package io.vertx.ext.auth.impl;

import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;

/* loaded from: input_file:BOOT-INF/lib/vertx-auth-common-4.2.3.jar:io/vertx/ext/auth/impl/CertificateHelper.class */
public final class CertificateHelper {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateHelper.class);

    /* loaded from: input_file:BOOT-INF/lib/vertx-auth-common-4.2.3.jar:io/vertx/ext/auth/impl/CertificateHelper$CertInfo.class */
    public static final class CertInfo {
        private final Map<String, String> subject;
        private final int version;
        private final int basicConstraintsCA;

        private CertInfo(Map<String, String> map, int i, int i2) {
            this.subject = map;
            this.version = i;
            this.basicConstraintsCA = i2;
        }

        public boolean subjectHas(String str) {
            if (this.subject != null) {
                return this.subject.containsKey(str);
            }
            return false;
        }

        public String subject(String str) {
            if (this.subject != null) {
                return this.subject.get(str);
            }
            return null;
        }

        public int version() {
            return this.version;
        }

        public int basicConstraintsCA() {
            return this.basicConstraintsCA;
        }

        public boolean isEmpty() {
            if (this.subject != null) {
                return this.subject.isEmpty();
            }
            return true;
        }
    }

    private CertificateHelper() {
    }

    public static void checkValidity(List<X509Certificate> list, List<X509CRL> list2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        checkValidity(list, true, list2);
    }

    public static void checkValidity(List<X509Certificate> list, boolean z, List<X509CRL> list2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (list == null || list.size() == 0) {
            throw new CertificateException("empty chain");
        }
        long currentTimeMillis = System.currentTimeMillis();
        for (int i = 0; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            x509Certificate.checkValidity();
            if (list2 != null) {
                for (X509CRL x509crl : list2) {
                    if (x509crl.getNextUpdate().getTime() < currentTimeMillis) {
                        LOG.warn("CRL is out of date nextUpdate < now");
                    }
                    if (x509crl.isRevoked(x509Certificate)) {
                        throw new CertificateException("Certificate is revoked");
                    }
                }
            }
            if (list.size() == 1) {
                return;
            }
            if (i + 1 < list.size()) {
                X509Certificate x509Certificate2 = list.get(i + 1);
                if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                    throw new CertificateException("Certificate path issuers dont match: [" + x509Certificate.getIssuerX500Principal() + "] != [" + x509Certificate2.getSubjectX500Principal() + "]");
                }
                x509Certificate.verify(x509Certificate2.getPublicKey());
            }
        }
        if (z) {
            X509Certificate x509Certificate3 = list.get(list.size() - 1);
            x509Certificate3.verify(x509Certificate3.getPublicKey());
        }
    }

    public static CertInfo getCertInfo(X509Certificate x509Certificate) {
        String name = x509Certificate.getSubjectX500Principal().getName("RFC2253");
        HashMap hashMap = null;
        if (name != null && !"".equals(name)) {
            try {
                LdapName ldapName = new LdapName(name);
                hashMap = new HashMap();
                for (int i = 0; i < ldapName.size(); i++) {
                    String str = ldapName.get(i);
                    int indexOf = str.indexOf(61);
                    if (indexOf != -1) {
                        hashMap.put(str.substring(0, indexOf), str.substring(indexOf + 1));
                    } else {
                        hashMap.put(str, null);
                    }
                }
            } catch (InvalidNameException e) {
            }
        }
        return new CertInfo(hashMap, x509Certificate.getVersion(), x509Certificate.getBasicConstraints());
    }
}
