package de.bos_bremen.vii;

import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.x509.Extension;
import de.bos_bremen.ci.asn1.x509.Extensions;
import de.bos_bremen.ci.asn1.x509.FlatCertificate;
import de.bos_bremen.ci.asn1.x509.JCertificate;
import de.bos_bremen.ci.asn1.x509.ext.AuthorityKeyIdentifierExtension;
import de.bos_bremen.ci.asn1.x509.ext.SubjectKeyIdentifierExtension;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/bos_bremen/vii/IssuerStoreImpl.class */
public class IssuerStoreImpl implements IssuerStore {
    private static final Logger LOGGER = LoggerFactory.getLogger(IssuerStoreImpl.class);
    private Set<X509Certificate> certs;
    private Map<ByteArrayKey, List<X509Certificate>> values;
    private String provider;

    /* loaded from: input_file:de/bos_bremen/vii/IssuerStoreImpl$ByteArrayKey.class */
    public class ByteArrayKey {
        private byte[] data;

        public ByteArrayKey(byte[] bArr) {
            this.data = bArr;
        }

        public int hashCode() {
            return Arrays.hashCode(this.data);
        }

        public boolean equals(Object obj) {
            if (obj instanceof ByteArrayKey) {
                return Arrays.equals(this.data, ((ByteArrayKey) obj).data);
            }
            return false;
        }
    }

    public IssuerStoreImpl(Set<X509Certificate> set, String str) {
        this.certs = set;
        this.provider = str;
        this.values = new HashMap();
        Iterator<X509Certificate> it = set.iterator();
        while (it.hasNext()) {
            addCert(it.next());
        }
    }

    public IssuerStoreImpl(KeyStore keyStore, String str) {
        this.certs = new HashSet();
        this.provider = str;
        this.values = new HashMap();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    this.certs.add(x509Certificate);
                    addCert(x509Certificate);
                }
            }
        } catch (KeyStoreException e) {
            LOGGER.error("Can access keystore", e);
        }
    }

    private void addCert(X509Certificate x509Certificate) {
        try {
            byte[] subjectKeyIdentifier = getSubjectKeyIdentifier(de.bos_bremen.ci.asn1.x509.Certificate.forX509(x509Certificate));
            if (subjectKeyIdentifier == null) {
                return;
            }
            ByteArrayKey byteArrayKey = new ByteArrayKey(subjectKeyIdentifier);
            List<X509Certificate> list = this.values.get(byteArrayKey);
            if (list == null) {
                list = new ArrayList();
                this.values.put(byteArrayKey, list);
            }
            list.add(x509Certificate);
        } catch (CertificateEncodingException | ParseException e) {
            LOGGER.warn("Can't parse certificate", e);
        }
    }

    protected byte[] getSubjectKeyIdentifier(de.bos_bremen.ci.asn1.x509.Certificate certificate) {
        Extension extension;
        Extensions extensions = certificate.getExtensions();
        if (extensions == null || (extension = extensions.get("2.5.29.14")) == null || !SubjectKeyIdentifierExtension.class.isInstance(extension)) {
            return null;
        }
        return ((SubjectKeyIdentifierExtension) SubjectKeyIdentifierExtension.class.cast(extension)).getKeyIdentifier().getOctets();
    }

    @Override // de.bos_bremen.vii.IssuerStore
    public de.bos_bremen.ci.asn1.x509.Certificate getIssuer(FlatCertificate flatCertificate) {
        JCertificate jCertificate = new JCertificate(flatCertificate);
        if (this.certs == null) {
            return null;
        }
        List<X509Certificate> issuerByAuthorityKeyIdentifier = getIssuerByAuthorityKeyIdentifier(flatCertificate);
        if (issuerByAuthorityKeyIdentifier != null) {
            for (X509Certificate x509Certificate : issuerByAuthorityKeyIdentifier) {
                try {
                    jCertificate.verify(x509Certificate.getPublicKey(), this.provider);
                    return de.bos_bremen.ci.asn1.x509.Certificate.forX509(x509Certificate);
                } catch (ParseException e) {
                    LOGGER.debug("Cannot parse certificate", e);
                } catch (IllegalArgumentException | GeneralSecurityException e2) {
                    LOGGER.debug("Certificate does not match to entry in cert store");
                }
            }
            return null;
        }
        for (X509Certificate x509Certificate2 : this.certs) {
            try {
                jCertificate.verify(x509Certificate2.getPublicKey(), this.provider);
                return de.bos_bremen.ci.asn1.x509.Certificate.forX509(x509Certificate2);
            } catch (IllegalArgumentException | GeneralSecurityException e3) {
                LOGGER.debug("Certificate does not match to entry in cert store");
            } catch (ParseException e4) {
                LOGGER.debug("Cannot parse certificate", e4);
            }
        }
        return null;
    }

    private List<X509Certificate> getIssuerByAuthorityKeyIdentifier(FlatCertificate flatCertificate) {
        byte[] authorityKeyIdentifierBytes = getAuthorityKeyIdentifierBytes(flatCertificate);
        if (authorityKeyIdentifierBytes == null) {
            return null;
        }
        return this.values.get(new ByteArrayKey(authorityKeyIdentifierBytes));
    }

    protected byte[] getAuthorityKeyIdentifierBytes(FlatCertificate flatCertificate) {
        AuthorityKeyIdentifierExtension authorityKeyIdentifier = getAuthorityKeyIdentifier(flatCertificate);
        if (authorityKeyIdentifier != null) {
            return authorityKeyIdentifier.getKeyIdentifier().getOctets();
        }
        return null;
    }

    protected AuthorityKeyIdentifierExtension getAuthorityKeyIdentifier(FlatCertificate flatCertificate) {
        Extension extension;
        Extensions extensions = flatCertificate.getExtensions();
        if (extensions == null || (extension = extensions.get("2.5.29.35")) == null || !AuthorityKeyIdentifierExtension.class.isInstance(extension)) {
            return null;
        }
        return (AuthorityKeyIdentifierExtension) AuthorityKeyIdentifierExtension.class.cast(extension);
    }
}
