package org.apereo.cas.util.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import org.apereo.cas.util.DateTimeUtils;
import org.cryptacular.util.CertUtil;
import org.springframework.core.io.InputStreamSource;

/* loaded from: input_file:BOOT-INF/lib/cas-server-core-util-5.2.6.jar:org/apereo/cas/util/crypto/CertUtils.class */
public final class CertUtils {
    public static final String X509_CERTIFICATE_TYPE = "X509";

    private CertUtils() {
    }

    public static boolean isExpired(X509CRL x509crl) {
        return isExpired(x509crl, ZonedDateTime.now(ZoneOffset.UTC));
    }

    public static boolean isExpired(X509CRL x509crl, ZonedDateTime zonedDateTime) {
        return zonedDateTime.isAfter(DateTimeUtils.zonedDateTimeOf(x509crl.getNextUpdate()));
    }

    public static X509Certificate readCertificate(InputStreamSource inputStreamSource) {
        try {
            InputStream inputStream = inputStreamSource.getInputStream();
            Throwable th = null;
            try {
                X509Certificate readCertificate = CertUtil.readCertificate(inputStream);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                return readCertificate;
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading certificate " + inputStreamSource, e);
        }
    }

    public static String toString(X509Certificate x509Certificate) {
        return new ToStringBuilder(x509Certificate, ToStringStyle.NO_CLASS_NAME_STYLE).append("subjectDn", x509Certificate.getSubjectDN()).append("serialNumber", x509Certificate.getSerialNumber()).build();
    }

    public static CertificateFactory getCertificateFactory() {
        try {
            return CertificateFactory.getInstance(X509_CERTIFICATE_TYPE);
        } catch (CertificateException e) {
            throw new IllegalStateException("X509 certificate type not supported by default provider.", e);
        }
    }
}
