package eu.europa.esig.dss.model.x509;

import eu.europa.esig.dss.enumerations.KeyUsageBit;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureValidity;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.identifier.CertificateTokenIdentifier;
import eu.europa.esig.dss.model.identifier.EntityIdentifier;
import eu.europa.esig.dss.model.identifier.TokenIdentifier;
import java.math.BigInteger;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:eu/europa/esig/dss/model/x509/CertificateToken.class */
public class CertificateToken extends Token {
    private final X509Certificate x509Certificate;
    private final EntityIdentifier entityKey;
    private Boolean selfSigned;
    private List<KeyUsageBit> keyUsageBits;

    public CertificateToken(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate, "X509 certificate is missing");
        this.x509Certificate = x509Certificate;
        this.entityKey = new EntityIdentifier(x509Certificate.getPublicKey());
        this.signatureAlgorithm = SignatureAlgorithm.forOidAndParams(x509Certificate.getSigAlgOID(), x509Certificate.getSigAlgParams());
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String getAbbreviation() {
        return getDSSIdAsString();
    }

    public EntityIdentifier getEntityKey() {
        return this.entityKey;
    }

    public PublicKey getPublicKey() {
        return this.x509Certificate.getPublicKey();
    }

    public Date getNotAfter() {
        return this.x509Certificate.getNotAfter();
    }

    public Date getNotBefore() {
        return this.x509Certificate.getNotBefore();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public Date getCreationDate() {
        return getNotBefore();
    }

    public boolean isValidOn(Date date) {
        if (this.x509Certificate == null || date == null) {
            return false;
        }
        try {
            this.x509Certificate.checkValidity(date);
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            return false;
        }
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public boolean isSelfSigned() {
        if (this.selfSigned == null) {
            this.selfSigned = Boolean.valueOf(isSelfIssued());
            if (this.selfSigned.booleanValue()) {
                try {
                    this.x509Certificate.verify(this.x509Certificate.getPublicKey());
                    this.selfSigned = true;
                    this.signatureValidity = SignatureValidity.VALID;
                } catch (Exception e) {
                    this.selfSigned = false;
                }
            }
        } else if (this.selfSigned.booleanValue()) {
            this.signatureValidity = SignatureValidity.VALID;
        }
        return this.selfSigned.booleanValue();
    }

    public boolean isSelfIssued() {
        return this.x509Certificate.getSubjectX500Principal().getName("CANONICAL").equals(this.x509Certificate.getIssuerX500Principal().getName("CANONICAL"));
    }

    public boolean isEquivalent(CertificateToken certificateToken) {
        return Arrays.equals(getPublicKey().getEncoded(), certificateToken.getPublicKey().getEncoded());
    }

    public X509Certificate getCertificate() {
        return this.x509Certificate;
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public byte[] getEncoded() {
        try {
            return this.x509Certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new DSSException("Unable to encode the certificate", e);
        }
    }

    public BigInteger getSerialNumber() {
        return this.x509Certificate.getSerialNumber();
    }

    public X500PrincipalHelper getSubject() {
        return new X500PrincipalHelper(this.x509Certificate.getSubjectX500Principal());
    }

    public X500PrincipalHelper getIssuer() {
        return new X500PrincipalHelper(this.x509Certificate.getIssuerX500Principal());
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public X500Principal getIssuerX500Principal() {
        return this.x509Certificate.getIssuerX500Principal();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    protected SignatureValidity checkIsSignedBy(CertificateToken certificateToken) {
        this.signatureValidity = SignatureValidity.INVALID;
        this.signatureInvalidityReason = "";
        try {
            this.x509Certificate.verify(certificateToken.getPublicKey());
            this.signatureValidity = SignatureValidity.VALID;
        } catch (NoSuchProviderException e) {
            throw new DSSException(e);
        } catch (Exception e2) {
            this.signatureInvalidityReason = e2.getClass().getSimpleName() + " : " + e2.getMessage();
        }
        return this.signatureValidity;
    }

    public boolean checkKeyUsage(KeyUsageBit keyUsageBit) {
        return getKeyUsageBits().contains(keyUsageBit);
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    public String toString(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("CertificateToken[\n");
        String str2 = str + "\t";
        sb.append(str2).append("DSS Id              : ").append(getDSSIdAsString()).append('\n');
        sb.append(str2).append("Identity Id         : ").append(getEntityKey()).append('\n');
        sb.append(str2).append("Validity period     : ").append(this.x509Certificate.getNotBefore()).append(" - ").append(this.x509Certificate.getNotAfter()).append('\n');
        sb.append(str2).append("Subject name        : ").append(getSubject().getCanonical()).append('\n');
        sb.append(str2).append("Issuer subject name : ").append(getIssuer().getCanonical()).append('\n');
        sb.append(str2).append("Serial Number       : ").append(getSerialNumber()).append('\n');
        sb.append(str2).append("Signature algorithm : ").append((Object) (this.signatureAlgorithm == null ? "?" : this.signatureAlgorithm)).append('\n');
        if (isSelfSigned()) {
            sb.append(str2).append("[SELF-SIGNED]").append('\n');
        }
        sb.append(str2.substring(1)).append(']');
        return sb.toString();
    }

    public List<KeyUsageBit> getKeyUsageBits() {
        if (this.keyUsageBits == null) {
            this.keyUsageBits = new ArrayList();
            boolean[] keyUsage = this.x509Certificate.getKeyUsage();
            if (keyUsage != null) {
                for (KeyUsageBit keyUsageBit : KeyUsageBit.values()) {
                    if (keyUsage[keyUsageBit.getIndex()]) {
                        this.keyUsageBits.add(keyUsageBit);
                    }
                }
            }
        }
        return this.keyUsageBits;
    }

    public boolean isCA() {
        return this.x509Certificate.getBasicConstraints() != -1;
    }

    public byte[] getSignature() {
        return this.x509Certificate.getSignature();
    }

    @Override // eu.europa.esig.dss.model.x509.Token
    protected TokenIdentifier buildTokenIdentifier() {
        return new CertificateTokenIdentifier(this);
    }
}
