package net.handle.util;

import java.io.ByteArrayOutputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
import net.handle.hdllib.AbstractResponse;
import net.handle.hdllib.Common;
import net.handle.hdllib.Encoder;
import net.handle.hdllib.HandleException;
import net.handle.hdllib.HandleResolver;
import net.handle.hdllib.HandleValue;
import net.handle.hdllib.ResolutionRequest;
import net.handle.hdllib.ResolutionResponse;
import net.handle.hdllib.ServerInfo;
import net.handle.hdllib.SiteInfo;
import net.handle.hdllib.Util;
import net.handle.hdllib.ValueReference;
import net.handle.hdllib.trust.HandleVerifier;
import net.handle.hdllib.trust.JsonWebSignatureFactory;

/* loaded from: input_file:net/handle/util/X509HSTrustManager.class */
public class X509HSTrustManager implements X509TrustManager {
    private final HandleResolver resolver;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/handle/util/X509HSTrustManager$Rfc2253DnParser.class */
    public static class Rfc2253DnParser {
        private final String dn;
        private int index;

        Rfc2253DnParser(String str) {
            this.dn = str;
        }

        private static String trim(String str) {
            int i = 0;
            int i2 = 0;
            while (i2 < str.length() && str.charAt(i2) == ' ') {
                i2++;
            }
            boolean z = false;
            for (int i3 = i2; i3 < str.length(); i3++) {
                char charAt = str.charAt(i3);
                boolean z2 = false;
                if (z) {
                    z = false;
                } else if (charAt == '\\') {
                    z = true;
                } else if (charAt == ' ') {
                    z2 = true;
                }
                if (!z2) {
                    i = i3;
                }
            }
            return i2 > i ? "" : str.substring(i2, i + 1);
        }

        private String getType() {
            int i = this.index;
            this.index = this.dn.indexOf(61, i);
            if (this.index < 0) {
                return null;
            }
            String substring = this.dn.substring(i, this.index);
            this.index++;
            return trim(substring);
        }

        private char findSeparator() {
            boolean z = false;
            boolean z2 = false;
            while (this.index < this.dn.length()) {
                char charAt = this.dn.charAt(this.index);
                if (!z && !z2 && (charAt == '+' || charAt == ',' || charAt == ';')) {
                    return charAt;
                }
                if (z2) {
                    z2 = false;
                } else if (charAt == '\\') {
                    z2 = true;
                } else if (charAt == '\"') {
                    z = !z;
                }
                this.index++;
            }
            return ',';
        }

        private static boolean isHexChar(byte b) {
            return (b >= 48 && b <= 57) || (b >= 97 && b <= 102) || (b >= 65 && b <= 70);
        }

        private static int nibbleDecode(byte b) {
            return (b < 48 || b > 57) ? (b < 97 || b > 102) ? (b < 65 || b > 70) ? b : (10 + b) - 65 : (10 + b) - 97 : b - 48;
        }

        private static byte hexDecode(byte b, byte b2) {
            return (byte) (((nibbleDecode(b) << 4) | nibbleDecode(b2)) & 255);
        }

        private static String unescape(String str) {
            boolean z = false;
            boolean z2 = false;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] encodeString = Util.encodeString(str);
            int i = 0;
            while (i < encodeString.length) {
                byte b = encodeString[i];
                if (z2) {
                    z2 = false;
                    if (isHexChar(b)) {
                        i++;
                        if (i >= encodeString.length) {
                            break;
                        }
                        byteArrayOutputStream.write(hexDecode(b, encodeString[i]));
                    } else {
                        byteArrayOutputStream.write(b);
                    }
                } else if (b == 92) {
                    z2 = true;
                } else if (b == 34) {
                    z = !z;
                } else {
                    byteArrayOutputStream.write(b);
                }
                i++;
            }
            return Util.decodeString(byteArrayOutputStream.toByteArray());
        }

        private String getValue() {
            int i = this.index;
            findSeparator();
            String substring = this.dn.substring(i, this.index);
            this.index++;
            String trim = trim(substring);
            if (trim.startsWith("#")) {
                return null;
            }
            return unescape(trim);
        }

        String getHandleOrValueReference() {
            String type;
            String str = null;
            String str2 = null;
            String str3 = null;
            while (this.index >= 0 && this.index < this.dn.length() && (type = getType()) != null) {
                String value = getValue();
                if (value != null) {
                    if ("UID".equalsIgnoreCase(type) && str == null) {
                        str = value;
                    }
                    if ("CN".equalsIgnoreCase(type) && str2 == null) {
                        str2 = value;
                    }
                    if ("O".equalsIgnoreCase(type) && str3 == null) {
                        str3 = value;
                    }
                }
            }
            return str != null ? str : str2 != null ? str2 : str3;
        }

        private static boolean isDigits(String str) {
            for (int i = 0; i < str.length(); i++) {
                char charAt = str.charAt(i);
                if (charAt < '0' || charAt > '9') {
                    return false;
                }
            }
            return true;
        }

        ValueReference getValueReference() {
            String handleOrValueReference = getHandleOrValueReference();
            if (handleOrValueReference == null) {
                return null;
            }
            int indexOf = handleOrValueReference.indexOf(58);
            if (indexOf < 0) {
                return new ValueReference(Util.encodeString(handleOrValueReference), 0);
            }
            String substring = handleOrValueReference.substring(0, indexOf);
            return isDigits(substring) ? new ValueReference(Util.encodeString(handleOrValueReference.substring(indexOf + 1)), Integer.parseInt(substring)) : new ValueReference(Util.encodeString(handleOrValueReference), 0);
        }

        String getHandle() {
            String handleOrValueReference = getHandleOrValueReference();
            if (handleOrValueReference == null) {
                return null;
            }
            int indexOf = handleOrValueReference.indexOf(58);
            if (indexOf >= 0 && isDigits(handleOrValueReference.substring(0, indexOf))) {
                return handleOrValueReference.substring(indexOf + 1);
            }
            return handleOrValueReference;
        }
    }

    public X509HSTrustManager(HandleResolver handleResolver) {
        this.resolver = handleResolver;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or empty certificate chain");
        }
        authenticate(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or empty certificate chain");
        }
        authenticate(x509CertificateArr[0]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void authenticate(X509Certificate x509Certificate) throws CertificateException {
        byte[][] bArr;
        int[] iArr;
        ValueReference parseIdentity = parseIdentity(x509Certificate);
        if (parseIdentity == null) {
            throw new CertificateException("Unable to parse identity from certificate");
        }
        try {
            if (parseIdentity.index == 0) {
                iArr = null;
                bArr = new byte[]{Common.PUBLIC_KEY_TYPE};
            } else {
                bArr = (byte[][]) null;
                iArr = new int[]{parseIdentity.index};
            }
            AbstractResponse processRequest = this.resolver.processRequest(new ResolutionRequest(parseIdentity.handle, bArr, iArr, null));
            if (!(processRequest instanceof ResolutionResponse)) {
                throw new CertificateException("Unexpected response validating X509 certificate", HandleException.ofResponse(processRequest));
            }
            authenticate(parseIdentity, ((ResolutionResponse) processRequest).getHandleValues(), getPublicKeyBytesFromCertificate(x509Certificate));
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException("Exception validating X509 certificate", e2);
        }
    }

    private static void authenticate(ValueReference valueReference, HandleValue[] handleValueArr, byte[] bArr) throws CertificateException {
        for (HandleValue handleValue : handleValueArr) {
            if (valueReference.index == 0 || handleValue.getIndex() == valueReference.index) {
                if (Util.equals(handleValue.getData(), bArr)) {
                    return;
                }
                if (handleValue.hasType(Common.SITE_INFO_TYPE) || handleValue.hasType(Common.DERIVED_PREFIX_SITE_TYPE) || handleValue.hasType(Common.LEGACY_DERIVED_PREFIX_SITE_TYPE)) {
                    try {
                        SiteInfo siteInfo = new SiteInfo();
                        Encoder.decodeSiteInfoRecord(handleValue.getData(), 0, siteInfo);
                        for (ServerInfo serverInfo : siteInfo.servers) {
                            if (Util.equals(serverInfo.publicKey, bArr)) {
                                return;
                            }
                        }
                    } catch (Exception e) {
                    }
                } else if (handleValue.hasType(Common.HS_CERT_TYPE)) {
                    try {
                        if (Util.equals(bArr, Util.getBytesFromPublicKey(HandleVerifier.getInstance().getHandleClaimsSet(JsonWebSignatureFactory.getInstance().deserialize(handleValue.getDataAsString())).publicKey))) {
                            return;
                        }
                    } catch (Exception e2) {
                    }
                } else {
                    continue;
                }
            }
        }
        throw new CertificateException("Unable to validate X509 certificate, no matching handle value");
    }

    private byte[] getPublicKeyBytesFromCertificate(Certificate certificate) throws Exception {
        return Util.getBytesFromPublicKey(certificate.getPublicKey());
    }

    private static ValueReference parseIdentityFromRfc2253Dn(String str) {
        return new Rfc2253DnParser(str).getValueReference();
    }

    public static ValueReference parseIdentity(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        return parseIdentityFromRfc2253Dn(x509Certificate.getSubjectX500Principal().getName());
    }

    public static ValueReference parseIdentity(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        return parseIdentity(x509CertificateArr[0]);
    }

    private static String parseIdentityHandleFromRfc2253Dn(String str) {
        return new Rfc2253DnParser(str).getHandle();
    }

    public static String parseIdentityHandle(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        return parseIdentityHandleFromRfc2253Dn(x509Certificate.getSubjectX500Principal().getName());
    }

    public static String parseIdentityHandle(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        return parseIdentityHandle(x509CertificateArr[0]);
    }
}
