package com.yahoo.security;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Random;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import javax.naming.ldap.LdapName;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/yahoo/security/X509CertificateUtils.class */
public class X509CertificateUtils {
    private X509CertificateUtils() {
    }

    public static X509Certificate fromPem(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                X509Certificate x509Certificate = toX509Certificate(pEMParser.readObject());
                pEMParser.close();
                return x509Certificate;
            } catch (Throwable th) {
                try {
                    pEMParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static List<X509Certificate> certificateListFromPem(String str) {
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                ArrayList arrayList = new ArrayList();
                while (true) {
                    Object readObject = pEMParser.readObject();
                    if (readObject == null) {
                        pEMParser.close();
                        return arrayList;
                    }
                    arrayList.add(toX509Certificate(readObject));
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (CertificateException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static X509Certificate toX509Certificate(Object obj) throws CertificateException {
        if (obj instanceof X509Certificate) {
            return (X509Certificate) obj;
        }
        if (obj instanceof X509CertificateHolder) {
            return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderHolder.getInstance()).getCertificate((X509CertificateHolder) obj);
        }
        throw new IllegalArgumentException("Invalid type of PEM object: " + obj);
    }

    public static String toPem(X509Certificate x509Certificate) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(new PemObject("CERTIFICATE", x509Certificate.getEncoded()));
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } catch (Throwable th) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                try {
                    stringWriter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static String toPem(List<X509Certificate> list) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    Iterator<X509Certificate> it = list.iterator();
                    while (it.hasNext()) {
                        jcaPEMWriter.writeObject(new PemObject("CERTIFICATE", it.next().getEncoded()));
                    }
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } catch (Throwable th) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static List<String> getSubjectCommonNames(X509Certificate x509Certificate) {
        return getCommonNames(x509Certificate.getSubjectX500Principal());
    }

    public static Optional<String> getSubjectCommonName(X509Certificate x509Certificate) {
        List<String> subjectCommonNames = getSubjectCommonNames(x509Certificate);
        return subjectCommonNames.isEmpty() ? Optional.empty() : Optional.of(subjectCommonNames.get(subjectCommonNames.size() - 1));
    }

    public static List<String> getIssuerCommonNames(X509Certificate x509Certificate) {
        return getCommonNames(x509Certificate.getIssuerX500Principal());
    }

    public static List<String> getSubjectOrganizationalUnits(X509Certificate x509Certificate) {
        return getRdns(x509Certificate.getSubjectX500Principal(), "OU");
    }

    public static List<String> getCommonNames(X500Principal x500Principal) {
        return getRdns(x500Principal, "CN");
    }

    private static List<String> getRdns(X500Principal x500Principal, String str) {
        try {
            return (List) new LdapName(x500Principal.getName()).getRdns().stream().filter(rdn -> {
                return rdn.getType().equalsIgnoreCase(str);
            }).map(rdn2 -> {
                return rdn2.getValue().toString();
            }).collect(Collectors.toList());
        } catch (NamingException e) {
            throw new IllegalArgumentException("Invalid DN: " + x500Principal.getName(), e);
        }
    }

    public static List<SubjectAlternativeName> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.SUBJECT_ALTERNATIVE_NAMES.getOId());
            if (extensionValue == null) {
                return Collections.emptyList();
            }
            ASN1Primitive fromByteArray = ASN1Primitive.fromByteArray(extensionValue);
            if (fromByteArray instanceof ASN1OctetString) {
                fromByteArray = ASN1Primitive.fromByteArray(((ASN1OctetString) fromByteArray).getOctets());
            }
            return SubjectAlternativeName.fromGeneralNames(GeneralNames.getInstance(fromByteArray));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public static boolean privateKeyMatchesPublicKey(PrivateKey privateKey, PublicKey publicKey) {
        byte[] bArr = new byte[64];
        new Random().nextBytes(bArr);
        Signature createSigner = SignatureUtils.createSigner(privateKey);
        Signature createVerifier = SignatureUtils.createVerifier(publicKey);
        try {
            createSigner.update(bArr);
            createVerifier.update(bArr);
            return createVerifier.verify(createSigner.sign());
        } catch (SignatureException e) {
            throw new RuntimeException(e);
        }
    }

    public static X509CertificateWithKey createSelfSigned(String str, Duration duration) {
        KeyPair generateKeypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
        X500Principal x500Principal = new X500Principal(str);
        Instant now = Instant.now();
        return new X509CertificateWithKey(X509CertificateBuilder.fromKeypair(generateKeypair, x500Principal, now, now.plus((TemporalAmount) duration), SignatureAlgorithm.SHA256_WITH_ECDSA, BigInteger.ONE).setBasicConstraints(true, true).build(), generateKeypair.getPrivate());
    }

    public static byte[] getX509CertificateFingerPrint(X509Certificate x509Certificate) {
        try {
            return MessageDigest.getInstance("SHA-1").digest(x509Certificate.getEncoded());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }
}
