package com.nimbusds.oauth2.sdk.util;

import com.nimbusds.jose.util.X509CertUtils;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.Subject;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:WEB-INF/lib/oauth2-oidc-sdk-8.4.2.jar:com/nimbusds/oauth2/sdk/util/X509CertificateUtils.class */
public final class X509CertificateUtils {
    public static boolean hasMatchingIssuerAndSubject(X509Certificate x509Certificate) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        Principal subjectDN = x509Certificate.getSubjectDN();
        return (issuerDN == null || subjectDN == null || !issuerDN.equals(subjectDN)) ? false : true;
    }

    public static boolean isSelfIssued(X509Certificate x509Certificate) {
        return hasMatchingIssuerAndSubject(x509Certificate) && isSelfSigned(x509Certificate);
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return hasValidSignature(x509Certificate, x509Certificate.getPublicKey());
    }

    public static boolean hasValidSignature(X509Certificate x509Certificate, PublicKey publicKey) {
        try {
            x509Certificate.verify(publicKey);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public static boolean publicKeyMatches(X509Certificate x509Certificate, PublicKey publicKey) {
        return Arrays.equals(x509Certificate.getPublicKey().getEncoded(), publicKey.getEncoded());
    }

    public static X509Certificate generate(Issuer issuer, Subject subject, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException, IOException {
        String str;
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X500Principal x500Principal = new X500Principal("cn=" + issuer);
        X500Principal x500Principal2 = new X500Principal("cn=" + subject);
        if ("RSA".equalsIgnoreCase(privateKey.getAlgorithm())) {
            str = "SHA256withRSA";
        } else {
            if (!"EC".equalsIgnoreCase(privateKey.getAlgorithm())) {
                throw new OperatorCreationException("Unsupported signing key algorithm: " + privateKey.getAlgorithm());
            }
            str = "SHA256withECDSA";
        }
        return X509CertUtils.parse(new JcaX509v3CertificateBuilder(x500Principal, bigInteger, date, date2, x500Principal2, publicKey).build(new JcaContentSignerBuilder(str).build(privateKey)).getEncoded());
    }

    public static X509Certificate generateSelfSigned(Issuer issuer, Date date, Date date2, PublicKey publicKey, PrivateKey privateKey) throws OperatorCreationException, IOException {
        return generate(issuer, new Subject(issuer.getValue()), date, date2, publicKey, privateKey);
    }

    private X509CertificateUtils() {
    }
}
