package org.jivesoftware.openfire.keystore;

import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/keystore/CertificateUtils.class */
public class CertificateUtils {
    private static final Logger Log = LoggerFactory.getLogger(CertificateUtils.class);

    public static Set<X509Certificate> filterValid(X509Certificate... x509CertificateArr) {
        HashSet hashSet = new HashSet();
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (x509Certificate != null) {
                    try {
                        x509Certificate.checkValidity();
                        hashSet.add(x509Certificate);
                    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                    }
                }
            }
        }
        return hashSet;
    }

    public static Set<X509Certificate> filterValid(Collection<X509Certificate> collection) {
        return collection == null ? Collections.emptySet() : filterValid((X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]));
    }

    public static Set<TrustAnchor> toTrustAnchors(X509Certificate... x509CertificateArr) {
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate != null) {
                hashSet.add(new TrustAnchor(x509Certificate, null));
            }
        }
        return hashSet;
    }

    public static Set<TrustAnchor> toTrustAnchors(Collection<X509Certificate> collection) {
        return collection == null ? Collections.emptySet() : toTrustAnchors((X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]));
    }

    public static List<X509Certificate> order(Collection<X509Certificate> collection) throws CertificateException {
        LinkedList linkedList = new LinkedList();
        if (collection.isEmpty()) {
            return linkedList;
        }
        if (collection.size() == 1) {
            linkedList.addAll(collection);
            return linkedList;
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (X509Certificate x509Certificate : collection) {
            Principal issuerDN = x509Certificate.getIssuerDN();
            Principal subjectDN = x509Certificate.getSubjectDN();
            if (issuerDN.equals(subjectDN)) {
                X509Certificate x509Certificate2 = (X509Certificate) hashMap.put(null, x509Certificate);
                if (x509Certificate2 != null) {
                    throw new CertificateException("The provided input should not contain multiple root CA certificates. Issuer of first detected Root CA certificate: " + issuerDN + " Issuer of second detected Root CA certificate: : " + x509Certificate2);
                }
            } else if (hashMap.put(issuerDN, x509Certificate) != null) {
                throw new CertificateException("The provided input should not contain multiple certificates with identical issuerDN values. Offending value: " + issuerDN);
            }
            if (hashMap2.put(subjectDN, x509Certificate) != null) {
                throw new CertificateException("The provided input should not contain multiple certificates with identical subjectDN values. Offending value: " + subjectDN);
            }
        }
        X509Certificate x509Certificate3 = null;
        for (Map.Entry entry : hashMap2.entrySet()) {
            Principal principal = (Principal) entry.getKey();
            X509Certificate x509Certificate4 = (X509Certificate) entry.getValue();
            if (!hashMap.containsKey(principal)) {
                if (x509Certificate3 != null) {
                    throw new CertificateException("The provided input should not contain more than one certificates that has a subjectDN value that's not equal to the issuerDN value of another certificate.");
                }
                x509Certificate3 = x509Certificate4;
            }
        }
        if (x509Certificate3 == null) {
            throw new CertificateException("The provided input should contain a certificate that has a subjectDN value that's not equal to the issuerDN value of any other certificate.");
        }
        linkedList.add(x509Certificate3);
        Object remove = hashMap2.remove(x509Certificate3.getIssuerDN());
        while (true) {
            X509Certificate x509Certificate5 = (X509Certificate) remove;
            if (x509Certificate5 == null) {
                break;
            }
            linkedList.add(x509Certificate5);
            remove = hashMap2.remove(x509Certificate5.getIssuerDN());
        }
        if (linkedList.size() != collection.size()) {
            throw new CertificateException("Unable to recreate a certificate chain from the provided input.");
        }
        return linkedList;
    }

    public static X509Certificate identifyEndEntityCertificate(Collection<X509Certificate> collection) throws CertificateException {
        if (collection.isEmpty()) {
            throw new CertificateException();
        }
        try {
            return order(collection).get(0);
        } catch (CertificateException e) {
            Log.warn("Unable to order the provided chain. As a fallback, the end entity certificate is assumed to be the first certificate of the input.", (Throwable) e);
            return collection.iterator().next();
        }
    }

    public static Date findValidPointInTime(X509Certificate... x509CertificateArr) {
        Date date = null;
        Date date2 = null;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate != null) {
                Date notAfter = x509Certificate.getNotAfter();
                if (date == null || (notAfter != null && notAfter.before(date))) {
                    date = notAfter;
                }
                Date notBefore = x509Certificate.getNotBefore();
                if (date2 == null || (notBefore != null && notBefore.after(date2))) {
                    date2 = notBefore;
                }
            }
        }
        if (date2 == null || date == null || !date2.before(date)) {
            return null;
        }
        return date2;
    }
}
