package org.openjax.security.cert;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.libj.lang.Assertions;
import org.openjax.security.crypto.Hash;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openjax/security/cert/X509Certificates.class */
public final class X509Certificates {
    private static final Logger logger = LoggerFactory.getLogger(X509Certificates.class);
    private static final String LINE_SEPARATOR = System.getProperty("line.separator");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openjax/security/cert/X509Certificates$Type.class */
    public enum Type {
        CERTIFICATE("CERTIFICATE"),
        PUBLIC_KEY("PUBLIC KEY"),
        PRIVATE_KEY("PRIVATE KEY");

        private final String name;
        private final String begin;
        private final String end;

        Type(String str) {
            this.name = str;
            this.begin = "-----BEGIN " + str + "-----";
            this.end = "-----END " + str + "-----";
        }

        byte[] pemToDer(String str) {
            if (str == null) {
                return null;
            }
            try {
                return Base64.getDecoder().decode(unwrap(str));
            } catch (IllegalArgumentException e) {
                return null;
            }
        }

        String derToPem(byte[] bArr, boolean z) {
            return z ? this.begin + X509Certificates.LINE_SEPARATOR + Base64.getMimeEncoder(64, X509Certificates.LINE_SEPARATOR.getBytes()).encodeToString(bArr) + X509Certificates.LINE_SEPARATOR + this.end : Base64.getEncoder().encodeToString(bArr);
        }

        String unwrap(String str) {
            String replace = str.replace("\r\n", "").replace("\n", "");
            int length = replace.length();
            String replace2 = replace.replace(this.begin, "");
            return replace2.length() == length ? replace2 : replace2.replace(this.end, "");
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    public static X509Certificate decodeCertificate(String str) throws CertificateException {
        byte[] pemToDer;
        if (str == null || (pemToDer = Type.CERTIFICATE.pemToDer(str)) == null) {
            return null;
        }
        return decodeCertificate(new ByteArrayInputStream(pemToDer));
    }

    public static PublicKey decodePublicKey(String str) throws InvalidKeySpecException {
        if (str == null) {
            return null;
        }
        return decodePublicKey(Type.PUBLIC_KEY.pemToDer(str));
    }

    public static PrivateKey decodePrivateKey(String str) throws InvalidKeySpecException {
        if (str == null) {
            return null;
        }
        return decodePrivateKey(Type.PRIVATE_KEY.pemToDer(str));
    }

    public static String encodeKey(PrivateKey privateKey) {
        return Type.PRIVATE_KEY.derToPem(((PrivateKey) Assertions.assertNotNull(privateKey)).getEncoded(), true);
    }

    public static String encodeKey(PublicKey publicKey) {
        return Type.PUBLIC_KEY.derToPem(((PublicKey) Assertions.assertNotNull(publicKey)).getEncoded(), true);
    }

    public static String encodeCertificate(byte[] bArr) throws CertificateEncodingException {
        return Type.CERTIFICATE.derToPem((byte[]) Assertions.assertNotNull(bArr), false);
    }

    public static String encodeCertificate(Certificate certificate) throws CertificateEncodingException {
        return Type.CERTIFICATE.derToPem(((Certificate) Assertions.assertNotNull(certificate)).getEncoded(), false);
    }

    public static String encodeCertificate(Collection<Certificate> collection) throws CertificateEncodingException {
        if (((Collection) Assertions.assertNotNull(collection)).size() == 0) {
            return "[]";
        }
        StringBuilder sb = new StringBuilder();
        Iterator<Certificate> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(encodeCertificate(it.next()));
        }
        return sb.toString();
    }

    public static byte[] generateThumbprint(String str, Hash hash) {
        return ((Hash) Assertions.assertNotNull(hash)).encode(Type.CERTIFICATE.pemToDer((String) Assertions.assertNotNull(str)));
    }

    public static PublicKey decodePublicKey(byte[] bArr) throws InvalidKeySpecException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec((byte[]) Assertions.assertNotNull(bArr)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static PrivateKey decodePrivateKey(byte[] bArr) throws InvalidKeySpecException {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec((byte[]) Assertions.assertNotNull(bArr)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static X509Certificate decodeCertificate(InputStream inputStream) throws CertificateException {
        Assertions.assertNotNull(inputStream);
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public static Collection<X509Certificate> decodeCertificateChain(InputStream inputStream) throws CertificateException {
        Assertions.assertNotNull(inputStream);
        try {
            return CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public static X509Certificate decodeCertificate(byte[] bArr) throws CertificateException {
        return decodeCertificate(new ByteArrayInputStream((byte[]) Assertions.assertNotNull(bArr)));
    }

    public static Collection<X509Certificate> decodeCertificateChain(byte[] bArr) throws CertificateException {
        return decodeCertificateChain(new ByteArrayInputStream((byte[]) Assertions.assertNotNull(bArr)));
    }

    public static KeyStore getKeyStore(URL url, String str) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream openStream = ((URL) Assertions.assertNotNull(url)).openStream();
        Throwable th = null;
        try {
            keyStore.load(openStream, str == null ? null : str.toCharArray());
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    public static boolean isSelfIssued(X509Certificate x509Certificate) {
        return ((X509Certificate) Assertions.assertNotNull(x509Certificate)).getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal());
    }

    private static X509Certificate[] convertCertPathToX509CertArray(List<? extends Certificate> list, int i, int i2, int i3) {
        if (i2 == i) {
            if (i3 == 0) {
                return null;
            }
            return new X509Certificate[i3];
        }
        Certificate certificate = list.get(i2);
        if (!(certificate instanceof X509Certificate)) {
            return convertCertPathToX509CertArray(list, i, i2 + 1, i3);
        }
        X509Certificate[] convertCertPathToX509CertArray = convertCertPathToX509CertArray(list, i, i2 + 1, i3 + 1);
        convertCertPathToX509CertArray[i3] = (X509Certificate) certificate;
        return convertCertPathToX509CertArray;
    }

    public static X509Certificate[] getCertificatePath(X509Certificate x509Certificate, Set<X509Certificate> set) {
        return getCertificatePath(x509Certificate, set, null);
    }

    public static X509Certificate[] getCertificatePath(X509Certificate x509Certificate, Set<X509Certificate> set, Set<X509Certificate> set2) {
        Set set3;
        HashSet hashSet = set2 != null ? new HashSet(set2) : new HashSet();
        try {
            int size = ((Set) Assertions.assertNotNull(set)).size();
            if (size > 0) {
                set3 = new HashSet(size);
                Iterator<X509Certificate> it = set.iterator();
                while (it.hasNext()) {
                    set3.add(new TrustAnchor((X509Certificate) Assertions.assertNotNull(it.next()), null));
                }
            } else {
                set3 = Collections.EMPTY_SET;
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) Assertions.assertNotNull(x509Certificate));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) set3, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.setExplicitPolicyRequired(false);
            pKIXBuilderParameters.setAnyPolicyInhibited(false);
            pKIXBuilderParameters.setPolicyQualifiersRejected(false);
            pKIXBuilderParameters.setMaxPathLength(-1);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet)));
            List<? extends Certificate> certificates = CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters).getCertPath().getCertificates();
            int size2 = certificates.size();
            if (logger.isDebugEnabled()) {
                logger.debug("Certification path built with " + size2 + " X.509 Certificates");
            }
            X509Certificate[] convertCertPathToX509CertArray = convertCertPathToX509CertArray(certificates, size2, 0, 0);
            if (logger.isDebugEnabled()) {
                logger.debug("Client certificate (valid): SubjectDN=[" + x509Certificate.getSubjectDN() + "] SerialNumber=[" + x509Certificate.getSerialNumber() + "]");
            }
            return convertCertPathToX509CertArray;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException(e);
        } catch (CertPathBuilderException e2) {
            if (!"unable to find valid certification path to requested target".equals(e2.getMessage())) {
                throw new UnsupportedOperationException(e2);
            }
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Client certificate (invalid): SubjectDN=[" + x509Certificate.getSubjectDN() + "] SerialNumber=[" + x509Certificate.getSerialNumber() + "]");
            return null;
        }
    }

    public static void readTrustStore(KeyStore keyStore, Set<X509Certificate> set, Set<X509Certificate> set2) throws KeyStoreException {
        Assertions.assertNotNull(keyStore);
        Assertions.assertNotNull(set);
        Assertions.assertNotNull(set2);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    (isSelfIssued(x509Certificate) ? set : set2).add(x509Certificate);
                }
            }
        }
    }

    private X509Certificates() {
    }
}
