package org.apache.nifi.security.util;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/security/util/CertificateUtils.class */
public final class CertificateUtils {
    private static final Logger logger = LoggerFactory.getLogger(CertificateUtils.class);

    public static boolean isStoreValid(URL url, KeystoreType keystoreType, char[] cArr) {
        if (url == null) {
            throw new IllegalArgumentException("keystore may not be null");
        }
        if (keystoreType == null) {
            throw new IllegalArgumentException("keystore type may not be null");
        }
        if (cArr == null) {
            throw new IllegalArgumentException("password may not be null");
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            bufferedInputStream = new BufferedInputStream(url.openStream());
            KeyStore.getInstance(keystoreType.name()).load(bufferedInputStream, cArr);
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e) {
                    logger.warn("Failed to close input stream", e);
                }
            }
            return true;
        } catch (Exception e2) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    logger.warn("Failed to close input stream", e3);
                }
            }
            return false;
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e4) {
                    logger.warn("Failed to close input stream", e4);
                }
            }
            throw th;
        }
    }

    public static String extractUsername(String str) {
        String str2 = str;
        String str3 = "";
        if (StringUtils.isNotBlank(str)) {
            if (str.startsWith("CN=")) {
                str3 = StringUtils.substringBetween(str, "CN=", ",");
            } else if (str.startsWith("/CN=")) {
                str3 = StringUtils.substringBetween(str, "CN=", "/");
            } else if (str.startsWith("C=") || str.startsWith("/C=")) {
                str3 = StringUtils.substringAfter(str, "CN=");
            } else if (str.startsWith("/") && StringUtils.contains(str, "CN=")) {
                str3 = StringUtils.substringAfter(str, "CN=");
            }
            if (StringUtils.isNotBlank(str3)) {
                str2 = str3.endsWith(")") ? StringUtils.substringBetween(str3, "(", ")") : str3.contains(" ") ? StringUtils.substringAfterLast(str3, " ") : str3;
            }
        }
        return str2;
    }

    public static List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<List<?>> it = subjectAlternativeNames.iterator();
        while (it.hasNext()) {
            Object obj = it.next().get(1);
            if (obj instanceof String) {
                arrayList.add(((String) obj).toLowerCase());
            }
        }
        return arrayList;
    }

    private CertificateUtils() {
    }
}
