package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.fusesource.fabric.fab.ModuleDescriptor;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.OpenSSLReal;
import org.jruby.ext.openssl.X509Extensions;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.ext.openssl.x509store.X509AuxCertificate;
import org.jruby.org.bouncycastle.x509.X509V3CertificateGenerator;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* loaded from: input_file:fuse-esb-7.1.0.fuse-SNAPSHOT/system/org/jruby/jruby/1.7.1/jruby-1.7.1.jar:org/jruby/ext/openssl/X509Cert.class */
public class X509Cert extends RubyObject {
    private static final long serialVersionUID = 5626619026058595493L;
    private static ObjectAllocator X509CERT_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509Cert.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new X509Cert(ruby, rubyClass);
        }
    };
    private IRubyObject serial;
    private IRubyObject not_before;
    private IRubyObject not_after;
    private IRubyObject issuer;
    private IRubyObject subject;
    private IRubyObject public_key;
    private IRubyObject sig_alg;
    private IRubyObject version;
    private List<IRubyObject> extensions;
    private boolean changed;
    private X509V3CertificateGenerator generator;
    private X509Certificate cert;
    private String public_key_algorithm;
    private byte[] public_key_encoded;

    public static void createX509Cert(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("Certificate", ruby.getObject(), X509CERT_ALLOCATOR);
        RubyClass rubyClass = ruby.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("CertificateError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(X509Cert.class);
    }

    public X509Cert(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.changed = true;
        this.generator = new X509V3CertificateGenerator();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509AuxCertificate getAuxCert() {
        if (null == this.cert) {
            return null;
        }
        return this.cert instanceof X509AuxCertificate ? (X509AuxCertificate) this.cert : new X509AuxCertificate(this.cert);
    }

    public static IRubyObject wrap(Ruby ruby, Certificate certificate) throws CertificateEncodingException {
        return Utils.getClassFromPath(ruby, "OpenSSL::X509::Certificate").callMethod(ruby.getCurrentContext(), "new", RubyString.newString(ruby, certificate.getEncoded()));
    }

    public static IRubyObject wrap(Ruby ruby, javax.security.cert.Certificate certificate) throws javax.security.cert.CertificateEncodingException {
        return Utils.getClassFromPath(ruby, "OpenSSL::X509::Certificate").callMethod(ruby.getCurrentContext(), "new", RubyString.newString(ruby, certificate.getEncoded()));
    }

    @JRubyMethod(name = {"initialize"}, optional = 1, frame = true)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr, Block block) {
        Ruby ruby = threadContext.runtime;
        this.extensions = new ArrayList();
        if (iRubyObjectArr.length == 0) {
            return this;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(OpenSSLImpl.readX509PEM(iRubyObjectArr[0]));
        RubyModule module = ruby.getModule("OpenSSL");
        RubyModule rubyModule = (RubyModule) module.getConstant(ASN1Registry.SN_X509);
        IRubyObject constant = rubyModule.getConstant("Name");
        try {
            this.cert = (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(byteArrayInputStream);
            if (this.cert == null) {
                throw newCertificateError(ruby, (String) null);
            }
            set_serial(RubyNumeric.str2inum(ruby, ruby.newString(this.cert.getSerialNumber().toString()), 10));
            set_not_before(RubyTime.newTime(ruby, this.cert.getNotBefore().getTime()));
            set_not_after(RubyTime.newTime(ruby, this.cert.getNotAfter().getTime()));
            set_subject(constant.callMethod(threadContext, "new", RubyString.newString(ruby, this.cert.getSubjectX500Principal().getEncoded())));
            set_issuer(constant.callMethod(threadContext, "new", RubyString.newString(ruby, this.cert.getIssuerX500Principal().getEncoded())));
            set_public_key(this.cert.getPublicKey().getAlgorithm(), this.cert.getPublicKey().getEncoded());
            ((RubyClass) rubyModule.getConstant("ExtensionFactory")).callMethod(threadContext, "new").callMethod(threadContext, "subject_certificate=", this);
            Set<String> criticalExtensionOIDs = this.cert.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null) {
                for (String str : criticalExtensionOIDs) {
                    add_extension((X509Extensions.Extension) rubyModule.getConstant(ModuleDescriptor.FAB_MODULE_EXTENSION).callMethod(threadContext, "new", new IRubyObject[]{ruby.newString(str), ASN1.decode(module.getConstant("ASN1"), ruby.newString(new ByteList(this.cert.getExtensionValue(str), false))).callMethod(threadContext, "value"), ruby.getTrue()}));
                }
            }
            Set<String> nonCriticalExtensionOIDs = this.cert.getNonCriticalExtensionOIDs();
            if (nonCriticalExtensionOIDs != null) {
                for (String str2 : nonCriticalExtensionOIDs) {
                    byte[] extensionValue = this.cert.getExtensionValue(str2);
                    if (extensionValue != null) {
                        add_extension((X509Extensions.Extension) rubyModule.getConstant(ModuleDescriptor.FAB_MODULE_EXTENSION).callMethod(threadContext, "new", new IRubyObject[]{ruby.newString(str2), ASN1.decode(module.getConstant("ASN1"), ruby.newString(new ByteList(extensionValue, false))).callMethod(threadContext, "value"), ruby.getFalse()}));
                    }
                }
            }
            this.changed = false;
            return this;
        } catch (CertificateException e) {
            throw newCertificateError(ruby, e);
        }
    }

    private void set_public_key(String str, byte[] bArr) {
        this.public_key_algorithm = str;
        this.public_key_encoded = bArr;
    }

    public static RaiseException newCertificateError(Ruby ruby, Exception exc) {
        return newCertificateError(ruby, exc.getMessage());
    }

    public static RaiseException newCertificateError(Ruby ruby, String str) {
        throw Utils.newError(ruby, "OpenSSL::X509::CertificateError", str);
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        if (this == iRubyObject) {
            return this;
        }
        checkFrozen();
        return this;
    }

    @JRubyMethod
    public IRubyObject to_der() {
        try {
            return RubyString.newString(getRuntime(), this.cert.getEncoded());
        } catch (CertificateEncodingException e) {
            throw newCertificateError(getRuntime(), e);
        }
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem() {
        try {
            StringWriter stringWriter = new StringWriter();
            PEMInputOutput.writeX509Certificate(stringWriter, getAuxCert());
            stringWriter.close();
            return getRuntime().newString(stringWriter.toString());
        } catch (IOException e) {
            throw getRuntime().newIOErrorFromException(e);
        }
    }

    @JRubyMethod
    public IRubyObject to_text() {
        return getRuntime().newString(getAuxCert().toString());
    }

    @Override // org.jruby.RubyBasicObject, org.jruby.runtime.builtin.IRubyObject
    @JRubyMethod
    public IRubyObject inspect() {
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject version() {
        return this.version;
    }

    @JRubyMethod(name = {"version="})
    public IRubyObject set_version(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.version)) {
            this.changed = true;
        }
        this.version = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject signature_algorithm() {
        return this.sig_alg;
    }

    @JRubyMethod
    public IRubyObject serial() {
        return this.serial;
    }

    @JRubyMethod(name = {"serial="})
    public IRubyObject set_serial(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.serial)) {
            this.changed = true;
        }
        this.serial = iRubyObject;
        String obj = this.serial.toString();
        this.generator.setSerialNumber(obj.equals("0") ? BigInteger.ONE : new BigInteger(obj));
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject subject() {
        return this.subject;
    }

    @JRubyMethod(name = {"subject="})
    public IRubyObject set_subject(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.subject)) {
            this.changed = true;
        }
        this.subject = iRubyObject;
        this.generator.setSubjectDN(((X509Name) this.subject).getRealName());
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject issuer() {
        return this.issuer;
    }

    @JRubyMethod(name = {"issuer="})
    public IRubyObject set_issuer(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.issuer)) {
            this.changed = true;
        }
        this.issuer = iRubyObject;
        this.generator.setIssuerDN(((X509Name) this.issuer).getRealName());
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject not_before() {
        return this.not_before;
    }

    @JRubyMethod(name = {"not_before="})
    public IRubyObject set_not_before(IRubyObject iRubyObject) {
        this.changed = true;
        this.not_before = iRubyObject.callMethod(getRuntime().getCurrentContext(), "getutc");
        ((RubyTime) this.not_before).setMicroseconds(0L);
        this.generator.setNotBefore(((RubyTime) this.not_before).getJavaDate());
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject not_after() {
        return this.not_after;
    }

    @JRubyMethod(name = {"not_after="})
    public IRubyObject set_not_after(IRubyObject iRubyObject) {
        this.changed = true;
        this.not_after = iRubyObject.callMethod(getRuntime().getCurrentContext(), "getutc");
        ((RubyTime) this.not_after).setMicroseconds(0L);
        this.generator.setNotAfter(((RubyTime) this.not_after).getJavaDate());
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject public_key() {
        if (this.public_key == null) {
            lazyInitializePublicKey();
        }
        return this.public_key.callMethod(getRuntime().getCurrentContext(), "public_key");
    }

    @JRubyMethod(name = {"public_key="})
    public IRubyObject set_public_key(IRubyObject iRubyObject) {
        Utils.checkKind(getRuntime(), iRubyObject, "OpenSSL::PKey::PKey");
        if (!iRubyObject.equals(this.public_key)) {
            this.changed = true;
        }
        this.public_key = iRubyObject;
        this.generator.setPublicKey(((PKey) this.public_key).getPublicKey());
        return iRubyObject;
    }

    private void lazyInitializePublicKey() {
        if (this.public_key_encoded == null || this.public_key_algorithm == null) {
            throw new IllegalStateException("lazy public key initialization failed");
        }
        RubyModule rubyModule = (RubyModule) getRuntime().getModule("OpenSSL").getConstant("PKey");
        ThreadContext currentContext = getRuntime().getCurrentContext();
        boolean z = this.changed;
        if ("RSA".equalsIgnoreCase(this.public_key_algorithm)) {
            set_public_key(rubyModule.getConstant("RSA").callMethod(currentContext, "new", RubyString.newString(getRuntime(), this.public_key_encoded)));
        } else {
            if (!ASN1Registry.SN_dsa.equalsIgnoreCase(this.public_key_algorithm)) {
                throw newCertificateError(getRuntime(), "The algorithm " + this.public_key_algorithm + " is unsupported for public keys");
            }
            set_public_key(rubyModule.getConstant(ASN1Registry.SN_dsa).callMethod(currentContext, "new", RubyString.newString(getRuntime(), this.public_key_encoded)));
        }
        this.changed = z;
    }

    @JRubyMethod
    public IRubyObject sign(ThreadContext threadContext, final IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        Ruby ruby = threadContext.runtime;
        String algorithm = ((PKey) iRubyObject).getAlgorithm();
        String shortAlgorithm = ((Digest) iRubyObject2).getShortAlgorithm();
        String obj = ((Digest) iRubyObject2).name().toString();
        if ((ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(shortAlgorithm)) || ("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(obj))) {
            throw newCertificateError(ruby, "signature_algorithm not supported");
        }
        Iterator<IRubyObject> it = this.extensions.iterator();
        while (it.hasNext()) {
            X509Extensions.Extension extension = (X509Extensions.Extension) it.next();
            try {
                this.generator.addExtension(extension.getRealOid(), extension.getRealCritical(), extension.getRealValueBytes());
            } catch (IOException e) {
                throw ruby.newIOErrorFromException(e);
            }
        }
        this.generator.setSignatureAlgorithm(shortAlgorithm + "WITH" + algorithm);
        if (this.public_key == null) {
            lazyInitializePublicKey();
        }
        try {
            OpenSSLReal.doWithBCProvider(new OpenSSLReal.Runnable() { // from class: org.jruby.ext.openssl.X509Cert.2
                @Override // org.jruby.ext.openssl.OpenSSLReal.Runnable
                public void run() throws GeneralSecurityException {
                    X509Cert.this.cert = X509Cert.this.generator.generate(((PKey) iRubyObject).getPrivateKey(), "BC");
                }
            });
            if (this.cert == null) {
                throw newCertificateError(ruby, (String) null);
            }
            String o2a = ASN1Registry.o2a(this.cert.getSigAlgOID());
            if (o2a == null) {
                o2a = this.cert.getSigAlgOID();
            }
            this.sig_alg = ruby.newString(o2a);
            this.changed = false;
            return this;
        } catch (GeneralSecurityException e2) {
            throw newCertificateError(getRuntime(), e2.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject verify(IRubyObject iRubyObject) {
        if (this.changed) {
            return getRuntime().getFalse();
        }
        try {
            this.cert.verify(((PKey) iRubyObject).getPublicKey());
            return getRuntime().getTrue();
        } catch (InvalidKeyException e) {
            return getRuntime().getFalse();
        } catch (NoSuchAlgorithmException e2) {
            throw newCertificateError(getRuntime(), e2);
        } catch (NoSuchProviderException e3) {
            throw newCertificateError(getRuntime(), e3);
        } catch (SignatureException e4) {
            throw newCertificateError(getRuntime(), e4);
        } catch (CertificateException e5) {
            throw newCertificateError(getRuntime(), e5);
        }
    }

    @JRubyMethod
    public IRubyObject check_private_key(IRubyObject iRubyObject) {
        return getAuxCert().getPublicKey().equals(((PKey) iRubyObject).getPublicKey()) ? getRuntime().getTrue() : getRuntime().getFalse();
    }

    @JRubyMethod
    public IRubyObject extensions() {
        return getRuntime().newArray(this.extensions);
    }

    @JRubyMethod(name = {"extensions="})
    public IRubyObject set_extensions(IRubyObject iRubyObject) {
        this.extensions = new ArrayList(((RubyArray) iRubyObject).getList());
        return iRubyObject;
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x00ff, code lost:
    
        if (r12 == false) goto L29;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0102, code lost:
    
        r9.extensions.add(r10);
     */
    @org.jruby.anno.JRubyMethod
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.jruby.runtime.builtin.IRubyObject add_extension(org.jruby.runtime.builtin.IRubyObject r10) {
        /*
            Method dump skipped, instructions count: 285
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jruby.ext.openssl.X509Cert.add_extension(org.jruby.runtime.builtin.IRubyObject):org.jruby.runtime.builtin.IRubyObject");
    }
}
