package com.helger.security.certificate;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.base64.Base64;
import com.helger.commons.collection.ArrayHelper;
import com.helger.commons.io.stream.NonBlockingByteArrayInputStream;
import com.helger.commons.io.stream.StringInputStream;
import com.helger.commons.string.StringHelper;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/ph-security-9.4.7.jar:com/helger/security/certificate/CertificateHelper.class */
public final class CertificateHelper {
    public static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    public static final String BEGIN_CERTIFICATE_INVALID = "-----BEGINCERTIFICATE-----";
    public static final String END_CERTIFICATE_INVALID = "-----ENDCERTIFICATE-----";
    public static final String BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----";
    public static final String END_PRIVATE_KEY = "-----END PRIVATE KEY-----";
    public static final String CRLF = "\r\n";
    public static final Charset CERT_CHARSET = StandardCharsets.ISO_8859_1;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CertificateHelper.class);
    private static final CertificateHelper s_aInstance = new CertificateHelper();

    private CertificateHelper() {
    }

    @Nonnull
    public static CertificateFactory getX509CertificateFactory() throws CertificateException {
        return CertificateFactory.getInstance("X.509");
    }

    @Nonnull
    public static String getWithPEMHeader(@Nonnull String str) {
        String str2 = str;
        if (!str2.startsWith(BEGIN_CERTIFICATE)) {
            str2 = "-----BEGIN CERTIFICATE-----\n" + str2;
        }
        if (!str2.trim().endsWith(END_CERTIFICATE)) {
            str2 = str2 + "\n-----END CERTIFICATE-----";
        }
        return str2;
    }

    @Nullable
    public static String getWithoutPEMHeader(@Nullable String str) {
        if (StringHelper.hasNoText(str)) {
            return null;
        }
        return StringHelper.getWithoutAnySpaces(StringHelper.trimEnd(StringHelper.trimStart(StringHelper.trimEnd(StringHelper.trimStart(str.trim(), BEGIN_CERTIFICATE_INVALID), END_CERTIFICATE_INVALID), BEGIN_CERTIFICATE), END_CERTIFICATE));
    }

    @Nullable
    public static String getRFC1421CompliantString(@Nullable String str, boolean z) {
        return getRFC1421CompliantString(str, z, "\r\n");
    }

    @Nullable
    public static String getRFC1421CompliantString(@Nullable String str, boolean z, @Nonnull String str2) {
        ValueEnforcer.notNull(str2, "LineSeparator");
        String withoutPEMHeader = getWithoutPEMHeader(str);
        if (StringHelper.hasNoText(withoutPEMHeader)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        if (z) {
            sb.append(BEGIN_CERTIFICATE).append('\n');
        }
        while (withoutPEMHeader.length() > 64) {
            sb.append((CharSequence) withoutPEMHeader, 0, 64).append(str2);
            withoutPEMHeader = withoutPEMHeader.substring(64);
        }
        sb.append(withoutPEMHeader);
        if (z) {
            sb.append('\n').append(END_CERTIFICATE);
        }
        return sb.toString();
    }

    @Nullable
    public static X509Certificate convertByteArrayToCertficate(@Nullable byte[] bArr) throws CertificateException {
        if (ArrayHelper.isEmpty(bArr)) {
            return null;
        }
        return convertStringToCertficate(new String(bArr, CERT_CHARSET));
    }

    @Nullable
    public static X509Certificate convertByteArrayToCertficateOrNull(@Nullable byte[] bArr) {
        try {
            return convertByteArrayToCertficate(bArr);
        } catch (CertificateException e) {
            return null;
        }
    }

    @Nullable
    public static X509Certificate convertByteArrayToCertficateDirect(@Nullable byte[] bArr) throws CertificateException {
        if (ArrayHelper.isEmpty(bArr)) {
            return null;
        }
        CertificateFactory x509CertificateFactory = getX509CertificateFactory();
        NonBlockingByteArrayInputStream nonBlockingByteArrayInputStream = new NonBlockingByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) x509CertificateFactory.generateCertificate(nonBlockingByteArrayInputStream);
                if (nonBlockingByteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            nonBlockingByteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        nonBlockingByteArrayInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (nonBlockingByteArrayInputStream != null) {
                if (th != null) {
                    try {
                        nonBlockingByteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    nonBlockingByteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Nonnull
    private static X509Certificate _str2cert(@Nonnull String str, @Nonnull CertificateFactory certificateFactory) throws CertificateException {
        StringInputStream stringInputStream = new StringInputStream(getRFC1421CompliantString(str, true), CERT_CHARSET);
        Throwable th = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(stringInputStream);
                if (stringInputStream != null) {
                    if (0 != 0) {
                        try {
                            stringInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        stringInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (stringInputStream != null) {
                if (th != null) {
                    try {
                        stringInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    stringInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Nullable
    public static X509Certificate convertStringToCertficate(@Nullable String str) throws CertificateException {
        if (StringHelper.hasNoText(str)) {
            return null;
        }
        CertificateFactory x509CertificateFactory = getX509CertificateFactory();
        try {
            return _str2cert(str, x509CertificateFactory);
        } catch (IllegalArgumentException | CertificateException e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Failed to decode provided X.509 certificate string: " + str);
            }
            try {
                return _str2cert(new String(StringHelper.getHexDecoded(str), CERT_CHARSET), x509CertificateFactory);
            } catch (IllegalArgumentException e2) {
                throw e;
            }
        }
    }

    @Nullable
    public static X509Certificate convertStringToCertficateOrNull(@Nullable String str) {
        try {
            return convertStringToCertficate(str);
        } catch (IllegalArgumentException | CertificateException e) {
            return null;
        }
    }

    @Nullable
    public static byte[] convertCertificateStringToByteArray(@Nullable String str) {
        String withoutPEMHeader = getWithoutPEMHeader(str);
        if (StringHelper.hasNoText(withoutPEMHeader)) {
            return null;
        }
        return Base64.safeDecode(withoutPEMHeader);
    }

    @Nonnull
    @Nonempty
    public static String getPEMEncodedCertificate(@Nonnull Certificate certificate) {
        ValueEnforcer.notNull(certificate, "Cert");
        try {
            return "-----BEGIN CERTIFICATE-----\n" + Base64.encodeBytes(certificate.getEncoded()) + "\n" + END_CERTIFICATE;
        } catch (CertificateEncodingException e) {
            throw new IllegalArgumentException("Failed to encode certificate " + certificate, e);
        }
    }

    public static boolean isCertificateValidPerNow(@Nonnull X509Certificate x509Certificate) {
        ValueEnforcer.notNull(x509Certificate, "Cert");
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            return false;
        }
    }

    @Nullable
    public static PrivateKey convertStringToPrivateKey(@Nullable String str) throws GeneralSecurityException {
        byte[] safeDecode;
        if (StringHelper.hasNoText(str) || (safeDecode = Base64.safeDecode(StringHelper.getWithoutAnySpaces(StringHelper.trimEnd(StringHelper.trimStart(str, BEGIN_PRIVATE_KEY), END_PRIVATE_KEY)))) == null) {
            return null;
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(safeDecode));
    }
}
