package es.gob.afirma.miniapplet.keystores.filters;

import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.keystores.AOKeyStoreManager;
import es.gob.afirma.keystores.filters.CertificateFilter;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;

/* loaded from: input_file:es/gob/afirma/miniapplet/keystores/filters/QualifiedCertificatesFilter.class */
public final class QualifiedCertificatesFilter extends CertificateFilter {
    private static final String[] a = {"serialnumber=", "SERIALNUMBER=", "2.5.4.5="};
    private final String b;

    public QualifiedCertificatesFilter(String str) {
        this.b = a(str);
    }

    @Override // es.gob.afirma.keystores.filters.CertificateFilter
    public boolean matches(X509Certificate x509Certificate) {
        return a(d(x509Certificate)).equalsIgnoreCase(this.b);
    }

    @Override // es.gob.afirma.keystores.filters.CertificateFilter
    public String[] matches(String[] strArr, AOKeyStoreManager aOKeyStoreManager) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            X509Certificate certificate = aOKeyStoreManager.getCertificate(str);
            if (certificate == null) {
                Logger.getLogger("es.gob.afirma").warning("No se pudo recuperar el certificado: " + str);
            } else {
                try {
                    if (matches(certificate)) {
                        if (a(certificate)) {
                            arrayList.add(str);
                        } else {
                            String a2 = a(certificate, aOKeyStoreManager, strArr);
                            if (a2 != null) {
                                arrayList.add(a2);
                            } else if (!new AuthenticationDNIeFilter().matches(certificate)) {
                                arrayList.add(str);
                            }
                        }
                    }
                } catch (Exception e) {
                    Logger.getLogger("es.gob.afirma").warning("Error en la verificacion del certificado '" + certificate.getSerialNumber() + "': " + e);
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static String a(X509Certificate x509Certificate, AOKeyStoreManager aOKeyStoreManager, String[] strArr) {
        StringBuilder sb = new StringBuilder();
        sb.append("El certificado al que corresponde el numero de serie no es un certificado ").append("de firma, se mostrara su informacion ademas de la del resto de certificados ").append("del almacen:\n").append("Certificado original:\n").append("\t- Numero de serie: ").append(x509Certificate.getSerialNumber()).append('\n').append("\t- Issuer: ").append(x509Certificate.getIssuerDN()).append('\n').append("\t- Fecha de caducidad: ").append(c(x509Certificate)).append('\n');
        if (x509Certificate.getKeyUsage() != null) {
            sb.append("\t- KeyUsages:\n").append("\t\t+ digitalSignature: ").append(x509Certificate.getKeyUsage()[0]).append('\n').append("\t\t+ nonRepudiation: ").append(x509Certificate.getKeyUsage()[1]).append('\n').append("\t\t+ keyEncipherment: ").append(x509Certificate.getKeyUsage()[2]).append('\n').append("\t\t+ dataEncipherment: ").append(x509Certificate.getKeyUsage()[3]).append('\n').append("\t\t+ keyAgreement: ").append(x509Certificate.getKeyUsage()[4]).append('\n').append("\t\t+ keyCertSign: ").append(x509Certificate.getKeyUsage()[5]).append('\n').append("\t\t+ cRLSign: ").append(x509Certificate.getKeyUsage()[6]).append('\n').append("\t\t+ encipherOnly: ").append(x509Certificate.getKeyUsage()[7]).append('\n').append("\t\t+ decipherOnly: ").append(x509Certificate.getKeyUsage()[8]).append('\n');
        } else {
            sb.append("\t- El certificado no tiene definidos KeyUsages\n");
        }
        sb.append(" -----\n");
        for (String str : strArr) {
            X509Certificate certificate = aOKeyStoreManager.getCertificate(str);
            if (!x509Certificate.getSerialNumber().equals(certificate.getSerialNumber())) {
                sb.append("Certificado:\n").append("\t- Numero de serie: ").append(certificate.getSerialNumber()).append('\n').append("\t- Issuer: ").append(certificate.getIssuerDN()).append('\n').append("\t- Fecha de caducidad: ").append(c(certificate)).append('\n');
                if (certificate.getKeyUsage() != null) {
                    sb.append("\t- KeyUsages:\n").append("\t\t+ digitalSignature: ").append(certificate.getKeyUsage()[0]).append('\n').append("\t\t+ nonRepudiation: ").append(certificate.getKeyUsage()[1]).append('\n').append("\t\t+ keyEncipherment: ").append(certificate.getKeyUsage()[2]).append('\n').append("\t\t+ dataEncipherment: ").append(certificate.getKeyUsage()[3]).append('\n').append("\t\t+ keyAgreement: ").append(certificate.getKeyUsage()[4]).append('\n').append("\t\t+ keyCertSign: ").append(certificate.getKeyUsage()[5]).append('\n').append("\t\t+ cRLSign: ").append(certificate.getKeyUsage()[6]).append('\n').append("\t\t+ encipherOnly: ").append(certificate.getKeyUsage()[7]).append('\n').append("\t\t+ decipherOnly: ").append(certificate.getKeyUsage()[8]).append('\n');
                } else {
                    sb.append("\t- El certificado no tiene definidos KeyUsages\n");
                }
                sb.append(" -----\n");
                boolean equals = x509Certificate.getIssuerDN() == null ? certificate.getIssuerDN() == null : x509Certificate.getIssuerDN().equals(certificate.getIssuerDN());
                boolean equals2 = b(x509Certificate) == null ? b(certificate) == null : b(x509Certificate).equals(b(certificate));
                boolean equals3 = c(x509Certificate) == null ? c(certificate) == null : c(x509Certificate).equals(c(certificate));
                if (a(certificate) && equals && equals2 && equals3) {
                    sb.append("Se ha elegido el certificado recien mostrado como pareja del original");
                    Logger.getLogger("es.gob.afirma").info(sb.toString());
                    return str;
                }
            }
        }
        sb.append("NO se ha elegido ningun certificado como pareja del original");
        Logger.getLogger("es.gob.afirma").info(sb.toString());
        return null;
    }

    private static boolean a(X509Certificate x509Certificate) {
        if (x509Certificate.getKeyUsage() == null) {
            return false;
        }
        return a(x509Certificate.getKeyUsage(), new KeyUsagesPattern(x509Certificate.getIssuerDN()).getSignaturePattern());
    }

    private static boolean a(boolean[] zArr, Boolean[] boolArr) {
        for (int i = 0; i < boolArr.length; i++) {
            if (boolArr[i] != null && boolArr[i].booleanValue() != zArr[i]) {
                return false;
            }
        }
        return true;
    }

    private static String b(X509Certificate x509Certificate) {
        try {
            List rdns = new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns();
            if (rdns == null || rdns.isEmpty()) {
                return null;
            }
            Iterator it = rdns.iterator();
            while (it.hasNext()) {
                String rdn = ((Rdn) it.next()).toString();
                for (String str : a) {
                    if (rdn.startsWith(str)) {
                        return rdn.substring(str.length()).replace("#", "");
                    }
                }
            }
            return null;
        } catch (InvalidNameException e) {
            return null;
        }
    }

    private static String c(X509Certificate x509Certificate) {
        return new SimpleDateFormat("yyyy-MM-dd").format(x509Certificate.getNotAfter());
    }

    private static String d(X509Certificate x509Certificate) {
        if (x509Certificate.getSerialNumber() == null) {
            return null;
        }
        return a(x509Certificate.getSerialNumber());
    }

    private static String a(BigInteger bigInteger) {
        return AOUtil.hexify(bigInteger.toByteArray(), "");
    }

    private static String a(String str) {
        String replace = str.trim().replace(" ", "").replace("#", "");
        int i = 0;
        while (i < replace.length() && replace.charAt(i) == '0') {
            i++;
        }
        return replace.substring(i);
    }
}
