package hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util;

import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.SSLFactory$$ExternalSyntheticLambda1;
import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.SSLFactory$$ExternalSyntheticLambda4;
import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.SSLFactory$$ExternalSyntheticLambda5;
import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.exception.GenericCertificateException;
import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.exception.GenericIOException;
import hr.neoinfo.fd.rs.commons.nl.altindag.ssl.keymanager.CompositeX509ExtendedKeyManager$$ExternalSyntheticLambda2;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public final class CertificateUtils {
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String EMPTY = "";
    private static final String P7B_FOOTER = "-----END PKCS7-----";
    private static final String P7B_HEADER = "-----BEGIN PKCS7-----";
    private static final String PEM_FOOTER = "-----END CERTIFICATE-----";
    private static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----";
    private static final Pattern PEM_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----", 32);
    private static final Pattern P7B_PATTERN = Pattern.compile("-----BEGIN PKCS7-----(.*?)-----END PKCS7-----", 32);
    private static final Pattern CA_ISSUERS_AUTHORITY_INFO_ACCESS = Pattern.compile("(?s)^AuthorityInfoAccess\\h+\\[\\R\\s*\\[\\R.*?accessMethod:\\h+caIssuers\\R\\h*accessLocation: URIName:\\h+(https?://\\S+)", 8);
    private static SSLSocketFactory unsafeSslSocketFactory = null;

    private CertificateUtils() {
    }

    public static String convertToPem(Certificate certificate) {
        Stream of;
        try {
            of = Stream.of((Object[]) new String(Base64.getEncoder().encode(certificate.getEncoded())).split("(?<=\\G.{64})"));
            List list = (List) of.collect(Collectors.toCollection(new Supplier() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda9
                @Override // java.util.function.Supplier
                public final Object get() {
                    return new ArrayList();
                }
            }));
            list.add(0, PEM_HEADER);
            list.add(PEM_FOOTER);
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                list.add(0, String.format("issuer=%s", x509Certificate.getIssuerX500Principal().getName()));
                list.add(0, String.format("subject=%s", x509Certificate.getSubjectX500Principal().getName()));
            }
            return CertificateUtils$$ExternalSyntheticBackport0.m(System.lineSeparator(), list);
        } catch (CertificateEncodingException e) {
            throw new GenericCertificateException(e);
        }
    }

    public static List<String> convertToPem(List<Certificate> list) {
        return (List) list.stream().map(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda14
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return CertificateUtils.convertToPem((Certificate) obj);
            }
        }).collect(Collectors.collectingAndThen(Collectors.toList(), SSLFactory$$ExternalSyntheticLambda1.INSTANCE));
    }

    public static String generateAlias(Certificate certificate) {
        return certificate instanceof X509Certificate ? ((X509Certificate) certificate).getSubjectX500Principal().getName() : UUID.randomUUID().toString();
    }

    public static Map<String, List<Certificate>> getCertificate(List<String> list) {
        return (Map) list.stream().map(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda11
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return CertificateUtils.lambda$getCertificate$3((String) obj);
            }
        }).collect(Collectors.collectingAndThen(Collectors.toMap(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda15
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return (String) ((AbstractMap.SimpleEntry) obj).getKey();
            }
        }, new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda16
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return (List) ((AbstractMap.SimpleEntry) obj).getValue();
            }
        }), new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda5
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return Collections.unmodifiableMap((Map) obj);
            }
        }));
    }

    public static Map<String, List<Certificate>> getCertificate(String... strArr) {
        return getCertificate((List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<String>> getCertificateAsPem(List<String> list) {
        return Collections.unmodifiableMap((Map) getCertificate(list).entrySet().stream().collect(Collectors.toMap(CompositeX509ExtendedKeyManager$$ExternalSyntheticLambda2.INSTANCE, new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda4
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                List convertToPem;
                convertToPem = CertificateUtils.convertToPem((List<Certificate>) ((Map.Entry) obj).getValue());
                return convertToPem;
            }
        })));
    }

    public static Map<String, List<String>> getCertificateAsPem(String... strArr) {
        return getCertificateAsPem((List<String>) Arrays.asList(strArr));
    }

    private static List<Certificate> getCertificateFromExternalSource(String str) {
        Stream of;
        try {
            URL url = new URL(str);
            if (!"https".equalsIgnoreCase(url.getProtocol())) {
                return Collections.emptyList();
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            httpsURLConnection.setSSLSocketFactory(getUnsafeSslSocketFactory());
            httpsURLConnection.connect();
            List asList = Arrays.asList(httpsURLConnection.getServerCertificates());
            List<X509Certificate> rootCaFromChainIfPossible = getRootCaFromChainIfPossible(asList);
            httpsURLConnection.disconnect();
            of = Stream.of((Object[]) new List[]{asList, rootCaFromChainIfPossible});
            return (List) of.flatMap(CertificateUtils$$ExternalSyntheticLambda3.INSTANCE).distinct().collect(Collectors.collectingAndThen(Collectors.toList(), SSLFactory$$ExternalSyntheticLambda1.INSTANCE));
        } catch (IOException e) {
            throw new GenericIOException(e);
        }
    }

    static List<X509Certificate> getCertificatesFromRemoteFile(URI uri, final X509Certificate x509Certificate) {
        try {
            URLConnection openConnection = uri.toURL().openConnection();
            if (openConnection instanceof HttpsURLConnection) {
                ((HttpsURLConnection) openConnection).setSSLSocketFactory(getUnsafeSslSocketFactory());
            }
            InputStream inputStream = openConnection.getInputStream();
            final Class<X509Certificate> cls = X509Certificate.class;
            Stream<Certificate> filter = parseDerCertificate(inputStream).stream().filter(new Predicate() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda6
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    return cls.isInstance((Certificate) obj);
                }
            });
            final Class<X509Certificate> cls2 = X509Certificate.class;
            List<X509Certificate> list = (List) filter.map(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda10
                @Override // java.util.function.Function
                public final Object apply(Object obj) {
                    return (X509Certificate) cls2.cast((Certificate) obj);
                }
            }).filter(new Predicate() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda7
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    boolean isIssuerOfIntermediateCertificate;
                    isIssuerOfIntermediateCertificate = CertificateUtils.isIssuerOfIntermediateCertificate(x509Certificate, (X509Certificate) obj);
                    return isIssuerOfIntermediateCertificate;
                }
            }).collect(Collectors.collectingAndThen(Collectors.toList(), SSLFactory$$ExternalSyntheticLambda1.INSTANCE));
            inputStream.close();
            return list;
        } catch (IOException e) {
            throw new GenericCertificateException(e);
        }
    }

    public static List<X509Certificate> getJdkTrustedCertificates() {
        return Collections.unmodifiableList(Arrays.asList(TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates().getAcceptedIssuers()));
    }

    static List<X509Certificate> getRootCaFromAuthorityInfoAccessExtensionIfPresent(X509Certificate x509Certificate) {
        Matcher matcher = CA_ISSUERS_AUTHORITY_INFO_ACCESS.matcher(x509Certificate.toString());
        return matcher.find() ? getCertificatesFromRemoteFile(URI.create(matcher.group(1)), x509Certificate) : Collections.emptyList();
    }

    static List<X509Certificate> getRootCaFromChainIfPossible(List<Certificate> list) {
        if (!list.isEmpty() && (list.get(list.size() - 1) instanceof X509Certificate)) {
            X509Certificate x509Certificate = (X509Certificate) list.get(list.size() - 1);
            if (!x509Certificate.getIssuerX500Principal().getName().equals(x509Certificate.getSubjectX500Principal().getName())) {
                return getRootCaIfPossible(x509Certificate);
            }
        }
        return Collections.emptyList();
    }

    static List<X509Certificate> getRootCaFromJdkTrustedCertificates(final X509Certificate x509Certificate) {
        return (List) getJdkTrustedCertificates().stream().filter(new Predicate() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda8
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean isIssuerOfIntermediateCertificate;
                isIssuerOfIntermediateCertificate = CertificateUtils.isIssuerOfIntermediateCertificate(x509Certificate, (X509Certificate) obj);
                return isIssuerOfIntermediateCertificate;
            }
        }).collect(Collectors.collectingAndThen(Collectors.toList(), SSLFactory$$ExternalSyntheticLambda1.INSTANCE));
    }

    static List<X509Certificate> getRootCaIfPossible(X509Certificate x509Certificate) {
        List<X509Certificate> rootCaFromAuthorityInfoAccessExtensionIfPresent = getRootCaFromAuthorityInfoAccessExtensionIfPresent(x509Certificate);
        if (!rootCaFromAuthorityInfoAccessExtensionIfPresent.isEmpty()) {
            return rootCaFromAuthorityInfoAccessExtensionIfPresent;
        }
        List<X509Certificate> rootCaFromJdkTrustedCertificates = getRootCaFromJdkTrustedCertificates(x509Certificate);
        return !rootCaFromJdkTrustedCertificates.isEmpty() ? rootCaFromJdkTrustedCertificates : Collections.emptyList();
    }

    public static List<X509Certificate> getSystemTrustedCertificates() {
        return (List) TrustManagerUtils.createTrustManagerWithSystemTrustedCertificates().map(SSLFactory$$ExternalSyntheticLambda4.INSTANCE).map(SSLFactory$$ExternalSyntheticLambda5.INSTANCE).map(SSLFactory$$ExternalSyntheticLambda1.INSTANCE).orElse(Collections.emptyList());
    }

    private static SSLSocketFactory getUnsafeSslSocketFactory() {
        if (unsafeSslSocketFactory == null) {
            unsafeSslSocketFactory = SSLSocketUtils.createUnsafeSslSocketFactory();
        }
        return unsafeSslSocketFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isIssuerOfIntermediateCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
            return false;
        }
    }

    private static boolean isP7bFormatted(String str) {
        return P7B_PATTERN.matcher(str).find();
    }

    private static boolean isPemFormatted(String str) {
        return PEM_PATTERN.matcher(str).find();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ AbstractMap.SimpleEntry lambda$getCertificate$3(String str) {
        return new AbstractMap.SimpleEntry(str, getCertificateFromExternalSource(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ InputStream lambda$loadCertificate$1(Path path) {
        try {
            return Files.newInputStream(path, StandardOpenOption.READ);
        } catch (IOException e) {
            throw new GenericIOException(e);
        }
    }

    private static <T> List<Certificate> loadCertificate(Function<T, InputStream> function, T[] tArr) {
        ArrayList arrayList = new ArrayList();
        for (T t : tArr) {
            try {
                InputStream apply = function.apply(t);
                try {
                    arrayList.addAll(parseCertificate(apply));
                    if (apply != null) {
                        apply.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new GenericIOException(e);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static List<Certificate> loadCertificate(InputStream... inputStreamArr) {
        Function identity;
        identity = Function.identity();
        return loadCertificate(identity, inputStreamArr);
    }

    public static List<Certificate> loadCertificate(String... strArr) {
        return loadCertificate(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda12
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                InputStream resourceAsStream;
                resourceAsStream = CertificateUtils.class.getClassLoader().getResourceAsStream((String) obj);
                return resourceAsStream;
            }
        }, strArr);
    }

    public static List<Certificate> loadCertificate(Path... pathArr) {
        return loadCertificate(new Function() { // from class: hr.neoinfo.fd.rs.commons.nl.altindag.ssl.util.CertificateUtils$$ExternalSyntheticLambda13
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return CertificateUtils.lambda$loadCertificate$1((Path) obj);
            }
        }, pathArr);
    }

    private static List<Certificate> parseCertificate(InputStream inputStream) {
        byte[] copyToByteArray = IOUtils.copyToByteArray(inputStream);
        String str = new String(copyToByteArray, StandardCharsets.UTF_8);
        return isPemFormatted(str) ? parsePemCertificate(str) : isP7bFormatted(str) ? parseP7bCertificate(str) : parseDerCertificate(new ByteArrayInputStream(copyToByteArray));
    }

    private static List<Certificate> parseCertificate(Matcher matcher) {
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(matcher.group(1).replace(System.lineSeparator(), "").trim()));
            arrayList.addAll(parseDerCertificate(byteArrayInputStream));
            IOUtils.closeSilently(byteArrayInputStream);
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static List<Certificate> parseDerCertificate(InputStream inputStream) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            try {
                return (List) CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertificates(bufferedInputStream).stream().collect(Collectors.collectingAndThen(Collectors.toList(), SSLFactory$$ExternalSyntheticLambda1.INSTANCE));
            } catch (Throwable th) {
                try {
                    throw th;
                } finally {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable unused) {
                    }
                }
            }
        } catch (IOException | CertificateException e) {
            throw new GenericCertificateException("There is no valid certificate present to parse. Please make sure to supply a valid der formatted certificate", e);
        }
    }

    public static List<Certificate> parseP7bCertificate(String str) {
        return parseCertificate(P7B_PATTERN.matcher(str));
    }

    public static List<Certificate> parsePemCertificate(String str) {
        return parseCertificate(PEM_PATTERN.matcher(str));
    }
}
