package com.yahoo.athenz.auth.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/auth/util/Crypto.class */
public class Crypto {
    private static final Logger LOG = LoggerFactory.getLogger(Crypto.class);
    private static final String RSA = "RSA";
    private static final String RSA_SHA1 = "SHA1withRSA";
    private static final String RSA_SHA256 = "SHA256withRSA";
    private static final String ECDSA = "ECDSA";
    private static final String ECDSA_SHA1 = "SHA1withECDSA";
    private static final String ECDSA_SHA256 = "SHA256withECDSA";
    public static final String SHA1 = "SHA1";
    public static final String SHA256 = "SHA256";
    private static final String BC_PROVIDER = "BC";
    static final SecureRandom RANDOM;

    public static String hmac(String str, String str2) throws CryptoException {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(utf8Bytes(str2), "HmacSHA256"));
            return ybase64(mac.doFinal(str.getBytes()));
        } catch (InvalidKeyException e) {
            LOG.error("hmac: Caught InvalidKeyException, incorrect key type is being used.");
            throw new CryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("hmac: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e2);
        }
    }

    static String getSignatureAlgorithm(String str) throws NoSuchAlgorithmException {
        return getSignatureAlgorithm(str, SHA256);
    }

    static String getSignatureAlgorithm(String str, String str2) throws NoSuchAlgorithmException {
        String str3 = null;
        boolean z = -1;
        switch (str.hashCode()) {
            case 81440:
                if (str.equals(RSA)) {
                    z = false;
                    break;
                }
                break;
            case 65786932:
                if (str.equals(ECDSA)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (!SHA256.equals(str2)) {
                    if (SHA1.equals(str2)) {
                        str3 = RSA_SHA1;
                        break;
                    }
                } else {
                    str3 = RSA_SHA256;
                    break;
                }
                break;
            case true:
                if (!SHA256.equals(str2)) {
                    if (SHA1.equals(str2)) {
                        str3 = ECDSA_SHA1;
                        break;
                    }
                } else {
                    str3 = ECDSA_SHA256;
                    break;
                }
                break;
        }
        if (str3 == null) {
            LOG.error("getSignatureAlgorithm: Unknown key algorithm: " + str + " digest algorithm: " + str2);
            throw new NoSuchAlgorithmException();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signature Algorithm: " + str3);
        }
        return str3;
    }

    public static String sign(String str, PrivateKey privateKey, String str2) throws CryptoException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(privateKey.getAlgorithm(), str2), BC_PROVIDER);
            signature.initSign(privateKey);
            signature.update(utf8Bytes(str));
            return ybase64(signature.sign());
        } catch (InvalidKeyException e) {
            LOG.error("sign: Caught InvalidKeyException, incorrect key type is being used.");
            throw new CryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("sign: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e2);
        } catch (NoSuchProviderException e3) {
            LOG.error("sign: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
            throw new CryptoException(e3);
        } catch (SignatureException e4) {
            LOG.error("sign: Caught SignatureException.");
            throw new CryptoException(e4);
        }
    }

    public static String sign(String str, PrivateKey privateKey) throws CryptoException {
        return sign(str, privateKey, SHA256);
    }

    public static boolean verify(String str, PublicKey publicKey, String str2, String str3) throws CryptoException {
        try {
            byte[] ybase64Decode = ybase64Decode(str2);
            Signature signature = Signature.getInstance(getSignatureAlgorithm(publicKey.getAlgorithm(), str3), BC_PROVIDER);
            signature.initVerify(publicKey);
            signature.update(utf8Bytes(str));
            return signature.verify(ybase64Decode);
        } catch (InvalidKeyException e) {
            LOG.error("verify: Caught InvalidKeyException, invalid key type is being used.");
            throw new CryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("verify: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e2);
        } catch (NoSuchProviderException e3) {
            LOG.error("verify: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
            throw new CryptoException(e3);
        } catch (SignatureException e4) {
            LOG.error("verify: Caught SignatureException.");
            throw new CryptoException(e4);
        }
    }

    public static boolean verify(String str, PublicKey publicKey, String str2) throws CryptoException {
        return verify(str, publicKey, str2, SHA256);
    }

    static String utf8String(byte[] bArr) {
        return new String(bArr, StandardCharsets.UTF_8);
    }

    static byte[] utf8Bytes(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    public static byte[] sha256(byte[] bArr) throws CryptoException {
        try {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            LOG.error("sha256: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e);
        }
    }

    public static byte[] sha256(String str) throws CryptoException {
        return sha256(utf8Bytes(str));
    }

    public static String ybase64(byte[] bArr) {
        return utf8String(YBase64.encode(bArr));
    }

    public static byte[] ybase64Decode(String str) {
        return YBase64.decode(utf8Bytes(str));
    }

    public static String ybase64DecodeString(String str) {
        return utf8String(ybase64Decode(str));
    }

    public static String ybase64EncodeString(String str) {
        return utf8String(YBase64.encode(utf8Bytes(str)));
    }

    public static X509Certificate loadX509Certificate(File file) throws CryptoException {
        try {
            FileReader fileReader = new FileReader(file);
            Throwable th = null;
            try {
                X509Certificate loadX509Certificate = loadX509Certificate(fileReader);
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                return loadX509Certificate;
            } finally {
            }
        } catch (FileNotFoundException e) {
            LOG.error("loadX509Certificate: Caught FileNotFoundException while attempting to load certificate for file: " + file.getAbsolutePath());
            throw new CryptoException(e);
        } catch (IOException e2) {
            LOG.error("loadX509Certificate: Caught IOException while attempting to load certificate for file: " + file.getAbsolutePath());
            throw new CryptoException(e2);
        }
    }

    public static X509Certificate loadX509Certificate(String str) throws CryptoException {
        return loadX509Certificate(new StringReader(str));
    }

    public static X509Certificate loadX509Certificate(Reader reader) throws CryptoException {
        try {
            PEMParser pEMParser = new PEMParser(reader);
            Throwable th = null;
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) readObject;
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return x509Certificate;
                }
                if (!(readObject instanceof X509CertificateHolder)) {
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return null;
                }
                try {
                    X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate((X509CertificateHolder) readObject);
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return certificate;
                } catch (CertificateException e) {
                    LOG.error("loadX509Certificate: Caught CertificateException, unable to parse X509 certficate: " + e.getMessage());
                    throw new CryptoException(e);
                }
            } finally {
            }
        } catch (IOException e2) {
            LOG.error("loadX509Certificate: Caught IOException, unable to parse X509 certficate: " + e2.getMessage());
            throw new CryptoException(e2);
        }
        LOG.error("loadX509Certificate: Caught IOException, unable to parse X509 certficate: " + e2.getMessage());
        throw new CryptoException(e2);
    }

    public static PublicKey loadPublicKey(String str) throws CryptoException {
        return loadPublicKey(new StringReader(str));
    }

    public static PublicKey loadPublicKey(Reader reader) throws CryptoException {
        try {
            PEMParser pEMParser = new PEMParser(reader);
            Throwable th = null;
            try {
                Object readObject = pEMParser.readObject();
                JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
                X9ECParameters x9ECParameters = null;
                if (readObject instanceof ASN1ObjectIdentifier) {
                    x9ECParameters = ECNamedCurveTable.getByOID((ASN1ObjectIdentifier) readObject);
                    if (x9ECParameters == null) {
                        throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) readObject).getId());
                    }
                    readObject = pEMParser.readObject();
                } else if (readObject instanceof X9ECParameters) {
                    x9ECParameters = (X9ECParameters) readObject;
                    readObject = pEMParser.readObject();
                }
                PublicKey publicKey = jcaPEMKeyConverter.getPublicKey(readObject instanceof X509CertificateHolder ? ((X509CertificateHolder) readObject).getSubjectPublicKeyInfo() : (SubjectPublicKeyInfo) readObject);
                if (x9ECParameters != null && ECDSA.equals(publicKey.getAlgorithm())) {
                    publicKey = KeyFactory.getInstance(ECDSA, BC_PROVIDER).generatePublic(new ECPublicKeySpec(((BCECPublicKey) publicKey).getQ(), new ECParameterSpec(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN(), x9ECParameters.getH(), x9ECParameters.getSeed())));
                }
                return publicKey;
            } finally {
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
            }
        } catch (IOException e) {
            throw new CryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("loadPublicKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e2);
        } catch (NoSuchProviderException e3) {
            LOG.error("loadPublicKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
            throw new CryptoException(e3);
        } catch (InvalidKeySpecException e4) {
            LOG.error("loadPublicKey: Caught InvalidKeySpecException, invalid key spec is being used.");
            throw new CryptoException("InvalidKeySpecException");
        }
    }

    public static PublicKey loadPublicKey(File file) throws CryptoException {
        try {
            FileReader fileReader = new FileReader(file);
            Throwable th = null;
            try {
                PublicKey loadPublicKey = loadPublicKey(fileReader);
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                return loadPublicKey;
            } finally {
            }
        } catch (FileNotFoundException e) {
            LOG.error("loadPublicKey: Caught FileNotFoundException while attempting to load public key for file: " + file.getAbsolutePath());
            throw new CryptoException(e);
        } catch (IOException e2) {
            LOG.error("loadPublicKey: Caught IOException while attempting to load public key for file: " + file.getAbsolutePath());
            throw new CryptoException(e2);
        }
    }

    public static PublicKey extractPublicKey(PrivateKey privateKey) throws CryptoException {
        PublicKey generatePublic;
        String algorithm = privateKey.getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 81440:
                if (algorithm.equals(RSA)) {
                    z = false;
                    break;
                }
                break;
            case 65786932:
                if (algorithm.equals(ECDSA)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                try {
                    RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
                    generatePublic = KeyFactory.getInstance(RSA, BC_PROVIDER).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
                    break;
                } catch (NoSuchAlgorithmException e) {
                    LOG.error("extractPublicKey: RSA - Caught NoSuchAlgorithmException exception: " + e.getMessage());
                    throw new CryptoException(e);
                } catch (NoSuchProviderException e2) {
                    LOG.error("extractPublicKey: RSA - Caught NoSuchProviderException exception: " + e2.getMessage());
                    throw new CryptoException(e2);
                } catch (InvalidKeySpecException e3) {
                    LOG.error("extractPublicKey: RSA - Caught InvalidKeySpecException exception: " + e3.getMessage());
                    throw new CryptoException(e3);
                }
            case true:
                try {
                    KeyFactory keyFactory = KeyFactory.getInstance(ECDSA, BC_PROVIDER);
                    BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) privateKey;
                    FixedPointCombMultiplier fixedPointCombMultiplier = new FixedPointCombMultiplier();
                    ECParameterSpec parameters = bCECPrivateKey.getParameters();
                    generatePublic = keyFactory.generatePublic(new ECPublicKeySpec(fixedPointCombMultiplier.multiply(parameters.getG(), bCECPrivateKey.getD()), parameters));
                    break;
                } catch (NoSuchAlgorithmException e4) {
                    LOG.error("extractPublicKey: ECDSA - Caught NoSuchAlgorithmException exception: " + e4.getMessage());
                    throw new CryptoException(e4);
                } catch (NoSuchProviderException e5) {
                    LOG.error("extractPublicKey: ECDSA - Caught NoSuchProviderException exception: " + e5.getMessage());
                    throw new CryptoException(e5);
                } catch (InvalidKeySpecException e6) {
                    LOG.error("extractPublicKey: ECDSA - Caught InvalidKeySpecException exception: " + e6.getMessage());
                    throw new CryptoException(e6);
                }
            default:
                String str = "Unsupported Key Algorithm: " + privateKey.getAlgorithm();
                LOG.error("extractPublicKey: " + str);
                throw new CryptoException(str);
        }
        return generatePublic;
    }

    public static PrivateKey loadPrivateKey(String str) throws CryptoException {
        return loadPrivateKey(new StringReader(str), (String) null);
    }

    public static PrivateKey loadPrivateKey(Reader reader) throws CryptoException {
        return loadPrivateKey(reader, (String) null);
    }

    public static PrivateKey loadPrivateKey(File file) throws CryptoException {
        return loadPrivateKey(file, (String) null);
    }

    public static PrivateKey loadPrivateKey(File file, String str) throws CryptoException {
        try {
            FileReader fileReader = new FileReader(file);
            Throwable th = null;
            try {
                try {
                    PrivateKey loadPrivateKey = loadPrivateKey(fileReader, str);
                    if (fileReader != null) {
                        if (0 != 0) {
                            try {
                                fileReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileReader.close();
                        }
                    }
                    return loadPrivateKey;
                } finally {
                }
            } finally {
            }
        } catch (FileNotFoundException e) {
            LOG.error("loadPrivateKey: Caught FileNotFoundException while attempting to load private key for file: " + file.getAbsolutePath());
            throw new CryptoException(e);
        } catch (IOException e2) {
            LOG.error("loadPrivateKey: Caught IOException while attempting to load private key for file: " + file.getAbsolutePath());
            throw new CryptoException(e2);
        }
    }

    public static PrivateKey loadPrivateKey(String str, String str2) throws CryptoException {
        return loadPrivateKey(new StringReader(str), str2);
    }

    /* JADX WARN: Failed to calculate best type for var: r10v7 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v7 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0175: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:48:0x0175 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0179: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:50:0x0179 */
    /* JADX WARN: Type inference failed for: r10v7, types: [org.bouncycastle.openssl.PEMParser] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    public static PrivateKey loadPrivateKey(Reader reader, String str) throws CryptoException {
        ?? r10;
        ?? r11;
        try {
            try {
                PEMParser pEMParser = new PEMParser(reader);
                Throwable th = null;
                PrivateKey privateKey = null;
                X9ECParameters x9ECParameters = null;
                Object readObject = pEMParser.readObject();
                if (readObject instanceof ASN1ObjectIdentifier) {
                    x9ECParameters = ECNamedCurveTable.getByOID((ASN1ObjectIdentifier) readObject);
                    if (x9ECParameters == null) {
                        throw new PEMException("Unable to find EC Parameter for the given curve oid: " + ((ASN1ObjectIdentifier) readObject).getId());
                    }
                    readObject = pEMParser.readObject();
                } else if (readObject instanceof X9ECParameters) {
                    x9ECParameters = (X9ECParameters) readObject;
                    readObject = pEMParser.readObject();
                }
                if (readObject instanceof PEMKeyPair) {
                    privateKey = new JcaPEMKeyConverter().getPrivateKey(((PEMKeyPair) readObject).getPrivateKeyInfo());
                } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                    PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) readObject;
                    if (str == null) {
                        throw new CryptoException("No password specified to decrypt encrypted private key");
                    }
                    privateKey = new JcaPEMKeyConverter().getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider(BC_PROVIDER).build(str.toCharArray())));
                }
                if (x9ECParameters != null && privateKey != null && ECDSA.equals(privateKey.getAlgorithm())) {
                    privateKey = KeyFactory.getInstance(ECDSA, BC_PROVIDER).generatePrivate(new ECPrivateKeySpec(((BCECPrivateKey) privateKey).getS(), new ECParameterSpec(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN(), x9ECParameters.getH(), x9ECParameters.getSeed())));
                }
                PrivateKey privateKey2 = privateKey;
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return privateKey2;
            } catch (Throwable th3) {
                if (r10 != 0) {
                    if (r11 != 0) {
                        try {
                            r10.close();
                        } catch (Throwable th4) {
                            r11.addSuppressed(th4);
                        }
                    } else {
                        r10.close();
                    }
                }
                throw th3;
            }
        } catch (NoSuchAlgorithmException e) {
            LOG.error("loadPrivateKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e);
        } catch (PEMException e2) {
            LOG.error("loadPrivateKey: Caught PEMException, problem with format of key detected.");
            throw new CryptoException((IOException) e2);
        } catch (InvalidKeySpecException e3) {
            LOG.error("loadPrivateKey: Caught InvalidKeySpecException, invalid key spec is being used.");
            throw new CryptoException(e3);
        } catch (PKCSException e4) {
            LOG.error("loadPrivateKey: Caught PKCSException when decrypting private key.");
            throw new CryptoException(e4);
        } catch (OperatorCreationException e5) {
            LOG.error("loadPrivateKey: Caught OperatorCreationException when creating JceOpenSSLPKCS8DecryptorProviderBuilder.");
            throw new CryptoException(e5);
        } catch (IOException e6) {
            LOG.error("loadPrivateKey: Caught IOException, while trying to read key.");
            throw new CryptoException(e6);
        } catch (NoSuchProviderException e7) {
            LOG.error("loadPrivateKey: Caught NoSuchProviderException, check to make sure the provider is loaded correctly.");
            throw new CryptoException(e7);
        }
    }

    public static PrivateKey generateRSAPrivateKey(int i) throws CryptoException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA);
            keyPairGenerator.initialize(i);
            return keyPairGenerator.genKeyPair().getPrivate();
        } catch (NoSuchAlgorithmException e) {
            LOG.error("generatePrivateKey: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider.");
            throw new CryptoException(e);
        }
    }

    public static String randomSalt() {
        return Long.toHexString(RANDOM.nextLong());
    }

    public static String encodedFile(File file) {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                int length = (int) file.length();
                byte[] bArr = new byte[length];
                if (fileInputStream.read(bArr) != length) {
                    LOG.error("encodedFile: Unable to read {} bytes from file {}", Integer.valueOf(length), file.getAbsolutePath());
                    throw new IOException("Unable to read file");
                }
                String ybase64 = ybase64(bArr);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return ybase64;
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e) {
            LOG.error("encodedFile: Caught FileNotFoundException while attempting to read encoded file: " + file.getAbsolutePath());
            throw new RuntimeException(e);
        } catch (IOException e2) {
            LOG.error("encodedFile: Caught IOException while attempting to read encoded file: " + file.getAbsolutePath());
            throw new RuntimeException(e2);
        }
    }

    public static String encodedFile(FileInputStream fileInputStream) {
        try {
            byte[] bArr = new byte[4096];
            String str = null;
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                str = str == null ? new String(bArr, 0, read - 1) : str.concat(new String(bArr, 0, read - 1));
            }
            if (str == null) {
                throw new IOException("Unable to read any data from file stream");
            }
            return ybase64(utf8Bytes(str));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static PKCS10CertificationRequest getPKCS10CertRequest(String str) {
        if (str == null || str.isEmpty()) {
            LOG.error("getPKCS10CertRequest: CSR is null or empty");
            throw new CryptoException("CSR is null or empty");
        }
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            Throwable th = null;
            try {
                try {
                    Object readObject = pEMParser.readObject();
                    if (!(readObject instanceof PKCS10CertificationRequest)) {
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        return null;
                    }
                    PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) readObject;
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return pKCS10CertificationRequest;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            LOG.error("getPKCS10CertRequest: unable to parse csr: " + e.getMessage());
            throw new CryptoException(e);
        }
        LOG.error("getPKCS10CertRequest: unable to parse csr: " + e.getMessage());
        throw new CryptoException(e);
    }

    public static String extractX509CSRCommonName(PKCS10CertificationRequest pKCS10CertificationRequest) {
        String str = null;
        RDN rdn = pKCS10CertificationRequest.getSubject().getRDNs(BCStyle.CN)[0];
        if (rdn != null) {
            str = IETFUtils.valueToString(rdn.getFirst().getValue());
        }
        return str;
    }

    public static String extractX509CSREmail(PKCS10CertificationRequest pKCS10CertificationRequest) {
        String str = null;
        for (Attribute attribute : pKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            for (ASN1Encodable aSN1Encodable : attribute.getAttributeValues()) {
                GeneralName[] names = GeneralNames.fromExtensions(Extensions.getInstance(aSN1Encodable), Extension.subjectAlternativeName).getNames();
                int length = names.length;
                int i = 0;
                while (true) {
                    if (i < length) {
                        GeneralName generalName = names[i];
                        if (generalName.getTagNo() == 1) {
                            str = generalName.getName().getString();
                            break;
                        }
                        i++;
                    }
                }
            }
        }
        return str;
    }

    public static List<String> extractX509CSRDnsNames(PKCS10CertificationRequest pKCS10CertificationRequest) {
        ArrayList arrayList = new ArrayList();
        for (Attribute attribute : pKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            for (ASN1Encodable aSN1Encodable : attribute.getAttributeValues()) {
                for (GeneralName generalName : GeneralNames.fromExtensions(Extensions.getInstance(aSN1Encodable), Extension.subjectAlternativeName).getNames()) {
                    if (generalName.getTagNo() == 2) {
                        arrayList.add(generalName.getName().getString());
                    }
                }
            }
        }
        return arrayList;
    }

    public static List<String> extractX509CSRIPAddresses(PKCS10CertificationRequest pKCS10CertificationRequest) {
        ArrayList arrayList = new ArrayList();
        for (Attribute attribute : pKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            for (ASN1Encodable aSN1Encodable : attribute.getAttributeValues()) {
                for (GeneralName generalName : GeneralNames.fromExtensions(Extensions.getInstance(aSN1Encodable), Extension.subjectAlternativeName).getNames()) {
                    if (generalName.getTagNo() == 7) {
                        try {
                            arrayList.add(InetAddress.getByAddress(generalName.getName().getOctets()).getHostAddress());
                        } catch (UnknownHostException e) {
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    public static String extractX509CSRPublicKey(PKCS10CertificationRequest pKCS10CertificationRequest) {
        try {
            return convertToPEMFormat(new JcaPEMKeyConverter().getPublicKey(pKCS10CertificationRequest.getSubjectPublicKeyInfo()));
        } catch (PEMException e) {
            LOG.error("extractX509CSRPublicKey: unable to get public key: {}", e.getMessage());
            return null;
        }
    }

    public static String generateX509CSR(PrivateKey privateKey, String str, GeneralName[] generalNameArr) throws OperatorCreationException, IOException {
        PublicKey extractPublicKey = extractPublicKey(privateKey);
        if (extractPublicKey == null) {
            throw new CryptoException("Unable to extract public key from private key");
        }
        return generateX509CSR(privateKey, extractPublicKey, str, generalNameArr);
    }

    public static String generateX509CSR(PrivateKey privateKey, PublicKey publicKey, String str, GeneralName[] generalNameArr) throws OperatorCreationException, IOException {
        X500Principal x500Principal = new X500Principal(str);
        ContentSigner build = new JcaContentSignerBuilder(RSA_SHA256).build(privateKey);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Principal, publicKey);
        if (generalNameArr != null) {
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        }
        PemObject pemObject = new PemObject("CERTIFICATE REQUEST", jcaPKCS10CertificationRequestBuilder.build(build).getEncoded());
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                jcaPEMWriter.writeObject(pemObject);
                if (jcaPEMWriter != null) {
                    if (0 != 0) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (jcaPEMWriter != null) {
                if (th != null) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jcaPEMWriter.close();
                }
            }
            throw th3;
        }
    }

    public static String extractX509CertCommonName(X509Certificate x509Certificate) {
        RDN rdn;
        String str = null;
        String name = x509Certificate.getSubjectX500Principal().getName();
        if (name != null && !name.isEmpty() && (rdn = new X500Name(name).getRDNs(BCStyle.CN)[0]) != null) {
            str = IETFUtils.valueToString(rdn.getFirst().getValue());
        }
        return str;
    }

    public static List<String> extractX509CertDnsNames(X509Certificate x509Certificate) {
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            LOG.error("extractX509IPAddresses: Caught CertificateParsingException when parsing certificate: " + e.getMessage());
        }
        if (collection == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (List<?> list : collection) {
            if (((Integer) list.get(0)).intValue() == 2) {
                arrayList.add((String) list.get(1));
            }
        }
        return arrayList;
    }

    public static List<String> extractX509CertEmails(X509Certificate x509Certificate) {
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            LOG.error("extractX509IPAddresses: Caught CertificateParsingException when parsing certificate: " + e.getMessage());
        }
        if (collection == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (List<?> list : collection) {
            if (((Integer) list.get(0)).intValue() == 1) {
                arrayList.add((String) list.get(1));
            }
        }
        return arrayList;
    }

    public static List<String> extractX509CertIPAddresses(X509Certificate x509Certificate) {
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
            LOG.error("extractX509IPAddresses: Caught CertificateParsingException when parsing certificate: " + e.getMessage());
        }
        if (collection == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (List<?> list : collection) {
            if (((Integer) list.get(0)).intValue() == 7) {
                arrayList.add((String) list.get(1));
            }
        }
        return arrayList;
    }

    public static String extractX509CertPublicKey(X509Certificate x509Certificate) {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey != null) {
            return convertToPEMFormat(publicKey);
        }
        LOG.error("extractX509CertPublicKey: unable to get public key");
        return null;
    }

    public static X509Certificate generateX509Certificate(PKCS10CertificationRequest pKCS10CertificationRequest, PrivateKey privateKey, X509Certificate x509Certificate, int i, boolean z) {
        return generateX509Certificate(pKCS10CertificationRequest, privateKey, X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()), i, z);
    }

    public static X509Certificate generateX509Certificate(PKCS10CertificationRequest pKCS10CertificationRequest, PrivateKey privateKey, X500Name x500Name, int i, boolean z) {
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(12, i);
        Date time = calendar.getTime();
        try {
            JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(pKCS10CertificationRequest);
            X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, time, pKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey()).addExtension(Extension.basicConstraints, false, new BasicConstraints(z)).addExtension(Extension.keyUsage, true, new X509KeyUsage(160)).addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
            ArrayList arrayList = new ArrayList();
            Attribute[] attributes = jcaPKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
            if (attributes != null && attributes.length > 0) {
                for (Attribute attribute : attributes) {
                    GeneralNames fromExtensions = GeneralNames.fromExtensions(Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)), Extension.subjectAlternativeName);
                    if (fromExtensions != null) {
                        for (GeneralName generalName : fromExtensions.getNames()) {
                            switch (generalName.getTagNo()) {
                                case 1:
                                case 2:
                                case 7:
                                    arrayList.add(generalName);
                                    break;
                            }
                        }
                    }
                }
                if (!arrayList.isEmpty()) {
                    addExtension.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
                }
            }
            return new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(addExtension.build(new JcaContentSignerBuilder(getSignatureAlgorithm(privateKey.getAlgorithm(), SHA256)).setProvider(BC_PROVIDER).build(privateKey)));
        } catch (InvalidKeyException e) {
            LOG.error("generateX509Certificate: Caught InvalidKeySpecException, invalid key spec is being used: " + e.getMessage());
            throw new CryptoException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("generateX509Certificate: Caught NoSuchAlgorithmException, check to make sure the algorithm is supported by the provider: " + e2.getMessage());
            throw new CryptoException(e2);
        } catch (CertificateException e3) {
            LOG.error("generateX509Certificate: Caught CertificateException when generating certificate: " + e3.getMessage());
            throw new CryptoException(e3);
        } catch (Exception e4) {
            LOG.error("generateX509Certificate: unable to generate X509 Certificate: " + e4.getMessage());
            throw new CryptoException("Unable to generate X509 Certificate");
        } catch (OperatorCreationException e5) {
            LOG.error("generateX509Certificate: Caught OperatorCreationException when creating JcaContentSignerBuilder: " + e5.getMessage());
            throw new CryptoException(e5);
        }
    }

    public static boolean validatePKCS7Signature(String str, String str2, PublicKey publicKey) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str2.getBytes(StandardCharsets.UTF_8)));
            Throwable th = null;
            try {
                try {
                    SignerInformationStore signerInfos = new CMSSignedData(new CMSProcessableByteArray(str.getBytes(StandardCharsets.UTF_8)), byteArrayInputStream).getSignerInfos();
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    Iterator it = signerInfos.getSigners().iterator();
                    SignerInformationVerifier build = new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC_PROVIDER).build(publicKey);
                    while (it.hasNext()) {
                        if (((SignerInformation) it.next()).verify(build)) {
                            return true;
                        }
                    }
                    return false;
                } finally {
                }
            } catch (Throwable th3) {
                if (byteArrayInputStream != null) {
                    if (th != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (CMSException e) {
            LOG.error("validatePKCS7Signature: unable to initialize CMSSignedData object: " + e.getMessage());
            throw new CryptoException(e);
        } catch (OperatorCreationException e2) {
            LOG.error("validatePKCS7Signature: Caught OperatorCreationException when creating JcaSimpleSignerInfoVerifierBuilder: " + e2.getMessage());
            throw new CryptoException(e2);
        } catch (IOException e3) {
            LOG.error("validatePKCS7Signature: Caught IOException when closing InputStream: " + e3.getMessage());
            throw new CryptoException(e3);
        } catch (Exception e4) {
            LOG.error("validatePKCS7Signature: unable to validate signature: " + e4.getMessage());
            throw new CryptoException(e4.getMessage());
        }
    }

    public static String convertToPEMFormat(Object obj) {
        StringWriter stringWriter = new StringWriter();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(obj);
                    jcaPEMWriter.flush();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return stringWriter.toString();
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            LOG.error("convertToPEMFormat: unable to convert object to PEM: " + e.getMessage());
            return null;
        }
    }

    public static void main(String[] strArr) throws CryptoException {
        if (strArr.length >= 2) {
            String str = strArr[0];
            if ("sign".equals(str)) {
                if (strArr.length == 3) {
                    System.out.println(sign(strArr[1], loadPrivateKey(new File(strArr[2]))));
                    System.exit(0);
                }
            } else if ("verify".equals(str)) {
                if (strArr.length == 4) {
                    if (verify(strArr[1], loadPublicKey(new File(strArr[2])), strArr[3])) {
                        System.out.println("Verified.");
                    } else {
                        System.out.println("NOT VERIFIED");
                    }
                    System.exit(0);
                }
            } else if ("public".equals(str)) {
                if (strArr.length == 2) {
                    String encodedFile = encodedFile(new File(strArr[1]));
                    loadPublicKey(ybase64DecodeString(encodedFile));
                    System.out.println(encodedFile);
                    System.exit(0);
                }
            } else if ("private".equals(str) && strArr.length == 2) {
                try {
                    String encodedFile2 = encodedFile(new File(strArr[1]));
                    loadPrivateKey(ybase64DecodeString(encodedFile2));
                    System.out.println(encodedFile2);
                    System.exit(0);
                } catch (Exception e) {
                    System.out.println("*** " + e.getMessage());
                    System.exit(1);
                }
            }
        }
        System.out.println("usage: r Crypto private privateKeyFile");
        System.out.println("usage: r Crypto public publicKeyFile");
        System.out.println("usage: r Crypto sign msg privateKeyFile");
        System.out.println("usage: r Crypto verify msg privateKeyFile signature");
        System.exit(1);
    }

    static {
        SecureRandom secureRandom;
        Security.addProvider(new BouncyCastleProvider());
        try {
            secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking");
        } catch (NoSuchAlgorithmException e) {
            secureRandom = new SecureRandom();
        }
        RANDOM = secureRandom;
        RANDOM.nextBytes(new byte[]{8});
    }
}
