package stirling.software.SPDF.service;

import io.github.pixee.security.BoundedLineReader;
import jakarta.annotation.PostConstruct;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/service/CertificateValidationService.class */
public class CertificateValidationService {
    private KeyStore trustStore;

    @PostConstruct
    private void initializeTrustStore() throws Exception {
        this.trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        this.trustStore.load(null, null);
        loadMozillaCertificates();
    }

    private void loadMozillaCertificates() throws Exception {
        InputStream resourceAsStream = getClass().getResourceAsStream("/certdata.txt");
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
            StringBuilder sb = new StringBuilder();
            boolean z = false;
            int i = 0;
            while (true) {
                String readLine = BoundedLineReader.readLine(bufferedReader, 5000000);
                if (readLine == null) {
                    break;
                }
                if (readLine.startsWith("CKA_VALUE MULTILINE_OCTAL")) {
                    z = true;
                    sb = new StringBuilder();
                } else if (z) {
                    if ("END".equals(readLine)) {
                        z = false;
                        byte[] parseOctalData = parseOctalData(sb.toString());
                        if (parseOctalData != null) {
                            int i2 = i;
                            i++;
                            this.trustStore.setCertificateEntry("mozilla-cert-" + i2, (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(parseOctalData)));
                        }
                    } else {
                        sb.append(readLine).append("\n");
                    }
                }
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private byte[] parseOctalData(String str) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (String str2 : str.split("\\\\")) {
                String trim = str2.trim();
                if (!trim.isEmpty()) {
                    byteArrayOutputStream.write(Integer.parseInt(trim, 8));
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            return null;
        }
    }

    public boolean validateCertificateChain(X509Certificate x509Certificate) {
        try {
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(x509Certificate));
            HashSet hashSet = new HashSet();
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(generateCertPath, pKIXParameters);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean validateTrustStore(X509Certificate x509Certificate) {
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if ((certificate instanceof X509Certificate) && x509Certificate.equals(certificate)) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    public boolean isRevoked(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return false;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            return true;
        }
    }

    public boolean validateCertificateChainWithCustomCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean validateTrustWithCustomCert(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            return x509Certificate.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal());
        } catch (Exception e) {
            return false;
        }
    }
}
