package de.governikus.bea.clientSecurity.util;

import de.bos_bremen.verfication.DefaultVIIController;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.StringTokenizer;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;

/* loaded from: input_file:de/governikus/bea/clientSecurity/util/TrustedIssuerUtils.class */
public class TrustedIssuerUtils {
    private static final Logger LOG = LogManager.getLogger(TrustedIssuerUtils.class);
    private static KeyStore keyStore = getIssuerKeyStore();

    private TrustedIssuerUtils() {
    }

    public static KeyStore getKeyStore() {
        return keyStore;
    }

    public static boolean checkValidityInterval(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Certificate is null");
        }
        Calendar calendar = Calendar.getInstance();
        if (calendar.getTime().before(x509Certificate.getNotBefore())) {
            LOG.warn("certificate is not yet valid");
            return false;
        }
        if (!calendar.getTime().after(x509Certificate.getNotAfter())) {
            return true;
        }
        LOG.warn("certificate is expired");
        return false;
    }

    public static boolean checkCertificate(X509Certificate x509Certificate) {
        if (keyStore == null) {
            LOG.warn("issuer keystore is null");
            return false;
        }
        String name = x509Certificate.getIssuerX500Principal().getName("RFC2253");
        KeyStore keyStore2 = getKeyStore();
        try {
            Enumeration<String> aliases = keyStore2.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore2.getCertificate(aliases.nextElement());
                if (name.equals(((X509Certificate) certificate).getSubjectX500Principal().getName("RFC2253"))) {
                    LOG.warn("issuerName: " + name);
                    try {
                        x509Certificate.verify(certificate.getPublicKey());
                        return true;
                    } catch (Exception e) {
                    }
                }
            }
            return false;
        } catch (Exception e2) {
            LOG.error("", e2);
            return false;
        }
    }

    public static boolean isTrustedUserIdPrefix(String str) {
        LOG.debug("userId: " + str);
        String property = System.getProperty("trustedUserPrefix");
        if (property == null || property.trim().isEmpty()) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(property, ":");
        while (stringTokenizer.hasMoreElements()) {
            String str2 = (String) stringTokenizer.nextElement();
            LOG.debug("prefix: " + str2);
            if (str.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean checkUserId(X509Certificate x509Certificate, String str) {
        LOG.debug("");
        if (x509Certificate == null || str == null) {
            return false;
        }
        String userId = getUserId(x509Certificate);
        LOG.debug("userId from cert: " + userId);
        if (userId == null) {
            return true;
        }
        String name = x509Certificate.getIssuerX500Principal().getName("RFC2253");
        LOG.debug("issuerName: " + name);
        if (name.indexOf("beA") <= 0) {
            return true;
        }
        return userId.equals(str);
    }

    public static String getUserId(X509Certificate x509Certificate) {
        try {
            RDN[] rDNs = X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()).getRDNs(new ASN1ObjectIdentifier(RFC4519Style.uid.getId()));
            if (rDNs == null || rDNs.length == 0) {
                return null;
            }
            return rDNs[0].getFirst().getValue().toASN1Primitive().getString();
        } catch (Exception e) {
            LOG.error("", e);
            return null;
        }
    }

    private static KeyStore getIssuerKeyStore() {
        InputStream resourceAsStream = DefaultVIIController.class.getResourceAsStream("/trusted_issuer.p12");
        try {
            if (resourceAsStream == null) {
                return null;
            }
            try {
                KeyStore keyStore2 = KeyStore.getInstance("PKCS12", "SUN");
                keyStore2.load(resourceAsStream, "".toCharArray());
                return keyStore2;
            } catch (Exception e) {
                LOG.error("", e);
                try {
                    resourceAsStream.close();
                    return null;
                } catch (IOException e2) {
                    LOG.debug("");
                    return null;
                }
            }
        } finally {
            try {
                resourceAsStream.close();
            } catch (IOException e3) {
                LOG.debug("");
            }
        }
    }
}
