package de.governikus.bea.beaToolkit.certificateCache;

import com.google.errorprone.annotations.Immutable;
import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.x509.Certificate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/DisplayedAlias.class */
public class DisplayedAlias {
    private static final Logger log = LoggerFactory.getLogger(DisplayedAlias.class);
    private final String fingerPrint;
    private final String alias;
    private final String label;
    private final String tokenTyp;

    @Nullable
    private final SoftKeyCacheEntry cacheEntry;
    private boolean disabled;
    private String tokenname;
    private boolean findOnServer;
    private boolean isExpired;
    private Validity validity;
    private String expirationDate;
    private String subjectCommonName;

    @Immutable
    /* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/DisplayedAlias$TokenTyp.class */
    public enum TokenTyp {
        HARDWARE("HW"),
        SOFTWARE("SW");


        @Nonnull
        private final String name;

        @Nonnull
        public String getName() {
            return this.name;
        }

        TokenTyp(@Nonnull String str) {
            if (str == null) {
                throw new NullPointerException("name is marked non-null but is null");
            }
            this.name = str;
        }
    }

    @Immutable
    /* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/DisplayedAlias$Validity.class */
    public enum Validity {
        EXPIRED,
        VALID,
        NOT_YET_VALID
    }

    public DisplayedAlias(String str, X509Certificate x509Certificate, TokenTyp tokenTyp) throws KeyStoreException, CertificateException, ParseException {
        this.findOnServer = true;
        this.alias = str;
        this.cacheEntry = null;
        this.tokenTyp = tokenTyp.getName();
        this.fingerPrint = getFingerprintGov(x509Certificate);
        Date date = new Date();
        this.isExpired = x509Certificate.getNotAfter().compareTo(date) < 1;
        this.validity = calcValidity(x509Certificate, date);
        this.expirationDate = new SimpleDateFormat("dd.MM.yyyy").format(x509Certificate.getNotAfter());
        Certificate forX509 = Certificate.forX509(x509Certificate);
        this.label = generateLabel(forX509);
        this.subjectCommonName = forX509 != null ? forX509.getSubjectCommonName() : "";
    }

    public DisplayedAlias(SoftKeyCacheEntry softKeyCacheEntry, TokenTyp tokenTyp) throws CertificateException, IOException, ParseException, KeyStoreException {
        this.findOnServer = true;
        X509Certificate loadCertificate = loadCertificate(softKeyCacheEntry);
        this.alias = softKeyCacheEntry.getAlias();
        this.cacheEntry = softKeyCacheEntry;
        this.tokenTyp = tokenTyp.getName();
        this.fingerPrint = getFingerprintGov(loadCertificate);
        Date date = new Date();
        this.isExpired = loadCertificate.getNotAfter().compareTo(date) < 1;
        this.validity = calcValidity(loadCertificate, date);
        this.expirationDate = new SimpleDateFormat("dd.MM.yyyy").format(loadCertificate.getNotAfter());
        Certificate forX509 = Certificate.forX509(loadCertificate);
        this.label = generateLabel(forX509);
        this.subjectCommonName = forX509 != null ? forX509.getSubjectCommonName() : "";
    }

    private static X509Certificate loadCertificate(SoftKeyCacheEntry softKeyCacheEntry) throws IOException, CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(FileUtils.readFileToByteArray(softKeyCacheEntry.getCertificateFile())));
    }

    public static String getFingerprintGov(X509Certificate x509Certificate) {
        try {
            return toHexStringGov(MessageDigest.getInstance("SHA1").digest(x509Certificate.getEncoded()));
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            log.error(e.toString(), e);
            return null;
        }
    }

    private static String toHexStringGov(byte[] bArr) {
        int length = bArr.length;
        if (length <= 0) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer((2 * length) + 1);
        stringBuffer.append('A');
        for (int i = 0; i < length; i++) {
            if ((bArr[i] & 240) == 0) {
                stringBuffer.append('0');
            }
            stringBuffer.append(Integer.toHexString(bArr[i] & 255));
        }
        return stringBuffer.toString();
    }

    private String generateLabel(Certificate certificate) throws CertificateEncodingException, ParseException {
        StringBuilder sb = new StringBuilder();
        if (certificate != null) {
            String subjectCommonName = certificate.getSubjectCommonName();
            String issuerCommonName = certificate.getIssuerCommonName();
            sb.append(subjectCommonName).append(" - ").append(issuerCommonName).append(" - ").append(certificate.getSerialNumber().getValue());
        }
        return sb.toString();
    }

    private Validity calcValidity(X509Certificate x509Certificate, Date date) {
        Validity validity = Validity.VALID;
        if (x509Certificate.getNotAfter().compareTo(date) < 1) {
            validity = Validity.EXPIRED;
        }
        if (x509Certificate.getNotBefore().compareTo(date) > 0) {
            validity = Validity.NOT_YET_VALID;
        }
        return validity;
    }

    public String getFingerPrint() {
        return this.fingerPrint;
    }

    public String getAlias() {
        return this.alias;
    }

    public String getLabel() {
        return this.label;
    }

    public String getTokenTyp() {
        return this.tokenTyp;
    }

    @Nullable
    public SoftKeyCacheEntry getCacheEntry() {
        return this.cacheEntry;
    }

    public boolean isDisabled() {
        return this.disabled;
    }

    public String getTokenname() {
        return this.tokenname;
    }

    public boolean isFindOnServer() {
        return this.findOnServer;
    }

    public boolean isExpired() {
        return this.isExpired;
    }

    public Validity getValidity() {
        return this.validity;
    }

    public String getExpirationDate() {
        return this.expirationDate;
    }

    public String getSubjectCommonName() {
        return this.subjectCommonName;
    }

    public void setDisabled(boolean z) {
        this.disabled = z;
    }

    public void setTokenname(String str) {
        this.tokenname = str;
    }

    public void setFindOnServer(boolean z) {
        this.findOnServer = z;
    }

    public void setExpired(boolean z) {
        this.isExpired = z;
    }

    public void setValidity(Validity validity) {
        this.validity = validity;
    }

    public void setExpirationDate(String str) {
        this.expirationDate = str;
    }

    public void setSubjectCommonName(String str) {
        this.subjectCommonName = str;
    }
}
