package org.sonatype.nexus.ssl;

import com.google.common.base.Preconditions;
import com.google.common.hash.Hashing;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Vector;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sonatype/nexus/ssl/CertificateUtil.class */
public final class CertificateUtil {
    private static final Logger log = LoggerFactory.getLogger(CertificateUtil.class);

    private CertificateUtil() {
    }

    public static X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, String str, int i, String str2, String str3, String str4, String str5, String str6, String str7) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        Vector vector = new Vector();
        Hashtable hashtable = new Hashtable();
        if (str2 != null) {
            hashtable.put(X509Name.CN, str2);
            vector.add(X509Name.CN);
        }
        if (str3 != null) {
            hashtable.put(X509Name.OU, str3);
            vector.add(X509Name.OU);
        }
        if (str4 != null) {
            hashtable.put(X509Name.O, str4);
            vector.add(X509Name.O);
        }
        if (str5 != null) {
            hashtable.put(X509Name.L, str5);
            vector.add(X509Name.L);
        }
        if (str6 != null) {
            hashtable.put(X509Name.ST, str6);
            vector.add(X509Name.ST);
        }
        if (str7 != null) {
            hashtable.put(X509Name.C, str7);
            vector.add(X509Name.C);
        }
        X509Name x509Name = new X509Name(vector, hashtable);
        long currentTimeMillis = System.currentTimeMillis();
        x509V3CertificateGenerator.setNotBefore(new Date(currentTimeMillis));
        x509V3CertificateGenerator.setNotAfter(new Date(currentTimeMillis + (i * 24 * 60 * 60 * 1000)));
        x509V3CertificateGenerator.setIssuerDN(x509Name);
        x509V3CertificateGenerator.setSubjectDN(x509Name);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(str);
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(currentTimeMillis));
        return x509V3CertificateGenerator.generate(privateKey);
    }

    public static String serializeCertificateInPEM(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            try {
                jcaPEMWriter.writeObject(certificate);
                if (jcaPEMWriter != null) {
                    jcaPEMWriter.close();
                }
                return stringWriter.toString();
            } catch (Throwable th2) {
                if (jcaPEMWriter != null) {
                    jcaPEMWriter.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    public static Certificate decodePEMFormattedCertificate(String str) throws CertificateException {
        log.trace("Parsing PEM formatted certificate string:\n{}", str);
        if (str != null) {
            try {
                Object readObject = new PEMParser(new StringReader(str)).readObject();
                log.trace("Object found while paring PEM formatted string: {}", readObject);
                if (readObject instanceof X509CertificateHolder) {
                    return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
                }
            } catch (IOException e) {
                throw new CertificateParsingException("Failed to parse valid certificate from expected PEM formatted certificate:\n" + str, e);
            }
        }
        throw new CertificateParsingException("Failed to parse valid certificate from expected PEM formatted certificate:\n" + str);
    }

    public static String calculateSha1(Certificate certificate) throws CertificateEncodingException {
        Preconditions.checkNotNull(certificate);
        return Hashing.sha1().hashBytes(certificate.getEncoded()).toString().toUpperCase(Locale.US);
    }

    public static String calculateFingerprint(Certificate certificate) throws CertificateEncodingException {
        return encode(calculateSha1(certificate), ':', 2);
    }

    private static String encode(String str, char c, int i) {
        StringBuilder sb = new StringBuilder();
        int i2 = 0;
        for (char c2 : str.toCharArray()) {
            if (i2 != 0 && i2 % i == 0) {
                sb.append(c);
            }
            sb.append(c2);
            i2++;
        }
        return sb.toString();
    }
}
