package pt.digitalis.utils.certificate;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.IOUtils;
import pt.digitalis.log.Logger;
import pt.digitalis.utils.certificate.exception.CertificateException;
import pt.digitalis.utils.common.DateUtils;

/* loaded from: input_file:WEB-INF/lib/security-utils-2.8.9-13.jar:pt/digitalis/utils/certificate/JKSCertificate.class */
public class JKSCertificate {
    private X509Certificate X509Cert;
    private String alias;
    private KeyStore keyStore;
    private String password;

    /* loaded from: input_file:WEB-INF/lib/security-utils-2.8.9-13.jar:pt/digitalis/utils/certificate/JKSCertificate$CERTIFICATE_TYPE.class */
    public enum CERTIFICATE_TYPE {
        JKS,
        JCEKS,
        PKCS12
    }

    public JKSCertificate(CERTIFICATE_TYPE certificate_type, String str, String str2, String... strArr) throws IOException, CertificateException {
        this(certificate_type, IOUtils.toByteArray(Thread.currentThread().getContextClassLoader().getResourceAsStream(str)), str2, strArr);
        Logger.getLogger().debug(getClass().getSimpleName() + ": loaded from " + str);
    }

    public JKSCertificate(CERTIFICATE_TYPE certificate_type, byte[] bArr, String str, String... strArr) throws CertificateException {
        Logger.getLogger().debug(getClass().getSimpleName() + ": Loading certificate");
        this.password = str;
        try {
            KeyStore keyStore = KeyStore.getInstance(certificate_type.name());
            keyStore.load(new ByteArrayInputStream(bArr), str == null ? null : str.toCharArray());
            if (strArr.length == 0 && keyStore.aliases().hasMoreElements()) {
                strArr = new String[]{keyStore.aliases().nextElement()};
            }
            int i = -1;
            while (this.X509Cert == null) {
                i++;
                if (i >= strArr.length) {
                    break;
                } else {
                    this.X509Cert = (X509Certificate) keyStore.getCertificate(strArr[i]);
                }
            }
            if (this.X509Cert == null) {
                throw new KeyStoreException("Certificate not found: " + Arrays.asList(strArr));
            }
            this.keyStore = keyStore;
            this.alias = strArr[i];
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateException(e);
        }
    }

    public long daysToExpire() {
        if (this.X509Cert == null) {
            return 0L;
        }
        return DateUtils.getDateDiffInDays(new Date(), this.X509Cert.getNotAfter()).longValue();
    }

    public boolean equals(JKSCertificate jKSCertificate) {
        return (this.alias.equals(jKSCertificate.alias) && this.X509Cert == null) ? jKSCertificate.X509Cert == null : this.X509Cert.equals(jKSCertificate.X509Cert);
    }

    public boolean equals(Object obj) {
        if (obj instanceof JKSCertificate) {
            return equals((JKSCertificate) obj);
        }
        return false;
    }

    public String getAlias() {
        return this.alias;
    }

    public Certificate getCertificate() throws KeyStoreException {
        return getKeyStore().getCertificate(this.alias);
    }

    public Certificate[] getCertificateChain() throws KeyStoreException {
        return getKeyStore().getCertificateChain(this.alias);
    }

    public KeyStore getKeyStore() throws KeyStoreException {
        if (this.keyStore == null) {
            throw new KeyStoreException("KeyStore not loaded");
        }
        return this.keyStore;
    }

    public Collection<String> getKeyUsage() {
        String[] strArr = {"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"};
        ArrayList arrayList = new ArrayList();
        boolean[] keyUsage = this.X509Cert.getKeyUsage();
        for (int i = 0; i < keyUsage.length && i < strArr.length; i++) {
            if (keyUsage[i]) {
                arrayList.add(strArr[i]);
            }
        }
        return Collections.unmodifiableCollection(arrayList);
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public PrivateKey getPrivateKey() throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        return (PrivateKey) getKeyStore().getKey(this.alias, this.password == null ? null : this.password.toCharArray());
    }

    public TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = getKeyStore();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public int hashCode() {
        return this.alias.hashCode() + (!isValid() ? 0 : this.X509Cert.hashCode());
    }

    public boolean isExpired(int i) {
        return daysToExpire() < ((long) i);
    }

    public boolean isExpired() {
        return isExpired(0);
    }

    public boolean isValid() {
        return this.X509Cert != null;
    }

    public String toString() {
        return !isValid() ? "INVALID" : "-----X509 CERTIFICATE-----\nALIAS: " + this.alias + "\nUSAGE: " + getKeyUsage() + "\nSERIAL: " + this.X509Cert.getSerialNumber() + "\nISSUER: " + this.X509Cert.getIssuerX500Principal() + "\nSUBJECT: " + this.X509Cert.getSubjectX500Principal() + "\nISSUED: " + this.X509Cert.getNotBefore() + "\nEXPIRES: " + this.X509Cert.getNotAfter() + "\nDAYS LEFT: " + daysToExpire() + "\nHASH CODE: " + hashCode();
    }
}
