package net.bluemind.utils;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.api.fault.ValidationException;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.X509TrustedCertificateBlock;

/* loaded from: input_file:net/bluemind/utils/CertificateUtils.class */
public class CertificateUtils {
    private static final String PK_RSA_SIGNATURE_BEGIN = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String PK_RSA_SIGNATURE_END = "-----END RSA PRIVATE KEY-----";
    private static final String PK_SIGNATURE_BEGIN = "-----BEGIN PRIVATE KEY-----";
    private static final String PK_SIGNATURE_END = "-----END PRIVATE KEY-----";
    public static final String X509 = "X.509";

    private CertificateUtils() {
    }

    public static void checkCertificate(byte[] bArr) {
        try {
            getCertificate(bArr);
        } catch (Exception unused) {
            throw new ValidationException("Invalid X509 PEM certificate", ErrorCode.INVALID_PEM_CERTIFICATE);
        }
    }

    public static X509Certificate getCertificate(byte[] bArr) throws ServerFault {
        Object readObject;
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(new String(bArr)));
            do {
                readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw new IllegalArgumentException("no pem cert found");
                }
                if (readObject instanceof X509CertificateHolder) {
                    return getCertificateByHolder((X509CertificateHolder) readObject);
                }
            } while (!(readObject instanceof X509TrustedCertificateBlock));
            return getCertificateByHolder(((X509TrustedCertificateBlock) readObject).getCertificateHolder());
        } catch (IOException | CertificateException e) {
            throw new ServerFault(e);
        }
    }

    private static X509Certificate getCertificateByHolder(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        return new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
    }

    public static String getCertCN(byte[] bArr) throws ServerFault {
        try {
            LdapName ldapName = new LdapName(getCertificate(bArr).getSubjectX500Principal().getName());
            return ldapName.getRdn(ldapName.size() - 1).getValue().toString();
        } catch (InvalidNameException e) {
            throw new ServerFault((Throwable) e);
        }
    }

    public static byte[] readCert(byte[] bArr) {
        String str = new String(bArr);
        int indexOf = str.indexOf(PK_SIGNATURE_BEGIN);
        int indexOf2 = str.indexOf(PK_SIGNATURE_END) + PK_SIGNATURE_END.length();
        if (indexOf < 0) {
            indexOf = str.indexOf(PK_RSA_SIGNATURE_BEGIN);
            indexOf2 = str.indexOf(PK_RSA_SIGNATURE_END) + PK_RSA_SIGNATURE_END.length();
        }
        if (indexOf < 0) {
            return bArr;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str.substring(0, indexOf));
        if (indexOf2 < str.length()) {
            indexOf2++;
        }
        stringBuffer.append(str.substring(indexOf2));
        return stringBuffer.toString().getBytes();
    }

    public static byte[] readPrivateKey(byte[] bArr) {
        String str = new String(bArr);
        int indexOf = str.indexOf(PK_SIGNATURE_BEGIN);
        int indexOf2 = str.indexOf(PK_SIGNATURE_END) + PK_SIGNATURE_END.length();
        if (indexOf < 0) {
            indexOf = str.indexOf(PK_RSA_SIGNATURE_BEGIN);
            indexOf2 = str.indexOf(PK_RSA_SIGNATURE_END) + PK_RSA_SIGNATURE_END.length();
        }
        if (indexOf < 0) {
            return null;
        }
        return str.substring(indexOf, indexOf2).getBytes();
    }

    public static X509Certificate generateX509Certificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance(X509).generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static Collection<? extends Certificate> generateX509Certificates(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance(X509).generateCertificates(new ByteArrayInputStream(bArr));
    }

    public static Optional<byte[]> pkcs7PemToDer(String str) {
        PEMParser pEMParser;
        Object readObject;
        try {
            pEMParser = new PEMParser(new StringReader(str));
        } catch (IOException unused) {
        }
        do {
            readObject = pEMParser.readObject();
            if (readObject == null) {
                return Optional.empty();
            }
        } while (!(readObject instanceof ContentInfo));
        return Optional.ofNullable(((ContentInfo) readObject).getEncoded());
    }

    public static CRL generateX509Crl(InputStream inputStream) throws CRLException, CertificateException {
        return CertificateFactory.getInstance(X509).generateCRL(inputStream);
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue));
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                for (int i = 0; i < names.length; i++) {
                    if (names[i].getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(names[i].getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }
}
