package org.jivesoftware.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.disco.DiscoItem;
import org.jivesoftware.openfire.handler.IQRegisterInfo;
import org.jivesoftware.openfire.keystore.CertificateStore;
import org.jivesoftware.openfire.keystore.CertificateUtils;
import org.jivesoftware.util.cert.CNCertificateIdentityMapping;
import org.jivesoftware.util.cert.CertificateIdentityMapping;
import org.jivesoftware.util.cert.SANCertificateIdentityMapping;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/util/CertificateManager.class */
public class CertificateManager {
    private static final Logger Log = LoggerFactory.getLogger(CertificateManager.class);
    private static Pattern valuesPattern = Pattern.compile("(?i)(=)([^,]*)");
    private static List<CertificateEventListener> listeners = new CopyOnWriteArrayList();
    private static List<CertificateIdentityMapping> serverCertMapping = new ArrayList();
    private static List<CertificateIdentityMapping> clientCertMapping = new ArrayList();

    public static List<String> getClientIdentities(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Iterator<CertificateIdentityMapping> it = clientCertMapping.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CertificateIdentityMapping next = it.next();
            List<String> mapIdentity = next.mapIdentity(x509Certificate);
            Log.debug("CertificateManager: " + next.name() + " returned " + mapIdentity.toString());
            if (!mapIdentity.isEmpty()) {
                arrayList.addAll(mapIdentity);
                break;
            }
        }
        return arrayList;
    }

    public static List<String> getServerIdentities(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Iterator<CertificateIdentityMapping> it = serverCertMapping.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CertificateIdentityMapping next = it.next();
            List<String> mapIdentity = next.mapIdentity(x509Certificate);
            Log.debug("CertificateManager: " + next.name() + " returned " + mapIdentity.toString());
            if (!mapIdentity.isEmpty()) {
                arrayList.addAll(mapIdentity);
                break;
            }
        }
        return arrayList;
    }

    public static boolean isSelfSignedCertificate(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public static boolean isSigningRequestPending(X509Certificate x509Certificate) {
        if (!isSelfSignedCertificate(x509Certificate)) {
            return false;
        }
        Matcher matcher = valuesPattern.matcher(x509Certificate.getIssuerDN().toString());
        return matcher.find() && matcher.find();
    }

    public static String createSigningRequest(X509Certificate x509Certificate, PrivateKey privateKey) throws OperatorCreationException, IOException, CertificateParsingException {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                int intValue = ((Integer) list.get(0)).intValue();
                Object obj = list.get(1);
                switch (intValue) {
                    case 0:
                        try {
                            ASN1InputStream aSN1InputStream = new ASN1InputStream((byte[]) obj);
                            Throwable th = null;
                            try {
                                ASN1Sequence readObject = aSN1InputStream.readObject();
                                ASN1Encodable aSN1Encodable = (ASN1ObjectIdentifier) readObject.getObjectAt(0);
                                ASN1Encodable aSN1Encodable2 = (ASN1TaggedObject) readObject.getObjectAt(1);
                                int tagNo = aSN1Encodable2.getTagNo();
                                if (tagNo != 0) {
                                    throw new IllegalArgumentException("subjectAltName 'otherName' sequence's second object is expected to be a tagged value of which the tag number is 0. The tag number that was detected: " + tagNo);
                                }
                                aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERSequence(new ASN1Encodable[]{aSN1Encodable, aSN1Encodable2})));
                                if (aSN1InputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            aSN1InputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        aSN1InputStream.close();
                                    }
                                }
                                break;
                            } finally {
                            }
                        } catch (Exception e) {
                            Log.warn("Unable to parse certificate SAN 'otherName' value", e);
                            break;
                        }
                    case 2:
                        aSN1EncodableVector.add(new GeneralName(2, (String) obj));
                        break;
                    case IQRegisterInfo.STATE /* 6 */:
                        aSN1EncodableVector.add(new GeneralName(6, (String) obj));
                        break;
                }
            }
        }
        GeneralNames generalNames = GeneralNames.getInstance(new DERSequence(aSN1EncodableVector));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256WITH" + x509Certificate.getPublicKey().getAlgorithm()).build(privateKey));
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(new MiscPEMGenerator(build));
        pemWriter.close();
        return stringWriter.toString();
    }

    public static String toPemRepresentation(Object obj) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new JcaMiscPEMGenerator(obj));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    public static PrivateKey parsePrivateKey(String str, String str2) throws IOException {
        if (str == null || str.trim().isEmpty()) {
            throw new IllegalArgumentException("Argument 'pemRepresentation' cannot be null or an empty String.");
        }
        return parsePrivateKey(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)), str2);
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x01a2: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:98:0x01a2 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x019d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:96:0x019d */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [org.bouncycastle.openssl.PEMParser] */
    public static PrivateKey parsePrivateKey(InputStream inputStream, String str) throws IOException {
        ?? r9;
        ?? r10;
        KeyPair keyPair;
        if (str == null) {
            str = "";
        }
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        Throwable th = null;
        try {
            try {
                PEMParser pEMParser = new PEMParser(inputStreamReader);
                Throwable th2 = null;
                Object readObject = pEMParser.readObject();
                JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                if (readObject instanceof PEMEncryptedKeyPair) {
                    keyPair = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())));
                } else {
                    if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        try {
                            PrivateKey privateKey = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
                            if (pEMParser != null) {
                                if (0 != 0) {
                                    try {
                                        pEMParser.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    pEMParser.close();
                                }
                            }
                            return privateKey;
                        } catch (PKCSException | OperatorCreationException e) {
                            throw new IOException("Unable to decrypt private key.", e);
                        }
                    }
                    if (readObject instanceof PrivateKeyInfo) {
                        PrivateKey privateKey2 = provider.getPrivateKey((PrivateKeyInfo) readObject);
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th4) {
                                    th2.addSuppressed(th4);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                        return privateKey2;
                    }
                    keyPair = provider.getKeyPair((PEMKeyPair) readObject);
                }
                PrivateKey privateKey3 = keyPair.getPrivate();
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                if (inputStreamReader != null) {
                    if (0 != 0) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th7) {
                            th.addSuppressed(th7);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                return privateKey3;
            } catch (Throwable th8) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th9) {
                            r10.addSuppressed(th9);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th8;
            }
        } finally {
            if (inputStreamReader != null) {
                if (0 != 0) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
        }
    }

    public static Collection<X509Certificate> parseCertificates(String str) throws IOException, CertificateException {
        return parseCertificates(new ByteArrayInputStream(str.replaceAll("(?m) +$", "").replaceAll("(?m)^ +", "").getBytes(StandardCharsets.UTF_8)));
    }

    public static Collection<X509Certificate> parseCertificates(InputStream inputStream) throws IOException, CertificateException {
        CertificateFactory certificateFactory;
        try {
            certificateFactory = CertificateFactory.getInstance("X509", "BC");
        } catch (NoSuchProviderException e) {
            certificateFactory = CertificateFactory.getInstance("X509");
        }
        return certificateFactory.generateCertificates(inputStream);
    }

    public static void addListener(CertificateEventListener certificateEventListener) {
        if (certificateEventListener == null) {
            throw new NullPointerException();
        }
        listeners.add(certificateEventListener);
    }

    public static void removeListener(CertificateEventListener certificateEventListener) {
        listeners.remove(certificateEventListener);
    }

    public static void fireCertificateStoreChanged(CertificateStore certificateStore) {
        Iterator<CertificateEventListener> it = listeners.iterator();
        while (it.hasNext()) {
            try {
                it.next().storeContentChanged(certificateStore);
            } catch (Exception e) {
                Log.error("A listener threw an exception while processing a 'store changed' event.", e);
            }
        }
    }

    @Deprecated
    public static List<X509Certificate> order(Collection<X509Certificate> collection) throws CertificateException {
        return CertificateUtils.order(collection);
    }

    public static synchronized X509Certificate createX509V3Certificate(KeyPair keyPair, int i, String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        return createX509V3Certificate(keyPair, i, str, str2, str3, str4, (Set<String>) null);
    }

    public static synchronized X509Certificate createX509V3Certificate(KeyPair keyPair, int i, String str, String str2, String str3, String str4, Set<String> set) throws GeneralSecurityException, IOException {
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        x500NameBuilder.addRDN(BCStyle.CN, str2);
        X500NameBuilder x500NameBuilder2 = new X500NameBuilder();
        x500NameBuilder2.addRDN(BCStyle.CN, str);
        return createX509V3Certificate(keyPair, i, x500NameBuilder2, x500NameBuilder, str3, str4, set);
    }

    public static synchronized X509Certificate createX509V3Certificate(KeyPair keyPair, int i, X500NameBuilder x500NameBuilder, X500NameBuilder x500NameBuilder2, String str, String str2) throws GeneralSecurityException, IOException {
        return createX509V3Certificate(keyPair, i, x500NameBuilder, x500NameBuilder2, str, str2, (Set<String>) null);
    }

    public static synchronized X509Certificate createX509V3Certificate(KeyPair keyPair, int i, X500NameBuilder x500NameBuilder, X500NameBuilder x500NameBuilder2, String str, String str2, Set<String> set) throws GeneralSecurityException, IOException {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        BigInteger abs = new BigInteger(bArr).abs();
        X500Name build = x500NameBuilder.build();
        X500Name build2 = x500NameBuilder2.build();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(build, abs, new Date(), new Date(System.currentTimeMillis() + (i * JiveConstants.DAY)), build2, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, build2.getRDNs().length == 0, getSubjectAlternativeNames(set));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey));
        try {
            X509CertificateHolder build3 = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(str2).build(privateKey));
            if (!build3.isValidOn(new Date())) {
                throw new GeneralSecurityException("Certificate validity not valid");
            }
            if (build3.isSignatureValid(new JcaContentVerifierProviderBuilder().build(publicKey))) {
                return new JcaX509CertificateConverter().getCertificate(build3);
            }
            throw new GeneralSecurityException("Certificate signature not valid");
        } catch (OperatorCreationException | CertException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    protected static GeneralNames getSubjectAlternativeNames(Set<String> set) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new GeneralName(2, it.next()));
            }
        }
        return GeneralNames.getInstance(new DERSequence(aSN1EncodableVector));
    }

    public static Set<String> determineSubjectAlternateNameDnsNameValues() {
        HashSet hashSet = new HashSet();
        hashSet.add(XMPPServer.getInstance().getServerInfo().getXMPPDomain());
        hashSet.add(XMPPServer.getInstance().getServerInfo().getHostname());
        if (XMPPServer.getInstance().getIQDiscoItemsHandler() != null) {
            Iterator<DiscoItem> it = XMPPServer.getInstance().getIQDiscoItemsHandler().getServerItems("").iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getJID().toBareJID());
            }
        }
        return hashSet;
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        String property = JiveGlobals.getProperty("provider.serverCertIdentityMap.classList");
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, " ,\t\n\r\f");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                try {
                    CertificateIdentityMapping certificateIdentityMapping = (CertificateIdentityMapping) ClassUtils.forName(nextToken).newInstance();
                    Log.debug("CertificateManager: Loaded server identity mapping " + nextToken);
                    serverCertMapping.add(certificateIdentityMapping);
                } catch (Exception e) {
                    Log.error("CertificateManager: Error loading CertificateIdentityMapping: " + nextToken + "\n" + e);
                }
            }
        }
        if (serverCertMapping.isEmpty()) {
            Log.debug("CertificateManager: No server CertificateIdentityMapping's found. Loading default mappings");
            serverCertMapping.add(new SANCertificateIdentityMapping());
            serverCertMapping.add(new CNCertificateIdentityMapping());
        }
        String property2 = JiveGlobals.getProperty("provider.clientCertIdentityMap.classList");
        if (property2 != null) {
            StringTokenizer stringTokenizer2 = new StringTokenizer(property2, " ,\t\n\r\f");
            while (stringTokenizer2.hasMoreTokens()) {
                String nextToken2 = stringTokenizer2.nextToken();
                try {
                    CertificateIdentityMapping certificateIdentityMapping2 = (CertificateIdentityMapping) ClassUtils.forName(nextToken2).newInstance();
                    Log.debug("CertificateManager: Loaded client identity mapping " + nextToken2);
                    clientCertMapping.add(certificateIdentityMapping2);
                } catch (Exception e2) {
                    Log.error("CertificateManager: Error loading CertificateIdentityMapping: " + nextToken2 + "\n" + e2);
                }
            }
        }
        if (clientCertMapping.isEmpty()) {
            Log.debug("CertificateManager: No client CertificateIdentityMapping's found. Loading default mappings");
            clientCertMapping.add(new CNCertificateIdentityMapping());
        }
    }
}
