x509Certificate.getNotAfter().toString().split(" ");
        String str = String.valueOf(split[1]) + " " + split[2] + " " + split[split.length - 1];
        String[] strArr = new String[5];
        System.arraycopy(certAttrib, 0, strArr, 0, certAttrib.length);
        strArr[3] = x509Certificate.getSerialNumber().toString();
        strArr[4] = str;
        return strArr;
    }

    private static final String[] getCertAttrib(X500Principal x500Principal) {
        String[] strArr = new String[3];
        String name = x500Principal.getName();
        Properties properties = new Properties();
        try {
            properties.load(new StringReader(name.replaceAll(",", "\n")));
            strArr[0] = properties.getProperty("CN");
            strArr[1] = properties.getProperty("STREET");
            strArr[2] = properties.getProperty("L");
            return strArr;
        } catch (IOException e) {
            Msg.error("Can't get key information", "Key Parse Error");
            return null;
        }
    }

    private static String getCN(X500Principal x500Principal) {
        return getCertAttrib(x500Principal)[0];
    }

    public static final long getX509ClientSerNum() {
        if (certValidator == null || certValidator.X509_CLIENT == null) {
            return 0L;
        }
        return certValidator.X509_CLIENT.getSerialNumber().longValue();
    }

    private CertValidator() throws IOException, GeneralSecurityException {
        certValidatorCtorTried = true;
        X509Certificate clientX509 = getClientX509();
        this.X509_CLIENT = clientX509;
        if (clientX509 == null) {
            throw new FileNotFoundException("No Client Key");
        }
        this.dcSignerCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(Im.class.getResourceAsStream("/resources/keystores/dcSigner.cer"));
        Certificate[] certificates = JarReader.class.getProtectionDomain().getCodeSource().getCertificates();
        for (Certificate certificate : certificates) {
            ((X509Certificate) certificate).checkValidity();
        }
        this.unUsed_CodeSignerCert = (X509Certificate) certificates[0];
        this.caSignerCert = (X509Certificate) certificates[1];
        this.caSubCert = (X509Certificate) certificates[2];
        this.caCert = (X509Certificate) certificates[3];
        this.CPV_RESULT = validateChain(this.X509_CLIENT);
    }

    private static final X509Certificate getClientX509() {
        String replaceAll = JarReader.getJarReader().getJarFile().getName().replaceAll("\\\\", "/");
        String substring = replaceAll.substring(0, replaceAll.lastIndexOf(47));
        log.fine("jarDir: " + substring);
        File file = new File(substring, new File(substring, AES_CERT).exists() ? AES_CERT : "NoKeyFile Error - xxx");
        Throwable th = null;
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return x509Certificate;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (FileNotFoundException e) {
            Msg.info(Utils.DesMsg, "Using Free Version");
            return null;
        } catch (IOException e2) {
            Msg.info("Couldn't close client certificate file." + Consts.NL + Consts.NL + "Should be ok.", "Should be OK");
            return null;
        } catch (CertificateException e3) {
            Msg.info("Can't get valid DoCrypt Key from: " + file.getAbsolutePath(), "Using Free Version");
            return null;
        }
    }

    private final CertPathValidatorResult validateChain(Certificate certificate) throws GeneralSecurityException, IOException {
        List<? extends Certificate> asList = Arrays.asList(certificate, this.dcSignerCert, this.caSignerCert, this.caSubCert);
        StringBuilder sb = new StringBuilder();
        sb.append("Begin validate DoCrypt AES enable key:\n");
        for (Certificate certificate2 : asList) {
            sb.append(String.valueOf(getCN(((X509Certificate) certificate2).getSubjectX500Principal())) + " isssued by: " + getCN(((X509Certificate) certificate2).getIssuerX500Principal()) + "\n");
        }
        log.info(String.valueOf(sb.toString()) + "\nLearn more about 'Certificate Chaining' in chapter 16");
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(asList);
        log.finest("CertPath built");
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(this.dcSignerCert, this.caSignerCert, this.caSubCert)));
        log.finest("CertStore built");
        Set singleton = Collections.singleton(new TrustAnchor(this.caCert, null));
        char[] encode = Base64Coder.encode(this.caCert.getPublicKey().getEncoded());
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        for (int i = 0; i < encode.length; i++) {
            charArrayWriter.append(encode[i]);
            if (i != 0 && i % 64 == 0) {
                charArrayWriter.append((CharSequence) "\n");
            }
        }
        log.finest(" with public key\n" + new String(charArrayWriter.toString()));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setRevocationEnabled(false);
        try {
            CertPathValidatorResult validate = certPathValidator.validate(generateCertPath, pKIXParameters);
            log.info("Your DoCrypt AES enable key " + X500Name.asX500Name(this.X509_CLIENT.getSubjectX500Principal()).getCommonName() + " is validated (signed) by " + X500Name.asX500Name(this.dcSignerCert.getSubjectX500Principal()).getCommonName() + "\n\n\t(* * see Personal Info for more and DoCrypt.com * *\n\n\t(* * more Certificate Chaining' in chapter 16   * *)");
            return validate;
        } catch (CertPathValidatorException e) {
            String cn = getCN(((X509Certificate) certificate).getSubjectX500Principal());
            log.severe("Couldn't validate cert " + getCN(((X509Certificate) asList.get(e.getIndex())).getSubjectX500Principal()) + " with error: " + e.getMessage());
            Msg.info(String.valueOf(Consts.NL) + "The Docrypt Key registered to " + cn + " is not a valid docrypt key." + Consts.NL + Consts.NL + "Only DES is available with free version", "Using Free Version");
            return null;
        }
    }
}
