package br.jus.cnj.projudi.util;

import br.jus.cnj.projudi.gui.common.vo.ApplicationContext;
import java.security.AuthProvider;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.login.LoginException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:br/jus/cnj/projudi/util/CertificadoUtil.class */
public class CertificadoUtil {
    public static String PROVIDER_NAME = "BC";
    public static String OPENSC_LIB = "/usr/lib/opensc-pkcs11.so";

    public static String[] listarAliasTokenSmart(boolean z, boolean z2) {
        ArrayList arrayList = new ArrayList();
        if ("Linux".compareTo(System.getProperty("os.name")) != 0) {
            preparaListaAliasWindows(arrayList, z, z2);
        } else {
            preparaListaAliasWindows(arrayList, z, z2);
        }
        if (arrayList.size() != 1) {
            arrayList.add(" -- Inserir o Cartão A3 e Atualizar -- ");
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static String[] listarAliasTokenSmart(boolean z) {
        return listarAliasTokenSmart(z, false);
    }

    private static void preparaListaAliasWindows(List<String> list, boolean z, boolean z2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                X509Certificate certificateByAlias = getCertificateByAlias(nextElement);
                if (certificateByAlias != null) {
                    boolean isRaizIcpBrasil = isRaizIcpBrasil(certificateByAlias, Arrays.asList((X509Certificate[]) keyStore.getCertificateChain(nextElement)));
                    if (!z || isRaizIcpBrasil) {
                        boolean z3 = true;
                        try {
                            certificateByAlias.checkValidity();
                        } catch (CertificateExpiredException e) {
                            z3 = false;
                        } catch (CertificateNotYetValidException e2) {
                            z3 = false;
                        }
                        if (!z3) {
                            addToList(nextElement, certificateByAlias, arrayList3);
                        } else if (isRaizIcpBrasil) {
                            addToList(nextElement, certificateByAlias, arrayList);
                        } else {
                            addToList(nextElement, certificateByAlias, arrayList2);
                        }
                    }
                }
            }
            list.addAll(arrayList);
            if (z2) {
                return;
            }
            list.addAll(arrayList2);
            list.addAll(arrayList3);
        } catch (Exception e3) {
        }
    }

    private static void addToList(String str, X509Certificate x509Certificate, List<String> list) {
        try {
            Date notBefore = x509Certificate.getNotBefore();
            int i = 0;
            while (i < list.size() && !notBefore.after(getCertificateByAlias(list.get(i)).getNotBefore())) {
                i++;
            }
            list.add(i, str);
        } catch (Exception e) {
        }
    }

    public static X509Certificate getCertificateByAlias(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.getCertificate(nextElement).getPublicKey().getFormat().equalsIgnoreCase("X.509") && keyStore.isKeyEntry(nextElement) && nextElement.equals(str)) {
                    return (X509Certificate) keyStore.getCertificate(nextElement);
                }
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public static void authProviderLogout() throws LoginException {
        ((AuthProvider) Security.getProvider(PROVIDER_NAME)).logout();
    }

    private static boolean isRaizIcpBrasil(X509Certificate x509Certificate, Collection collection) {
        ArrayList<X509Certificate> trustedRootCerts = ApplicationContext.getInstance().getTrustedRootCerts();
        boolean z = trustedRootCerts != null;
        if (z) {
            try {
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509Certificate);
                HashSet hashSet = new HashSet();
                Iterator<X509Certificate> it = trustedRootCerts.iterator();
                while (it.hasNext()) {
                    hashSet.add(new TrustAnchor(it.next(), null));
                }
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
                pKIXBuilderParameters.setRevocationEnabled(false);
                Security.addProvider(new BouncyCastleProvider());
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection), "BC"));
                CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
            } catch (Exception e) {
                z = false;
            }
        }
        return z;
    }
}
