package org.cryptacular.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralNamesBuilder;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.cryptacular.EncodingException;
import org.cryptacular.StreamException;
import org.cryptacular.x509.ExtensionReader;
import org.cryptacular.x509.GeneralNameType;
import org.cryptacular.x509.KeyUsageBits;
import org.cryptacular.x509.dn.NameReader;
import org.cryptacular.x509.dn.StandardAttributeType;

/* loaded from: input_file:BOOT-INF/lib/cryptacular-1.2.2.jar:org/cryptacular/util/CertUtil.class */
public final class CertUtil {
    private CertUtil() {
    }

    public static String subjectCN(X509Certificate x509Certificate) throws EncodingException {
        return new NameReader(x509Certificate).readSubject().getValue(StandardAttributeType.CommonName);
    }

    public static GeneralNames subjectAltNames(X509Certificate x509Certificate) throws EncodingException {
        return new ExtensionReader(x509Certificate).readSubjectAlternativeName();
    }

    public static GeneralNames subjectAltNames(X509Certificate x509Certificate, GeneralNameType... generalNameTypeArr) throws EncodingException {
        GeneralNamesBuilder generalNamesBuilder = new GeneralNamesBuilder();
        GeneralNames subjectAltNames = subjectAltNames(x509Certificate);
        if (subjectAltNames != null) {
            for (GeneralName generalName : subjectAltNames.getNames()) {
                for (GeneralNameType generalNameType : generalNameTypeArr) {
                    if (generalNameType.ordinal() == generalName.getTagNo()) {
                        generalNamesBuilder.addName(generalName);
                    }
                }
            }
        }
        GeneralNames build = generalNamesBuilder.build();
        if (build.getNames().length == 0) {
            return null;
        }
        return build;
    }

    public static List<String> subjectNames(X509Certificate x509Certificate) throws EncodingException {
        ArrayList arrayList = new ArrayList();
        String subjectCN = subjectCN(x509Certificate);
        if (subjectCN != null) {
            arrayList.add(subjectCN);
        }
        GeneralNames subjectAltNames = subjectAltNames(x509Certificate);
        if (subjectAltNames == null) {
            return arrayList;
        }
        for (GeneralName generalName : subjectAltNames.getNames()) {
            arrayList.add(generalName.getName().toString());
        }
        return arrayList;
    }

    public static List<String> subjectNames(X509Certificate x509Certificate, GeneralNameType... generalNameTypeArr) throws EncodingException {
        ArrayList arrayList = new ArrayList();
        String subjectCN = subjectCN(x509Certificate);
        if (subjectCN != null) {
            arrayList.add(subjectCN);
        }
        GeneralNames subjectAltNames = subjectAltNames(x509Certificate, generalNameTypeArr);
        if (subjectAltNames == null) {
            return arrayList;
        }
        for (GeneralName generalName : subjectAltNames.getNames()) {
            arrayList.add(generalName.getName().toString());
        }
        return arrayList;
    }

    public static X509Certificate findEntityCertificate(PrivateKey privateKey, X509Certificate... x509CertificateArr) throws EncodingException {
        return findEntityCertificate(privateKey, Arrays.asList(x509CertificateArr));
    }

    public static X509Certificate findEntityCertificate(PrivateKey privateKey, Collection<X509Certificate> collection) throws EncodingException {
        for (X509Certificate x509Certificate : collection) {
            if (KeyPairUtil.isKeyPair(x509Certificate.getPublicKey(), privateKey)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public static X509Certificate readCertificate(String str) throws EncodingException, StreamException {
        return readCertificate(StreamUtil.makeStream(new File(str)));
    }

    public static X509Certificate readCertificate(File file) throws EncodingException, StreamException {
        return readCertificate(StreamUtil.makeStream(file));
    }

    public static X509Certificate readCertificate(InputStream inputStream) throws EncodingException, StreamException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (CertificateException e) {
            if (e.getCause() instanceof IOException) {
                throw new StreamException((IOException) e.getCause());
            }
            throw new EncodingException("Cannot decode certificate", e);
        }
    }

    public static X509Certificate decodeCertificate(byte[] bArr) throws EncodingException {
        return readCertificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate[] readCertificateChain(String str) throws EncodingException, StreamException {
        return readCertificateChain(StreamUtil.makeStream(new File(str)));
    }

    public static X509Certificate[] readCertificateChain(File file) throws EncodingException, StreamException {
        return readCertificateChain(StreamUtil.makeStream(file));
    }

    public static X509Certificate[] readCertificateChain(InputStream inputStream) throws EncodingException, StreamException {
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
            return (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]);
        } catch (CertificateException e) {
            if (e.getCause() instanceof IOException) {
                throw new StreamException((IOException) e.getCause());
            }
            throw new EncodingException("Cannot decode certificate", e);
        }
    }

    public static X509Certificate[] decodeCertificateChain(byte[] bArr) throws EncodingException {
        return readCertificateChain(new ByteArrayInputStream(bArr));
    }

    public static boolean allowsUsage(X509Certificate x509Certificate, KeyUsageBits... keyUsageBitsArr) throws EncodingException {
        KeyUsage readKeyUsage = new ExtensionReader(x509Certificate).readKeyUsage();
        for (KeyUsageBits keyUsageBits : keyUsageBitsArr) {
            if (!keyUsageBits.isSet(readKeyUsage)) {
                return false;
            }
        }
        return true;
    }

    public static boolean allowsUsage(X509Certificate x509Certificate, KeyPurposeId... keyPurposeIdArr) throws EncodingException {
        List<KeyPurposeId> readExtendedKeyUsage = new ExtensionReader(x509Certificate).readExtendedKeyUsage();
        for (KeyPurposeId keyPurposeId : keyPurposeIdArr) {
            if (readExtendedKeyUsage == null || !readExtendedKeyUsage.contains(keyPurposeId)) {
                return false;
            }
        }
        return true;
    }

    public static boolean hasPolicies(X509Certificate x509Certificate, String... strArr) throws EncodingException {
        List<PolicyInformation> readCertificatePolicies = new ExtensionReader(x509Certificate).readCertificatePolicies();
        for (String str : strArr) {
            boolean z = false;
            if (readCertificatePolicies != null) {
                Iterator<PolicyInformation> it = readCertificatePolicies.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().getPolicyIdentifier().getId().equals(str)) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    public static String subjectKeyId(X509Certificate x509Certificate) throws EncodingException {
        return CodecUtil.hex(new ExtensionReader(x509Certificate).readSubjectKeyIdentifier().getKeyIdentifier(), true);
    }

    public static String authorityKeyId(X509Certificate x509Certificate) throws EncodingException {
        return CodecUtil.hex(new ExtensionReader(x509Certificate).readAuthorityKeyIdentifier().getKeyIdentifier(), true);
    }
}
