package com.unboundid.util.ssl.cert;

import com.unboundid.asn1.ASN1BigInteger;
import com.unboundid.asn1.ASN1BitString;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Exception;
import com.unboundid.asn1.ASN1GeneralizedTime;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.asn1.ASN1Set;
import com.unboundid.asn1.ASN1UTCTime;
import com.unboundid.asn1.ASN1UTF8String;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.schema.AttributeTypeDefinition;
import com.unboundid.ldap.sdk.schema.Schema;
import com.unboundid.util.Base64;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.OID;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-6.0.6.jar:com/unboundid/util/ssl/cert/X509Certificate.class */
public final class X509Certificate implements Serializable {
    private static final byte TYPE_EXPLICIT_VERSION = -96;
    private static final byte TYPE_IMPLICIT_ISSUER_UNIQUE_ID = -127;
    private static final byte TYPE_IMPLICIT_SUBJECT_UNIQUE_ID = -126;
    private static final byte TYPE_EXPLICIT_EXTENSIONS = -93;
    private static final long serialVersionUID = -4680448103099282243L;

    @Nullable
    private final ASN1BitString issuerUniqueID;

    @NotNull
    private final ASN1BitString signatureValue;

    @NotNull
    private final ASN1BitString encodedPublicKey;

    @Nullable
    private final ASN1BitString subjectUniqueID;

    @Nullable
    private final ASN1Element publicKeyAlgorithmParameters;

    @Nullable
    private final ASN1Element signatureAlgorithmParameters;

    @NotNull
    private final BigInteger serialNumber;

    @NotNull
    private final byte[] x509CertificateBytes;

    @Nullable
    private final DecodedPublicKey decodedPublicKey;

    @NotNull
    private final DN issuerDN;

    @NotNull
    private final DN subjectDN;

    @NotNull
    private final List<X509CertificateExtension> extensions;
    private final long notAfter;
    private final long notBefore;

    @NotNull
    private final OID publicKeyAlgorithmOID;

    @NotNull
    private final OID signatureAlgorithmOID;

    @Nullable
    private final String publicKeyAlgorithmName;

    @Nullable
    private final String signatureAlgorithmName;

    @NotNull
    private final X509CertificateVersion version;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate(@NotNull X509CertificateVersion x509CertificateVersion, @NotNull BigInteger bigInteger, @NotNull OID oid, @Nullable ASN1Element aSN1Element, @NotNull ASN1BitString aSN1BitString, @NotNull DN dn, long j, long j2, @NotNull DN dn2, @NotNull OID oid2, @Nullable ASN1Element aSN1Element2, @NotNull ASN1BitString aSN1BitString2, @Nullable DecodedPublicKey decodedPublicKey, @Nullable ASN1BitString aSN1BitString3, @Nullable ASN1BitString aSN1BitString4, @NotNull X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        this.version = x509CertificateVersion;
        this.serialNumber = bigInteger;
        this.signatureAlgorithmOID = oid;
        this.signatureAlgorithmParameters = aSN1Element;
        this.signatureValue = aSN1BitString;
        this.issuerDN = dn;
        this.notBefore = j;
        this.notAfter = j2;
        this.subjectDN = dn2;
        this.publicKeyAlgorithmOID = oid2;
        this.publicKeyAlgorithmParameters = aSN1Element2;
        this.encodedPublicKey = aSN1BitString2;
        this.decodedPublicKey = decodedPublicKey;
        this.issuerUniqueID = aSN1BitString3;
        this.subjectUniqueID = aSN1BitString4;
        this.extensions = StaticUtils.toList(x509CertificateExtensionArr);
        SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(oid);
        if (forOID == null) {
            this.signatureAlgorithmName = null;
        } else {
            this.signatureAlgorithmName = forOID.getUserFriendlyName();
        }
        PublicKeyAlgorithmIdentifier forOID2 = PublicKeyAlgorithmIdentifier.forOID(oid2);
        if (forOID2 == null) {
            this.publicKeyAlgorithmName = null;
        } else {
            this.publicKeyAlgorithmName = forOID2.getName();
        }
        this.x509CertificateBytes = encode().encode();
    }

    public X509Certificate(@NotNull byte[] bArr) throws CertException {
        int i;
        this.x509CertificateBytes = bArr;
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(bArr).elements();
            if (elements.length != 3) {
                throw new CertException(CertMessages.ERR_CERT_DECODE_UNEXPECTED_SEQUENCE_ELEMENT_COUNT.get(Integer.valueOf(elements.length)));
            }
            try {
                ASN1Element[] elements2 = ASN1Sequence.decodeAsSequence(elements[0]).elements();
                try {
                    if ((elements2[0].getType() & 255) == 160) {
                        this.version = X509CertificateVersion.valueOf(ASN1Integer.decodeAsInteger(elements2[0].getValue()).intValue());
                        if (this.version == null) {
                            throw new CertException(CertMessages.ERR_CERT_DECODE_UNSUPPORTED_VERSION.get(this.version));
                        }
                        i = 1;
                    } else {
                        this.version = X509CertificateVersion.V1;
                        i = 0;
                    }
                    try {
                        int i2 = i;
                        int i3 = i + 1;
                        this.serialNumber = elements2[i2].decodeAsBigInteger().getBigIntegerValue();
                        try {
                            int i4 = i3 + 1;
                            ASN1Element[] elements3 = elements2[i3].decodeAsSequence().elements();
                            this.signatureAlgorithmOID = elements3[0].decodeAsObjectIdentifier().getOID();
                            if (elements3.length > 1) {
                                this.signatureAlgorithmParameters = elements3[1];
                            } else {
                                this.signatureAlgorithmParameters = null;
                            }
                            SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(this.signatureAlgorithmOID);
                            if (forOID == null) {
                                this.signatureAlgorithmName = null;
                            } else {
                                this.signatureAlgorithmName = forOID.getUserFriendlyName();
                            }
                            try {
                                int i5 = i4 + 1;
                                this.issuerDN = decodeName(elements2[i4]);
                                try {
                                    int i6 = i5 + 1;
                                    ASN1Element[] elements4 = elements2[i5].decodeAsSequence().elements();
                                    switch (elements4[0].getType()) {
                                        case 23:
                                            this.notBefore = decodeUTCTime(elements4[0]);
                                            break;
                                        case 24:
                                            this.notBefore = elements4[0].decodeAsGeneralizedTime().getTime();
                                            break;
                                        default:
                                            throw new CertException(CertMessages.ERR_CERT_DECODE_NOT_BEFORE_UNEXPECTED_TYPE.get(StaticUtils.toHex(elements4[0].getType()), StaticUtils.toHex((byte) 23), StaticUtils.toHex((byte) 24)));
                                    }
                                    switch (elements4[1].getType()) {
                                        case 23:
                                            this.notAfter = decodeUTCTime(elements4[1]);
                                            break;
                                        case 24:
                                            this.notAfter = elements4[1].decodeAsGeneralizedTime().getTime();
                                            break;
                                        default:
                                            throw new CertException(CertMessages.ERR_CERT_DECODE_NOT_AFTER_UNEXPECTED_TYPE.get(StaticUtils.toHex(elements4[0].getType()), StaticUtils.toHex((byte) 23), StaticUtils.toHex((byte) 24)));
                                    }
                                    try {
                                        int i7 = i6 + 1;
                                        this.subjectDN = decodeName(elements2[i6]);
                                        try {
                                            ASN1Element[] elements5 = elements2[i7].decodeAsSequence().elements();
                                            ASN1Element[] elements6 = elements5[0].decodeAsSequence().elements();
                                            this.publicKeyAlgorithmOID = elements6[0].decodeAsObjectIdentifier().getOID();
                                            if (elements6.length > 1) {
                                                this.publicKeyAlgorithmParameters = elements6[1];
                                            } else {
                                                this.publicKeyAlgorithmParameters = null;
                                            }
                                            this.encodedPublicKey = elements5[1].decodeAsBitString();
                                            PublicKeyAlgorithmIdentifier forOID2 = PublicKeyAlgorithmIdentifier.forOID(this.publicKeyAlgorithmOID);
                                            if (forOID2 == null) {
                                                this.publicKeyAlgorithmName = null;
                                                this.decodedPublicKey = null;
                                            } else {
                                                this.publicKeyAlgorithmName = forOID2.getName();
                                                DecodedPublicKey decodedPublicKey = null;
                                                switch (forOID2) {
                                                    case RSA:
                                                        try {
                                                            decodedPublicKey = new RSAPublicKey(this.encodedPublicKey);
                                                            break;
                                                        } catch (Exception e) {
                                                            Debug.debugException(e);
                                                            break;
                                                        }
                                                    case EC:
                                                        try {
                                                            decodedPublicKey = new EllipticCurvePublicKey(this.encodedPublicKey);
                                                            break;
                                                        } catch (Exception e2) {
                                                            Debug.debugException(e2);
                                                            break;
                                                        }
                                                }
                                                this.decodedPublicKey = decodedPublicKey;
                                            }
                                            ASN1BitString aSN1BitString = null;
                                            ASN1BitString aSN1BitString2 = null;
                                            ArrayList arrayList = new ArrayList(10);
                                            for (int i8 = i7 + 1; i8 < elements2.length; i8++) {
                                                switch (elements2[i8].getType()) {
                                                    case -127:
                                                        try {
                                                            aSN1BitString = elements2[i8].decodeAsBitString();
                                                            break;
                                                        } catch (Exception e3) {
                                                            Debug.debugException(e3);
                                                            throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_UNIQUE_ID.get(StaticUtils.getExceptionMessage(e3)), e3);
                                                        }
                                                    case -126:
                                                        try {
                                                            aSN1BitString2 = elements2[i8].decodeAsBitString();
                                                            break;
                                                        } catch (Exception e4) {
                                                            Debug.debugException(e4);
                                                            throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_UNIQUE_ID.get(StaticUtils.getExceptionMessage(e4)), e4);
                                                        }
                                                    case -93:
                                                        try {
                                                            for (ASN1Element aSN1Element : ASN1Sequence.decodeAsSequence(elements2[i8].getValue()).elements()) {
                                                                arrayList.add(X509CertificateExtension.decode(aSN1Element));
                                                            }
                                                            break;
                                                        } catch (Exception e5) {
                                                            Debug.debugException(e5);
                                                            throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_EXTENSION.get(StaticUtils.getExceptionMessage(e5)), e5);
                                                        }
                                                }
                                            }
                                            this.issuerUniqueID = aSN1BitString;
                                            this.subjectUniqueID = aSN1BitString2;
                                            this.extensions = Collections.unmodifiableList(arrayList);
                                            try {
                                                OID oid = elements[1].decodeAsSequence().elements()[0].decodeAsObjectIdentifier().getOID();
                                                if (!oid.equals(this.signatureAlgorithmOID)) {
                                                    throw new CertException(CertMessages.ERR_CERT_DECODE_SIG_ALG_MISMATCH.get(this.signatureAlgorithmOID.toString(), oid.toString()));
                                                }
                                                try {
                                                    this.signatureValue = elements[2].decodeAsBitString();
                                                } catch (Exception e6) {
                                                    Debug.debugException(e6);
                                                    throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SIG_VALUE.get(StaticUtils.getExceptionMessage(e6)), e6);
                                                }
                                            } catch (CertException e7) {
                                                Debug.debugException(e7);
                                                throw e7;
                                            } catch (Exception e8) {
                                                Debug.debugException(e8);
                                                throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SIG_ALG.get(StaticUtils.getExceptionMessage(e8)), e8);
                                            }
                                        } catch (Exception e9) {
                                            Debug.debugException(e9);
                                            throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_PUBLIC_KEY_INFO.get(StaticUtils.getExceptionMessage(e9)), e9);
                                        }
                                    } catch (Exception e10) {
                                        Debug.debugException(e10);
                                        throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_DN.get(StaticUtils.getExceptionMessage(e10)), e10);
                                    }
                                } catch (CertException e11) {
                                    Debug.debugException(e11);
                                    throw e11;
                                } catch (Exception e12) {
                                    Debug.debugException(e12);
                                    throw new CertException(CertMessages.ERR_CERT_DECODE_COULD_NOT_PARSE_VALIDITY.get(StaticUtils.getExceptionMessage(e12)), e12);
                                }
                            } catch (Exception e13) {
                                Debug.debugException(e13);
                                throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_DN.get(StaticUtils.getExceptionMessage(e13)), e13);
                            }
                        } catch (Exception e14) {
                            Debug.debugException(e14);
                            throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SIG_ALG.get(StaticUtils.getExceptionMessage(e14)), e14);
                        }
                    } catch (Exception e15) {
                        Debug.debugException(e15);
                        throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_SERIAL_NUMBER.get(StaticUtils.getExceptionMessage(e15)), e15);
                    }
                } catch (CertException e16) {
                    Debug.debugException(e16);
                    throw e16;
                } catch (Exception e17) {
                    Debug.debugException(e17);
                    throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_VERSION.get(StaticUtils.getExceptionMessage(e17)), e17);
                }
            } catch (Exception e18) {
                Debug.debugException(e18);
                throw new CertException(CertMessages.ERR_CERT_DECODE_FIRST_ELEMENT_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e18)), e18);
            }
        } catch (Exception e19) {
            Debug.debugException(e19);
            throw new CertException(CertMessages.ERR_CERT_DECODE_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e19)), e19);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
    @NotNull
    public static DN decodeName(@NotNull ASN1Element aSN1Element) throws CertException {
        Schema schema;
        try {
            schema = Schema.getDefaultStandardSchema();
        } catch (Exception e) {
            Debug.debugException(e);
            schema = null;
        }
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(aSN1Element).elements();
            ArrayList arrayList = new ArrayList(elements.length);
            for (int i = 0; i < elements.length; i++) {
                try {
                    ASN1Element[] elements2 = elements[i].decodeAsSet().elements();
                    String[] strArr = new String[elements2.length];
                    ?? r0 = new byte[elements2.length];
                    for (int i2 = 0; i2 < elements2.length; i2++) {
                        ASN1Element[] elements3 = ASN1Sequence.decodeAsSequence(elements2[i2]).elements();
                        OID oid = elements3[0].decodeAsObjectIdentifier().getOID();
                        AttributeTypeDefinition attributeType = schema.getAttributeType(oid.toString());
                        if (attributeType == null) {
                            strArr[i2] = oid.toString();
                        } else {
                            strArr[i2] = attributeType.getNameOrOID().toUpperCase();
                        }
                        r0[i2] = elements3[1].decodeAsOctetString().getValue();
                    }
                    arrayList.add(new RDN(strArr, (byte[][]) r0, schema));
                } catch (Exception e2) {
                    Debug.debugException(e2);
                    throw new CertException(CertMessages.ERR_CERT_DECODE_CANNOT_PARSE_NAME_SEQUENCE_ELEMENT.get(Integer.valueOf(i), StaticUtils.getExceptionMessage(e2)), e2);
                }
            }
            Collections.reverse(arrayList);
            return new DN(arrayList);
        } catch (Exception e3) {
            Debug.debugException(e3);
            throw new CertException(CertMessages.ERR_CERT_DECODE_NAME_NOT_SEQUENCE.get(StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    private static long decodeUTCTime(@NotNull ASN1Element aSN1Element) throws ASN1Exception {
        long time = ASN1UTCTime.decodeAsUTCTime(aSN1Element).getTime();
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(time);
        int i = gregorianCalendar.get(1);
        if (i < 1949) {
            gregorianCalendar.set(1, i + 100);
        } else if (i > 2050) {
            gregorianCalendar.set(1, i - 100);
        }
        return gregorianCalendar.getTimeInMillis();
    }

    @NotNull
    ASN1Element encode() throws CertException {
        try {
            ArrayList arrayList = new ArrayList(10);
            if (this.version != X509CertificateVersion.V1) {
                arrayList.add(new ASN1Element((byte) -96, new ASN1Integer(this.version.getIntValue()).encode()));
            }
            arrayList.add(new ASN1BigInteger(this.serialNumber));
            if (this.signatureAlgorithmParameters == null) {
                arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID)));
            } else {
                arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID), this.signatureAlgorithmParameters));
            }
            arrayList.add(encodeName(this.issuerDN));
            arrayList.add(encodeValiditySequence(this.notBefore, this.notAfter));
            arrayList.add(encodeName(this.subjectDN));
            if (this.publicKeyAlgorithmParameters == null) {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID)), this.encodedPublicKey));
            } else {
                arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(this.publicKeyAlgorithmOID), this.publicKeyAlgorithmParameters), this.encodedPublicKey));
            }
            if (this.issuerUniqueID != null) {
                arrayList.add(new ASN1BitString((byte) -127, this.issuerUniqueID.getBits()));
            }
            if (this.subjectUniqueID != null) {
                arrayList.add(new ASN1BitString((byte) -126, this.subjectUniqueID.getBits()));
            }
            if (!this.extensions.isEmpty()) {
                ArrayList arrayList2 = new ArrayList(this.extensions.size());
                Iterator<X509CertificateExtension> it = this.extensions.iterator();
                while (it.hasNext()) {
                    arrayList2.add(it.next().encode());
                }
                arrayList.add(new ASN1Element((byte) -93, new ASN1Sequence(arrayList2).encode()));
            }
            ArrayList arrayList3 = new ArrayList(3);
            arrayList3.add(new ASN1Sequence(arrayList));
            if (this.signatureAlgorithmParameters == null) {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID)));
            } else {
                arrayList3.add(new ASN1Sequence(new ASN1ObjectIdentifier(this.signatureAlgorithmOID), this.signatureAlgorithmParameters));
            }
            arrayList3.add(this.signatureValue);
            return new ASN1Sequence(arrayList3);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new CertException(CertMessages.ERR_CERT_ENCODE_ERROR.get(toString(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static ASN1Element encodeName(@NotNull DN dn) throws CertException {
        try {
            Schema defaultStandardSchema = Schema.getDefaultStandardSchema();
            RDN[] rDNs = dn.getRDNs();
            ArrayList arrayList = new ArrayList(rDNs.length);
            for (int length = rDNs.length - 1; length >= 0; length--) {
                RDN rdn = rDNs[length];
                String[] attributeNames = rdn.getAttributeNames();
                String[] attributeValues = rdn.getAttributeValues();
                ArrayList arrayList2 = new ArrayList(attributeNames.length);
                for (int i = 0; i < attributeNames.length; i++) {
                    AttributeTypeDefinition attributeType = defaultStandardSchema.getAttributeType(attributeNames[i]);
                    if (attributeType == null) {
                        throw new CertException(CertMessages.ERR_CERT_ENCODE_NAME_UNKNOWN_ATTR_TYPE.get(String.valueOf(dn), attributeNames[i]));
                    }
                    try {
                        arrayList2.add(new ASN1Sequence(new ASN1ObjectIdentifier(attributeType.getOID()), new ASN1UTF8String(attributeValues[i])));
                    } catch (Exception e) {
                        Debug.debugException(e);
                        throw new CertException(CertMessages.ERR_CERT_ENCODE_NAME_ERROR.get(String.valueOf(dn), StaticUtils.getExceptionMessage(e)), e);
                    }
                }
                arrayList.add(new ASN1Set(arrayList2));
            }
            return new ASN1Sequence(arrayList);
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new CertException(CertMessages.ERR_CERT_ENCODE_NAME_CANNOT_GET_SCHEMA.get(String.valueOf(dn), StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @NotNull
    static ASN1Sequence encodeValiditySequence(long j, long j2) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(j);
        int i = gregorianCalendar.get(1);
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.setTimeInMillis(j2);
        int i2 = gregorianCalendar2.get(1);
        return (i < 1950 || i > 2049 || i2 < 1950 || i2 > 2049) ? new ASN1Sequence(new ASN1GeneralizedTime(j), new ASN1GeneralizedTime(j2)) : new ASN1Sequence(new ASN1UTCTime(j), new ASN1UTCTime(j2));
    }

    @NotNull
    public static ObjectPair<X509Certificate, KeyPair> generateSelfSignedCertificate(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull PublicKeyAlgorithmIdentifier publicKeyAlgorithmIdentifier, int i, @NotNull DN dn, long j, long j2, @Nullable X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator(publicKeyAlgorithmIdentifier.getName());
            try {
                keyPairGenerator.initialize(i);
                try {
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    return new ObjectPair<>(generateSelfSignedCertificate(signatureAlgorithmIdentifier, generateKeyPair, dn, j, j2, x509CertificateExtensionArr), generateKeyPair);
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new CertException(CertMessages.ERR_CERT_GEN_SELF_SIGNED_CANNOT_GENERATE_KEY_PAIR.get(Integer.valueOf(i), publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new CertException(CertMessages.ERR_CERT_GEN_SELF_SIGNED_INVALID_KEY_SIZE.get(Integer.valueOf(i), publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            Debug.debugException(e3);
            throw new CertException(CertMessages.ERR_CERT_GEN_SELF_SIGNED_CANNOT_GET_KEY_GENERATOR.get(publicKeyAlgorithmIdentifier.getName(), StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    @NotNull
    public static X509Certificate generateSelfSignedCertificate(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull KeyPair keyPair, @NotNull DN dn, long j, long j2, @Nullable X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        DecodedPublicKey decodedPublicKey = null;
        try {
            ASN1Element[] elements = ASN1Sequence.decodeAsSequence(keyPair.getPublic().getEncoded()).elements();
            ASN1Element[] elements2 = ASN1Sequence.decodeAsSequence(elements[0]).elements();
            OID oid = elements2[0].decodeAsObjectIdentifier().getOID();
            ASN1Element aSN1Element = elements2.length == 1 ? null : elements2[1];
            ASN1BitString decodeAsBitString = elements[1].decodeAsBitString();
            try {
                if (oid.equals(PublicKeyAlgorithmIdentifier.RSA.getOID())) {
                    decodedPublicKey = new RSAPublicKey(decodeAsBitString);
                } else if (oid.equals(PublicKeyAlgorithmIdentifier.EC.getOID())) {
                    decodedPublicKey = new EllipticCurvePublicKey(decodeAsBitString);
                }
            } catch (Exception e) {
                Debug.debugException(e);
            }
            byte[] digest = CryptoHelper.getMessageDigest(MessageDigestAlgorithms.SHA_1).digest(decodeAsBitString.getBytes());
            ArrayList arrayList = new ArrayList(10);
            arrayList.add(new SubjectKeyIdentifierExtension(false, new ASN1OctetString(digest)));
            if (x509CertificateExtensionArr != null) {
                for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                    if (!x509CertificateExtension.getOID().equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID)) {
                        arrayList.add(x509CertificateExtension);
                    }
                }
            }
            X509CertificateExtension[] x509CertificateExtensionArr2 = new X509CertificateExtension[arrayList.size()];
            arrayList.toArray(x509CertificateExtensionArr2);
            BigInteger generateSerialNumber = generateSerialNumber();
            return new X509Certificate(X509CertificateVersion.V3, generateSerialNumber, signatureAlgorithmIdentifier.getOID(), null, generateSignature(signatureAlgorithmIdentifier, keyPair.getPrivate(), generateSerialNumber, dn, j, j2, dn, oid, aSN1Element, decodeAsBitString, x509CertificateExtensionArr2), dn, j, j2, dn, oid, aSN1Element, decodeAsBitString, decodedPublicKey, null, null, x509CertificateExtensionArr2);
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new CertException(CertMessages.ERR_CERT_GEN_SELF_SIGNED_CANNOT_PARSE_KEY_PAIR.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @NotNull
    public static X509Certificate generateIssuerSignedCertificate(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull X509Certificate x509Certificate, @NotNull PrivateKey privateKey, @NotNull OID oid, @Nullable ASN1Element aSN1Element, @NotNull ASN1BitString aSN1BitString, @Nullable DecodedPublicKey decodedPublicKey, @NotNull DN dn, long j, long j2, @NotNull X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            byte[] digest = CryptoHelper.getMessageDigest(MessageDigestAlgorithms.SHA_1).digest(aSN1BitString.getBytes());
            ASN1OctetString aSN1OctetString = null;
            for (X509CertificateExtension x509CertificateExtension : x509Certificate.extensions) {
                if (x509CertificateExtension instanceof SubjectKeyIdentifierExtension) {
                    aSN1OctetString = ((SubjectKeyIdentifierExtension) x509CertificateExtension).getKeyIdentifier();
                }
            }
            ArrayList arrayList = new ArrayList(10);
            arrayList.add(new SubjectKeyIdentifierExtension(false, new ASN1OctetString(digest)));
            if (aSN1OctetString == null) {
                arrayList.add(new AuthorityKeyIdentifierExtension(false, null, new GeneralNamesBuilder().addDirectoryName(x509Certificate.subjectDN).build(), x509Certificate.serialNumber));
            } else {
                arrayList.add(new AuthorityKeyIdentifierExtension(false, aSN1OctetString, null, null));
            }
            if (x509CertificateExtensionArr != null) {
                for (X509CertificateExtension x509CertificateExtension2 : x509CertificateExtensionArr) {
                    if (!x509CertificateExtension2.getOID().equals(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID) && !x509CertificateExtension2.getOID().equals(AuthorityKeyIdentifierExtension.AUTHORITY_KEY_IDENTIFIER_OID)) {
                        arrayList.add(x509CertificateExtension2);
                    }
                }
            }
            X509CertificateExtension[] x509CertificateExtensionArr2 = new X509CertificateExtension[arrayList.size()];
            arrayList.toArray(x509CertificateExtensionArr2);
            BigInteger generateSerialNumber = generateSerialNumber();
            return new X509Certificate(X509CertificateVersion.V3, generateSerialNumber, signatureAlgorithmIdentifier.getOID(), null, generateSignature(signatureAlgorithmIdentifier, privateKey, generateSerialNumber, x509Certificate.subjectDN, j, j2, dn, oid, aSN1Element, aSN1BitString, x509CertificateExtensionArr2), x509Certificate.subjectDN, j, j2, dn, oid, aSN1Element, aSN1BitString, decodedPublicKey, null, null, x509CertificateExtensionArr2);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new CertException(CertMessages.ERR_CERT_GEN_ISSUER_SIGNED_CANNOT_GENERATE_KEY_ID.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @NotNull
    private static BigInteger generateSerialNumber() {
        UUID randomUUID = CryptoHelper.getRandomUUID();
        return BigInteger.valueOf(randomUUID.getMostSignificantBits() & Long.MAX_VALUE).shiftLeft(64).add(BigInteger.valueOf(randomUUID.getLeastSignificantBits() & Long.MAX_VALUE));
    }

    @NotNull
    private static ASN1BitString generateSignature(@NotNull SignatureAlgorithmIdentifier signatureAlgorithmIdentifier, @NotNull PrivateKey privateKey, @NotNull BigInteger bigInteger, @NotNull DN dn, long j, long j2, @NotNull DN dn2, @NotNull OID oid, @Nullable ASN1Element aSN1Element, @NotNull ASN1BitString aSN1BitString, @NotNull X509CertificateExtension... x509CertificateExtensionArr) throws CertException {
        try {
            Signature signature = CryptoHelper.getSignature(signatureAlgorithmIdentifier.getJavaName());
            try {
                signature.initSign(privateKey);
                try {
                    ArrayList arrayList = new ArrayList(8);
                    arrayList.add(new ASN1Element((byte) -96, new ASN1Integer(X509CertificateVersion.V3.getIntValue()).encode()));
                    arrayList.add(new ASN1BigInteger(bigInteger));
                    arrayList.add(new ASN1Sequence(new ASN1ObjectIdentifier(signatureAlgorithmIdentifier.getOID())));
                    arrayList.add(encodeName(dn));
                    arrayList.add(encodeValiditySequence(j, j2));
                    arrayList.add(encodeName(dn2));
                    if (aSN1Element == null) {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid)), aSN1BitString));
                    } else {
                        arrayList.add(new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(oid), aSN1Element), aSN1BitString));
                    }
                    ArrayList arrayList2 = new ArrayList(x509CertificateExtensionArr.length);
                    for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
                        arrayList2.add(x509CertificateExtension.encode());
                    }
                    arrayList.add(new ASN1Element((byte) -93, new ASN1Sequence(arrayList2).encode()));
                    signature.update(new ASN1Sequence(arrayList).encode());
                    return new ASN1BitString(ASN1BitString.getBitsForBytes(signature.sign()));
                } catch (Exception e) {
                    Debug.debugException(e);
                    throw new CertException(CertMessages.ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new CertException(CertMessages.ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Exception e3) {
            Debug.debugException(e3);
            throw new CertException(CertMessages.ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR.get(signatureAlgorithmIdentifier.getJavaName(), StaticUtils.getExceptionMessage(e3)), e3);
        }
    }

    @NotNull
    public byte[] getX509CertificateBytes() {
        return this.x509CertificateBytes;
    }

    @NotNull
    public X509CertificateVersion getVersion() {
        return this.version;
    }

    @NotNull
    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    @NotNull
    public OID getSignatureAlgorithmOID() {
        return this.signatureAlgorithmOID;
    }

    @Nullable
    public String getSignatureAlgorithmName() {
        return this.signatureAlgorithmName;
    }

    @NotNull
    public String getSignatureAlgorithmNameOrOID() {
        return this.signatureAlgorithmName != null ? this.signatureAlgorithmName : this.signatureAlgorithmOID.toString();
    }

    @Nullable
    public ASN1Element getSignatureAlgorithmParameters() {
        return this.signatureAlgorithmParameters;
    }

    @NotNull
    public DN getIssuerDN() {
        return this.issuerDN;
    }

    public long getNotBeforeTime() {
        return this.notBefore;
    }

    @NotNull
    public Date getNotBeforeDate() {
        return new Date(this.notBefore);
    }

    public long getNotAfterTime() {
        return this.notAfter;
    }

    @NotNull
    public Date getNotAfterDate() {
        return new Date(this.notAfter);
    }

    public boolean isWithinValidityWindow() {
        return isWithinValidityWindow(System.currentTimeMillis());
    }

    public boolean isWithinValidityWindow(@NotNull Date date) {
        return isWithinValidityWindow(date.getTime());
    }

    public boolean isWithinValidityWindow(long j) {
        return j >= this.notBefore && j <= this.notAfter;
    }

    @NotNull
    public DN getSubjectDN() {
        return this.subjectDN;
    }

    @NotNull
    public OID getPublicKeyAlgorithmOID() {
        return this.publicKeyAlgorithmOID;
    }

    @Nullable
    public String getPublicKeyAlgorithmName() {
        return this.publicKeyAlgorithmName;
    }

    @NotNull
    public String getPublicKeyAlgorithmNameOrOID() {
        return this.publicKeyAlgorithmName != null ? this.publicKeyAlgorithmName : this.publicKeyAlgorithmOID.toString();
    }

    @Nullable
    public ASN1Element getPublicKeyAlgorithmParameters() {
        return this.publicKeyAlgorithmParameters;
    }

    @NotNull
    public ASN1BitString getEncodedPublicKey() {
        return this.encodedPublicKey;
    }

    @Nullable
    public DecodedPublicKey getDecodedPublicKey() {
        return this.decodedPublicKey;
    }

    @Nullable
    public ASN1BitString getIssuerUniqueID() {
        return this.issuerUniqueID;
    }

    @Nullable
    public ASN1BitString getSubjectUniqueID() {
        return this.subjectUniqueID;
    }

    @NotNull
    public List<X509CertificateExtension> getExtensions() {
        return this.extensions;
    }

    @NotNull
    public ASN1BitString getSignatureValue() {
        return this.signatureValue;
    }

    public void verifySignature(@Nullable X509Certificate x509Certificate) throws CertException {
        X509Certificate x509Certificate2;
        if (x509Certificate != null) {
            x509Certificate2 = x509Certificate;
        } else {
            if (!isSelfSigned()) {
                throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_ISSUER_CERT_NOT_PROVIDED.get());
            }
            x509Certificate2 = this;
        }
        try {
            PublicKey publicKey = x509Certificate2.toCertificate().getPublicKey();
            try {
                SignatureAlgorithmIdentifier forOID = SignatureAlgorithmIdentifier.forOID(this.signatureAlgorithmOID);
                Signature signature = CryptoHelper.getSignature(forOID.getJavaName());
                try {
                    signature.initVerify(publicKey);
                    try {
                        signature.update(ASN1Sequence.decodeAsSequence(this.x509CertificateBytes).elements()[0].encode());
                        try {
                            if (signature.verify(this.signatureValue.getBytes())) {
                            } else {
                                throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_NOT_VALID.get(this.subjectDN));
                            }
                        } catch (CertException e) {
                            Debug.debugException(e);
                            throw e;
                        } catch (Exception e2) {
                            Debug.debugException(e2);
                            throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_ERROR.get(this.subjectDN, StaticUtils.getExceptionMessage(e2)), e2);
                        }
                    } catch (Exception e3) {
                        Debug.debugException(e3);
                        throw new CertException(CertMessages.ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE.get(forOID.getJavaName(), StaticUtils.getExceptionMessage(e3)), e3);
                    }
                } catch (Exception e4) {
                    Debug.debugException(e4);
                    throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_CANNOT_INIT_SIGNATURE_VERIFIER.get(forOID.getJavaName(), StaticUtils.getExceptionMessage(e4)), e4);
                }
            } catch (Exception e5) {
                Debug.debugException(e5);
                throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_SIGNATURE_VERIFIER.get(getSignatureAlgorithmNameOrOID(), StaticUtils.getExceptionMessage(e5)), e5);
            }
        } catch (Exception e6) {
            Debug.debugException(e6);
            throw new CertException(CertMessages.ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_PUBLIC_KEY.get(StaticUtils.getExceptionMessage(e6)), e6);
        }
    }

    @NotNull
    public byte[] getSHA1Fingerprint() throws CertException {
        return getFingerprint(MessageDigestAlgorithms.SHA_1);
    }

    @NotNull
    public byte[] getSHA256Fingerprint() throws CertException {
        return getFingerprint(MessageDigestAlgorithms.SHA_256);
    }

    @NotNull
    private byte[] getFingerprint(@NotNull String str) throws CertException {
        try {
            return CryptoHelper.getMessageDigest(str).digest(this.x509CertificateBytes);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new CertException(CertMessages.ERR_CERT_CANNOT_COMPUTE_FINGERPRINT.get(str, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    public boolean isSelfSigned() {
        AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = null;
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = null;
        for (X509CertificateExtension x509CertificateExtension : this.extensions) {
            if (x509CertificateExtension instanceof AuthorityKeyIdentifierExtension) {
                authorityKeyIdentifierExtension = (AuthorityKeyIdentifierExtension) x509CertificateExtension;
            } else if (x509CertificateExtension instanceof SubjectKeyIdentifierExtension) {
                subjectKeyIdentifierExtension = (SubjectKeyIdentifierExtension) x509CertificateExtension;
            }
        }
        return (authorityKeyIdentifierExtension == null || subjectKeyIdentifierExtension == null) ? this.subjectDN.equals(this.issuerDN) : authorityKeyIdentifierExtension.getKeyIdentifier() != null && Arrays.equals(authorityKeyIdentifierExtension.getKeyIdentifier().getValue(), subjectKeyIdentifierExtension.getKeyIdentifier().getValue());
    }

    public boolean isIssuerFor(@NotNull X509Certificate x509Certificate) {
        return isIssuerFor(x509Certificate, null);
    }

    public boolean isIssuerFor(@NotNull X509Certificate x509Certificate, @Nullable StringBuilder sb) {
        if (!x509Certificate.issuerDN.equals(this.subjectDN)) {
            if (sb == null) {
                return false;
            }
            sb.append(CertMessages.INFO_CERT_IS_ISSUER_FOR_DN_MISMATCH.get(this.subjectDN, x509Certificate.subjectDN, this.issuerDN));
            return false;
        }
        byte[] bArr = null;
        Iterator<X509CertificateExtension> it = x509Certificate.extensions.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509CertificateExtension next = it.next();
            if (next instanceof AuthorityKeyIdentifierExtension) {
                AuthorityKeyIdentifierExtension authorityKeyIdentifierExtension = (AuthorityKeyIdentifierExtension) next;
                if (authorityKeyIdentifierExtension.getKeyIdentifier() != null) {
                    bArr = authorityKeyIdentifierExtension.getKeyIdentifier().getValue();
                    break;
                }
            }
        }
        if (bArr == null) {
            return true;
        }
        boolean z = false;
        Iterator<X509CertificateExtension> it2 = this.extensions.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            X509CertificateExtension next2 = it2.next();
            if (next2 instanceof SubjectKeyIdentifierExtension) {
                z = Arrays.equals(bArr, ((SubjectKeyIdentifierExtension) next2).getKeyIdentifier().getValue());
                break;
            }
        }
        if (z) {
            return true;
        }
        if (sb == null) {
            return false;
        }
        sb.append(CertMessages.INFO_CERT_IS_ISSUER_FOR_KEY_ID_MISMATCH.get(this.subjectDN, x509Certificate.subjectDN));
        return false;
    }

    @NotNull
    public Certificate toCertificate() throws CertificateException {
        return CryptoHelper.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(this.x509CertificateBytes));
    }

    public int hashCode() {
        return Arrays.hashCode(this.x509CertificateBytes);
    }

    public boolean equals(@Nullable Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj instanceof X509Certificate) {
            return Arrays.equals(this.x509CertificateBytes, ((X509Certificate) obj).x509CertificateBytes);
        }
        return false;
    }

    @NotNull
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(@NotNull StringBuilder sb) {
        sb.append("X509Certificate(version='");
        sb.append(this.version.getName());
        sb.append("', serialNumber='");
        StaticUtils.toHex(this.serialNumber.toByteArray(), ":", sb);
        sb.append("', signatureAlgorithmOID='");
        sb.append(this.signatureAlgorithmOID.toString());
        sb.append('\'');
        if (this.signatureAlgorithmName != null) {
            sb.append(", signatureAlgorithmName='");
            sb.append(this.signatureAlgorithmName);
            sb.append('\'');
        }
        sb.append(", issuerDN='");
        sb.append(this.issuerDN.toString());
        sb.append("', notBefore='");
        sb.append(StaticUtils.encodeGeneralizedTime(this.notBefore));
        sb.append("', notAfter='");
        sb.append(StaticUtils.encodeGeneralizedTime(this.notAfter));
        sb.append("', subjectDN='");
        sb.append(this.subjectDN.toString());
        sb.append("', publicKeyAlgorithmOID='");
        sb.append(this.publicKeyAlgorithmOID.toString());
        sb.append('\'');
        if (this.publicKeyAlgorithmName != null) {
            sb.append(", publicKeyAlgorithmName='");
            sb.append(this.publicKeyAlgorithmName);
            sb.append('\'');
        }
        sb.append(", subjectPublicKey=");
        if (this.decodedPublicKey == null) {
            sb.append('\'');
            try {
                StaticUtils.toHex(this.encodedPublicKey.getBytes(), ":", sb);
            } catch (Exception e) {
                Debug.debugException(e);
                this.encodedPublicKey.toString(sb);
            }
            sb.append('\'');
        } else {
            this.decodedPublicKey.toString(sb);
            if (this.decodedPublicKey instanceof EllipticCurvePublicKey) {
                try {
                    OID oid = this.publicKeyAlgorithmParameters.decodeAsObjectIdentifier().getOID();
                    sb.append(", ellipticCurvePublicKeyParameters=namedCurve='");
                    sb.append(NamedCurve.getNameOrOID(oid));
                    sb.append('\'');
                } catch (Exception e2) {
                    Debug.debugException(e2);
                }
            }
        }
        if (this.issuerUniqueID != null) {
            sb.append(", issuerUniqueID='");
            sb.append(this.issuerUniqueID.toString());
            sb.append('\'');
        }
        if (this.subjectUniqueID != null) {
            sb.append(", subjectUniqueID='");
            sb.append(this.subjectUniqueID.toString());
            sb.append('\'');
        }
        if (!this.extensions.isEmpty()) {
            sb.append(", extensions={");
            Iterator<X509CertificateExtension> it = this.extensions.iterator();
            while (it.hasNext()) {
                it.next().toString(sb);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
            sb.append('}');
        }
        sb.append(", signatureValue='");
        try {
            StaticUtils.toHex(this.signatureValue.getBytes(), ":", sb);
        } catch (Exception e3) {
            Debug.debugException(e3);
            sb.append(this.signatureValue.toString());
        }
        sb.append("')");
    }

    @NotNull
    public List<String> toPEM() {
        ArrayList arrayList = new ArrayList(10);
        arrayList.add("-----BEGIN CERTIFICATE-----");
        arrayList.addAll(StaticUtils.wrapLine(Base64.encode(this.x509CertificateBytes), 64));
        arrayList.add("-----END CERTIFICATE-----");
        return Collections.unmodifiableList(arrayList);
    }

    @NotNull
    public String toPEMString() {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN CERTIFICATE-----");
        sb.append(StaticUtils.EOL);
        Iterator<String> it = StaticUtils.wrapLine(Base64.encode(this.x509CertificateBytes), 64).iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(StaticUtils.EOL);
        }
        sb.append("-----END CERTIFICATE-----");
        sb.append(StaticUtils.EOL);
        return sb.toString();
    }
}
