package com.xdja.pki.ldap.utils;

import com.sun.jndi.ldap.LdapURL;
import com.xdja.pki.asn1.x509.SubjectInformationAccess;
import java.io.ByteArrayInputStream;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attributes;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertPairParser;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.DefaultDirObjectFactory;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.query.LdapQueryBuilder;
import sun.security.provider.certpath.X509CertificatePair;

/* loaded from: input_file:com/xdja/pki/ldap/utils/LDAPUserUtils.class */
public class LDAPUserUtils {
    private static CertificateFactory certificateFactory;

    private static Attributes search(String str) throws Exception {
        LdapURL ldapURL = new LdapURL(str);
        String[] split = ldapURL.getAttributes().split(",");
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl("ldap://" + ldapURL.getHost() + ":" + ldapURL.getPort());
        ldapContextSource.setDirObjectFactory(DefaultDirObjectFactory.class);
        ldapContextSource.afterPropertiesSet();
        try {
            return (Attributes) new LdapTemplate(ldapContextSource).searchForObject(LdapQueryBuilder.query().base(ldapURL.getDN()).attributes(split).filter("(objectClass=*)"), new ContextMapper<Attributes>() { // from class: com.xdja.pki.ldap.utils.LDAPUserUtils.1
                /* renamed from: mapFromContext, reason: merged with bridge method [inline-methods] */
                public Attributes m1mapFromContext(Object obj) {
                    return ((DirContextAdapter) obj).getAttributes();
                }
            });
        } catch (Exception e) {
            throw new Exception("can't connect server");
        }
    }

    public static List<X509Certificate> searchCert(String str) throws Exception {
        Attributes search = search(str);
        ArrayList arrayList = new ArrayList();
        NamingEnumeration iDs = search.getIDs();
        while (iDs.hasMore()) {
            String str2 = (String) iDs.next();
            if (str2.equalsIgnoreCase("CACertificate;binary") || str2.equalsIgnoreCase("userCertificate;binary")) {
                NamingEnumeration all = search.get(str2).getAll();
                while (all.hasMore()) {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream((byte[]) all.next())));
                }
            }
        }
        return arrayList;
    }

    public static X509CRL searchX509CRL(Attributes attributes, String str) throws Exception {
        NamingEnumeration iDs = attributes.getIDs();
        while (iDs.hasMore()) {
            String str2 = (String) iDs.next();
            if (str2.equalsIgnoreCase(str)) {
                NamingEnumeration all = attributes.get(str2).getAll();
                if (all.hasMore()) {
                    return (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream((byte[]) all.next()));
                }
            }
        }
        throw new Exception("没有查到相关" + str);
    }

    public static X509CRL searchCRL(String str) throws Exception {
        return searchX509CRL(search(str), "certificateRevocationList;binary");
    }

    public static X509CRL searchDRL(String str) throws Exception {
        return searchX509CRL(search(str), "deltaRevocationList;binary");
    }

    public static X509CRL searchARL(String str) throws Exception {
        Attributes search = search(str);
        System.out.println(search);
        return searchX509CRL(search, "authorityRevocationList;binary");
    }

    public static List<X509CertificatePair> searchCrossCert(String str) throws Exception {
        Attributes search = search(str);
        ArrayList arrayList = new ArrayList();
        NamingEnumeration iDs = search.getIDs();
        while (iDs.hasMore()) {
            String str2 = (String) iDs.next();
            if (str2.equalsIgnoreCase("crossCertificatePair;binary")) {
                NamingEnumeration all = search.get(str2).getAll();
                while (all.hasMore()) {
                    X509CertPairParser x509CertPairParser = new X509CertPairParser();
                    x509CertPairParser.engineInit(new ByteArrayInputStream((byte[]) all.next()));
                    arrayList.add(X509Utils.convertCertificatePair((org.bouncycastle.x509.X509CertificatePair) x509CertPairParser.engineRead()));
                }
            }
        }
        return arrayList;
    }

    public static String getSubjectURLWithCert(X509Certificate x509Certificate) throws Exception {
        return subjectCertCommon(TBSCertificate.getInstance(x509Certificate.getTBSCertificate()).getExtensions(), "1.3.6.1.5.5.7.48.5");
    }

    public static String getIssueURLWithCert(X509Certificate x509Certificate) throws Exception {
        return issueCertCommon(TBSCertificate.getInstance(x509Certificate.getTBSCertificate()).getExtensions(), AccessDescription.id_ad_caIssuers.getId());
    }

    public static String getCRLURLWithCert(X509Certificate x509Certificate) throws Exception {
        return CrlCommon(x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId()));
    }

    public static String getDRLURLWithCert(X509Certificate x509Certificate) throws Exception {
        return CrlCommon(x509Certificate.getExtensionValue(Extension.freshestCRL.getId()));
    }

    public static String getIssueURLWithCRL(X509CRL x509crl) throws Exception {
        return issueCertCommon(TBSCertList.getInstance(x509crl.getTBSCertList()).getExtensions(), AccessDescription.id_ad_caIssuers.getId());
    }

    private static String CrlCommon(byte[] bArr) throws Exception {
        for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(JcaX509ExtensionUtils.parseExtensionValue(bArr)).getDistributionPoints()) {
            for (GeneralName generalName : GeneralNames.getInstance(distributionPoint.getDistributionPoint().getName().toASN1Primitive()).getNames()) {
                if (generalName.getTagNo() == 6) {
                    return new String(DERIA5String.getInstance(generalName.getName()).getOctets(), "utf-8");
                }
            }
        }
        throw new Exception("this cert is not contains cRLDistributionPoints");
    }

    private static String issueCertCommon(Extensions extensions, String str) throws Exception {
        for (AccessDescription accessDescription : AuthorityInformationAccess.fromExtensions(extensions).getAccessDescriptions()) {
            if (accessDescription.getAccessMethod().getId().equalsIgnoreCase(str)) {
                return new String(DERIA5String.getInstance(GeneralName.getInstance(accessDescription.getAccessLocation()).getName()).getOctets(), "utf-8");
            }
        }
        throw new Exception("this cert is not contains Authority Information Access");
    }

    private static String subjectCertCommon(Extensions extensions, String str) throws Exception {
        for (AccessDescription accessDescription : SubjectInformationAccess.fromExtensions(extensions).getAccessDescriptions()) {
            if (accessDescription.getAccessMethod().getId().equalsIgnoreCase(str)) {
                return new String(DERIA5String.getInstance(GeneralName.getInstance(accessDescription.getAccessLocation()).getName()).getOctets(), "utf-8");
            }
        }
        throw new Exception("this cert is not contains Subject Information Access");
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        try {
            certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        } catch (NoSuchProviderException | CertificateException e) {
            e.printStackTrace();
        }
    }
}
