package org.jruby.ext.openssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.x509.X509V2CRLGenerator;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyBoolean;
import org.jruby.RubyClass;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.RubyTime;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.ext.openssl.X509Extensions;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.PEMInputOutput;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;

/* loaded from: input_file:WEB-INF/lib/jruby-complete-1.7.18.jar:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/X509CRL.class */
public class X509CRL extends RubyObject {
    private static final long serialVersionUID = -2463300006179688577L;
    private IRubyObject version;
    private IRubyObject issuer;
    private IRubyObject last_update;
    private IRubyObject next_update;
    private IRubyObject revoked;
    private RubyArray extensions;
    private IRubyObject sig_alg;
    private boolean changed;
    private final X509V2CRLGenerator generator;
    private java.security.cert.X509CRL crl;
    private ASN1Primitive crl_v;
    private static final String IND8 = "        ";
    private static final String IND12 = "            ";
    private static final String IND16 = "                ";
    private static ObjectAllocator X509CRL_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.X509CRL.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby2, RubyClass rubyClass) {
            return new X509CRL(ruby2, rubyClass);
        }
    };
    private static final DateFormat ASN_DATE = new SimpleDateFormat("MMM dd HH:mm:ss yyyy zzz");

    public static void createX509CRL(Ruby ruby2, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("CRL", ruby2.getObject(), X509CRL_ALLOCATOR);
        RubyClass rubyClass = ruby2.getModule("OpenSSL").getClass("OpenSSLError");
        rubyModule.defineClassUnder("CRLError", rubyClass, rubyClass.getAllocator());
        defineClassUnder.defineAnnotatedMethods(X509CRL.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public java.security.cert.X509CRL getCRL() {
        return this.crl;
    }

    public X509CRL(Ruby ruby2, RubyClass rubyClass) {
        super(ruby2, rubyClass);
        this.changed = true;
        this.generator = new X509V2CRLGenerator();
    }

    @JRubyMethod(name = {"initialize"}, rest = true, visibility = Visibility.PRIVATE)
    public IRubyObject _initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr, Block block) {
        Object newString;
        Ruby ruby2 = threadContext.runtime;
        this.extensions = ruby2.newArray();
        this.revoked = ruby2.newArray();
        if (Arity.checkArgumentCount(ruby2, iRubyObjectArr, 0, 1) == 0) {
            IRubyObject nil = ruby2.getNil();
            this.version = nil;
            this.issuer = nil;
            IRubyObject nil2 = ruby2.getNil();
            this.last_update = nil2;
            this.next_update = nil2;
            return this;
        }
        try {
            this.crl = (java.security.cert.X509CRL) OpenSSLReal.getX509CertificateFactoryBC().generateCRL(new ByteArrayInputStream(iRubyObjectArr[0].convertToString().getBytes()));
            try {
                this.crl_v = new ASN1InputStream(new ByteArrayInputStream(OpenSSLImpl.readX509PEM(threadContext, iRubyObjectArr[0]))).readObject();
                ASN1Sequence aSN1Sequence = (ASN1Sequence) ((ASN1Sequence) this.crl_v).getObjectAt(0);
                ASN1Encodable objectAt = aSN1Sequence.getObjectAt(0);
                if (objectAt instanceof ASN1Integer) {
                    set_version(ruby2.newFixnum(((ASN1Integer) objectAt).getValue().intValue()));
                } else {
                    set_version(ruby2.newFixnum(2));
                }
                set_last_update(threadContext, RubyTime.newTime(ruby2, this.crl.getThisUpdate().getTime()));
                set_next_update(threadContext, RubyTime.newTime(ruby2, this.crl.getNextUpdate().getTime()));
                RubyString newString2 = RubyString.newString(ruby2, this.crl.getIssuerX500Principal().getEncoded());
                RubyModule module = ruby2.getModule("OpenSSL");
                RubyModule rubyModule = (RubyModule) module.getConstant(ASN1Registry.SN_X509);
                set_issuer(rubyModule.getClass("Name").callMethod(threadContext, "new", newString2));
                ASN1Primitive aSN1Primitive = (ASN1Primitive) aSN1Sequence.getObjectAt(aSN1Sequence.size() - 1);
                if ((aSN1Primitive instanceof ASN1TaggedObject) && ((ASN1TaggedObject) aSN1Primitive).getTagNo() == 0) {
                    RubyModule rubyModule2 = (RubyModule) module.getConstant("ASN1");
                    RubyClass rubyClass = rubyModule.getClass("Extension");
                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) ((ASN1TaggedObject) aSN1Primitive).getObject();
                    for (int i = 0; i < aSN1Sequence2.size(); i++) {
                        ASN1Sequence aSN1Sequence3 = (ASN1Sequence) aSN1Sequence2.getObjectAt(i);
                        boolean z = aSN1Sequence3.getObjectAt(1) == DERBoolean.TRUE;
                        String id = ((ASN1ObjectIdentifier) aSN1Sequence3.getObjectAt(0)).getId();
                        byte[] extensionValue = this.crl.getExtensionValue(id);
                        try {
                            newString = ASN1.decodeImpl(threadContext, rubyModule2, ASN1.decodeImpl(threadContext, rubyModule2, RubyString.newString(ruby2, extensionValue)).callMethod(threadContext, "value"));
                        } catch (Exception e) {
                            if (OpenSSLReal.isDebug(ruby2)) {
                                e.printStackTrace(ruby2.getOut());
                            }
                            newString = RubyString.newString(ruby2, extensionValue);
                        }
                        X509Extensions.Extension extension = (X509Extensions.Extension) rubyClass.callMethod(threadContext, "new");
                        extension.setRealOid(ASN1.getObjectIdentifier(threadContext.runtime, id));
                        extension.setRealValue(newString);
                        extension.setRealCritical(z);
                        this.extensions.append(extension);
                    }
                }
                this.changed = false;
                return this;
            } catch (IOException e2) {
                throw newCRLError(ruby2, e2);
            }
        } catch (GeneralSecurityException e3) {
            throw newCRLError(ruby2, e3.getMessage());
        }
    }

    @Override // org.jruby.RubyBasicObject
    @JRubyMethod(visibility = Visibility.PRIVATE)
    public IRubyObject initialize_copy(IRubyObject iRubyObject) {
        OpenSSLReal.warn(getRuntime().getCurrentContext(), "WARNING: unimplemented method called: CRL#init_copy");
        if (this == iRubyObject) {
            return this;
        }
        checkFrozen();
        return this;
    }

    @JRubyMethod(name = {"to_pem", "to_s"})
    public IRubyObject to_pem(ThreadContext threadContext) {
        StringWriter stringWriter = new StringWriter();
        try {
            PEMInputOutput.writeX509CRL(stringWriter, this.crl);
            return threadContext.runtime.newString(stringWriter.toString());
        } catch (IOException e) {
            throw newCRLError(threadContext.runtime, e);
        }
    }

    @JRubyMethod
    public IRubyObject to_der(ThreadContext threadContext) {
        try {
            return RubyString.newString(threadContext.runtime, this.crl_v.getEncoded());
        } catch (IOException e) {
            throw newCRLError(threadContext.runtime, e);
        }
    }

    @JRubyMethod
    public IRubyObject to_text(ThreadContext threadContext) {
        Ruby ruby2 = threadContext.runtime;
        StringBuilder sb = new StringBuilder(128);
        sb.append("Certificate Revocation List (CRL):\n");
        sb.append(IND8).append("Version ").append(RubyNumeric.fix2int(this.version) + 1).append(" (0x");
        sb.append(Integer.toString(RubyNumeric.fix2int(this.version), 16)).append(")\n");
        sb.append(IND8).append("Signature Algorithm: ").append(ASN1.nid2ln(ruby2, ASN1.obj2nid(ruby2, (ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) this.crl_v).getObjectAt(1)).getObjectAt(0)).intValue())).append("\n");
        sb.append(IND8).append("Issuer: ").append(issuer()).append("\n");
        sb.append(IND8).append("Last Update: ").append(ASN_DATE.format(((RubyTime) last_update()).getJavaDate())).append("\n");
        if (next_update().isNil()) {
            sb.append(IND8).append("Next Update: NONE\n");
        } else {
            sb.append(IND8).append("Next Update: ").append(ASN_DATE.format(((RubyTime) next_update()).getJavaDate())).append("\n");
        }
        if (this.extensions.size() > 0) {
            sb.append(IND8).append("CRL extensions\n");
            for (int i = 0; i < this.extensions.size(); i++) {
                X509Extensions.Extension extension = (X509Extensions.Extension) this.extensions.entry(i);
                sb.append(IND12).append(ASN1.o2a(ruby2, extension.getRealOid())).append(": ");
                if (extension.isRealCritical()) {
                    sb.append("critical");
                }
                sb.append("\n");
                sb.append(IND16).append(extension.value(threadContext)).append("\n");
            }
        }
        return ruby2.newString(sb.toString());
    }

    @JRubyMethod
    public IRubyObject version() {
        return this.version;
    }

    @JRubyMethod(name = {"version="})
    public IRubyObject set_version(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.version)) {
            this.changed = true;
        }
        this.version = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject signature_algorithm() {
        return this.sig_alg;
    }

    @JRubyMethod
    public IRubyObject issuer() {
        return this.issuer;
    }

    @JRubyMethod(name = {"issuer="})
    public IRubyObject set_issuer(IRubyObject iRubyObject) {
        if (!iRubyObject.equals(this.issuer)) {
            this.changed = true;
        }
        this.generator.setIssuerDN(((X509Name) iRubyObject).getRealName());
        this.issuer = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject last_update() {
        return this.last_update;
    }

    @JRubyMethod(name = {"last_update="})
    public IRubyObject set_last_update(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        RubyTime rubyTime = (RubyTime) iRubyObject.callMethod(threadContext, "getutc");
        rubyTime.setMicroseconds(0L);
        this.generator.setThisUpdate(rubyTime.getJavaDate());
        this.last_update = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject next_update() {
        return this.next_update;
    }

    @JRubyMethod(name = {"next_update="})
    public IRubyObject set_next_update(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        RubyTime rubyTime = (RubyTime) iRubyObject.callMethod(threadContext, "getutc");
        rubyTime.setMicroseconds(0L);
        this.generator.setNextUpdate(rubyTime.getJavaDate());
        this.next_update = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject revoked() {
        return this.revoked;
    }

    @JRubyMethod(name = {"revoked="})
    public IRubyObject set_revoked(IRubyObject iRubyObject) {
        this.changed = true;
        this.revoked = iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject add_revoked(ThreadContext threadContext, IRubyObject iRubyObject) {
        this.changed = true;
        this.revoked.callMethod(threadContext, "<<", iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject extensions() {
        return this.extensions;
    }

    @JRubyMethod(name = {"extensions="})
    public IRubyObject set_extensions(IRubyObject iRubyObject) {
        this.extensions = (RubyArray) iRubyObject;
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject add_extension(IRubyObject iRubyObject) {
        this.extensions.append(iRubyObject);
        return iRubyObject;
    }

    @JRubyMethod
    public IRubyObject sign(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        Ruby ruby2 = threadContext.runtime;
        String algorithm = ((PKey) iRubyObject).getAlgorithm();
        String shortAlgorithm = ((Digest) iRubyObject2).getShortAlgorithm();
        if ((ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "MD5".equalsIgnoreCase(shortAlgorithm)) || (("RSA".equalsIgnoreCase(algorithm) && "DSS1".equals(((Digest) iRubyObject2).name().toString())) || (ASN1Registry.SN_dsa.equalsIgnoreCase(algorithm) && "SHA1".equals(((Digest) iRubyObject2).name().toString())))) {
            throw newCRLError(ruby2, "unsupported key / digest algorithm (" + iRubyObject + " / " + shortAlgorithm + ")");
        }
        this.sig_alg = ruby2.newString(shortAlgorithm);
        this.generator.setSignatureAlgorithm(shortAlgorithm + "WITH" + algorithm);
        RubyArray rubyArray = (RubyArray) this.revoked;
        for (int i = 0; i < rubyArray.size(); i++) {
            X509Revoked x509Revoked = (X509Revoked) rubyArray.entry(i);
            BigInteger bigInteger = new BigInteger(x509Revoked.callMethod(threadContext, "serial").toString());
            RubyTime rubyTime = (RubyTime) x509Revoked.callMethod(threadContext, "time").callMethod(threadContext, "getutc");
            rubyTime.setMicroseconds(0L);
            this.generator.addCRLEntry(bigInteger, rubyTime.getJavaDate(), new org.bouncycastle.asn1.x509.X509Extensions(new Hashtable()));
        }
        for (int i2 = 0; i2 < this.extensions.size(); i2++) {
            try {
                X509Extensions.Extension extension = (X509Extensions.Extension) this.extensions.entry(i2);
                this.generator.addExtension(extension.getRealOid(), extension.isRealCritical(), extension.getRealValueBytes());
            } catch (IOException e) {
                throw newCRLError(ruby2, e);
            }
        }
        try {
            this.crl = this.generator.generate(((PKey) iRubyObject).getPrivateKey());
            try {
                this.crl_v = new ASN1InputStream(new ByteArrayInputStream(this.crl.getEncoded())).readObject();
                ASN1Sequence aSN1Sequence = (ASN1Sequence) ((ASN1Sequence) this.crl_v).getObjectAt(0);
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                int i3 = aSN1Sequence.getObjectAt(0) instanceof ASN1Integer ? 0 + 1 : 0;
                aSN1EncodableVector.add(new ASN1Integer(new BigInteger(this.version.toString())));
                while (i3 < aSN1Sequence.size()) {
                    int i4 = i3;
                    i3++;
                    aSN1EncodableVector.add(aSN1Sequence.getObjectAt(i4));
                }
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new DLSequence(aSN1EncodableVector));
                aSN1EncodableVector2.add(((ASN1Sequence) this.crl_v).getObjectAt(1));
                aSN1EncodableVector2.add(((ASN1Sequence) this.crl_v).getObjectAt(2));
                this.crl_v = new DLSequence(aSN1EncodableVector2);
                this.changed = false;
                return this;
            } catch (IOException e2) {
                throw newCRLError(ruby2, e2);
            } catch (CRLException e3) {
                throw newCRLError(ruby2, e3);
            }
        } catch (IllegalStateException e4) {
            if (OpenSSLReal.isDebug(ruby2)) {
                e4.printStackTrace(ruby2.getOut());
            }
            throw newCRLError(ruby2, e4);
        } catch (GeneralSecurityException e5) {
            if (OpenSSLReal.isDebug(ruby2)) {
                e5.printStackTrace(ruby2.getOut());
            }
            throw newCRLError(ruby2, e5.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject verify(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (this.changed) {
            return threadContext.runtime.getFalse();
        }
        try {
            return threadContext.runtime.newBoolean(SecurityHelper.verify(this.crl, ((PKey) iRubyObject).getPublicKey(), true));
        } catch (InvalidKeyException e) {
            return threadContext.runtime.getFalse();
        } catch (NoSuchAlgorithmException e2) {
            return threadContext.runtime.getFalse();
        } catch (SignatureException e3) {
            return threadContext.runtime.getFalse();
        } catch (CRLException e4) {
            return threadContext.runtime.getFalse();
        }
    }

    private static RubyBoolean printExceptionAndGetFalse(Ruby ruby2, Exception exc) {
        if (OpenSSLReal.isDebug(ruby2)) {
            exc.printStackTrace(ruby2.getOut());
        }
        return ruby2.getFalse();
    }

    private static RubyClass _CRLError(Ruby ruby2) {
        return X509._X509(ruby2).getClass("CertificateError");
    }

    static RaiseException newCRLError(Ruby ruby2, Exception exc) {
        return Utils.newError(ruby2, _CRLError(ruby2), exc);
    }

    private static RaiseException newCRLError(Ruby ruby2, String str) {
        return Utils.newError(ruby2, _CRLError(ruby2), str);
    }
}
