package com.floragunn.searchguard.tools.tlsdiag.tasks;

import com.floragunn.searchguard.tools.util.PemFileUtils;
import com.floragunn.searchguard.tools.util.ReverseKeyPurposeIdMap;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.net.InetAddress;
import java.security.MessageDigest;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlsdiag/tasks/DumpCert.class */
public class DumpCert extends Task {
    private static final Logger log = LogManager.getLogger(ValidateCert.class);
    private static final String[] KEY_USAGE_NAMES = {"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"};
    private static final String[] GENERAL_NAME_TAG_NAMES = {"otherName", "rfc822Name", "dNSName", "x400Address", "directoryName", "ediPartyName", "uniformResourceIdentifier", "iPAddress", "registeredID"};
    protected final File certPemFile;
    protected List<X509Certificate> certificates;

    public DumpCert(File file) {
        this.certPemFile = file;
    }

    @Override // com.floragunn.searchguard.tools.tlsdiag.tasks.Task
    public void run() {
        try {
            log.info("\n========================================================================\n" + this.certPemFile + "\n------------------------------------------------------------------------");
            log.debug("PEM Content:\n" + getPemFileSummary(this.certPemFile));
            this.certificates = PemFileUtils.readCertificatesFromPemFile(this.certPemFile);
            if (this.certificates.size() == 0) {
                log.error("No certificates were found in " + this.certPemFile);
                return;
            }
            for (int i = 0; i < this.certificates.size(); i++) {
                log.info("Certificate " + (i + 1));
                log.info("------------------------------------------------------------------------");
                log.info(getCertSummary(this.certificates.get(i)));
                log.debug("\nAll Extensions:");
                log.debug(getDetailedExtensionList(this.certificates.get(i)));
                log.info("------------------------------------------------------------------------");
            }
        } catch (Exception e) {
            log.error("Error while reading " + this.certPemFile + ": " + e, e);
        }
    }

    private String getPemFileSummary(File file) {
        StringBuilder sb = new StringBuilder();
        try {
            PEMParser pEMParser = new PEMParser(new FileReader(file));
            while (true) {
                try {
                    PemObject readPemObject = pEMParser.readPemObject();
                    if (readPemObject == null) {
                        break;
                    }
                    sb.append(readPemObject.getType()).append('\n');
                } finally {
                }
            }
            pEMParser.close();
        } catch (IOException e) {
            sb.append(e.toString()).append('\n');
        }
        return sb.toString();
    }

    private String getCertSummary(X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder();
        sb.append("            SHA1 FPR: ").append(getFingerprint(x509Certificate, "SHA1")).append('\n');
        sb.append("             MD5 FPR: ").append(getFingerprint(x509Certificate, "MD5")).append('\n');
        sb.append("Subject DN [RFC2253]: ").append(x509Certificate.getSubjectX500Principal().getName()).append('\n');
        sb.append("       Serial Number: ").append(x509Certificate.getSerialNumber()).append('\n');
        sb.append(" Issuer DN [RFC2253]: ").append(x509Certificate.getIssuerX500Principal().getName()).append('\n');
        sb.append("          Not Before: ").append(x509Certificate.getNotBefore()).append('\n');
        sb.append("           Not After: ").append(x509Certificate.getNotAfter()).append('\n');
        sb.append("           Key Usage: ").append(getKeyUsageInfo(x509Certificate)).append('\n');
        sb.append(" Signature Algorithm: ").append(x509Certificate.getSigAlgName()).append('\n');
        sb.append("             Version: ").append(x509Certificate.getVersion()).append('\n');
        try {
            sb.append("  Extended Key Usage: ").append(Strings.join(ReverseKeyPurposeIdMap.getNamesById(x509Certificate.getExtendedKeyUsage()), ' ')).append('\n');
        } catch (CertificateParsingException e) {
            sb.append(e.toString()).append('\n');
        }
        sb.append("  Basic Constraints: ").append(x509Certificate.getBasicConstraints()).append('\n');
        sb.append("                SAN: ").append(getSubjectAlternativeNameInfo(x509Certificate));
        return sb.toString();
    }

    private String getDetailedExtensionList(X509Certificate x509Certificate) {
        try {
            StringBuilder sb = new StringBuilder();
            Extensions extensions = TBSCertificate.getInstance(x509Certificate.getTBSCertificate()).getExtensions();
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier : extensions.getExtensionOIDs()) {
                Extension extension = extensions.getExtension(aSN1ObjectIdentifier);
                sb.append(aSN1ObjectIdentifier.getId());
                if (extension.isCritical()) {
                    sb.append(" (critical)");
                }
                sb.append(": ");
                sb.append(extension.getParsedValue()).append("\n");
            }
            return sb.toString();
        } catch (Exception e) {
            log.debug("Error in getDetailedExtensionList()", e);
            return e.toString();
        }
    }

    private String getKeyUsageInfo(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < keyUsage.length && i < KEY_USAGE_NAMES.length; i++) {
            if (keyUsage[i]) {
                if (sb.length() != 0) {
                    sb.append(' ');
                }
                sb.append(KEY_USAGE_NAMES[i]);
            }
        }
        return sb.toString();
    }

    private String getFingerprint(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return Hex.toHexString(messageDigest.digest());
        } catch (Exception e) {
            log.debug("Error in getFingerprint()", e);
            return e.toString();
        }
    }

    private String getSubjectAlternativeNameInfo(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectAlternativeName.getId());
            if (extensionValue == null) {
                return "(none)";
            }
            StringBuilder sb = new StringBuilder("\n");
            Iterator it = DERSequence.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue)).iterator();
            while (it.hasNext()) {
                GeneralName generalName = GeneralName.getInstance((ASN1Encodable) it.next());
                if (generalName.getTagNo() < GENERAL_NAME_TAG_NAMES.length) {
                    sb.append("                  ").append(GENERAL_NAME_TAG_NAMES[generalName.getTagNo()]).append(": ");
                }
                sb.append(generalNameValueToString(generalName)).append('\n');
            }
            return sb.toString();
        } catch (IOException e) {
            log.debug("Error in getSubjectAlternativeNameInfo()", e);
            return e.toString();
        }
    }

    private String generalNameValueToString(GeneralName generalName) {
        try {
            switch (generalName.getTagNo()) {
                case 0:
                case 3:
                case 5:
                    return String.valueOf(generalName.getName().toASN1Primitive());
                case 1:
                case 2:
                case 6:
                    return String.valueOf(generalName.getName().getString());
                case 4:
                    return String.valueOf(X500Name.getInstance(generalName.getName()));
                case 7:
                    return String.valueOf(InetAddress.getByAddress(DEROctetString.getInstance(generalName.getName()).getOctets()).getHostAddress());
                case 8:
                    return String.valueOf(ASN1ObjectIdentifier.getInstance(generalName.getName()).getId());
                default:
                    return String.valueOf(generalName.getName());
            }
        } catch (Exception e) {
            log.debug("Exception in generalNameValueToString()", e);
            return e.toString();
        }
    }
}
