package edu.uiuc.ncsa.security.util.pkcs;

import edu.uiuc.ncsa.security.core.exceptions.GeneralException;
import edu.uiuc.ncsa.security.core.exceptions.InvalidCertRequestException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.spi.Configurator;
import sun.security.pkcs.PKCS10;
import sun.security.util.DerInputStream;
import sun.security.x509.X500Name;

/* loaded from: input_file:WEB-INF/lib/ncsa-security-util-1.1.3.jar:edu/uiuc/ncsa/security/util/pkcs/CertUtil.class */
public class CertUtil {
    public static final String UTF_8 = "UTF-8";
    static Logger logger;
    public static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    public static final String DEFAULT_PKCS10_SIGNATURE_ALGORITHM = "SHA1withRSA";
    public static final String DEFAULT_PKCS10_PROVIDER = "SunRsaSign";
    public static final String DEFAULT_PKCS10_DISTINGUISHED_NAME = "CN=ignore";
    static CertificateFactory certFactory;

    /* loaded from: input_file:WEB-INF/lib/ncsa-security-util-1.1.3.jar:edu/uiuc/ncsa/security/util/pkcs/CertUtil$MySunPKCS_CR.class */
    public static class MySunPKCS_CR extends MyPKCS10CertRequest {
        PKCS10 pkcs10;

        public MySunPKCS_CR(byte[] bArr) {
            try {
                checkVersion(bArr);
                this.pkcs10 = new PKCS10(bArr);
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new InvalidCertRequestException("Error creating cert request from byte array", e2);
            }
        }

        protected void checkVersion(byte[] bArr) {
            try {
                new DerInputStream(bArr).getSequence(3)[0].data.getBigInteger();
            } catch (IOException e) {
                throw new InvalidCertRequestException("Invalid Certification Request. Be sure that the version number of the (PCKS10) request is set to zero.", e);
            }
        }

        public String toString() {
            return this.pkcs10 == null ? Configurator.NULL : this.pkcs10.toString();
        }

        public MySunPKCS_CR(PKCS10 pkcs10) {
            this.pkcs10 = pkcs10;
        }

        @Override // edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest
        public PublicKey getPublicKey() {
            return this.pkcs10.getSubjectPublicKeyInfo();
        }

        @Override // edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest
        public byte[] getEncoded() {
            return this.pkcs10.getEncoded();
        }
    }

    public static Logger getLogger() {
        if (logger == null) {
            logger = Logger.getLogger(CertUtil.class.getName());
        }
        return logger;
    }

    public static X509Certificate[] getX509CertsFromStringList(String[] strArr, String[] strArr2) throws CertificateException {
        ArrayList arrayList = new ArrayList(strArr.length);
        for (int i = 0; i < strArr.length; i++) {
            String str = strArr[i];
            int indexOf = str != null ? str.indexOf(BEGIN_CERTIFICATE) : -1;
            if (indexOf >= 0) {
                try {
                    arrayList.add((X509Certificate) getCertFactory().generateCertificate(new ByteArrayInputStream(str.substring(indexOf).getBytes())));
                } catch (Exception e) {
                    if (strArr2 != null) {
                        getLogger().warning(strArr2[i] + " can not be parsed as an X509Certificate.");
                    } else {
                        getLogger().warning("failed to parse an X509Certificate");
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    public static void toPEM(X509Certificate x509Certificate, OutputStream outputStream) throws CertificateEncodingException {
        PEMFormatUtil.delimitBody(x509Certificate.getEncoded(), BEGIN_CERTIFICATE, END_CERTIFICATE, outputStream);
    }

    public static MyPKCS10CertRequest fromStringToCertReq(String str) {
        return new MySunPKCS_CR(Base64.decodeBase64(str));
    }

    public static String fromCertReqToString(MyPKCS10CertRequest myPKCS10CertRequest) {
        if (myPKCS10CertRequest == null) {
            return null;
        }
        return Base64.encodeBase64String(myPKCS10CertRequest.getEncoded());
    }

    public static X509Certificate[] fromX509PEM(String str) throws CertificateException {
        try {
            return fromPEM(new ByteArrayInputStream(str.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new GeneralException("Error converting cert string", e);
        }
    }

    public static X509Certificate[] fromPEM(InputStream inputStream) throws CertificateException {
        return (X509Certificate[]) getCertFactory().generateCertificates(inputStream).toArray(new X509Certificate[0]);
    }

    public static CertificateFactory getCertFactory() throws CertificateException {
        if (certFactory == null) {
            certFactory = CertificateFactory.getInstance("X.509");
        }
        return certFactory;
    }

    public static String toPEM(X509Certificate x509Certificate) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            toPEM(x509Certificate, byteArrayOutputStream);
            return new String(byteArrayOutputStream.toByteArray(), "UTF-8");
        } catch (Exception e) {
            throw new GeneralException("Error encoding cert", e);
        }
    }

    public static void toPEM(Collection<X509Certificate> collection, OutputStream outputStream) {
        toPEM((X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]), outputStream);
    }

    public static String toPEM(Collection<X509Certificate> collection) {
        return toPEM((X509Certificate[]) collection.toArray(new X509Certificate[collection.size()]));
    }

    public static void toPEM(X509Certificate[] x509CertificateArr, OutputStream outputStream) {
        PrintStream printStream = new PrintStream(outputStream);
        printStream.print(toPEM(x509CertificateArr));
        printStream.flush();
    }

    public static String toPEM(X509Certificate[] x509CertificateArr) {
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = true;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (z) {
                stringBuffer.append(toPEM(x509Certificate));
                z = false;
            } else {
                stringBuffer.append("\n" + toPEM(x509Certificate));
            }
        }
        return stringBuffer.toString();
    }

    public static MyPKCS10CertRequest createCertRequest(KeyPair keyPair) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, IOException {
        return createCertRequest(keyPair, DEFAULT_PKCS10_SIGNATURE_ALGORITHM, DEFAULT_PKCS10_PROVIDER, DEFAULT_PKCS10_DISTINGUISHED_NAME);
    }

    public static MyPKCS10CertRequest createCertRequest(KeyPair keyPair, String str, String str2, String str3) throws SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, IOException {
        PKCS10 pkcs10 = new PKCS10(keyPair.getPublic());
        Signature signature = Signature.getInstance(str);
        signature.initSign(keyPair.getPrivate());
        try {
            pkcs10.encodeAndSign(str2 == null ? new X500Name("ignore", "OU", "OU", "USA") : new X500Name("ignore", "OU", "OU", "USA"), signature);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PrintStream printStream = new PrintStream(byteArrayOutputStream);
            pkcs10.print(printStream);
            byteArrayOutputStream.toByteArray();
            if (printStream != null) {
                printStream.close();
            }
            if (byteArrayOutputStream != null) {
                byteArrayOutputStream.close();
            }
            return new MySunPKCS_CR(pkcs10);
        } catch (RuntimeException e) {
            throw e;
        } catch (Throwable th) {
            throw new GeneralException("Error creating cert request", th);
        }
    }

    public static String getDN(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().getName();
    }

    public static String getEPPN(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("1.3.6.1.4.1.5923.1.1.1.6");
        String str = null;
        if (extensionValue != null) {
            str = new String(extensionValue).substring(4);
        }
        return str;
    }

    public static String getEmail(X509Certificate x509Certificate) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null || subjectAlternativeNames.isEmpty()) {
                return null;
            }
            String str = null;
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            while (it.hasNext()) {
                str = it.next().get(1).toString();
            }
            return str;
        } catch (CertificateParsingException e) {
            throw new GeneralException("Error parsing cert", e);
        }
    }
}
