package com.zimbra.cs.service.authenticator;

import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.service.authenticator.ClientCertPrincipalMap;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.GnuParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extension;

/* loaded from: input_file:com/zimbra/cs/service/authenticator/CertUtil.class */
public class CertUtil {
    static final String LOG_PREFIX = "certauth - ";
    static final String ATTR_EMAILADDRESS = "EMAILADDRESS";
    private static final String OID_UPN = "1.3.6.1.4.1.311.20.2.3";
    private static final Map<String, String> KNOWN_NON_RFC2252_ATTRS = new HashMap();
    X509Certificate cert;
    private static int EXIT_CODE_GOOD;
    private static int EXIT_CODE_BAD;
    private static String O_CERT;
    private static String O_DUMP;
    private static String O_GET;
    private static String O_HELP;
    private static String O_PRINT;

    private CertUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertUtil(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCertField(ClientCertPrincipalMap.CertField certField) {
        if (certField instanceof ClientCertPrincipalMap.KnownCertField) {
            return getKnownCertField((ClientCertPrincipalMap.KnownCertField) certField);
        }
        if (certField instanceof ClientCertPrincipalMap.SubjectCertField) {
            return getSubjectCertField((ClientCertPrincipalMap.SubjectCertField) certField);
        }
        return null;
    }

    private String getKnownCertField(ClientCertPrincipalMap.KnownCertField knownCertField) {
        String str = null;
        switch (knownCertField.getField()) {
            case SUBJECT_DN:
                str = getSubjectDN();
                break;
            case SUBJECTALTNAME_OTHERNAME_UPN:
                str = getSubjectAltNameOtherNameUPN();
                break;
            case SUBJECTALTNAME_RFC822NAME:
                str = getSubjectAltNameRfc822Name();
                break;
        }
        return str;
    }

    private String getSubjectCertField(ClientCertPrincipalMap.SubjectCertField subjectCertField) {
        String rDNAttrType = subjectCertField.getRDNAttrType();
        return getSubjectAttr(rDNAttrType, KNOWN_NON_RFC2252_ATTRS.get(rDNAttrType));
    }

    String getSubjectDN() {
        return this.cert.getSubjectX500Principal().getName();
    }

    String getSubjectAltNameOtherNameUPN() {
        Collection<List<?>> collection = null;
        try {
            collection = this.cert.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            ZimbraLog.account.warn("certauth - unable to get subject alternative names", e);
        }
        if (collection == null) {
            return null;
        }
        try {
            for (List<?> list : collection) {
                if (0 == ((Integer) list.get(0)).intValue()) {
                    DERSequence readObject = new ASN1InputStream((byte[]) list.toArray()[1]).readObject();
                    String id = DERObjectIdentifier.getInstance(readObject.getObjectAt(0)).getId();
                    ASN1TaggedObject aSN1TaggedObject = ASN1TaggedObject.getInstance(readObject.getObjectAt(1));
                    if (OID_UPN.equals(id)) {
                        return DERUTF8String.getInstance(ASN1TaggedObject.getInstance(aSN1TaggedObject.getObject()).getObject()).getString();
                    }
                }
            }
            return null;
        } catch (IOException e2) {
            ZimbraLog.account.warn("certauth - unable to process ASN.1 data", e2);
            return null;
        }
    }

    String getSubjectAltNameRfc822Name() {
        Collection<List<?>> collection = null;
        try {
            collection = this.cert.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            ZimbraLog.account.warn("certauth - unable to get subject alternative names", e);
        }
        if (collection == null) {
            return null;
        }
        for (List<?> list : collection) {
            if (1 == ((Integer) list.get(0)).intValue()) {
                return (String) list.get(1);
            }
        }
        return null;
    }

    private String getSubjectAttr(String str, String str2) {
        String subjectDN = getSubjectDN();
        try {
            for (Rdn rdn : new LdapName(subjectDN).getRdns()) {
                String type = rdn.getType();
                boolean contains = type.contains(".");
                if (contains ? type.equals(str2) : type.equals(str)) {
                    Object value = rdn.getValue();
                    if (value != null) {
                        if (!contains) {
                            return value.toString();
                        }
                        try {
                            return DERIA5String.getInstance(new ASN1InputStream((byte[]) value).readObject()).getString();
                        } catch (IOException e) {
                            ZimbraLog.account.warn("certauth - unable to decode " + type, e);
                        }
                    }
                }
            }
            return null;
        } catch (InvalidNameException e2) {
            ZimbraLog.account.warn("certauth - Invalid subject dn value" + subjectDN, e2);
            return null;
        }
    }

    private void loadCert(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        this.cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
        fileInputStream.close();
    }

    private void dumpCert(String str) throws Exception {
        outputCert(str, true);
    }

    private void printCert(String str) throws Exception {
        outputCert(str, false);
    }

    private void outputCert(String str, boolean z) throws Exception {
        PrintStream printStream = str != null ? new PrintStream(str) : System.out;
        try {
            if (z) {
                printStream.println(this.cert.toString());
            } else {
                printCert(printStream);
            }
            printStream.flush();
            if (str != null) {
                printStream.close();
            }
        } finally {
            printStream.flush();
            if (str != null) {
                printStream.close();
            }
        }
    }

    private void printCert(PrintStream printStream) throws Exception {
        printVersion(printStream);
        printSerialNumber(printStream);
        printSigAlg(printStream);
        printIssuer(printStream);
        printValidity(printStream);
        printSubject(printStream);
        printX509V3Extension(printStream);
    }

    private void printX509V3Extension(PrintStream printStream) throws Exception {
        printStream.println();
        printStream.format("X509v3 extensions:\n", new Object[0]);
        printSubjectAlternativeNames(printStream);
        printStream.println();
        printCRLDistributionPoints(printStream);
        printStream.println();
    }

    private void printVersion(PrintStream printStream) {
        int version = this.cert.getVersion();
        printStream.format("Version: %d (0x%x)\n", Integer.valueOf(version), Integer.valueOf(version));
    }

    private void printSerialNumber(PrintStream printStream) {
        BigInteger serialNumber = this.cert.getSerialNumber();
        printStream.format("Serial Number: %s (0x%x)\n", serialNumber.toString(), serialNumber);
    }

    private void printSigAlg(PrintStream printStream) throws Exception {
        printStream.format("Signature Algorithm: %s (%s)\n", this.cert.getSigAlgName(), this.cert.getSigAlgOID());
    }

    private void printIssuer(PrintStream printStream) {
        printStream.format("Issuer: %s\n", this.cert.getIssuerX500Principal().getName());
    }

    private void printValidity(PrintStream printStream) {
        Date notBefore = this.cert.getNotBefore();
        Date notAfter = this.cert.getNotAfter();
        printStream.format("Validity\n", new Object[0]);
        printStream.format("    Not Before: %s\n", notBefore.toGMTString());
        printStream.format("    Not After : %s\n", notAfter.toGMTString());
    }

    private void printSubject(PrintStream printStream) {
        printStream.format("Subject: %s\n", this.cert.getSubjectX500Principal().getName());
    }

    private void printSubjectAlternativeNames(PrintStream printStream) throws Exception {
        printStream.format("X509v3 Subject Alternative Name: \n", new Object[0]);
        try {
            Collection<List<?>> subjectAlternativeNames = this.cert.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return;
            }
            for (List<?> list : subjectAlternativeNames) {
                Integer num = (Integer) list.get(0);
                if (0 == num.intValue()) {
                    DERSequence readObject = new ASN1InputStream((byte[]) list.toArray()[1]).readObject();
                    Object id = DERObjectIdentifier.getInstance(readObject.getObjectAt(0)).getId();
                    printStream.format("    [%d] %s(%s) = %s\n", num, id, "Principal Name", OID_UPN.equals(id) ? DERUTF8String.getInstance(ASN1TaggedObject.getInstance(ASN1TaggedObject.getInstance(readObject.getObjectAt(1)).getObject()).getObject()).getString() : null);
                } else if (1 == num.intValue()) {
                    printStream.format("    [%d] %s = %s\n", num, "RFC822 Name", (String) list.get(1));
                } else if (2 == num.intValue()) {
                    printStream.format("    [%d] %s = %s\n", num, "DNS Name", (String) list.get(1));
                } else {
                    printStream.format("    [%d] - not yet supported\n", num);
                }
            }
        } catch (CertificateParsingException e) {
            e.printStackTrace();
        }
    }

    private void printCRLDistributionPoints(PrintStream printStream) throws Exception {
        printStream.format("X509v3 CRL Distribution Points: \n", new Object[0]);
        byte[] extensionValue = this.cert.getExtensionValue(X509Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return;
        }
        for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(ASN1Object.fromByteArray(DEROctetString.getInstance(ASN1Object.fromByteArray(extensionValue)).getOctets())).getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            int type = distributionPoint2.getType();
            if (0 == type) {
                printStream.format("Full Name: \n", new Object[0]);
                for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                    int tagNo = generalName.getTagNo();
                    if (6 == tagNo) {
                        printStream.format("    %s\n", DERIA5String.getInstance(generalName.getName()).getString());
                    } else {
                        printStream.format("tag %d not yet implemented", Integer.valueOf(tagNo));
                    }
                }
            } else {
                printStream.format("type %d not yet implemented", Integer.valueOf(type));
            }
        }
    }

    private static void usage(Options options, String str) {
        System.out.println("\n");
        System.out.println(str);
        usage(options);
    }

    private static void usage(Options options) {
        System.out.println("\n");
        PrintWriter printWriter = new PrintWriter((OutputStream) System.out, true);
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.printHelp(printWriter, helpFormatter.getWidth(), "zmjava " + CertUtil.class.getCanonicalName() + " [options]", (String) null, options, helpFormatter.getLeftPadding(), helpFormatter.getDescPadding(), (String) null);
        System.out.println("\n");
        printWriter.flush();
    }

    public static void main(String[] strArr) {
        Options options = new Options();
        options.addOption(O_CERT, true, "file path of the certificate");
        options.addOption(O_DUMP, false, "dump the certificate (print toString() value of the certificate)");
        options.addOption(O_GET, true, "get a field in the certificate, valid fields:" + ClientCertPrincipalMap.KnownCertField.names() + "|" + ClientCertPrincipalMap.SubjectCertField.names());
        options.addOption(O_HELP, false, "print usage");
        options.addOption(O_PRINT, false, "print the certificate(print each parsed certificate fields)");
        CommandLine commandLine = null;
        try {
            commandLine = new GnuParser().parse(options, strArr);
        } catch (ParseException e) {
            usage(options);
            e.printStackTrace();
            System.exit(EXIT_CODE_BAD);
        }
        if (commandLine == null) {
            throw new ParseException(OperationContextData.GranteeNames.EMPTY_NAME);
        }
        if (commandLine.hasOption(O_HELP)) {
            usage(options);
            System.exit(EXIT_CODE_GOOD);
        }
        String str = null;
        if (commandLine.hasOption(O_CERT)) {
            str = commandLine.getOptionValue(O_CERT);
        } else {
            usage(options, "missing cert path");
            System.exit(EXIT_CODE_BAD);
        }
        try {
            CertUtil certUtil = new CertUtil();
            certUtil.loadCert(str);
            if (commandLine.hasOption(O_DUMP)) {
                certUtil.dumpCert((String) null);
            } else if (commandLine.hasOption(O_PRINT)) {
                certUtil.printCert((String) null);
            } else if (commandLine.hasOption(O_GET)) {
                String optionValue = commandLine.getOptionValue(O_GET);
                System.out.println(optionValue + ": " + certUtil.getCertField(ClientCertPrincipalMap.parseCertField(optionValue)));
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            System.exit(EXIT_CODE_BAD);
        }
    }

    static {
        KNOWN_NON_RFC2252_ATTRS.put(ATTR_EMAILADDRESS, "1.2.840.113549.1.9.1");
        EXIT_CODE_GOOD = 0;
        EXIT_CODE_BAD = 0;
        O_CERT = "c";
        O_DUMP = "d";
        O_GET = "g";
        O_HELP = "h";
        O_PRINT = "p";
    }
}
