package weblogic.security.utils;

import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import weblogic.security.SecurityMessagesTextFormatter;

/* loaded from: input_file:weblogic/security/utils/X509Utils.class */
public class X509Utils {
    private static SecurityMessagesTextFormatter formatter = SecurityMessagesTextFormatter.getInstance();

    public static boolean isEmpty(CertPath certPath) {
        List<? extends Certificate> certificates;
        return certPath == null || (certificates = certPath.getCertificates()) == null || certificates.size() <= 0;
    }

    public static boolean containsNonX509Certificate(CertPath certPath) {
        if (isEmpty(certPath)) {
            return false;
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        for (int i = 0; i < certificates.size(); i++) {
            if (!(certificates.get(i) instanceof X509Certificate)) {
                return true;
            }
        }
        return false;
    }

    public static X509Certificate[] getCertificates(CertPath certPath) {
        if (isEmpty(certPath)) {
            return new X509Certificate[0];
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        return (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]);
    }

    public static void validateOrdered(CertPath certPath) throws CertificateException {
        if (isEmpty(certPath)) {
            return;
        }
        if (containsNonX509Certificate(certPath)) {
            throw new AssertionError("Received a cert path containing a non-X509 certificate");
        }
        X509Certificate[] certificates = getCertificates(certPath);
        if (certificates == null || certificates.length < 2) {
            return;
        }
        for (int i = 0; i < certificates.length - 1; i++) {
            if (isSelfSigned(certificates[i])) {
                throw new CertificateException(formatter.getSelfSignedCertificateInChainError(certificates[i].toString()));
            }
            validateIssuedBy(certificates[i], certificates[i + 1]);
        }
    }

    public static boolean isOrdered(CertPath certPath) {
        try {
            validateOrdered(certPath);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public static String getName(X500Principal x500Principal) {
        if (x500Principal != null) {
            return x500Principal.getName("RFC2253");
        }
        return null;
    }

    public static boolean sameX500Principal(X500Principal x500Principal, X500Principal x500Principal2) {
        if (x500Principal == null && x500Principal2 == null) {
            return true;
        }
        if (x500Principal == null || x500Principal2 != null) {
            return (x500Principal != null || x500Principal2 == null) && getName(x500Principal).equals(getName(x500Principal2));
        }
        return false;
    }

    public static String getSubjectDN(X509Certificate x509Certificate) {
        return getName(x509Certificate.getSubjectX500Principal());
    }

    public static String getIssuerDN(X509Certificate x509Certificate) {
        return getName(x509Certificate.getIssuerX500Principal());
    }

    public static void validateIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException {
        if (!getIssuerDN(x509Certificate).equals(getSubjectDN(x509Certificate2))) {
            throw new CertificateException(formatter.getIssuerDNMismatchError(x509Certificate.toString(), x509Certificate2.toString()));
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
        } catch (Exception e) {
            throw new CertificateException(formatter.getCertificateNotSignedByIssuerError(x509Certificate.toString(), x509Certificate2.toString()));
        }
    }

    public static boolean isIssuedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            validateIssuedBy(x509Certificate, x509Certificate2);
            return true;
        } catch (CertificateException e) {
            return false;
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return isIssuedBy(x509Certificate, x509Certificate);
    }
}
