package de.flyingsnail.ipv6droid.transport.dtls;

import de.flyingsnail.ipv6droid.android.AndroidLoggingHandler;
import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URL;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class DTLSUtils {
    private static final Logger logger = AndroidLoggingHandler.getLogger(DTLSUtils.class);

    private DTLSUtils() {
    }

    static boolean areSameCertificate(TlsCertificate tlsCertificate, TlsCertificate tlsCertificate2) throws IOException {
        return Arrays.areEqual(tlsCertificate.getEncoded(), tlsCertificate2.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Date getExpiryDate(TlsCertificate tlsCertificate) throws IOException {
        Time endDate = Certificate.getInstance(tlsCertificate.getEncoded()).getTBSCertificate().getEndDate();
        return endDate == null ? new Date(new Date().getTime() + 31536000000L) : endDate.getDate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Inet6Address getIpv6AlternativeName(TlsCertificate tlsCertificate) {
        Extensions extensions;
        try {
            extensions = Certificate.getInstance(tlsCertificate.getEncoded()).getTBSCertificate().getExtensions();
        } catch (Throwable th) {
            logger.log(Level.WARNING, "severe problem occurred", th);
        }
        if (extensions == null) {
            logger.info("No certificate extensions presented");
            return null;
        }
        for (GeneralName generalName : GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName).getNames()) {
            if (generalName.getTagNo() == 7) {
                InetAddress byAddress = InetAddress.getByAddress(new BigInteger(generalName.getName().toString().substring(1), 16).toByteArray());
                if (byAddress instanceof Inet6Address) {
                    logger.info("Supplied cert contains IPv6 subject alternative name: " + byAddress);
                    return (Inet6Address) byAddress;
                }
                logger.fine("Found subject alternative name IP address, but not IPv6: " + byAddress);
            } else {
                logger.fine("Found subject alternative name which is not IP: " + generalName.getName());
            }
        }
        logger.fine("Supplied cert did not contain an IPv6 subject alternative name");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getIssuerName(TlsCertificate tlsCertificate) throws IOException {
        return Certificate.getInstance(tlsCertificate.getEncoded()).getTBSCertificate().getIssuer().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URL getIssuerUrl(TlsCertificate tlsCertificate) throws IOException {
        Extensions extensions = Certificate.getInstance(tlsCertificate.getEncoded()).getTBSCertificate().getExtensions();
        if (extensions == null) {
            logger.info("No certificate extensions presented");
            return null;
        }
        for (GeneralName generalName : GeneralNames.fromExtensions(extensions, Extension.issuerAlternativeName).getNames()) {
            if (generalName.getTagNo() == 6) {
                return new URL(generalName.getName().toString());
            }
            logger.fine("Found issuer alternative name which is not otherName: " + generalName.getName());
        }
        logger.fine("Supplied cert did not contain an otherName issuer alternative name");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSubjectCommonName(TlsCertificate tlsCertificate) throws IOException {
        RDN[] rDNs;
        X500Name subjectName = getSubjectName(tlsCertificate);
        if (subjectName == null || (rDNs = subjectName.getRDNs(X509ObjectIdentifiers.commonName)) == null || rDNs.length == 0) {
            return null;
        }
        return rDNs[0].getFirst().getValue().toString();
    }

    static X500Name getSubjectName(TlsCertificate tlsCertificate) throws IOException {
        return Certificate.getInstance(tlsCertificate.getEncoded()).getTBSCertificate().getSubject();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static org.bouncycastle.tls.Certificate parseCertificateChain(TlsCrypto tlsCrypto, List<String> list) throws IOException {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(parseCertificateString(tlsCrypto, it.next()));
        }
        return new org.bouncycastle.tls.Certificate((TlsCertificate[]) arrayList.toArray(new TlsCertificate[0]));
    }

    private static TlsCertificate parseCertificateString(TlsCrypto tlsCrypto, String str) throws IOException {
        PemObject parsePemString = parsePemString(str);
        if (parsePemString.getType().endsWith(PEMParser.TYPE_CERTIFICATE)) {
            return tlsCrypto.createCertificate(parsePemString.getContent());
        }
        throw new IllegalArgumentException("Supplied PEM string doesn't specify a valid certificate");
    }

    private static PemObject parsePemString(String str) throws IOException {
        PemReader pemReader = new PemReader(new StringReader(str));
        PemObject readPemObject = pemReader.readPemObject();
        pemReader.close();
        if (readPemObject != null) {
            return readPemObject;
        }
        throw new IllegalArgumentException("Supplied string is not valid PEM");
    }
}
