package utils.init;

import java.awt.Point;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringReader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import resources.Consts;
import resources.Im;
import sun.security.x509.X500Name;
import utils.CdecLogger;
import view.Utils;
import view.userMsg.Msg;

/* loaded from: input_file:utils/init/CertValidator.class */
public final class CertValidator {
    private static CertValidator certValidator;
    private final X509Certificate dcSignerCert;
    private final X509Certificate unUsed_CodeSignerCert;
    private final X509Certificate caSignerCert;
    private final X509Certificate caSubCert;
    private final X509Certificate caCert;
    private final X509Certificate X509_CLIENT;
    private final CertPathValidatorResult CPV_RESULT;
    private static final long TEN_BILLION_4_TUTORIAL = 10000000000L;
    private static final String STYLE = "<head><style>p{font:16pt arial; margin:10pt 20pt}span{font:16px arial}</style></head><body>";
    private static boolean certValidatorCtorTried = false;
    private static final String jarPath = JarReader.getJarReader().getJarFile().getName().replaceAll("\\\\", "/");
    private static final String jarDir = jarPath.substring(0, jarPath.lastIndexOf(47));
    private static final Logger log = CdecLogger.getLogger("Validate Cert");
    private static final URL homeScrURL = Consts.class.getResource("/resources/freeVpaidVaes/homescreen.png");
    private static final URL preCompURL = Consts.class.getResource("/resources/cdecIntro/preDesBar.png");
    private static final URL keyStFpURL = Consts.class.getResource("/resources/cdecIntro/keyStoreFngrPrntr.png");
    private static final URL lrnMoreURL = Consts.class.getResource("/resources/cdecIntro/learnMoreMenuBar.png");
    private static final String homeScr = "<img src='" + homeScrURL + "' width='450' height='136' >";
    private static final String prePostStr = "<img src='" + preCompURL + "' >";
    private static final String keyStFp = "<img src='" + keyStFpURL + "' style='vertical-align:middle;'>";
    private static final String lrnMoreStr = "<img src='" + lrnMoreURL + "' >";
    private static final String FREE_MSG = "<p style='margin:20pt  0pt 0pt 0pt'><span>D</span>ocrypt includes encryption tools and explains more about them.</p><p style='margin:30pt  0pt 0pt 0pt'><span>M</span>ost icons shown on Home Screen &darr; are useable in free version.</p><p style='margin:12pt 20pt 0pt'>" + homeScr + "</p><p style='margin:40pt  0pt 0pt'><span>C</span>ipher (encryption) methods on top</p><p style='margin: 4pt 20pt 0pt 120pt'>" + prePostStr + "</p><p style='margin:40pt  0pt 0pt 0pt'><span>K</span>eyStore &amp; Crypto Fingerprinter in middle &ensp;<p style='margin: 0pt 40pt 0pt 120pt; align='right'>" + keyStFp + "</p><p style='margin:36pt  0pt 0pt 0pt'><span>L</span>earn More at bottom</p><p style='margin: 4pt 40pt 0pt 0pt; align='right'>" + lrnMoreStr + "</p><p style='margin:16pt 220pt 0pt'>&nbsp;";

    public static final CertPathValidatorResult getCPVR() {
        if (System.getProperty("cpvr", "").length() > 0) {
            return null;
        }
        if (certValidator == null) {
            if (certValidatorCtorTried) {
                return null;
            }
            try {
                certValidator = new CertValidator();
            } catch (IOException e) {
                log.severe("Using Free version a/c can't find Docrypt unlock key: 'docrypt.cer'\n   in dir: " + jarDir + "\n\n(If a key was found, log messages show key authentication steps.)");
                return null;
            } catch (GeneralSecurityException e2) {
                log.fine("The Security system recognizes " + e2.getMessage() + " and continues.\n\n(If a valid key is found, log messages show key authentication steps.)");
                return null;
            }
        }
        return certValidator.CPV_RESULT;
    }

    public static final String[] getEmailExpire() {
        if (getCPVR() == null) {
            return null;
        }
        String[] certAttrib = getCertAttrib(certValidator.X509_CLIENT);
        return new String[]{certAttrib[1], certAttrib[4]};
    }

    public static final boolean isAesCert() {
        return getCPVR() != null && getX509ClientSerNum() >= TEN_BILLION_4_TUTORIAL;
    }

    private static final long getX509ClientSerNum() {
        if (certValidator == null || certValidator.X509_CLIENT == null) {
            return 0L;
        }
        return certValidator.X509_CLIENT.getSerialNumber().longValue();
    }

    private static final String[] getCertAttrib(X509Certificate x509Certificate) {
        String[] certNameEmailDESorAES = getCertNameEmailDESorAES(x509Certificate.getSubjectX500Principal());
        String[] split = x509Certificate.getNotAfter().toString().split(" ");
        String str = String.valueOf(split[1]) + " " + split[2] + " " + split[split.length - 1];
        String[] strArr = new String[5];
        System.arraycopy(certNameEmailDESorAES, 0, strArr, 0, certNameEmailDESorAES.length);
        strArr[3] = x509Certificate.getSerialNumber().toString();
        strArr[4] = str;
        return strArr;
    }

    private static final String[] getCertNameEmailDESorAES(X500Principal x500Principal) {
        String[] strArr = new String[3];
        String name = x500Principal.getName();
        Properties properties = new Properties();
        try {
            properties.load(new StringReader(name.replaceAll(",", "\n")));
            strArr[0] = properties.getProperty("CN");
            strArr[1] = properties.getProperty("STREET");
            strArr[2] = properties.getProperty("L");
            return strArr;
        } catch (IOException e) {
            Msg.except("Can't get key information", "Key Parse Error", e);
            return null;
        }
    }

    private static String getCN(X500Principal x500Principal) {
        return getCertNameEmailDESorAES(x500Principal)[0];
    }

    private CertValidator() throws IOException, GeneralSecurityException {
        certValidatorCtorTried = true;
        X509Certificate clientX509 = getClientX509();
        this.X509_CLIENT = clientX509;
        if (clientX509 == null) {
            throw new FileNotFoundException("No Client Key");
        }
        this.dcSignerCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(Im.class.getResourceAsStream("/resources/keystores/dcSigner.cer"));
        Certificate[] certificates = JarReader.class.getProtectionDomain().getCodeSource().getCertificates();
        for (Certificate certificate : certificates) {
            ((X509Certificate) certificate).checkValidity();
        }
        this.unUsed_CodeSignerCert = (X509Certificate) certificates[0];
        this.caSignerCert = (X509Certificate) certificates[1];
        this.caSubCert = (X509Certificate) certificates[2];
        this.caCert = (X509Certificate) certificates[3];
        this.CPV_RESULT = validateChain(this.X509_CLIENT);
    }

    private static String getLocMsg() {
        return "Soon after folders/files and logs are setup, Docrypt looks for a\n   digital certificate (docrypt.cer) in the docrypt.jar folder:\n   " + jarDir;
    }

    private static final X509Certificate getClientX509() {
        log.warning(getLocMsg());
        File file = new File(jarDir, new File(jarDir, "docrypt.cer").exists() ? "docrypt.cer" : "NoKeyFile Error - xxx");
        Throwable th = null;
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return x509Certificate;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (FileNotFoundException e) {
            Msg.infoHtml(FREE_MSG, "Using Free Version", null, new Point(Utils.getScreenCenter().x, 50), STYLE);
            return null;
        } catch (IOException e2) {
            Msg.info("Couldn't close client certificate file." + Consts.NL + Consts.NL + "Should be ok.", "Should be OK");
            return null;
        } catch (CertificateException e3) {
            Msg.info("The unlocking key at: " + file.getAbsolutePath() + " is not valid.", "Using Non-AES Version");
            return null;
        }
    }

    private final CertPathValidatorResult validateChain(Certificate certificate) throws GeneralSecurityException {
        List<? extends Certificate> asList = Arrays.asList(certificate, this.dcSignerCert, this.caSignerCert, this.caSubCert);
        CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(asList);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(this.dcSignerCert, this.caSignerCert, this.caSubCert)));
        Set singleton = Collections.singleton(new TrustAnchor(this.caCert, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setRevocationEnabled(false);
        try {
            CertPathValidatorResult validate = certPathValidator.validate(generateCertPath, pKIXParameters);
            X509Certificate x509Certificate = this.caCert;
            ArrayList arrayList = new ArrayList(asList);
            arrayList.add(x509Certificate);
            logMsgGetCaPubKeyAndChainToKey(arrayList);
            return validate;
        } catch (CertPathValidatorException e) {
            String cn = getCN(((X509Certificate) certificate).getSubjectX500Principal());
            log.severe("Couldn't validate cert " + getCN(((X509Certificate) asList.get(e.getIndex())).getSubjectX500Principal()) + " with error: " + e.getMessage());
            Msg.info(String.valueOf(Consts.NL) + "The Docrypt Key registered to " + cn + " is not a valid docrypt key." + Consts.NL + Consts.NL + "...Using Docrypt free version", "Using DES (non-AES) Version");
            return null;
        }
    }

    private static void logMsgGetCaPubKeyAndChainToKey(List<Certificate> list) {
        String[] strArr = new String[list.size()];
        for (int i = 0; i < list.size(); i++) {
            try {
                strArr[i] = X500Name.asX500Name(((X509Certificate) list.get(i)).getSubjectX500Principal()).getCommonName();
            } catch (IOException e) {
                Msg.error("\nCouldn't read certificate (docrpyt.cer)", "Couldn't Read Docrypt Key");
                return;
            }
        }
        String str = "The enabling key (docrypt.cer) used was emailed to :  " + strArr[0] + "\n   The certificate chain to the self-signed certificate (Certficate Authority) is ";
        for (int i2 = 0; i2 < strArr.length - 1; i2++) {
            str = String.valueOf(str) + "\n   " + strArr[i2] + " was signed by: " + strArr[i2 + 1];
        }
        log.info(String.valueOf(str) + "\n   " + strArr[strArr.length - 1] + " is self signed\n\nSelf-signed certficates are the literal trust point. See chapter 16.");
    }
}
