package de.rwh.utils.crypto;

import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.function.Consumer;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/rwh/utils/crypto/CertificateHelper.class */
public final class CertificateHelper {
    public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA512WithRSA";
    public static final String DEFAULT_KEY_ALGORITHM = "RSA";
    public static final int DEFAULT_KEY_SIZE = 4096;

    private CertificateHelper() {
    }

    public static void registerBouncyCastleProvider() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static KeyPair createRsaKeyPair4096Bit() throws NoSuchAlgorithmException {
        return createKeyPair(DEFAULT_KEY_ALGORITHM, DEFAULT_KEY_SIZE);
    }

    public static KeyPair createKeyPair(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static SubjectKeyIdentifier toSubjectKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException {
        return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey);
    }

    public static ContentSigner getContentSigner(PrivateKey privateKey) throws OperatorCreationException, IllegalStateException {
        return getContentSigner(DEFAULT_SIGNATURE_ALGORITHM, privateKey);
    }

    public static ContentSigner getContentSigner(String str, PrivateKey privateKey) throws OperatorCreationException, IllegalStateException {
        if (Security.getProvider("BC") == null) {
            throw new IllegalStateException(String.format("Security provider %s with name %s not found.", BouncyCastleProvider.class.getName(), "BC"));
        }
        return new JcaContentSignerBuilder(str).setProvider("BC").build(privateKey);
    }

    public static KeyStore toCertificateStore(String str, X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry(str, x509Certificate);
        return keyStore;
    }

    public static KeyStore toJksKeyStore(PrivateKey privateKey, Certificate[] certificateArr, String str, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        return toKeyStore(privateKey, certificateArr, str, cArr, "jks");
    }

    public static KeyStore toPkcs12KeyStore(PrivateKey privateKey, Certificate[] certificateArr, String str, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        return toKeyStore(privateKey, certificateArr, str, cArr, "pkcs12");
    }

    public static KeyStore toKeyStore(PrivateKey privateKey, Certificate[] certificateArr, String str, char[] cArr, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, privateKey, cArr, certificateArr);
        return keyStore;
    }

    public static KeyStore extractTrust(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore2 = KeyStore.getInstance("jks");
        keyStore2.load(null, null);
        Iterator<X509Certificate> it = getCaCertificates(keyStore).iterator();
        while (it.hasNext()) {
            keyStore2.setCertificateEntry(UUID.randomUUID().toString(), it.next());
        }
        return keyStore2;
    }

    public static void listCertificateSubjectNames(KeyStore keyStore, Consumer<String> consumer) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (certificate instanceof X509Certificate) {
                consumer.accept(((X509Certificate) certificate).getSubjectX500Principal().getName("RFC1779"));
            }
        }
    }

    public static List<String> listCertificateSubjectNames(KeyStore keyStore) throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        Objects.requireNonNull(arrayList);
        listCertificateSubjectNames(keyStore, (v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    private static List<X509Certificate> getCaCertificates(KeyStore keyStore) throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
            if (certificateChain == null) {
                certificateChain = new Certificate[]{keyStore.getCertificate(nextElement)};
            }
            for (Certificate certificate : certificateChain) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getBasicConstraints() >= 0) {
                        arrayList.add(x509Certificate);
                    }
                }
            }
        }
        return arrayList;
    }

    public static String getSubjectCommonName(X509Certificate x509Certificate) throws CertificateEncodingException {
        return IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue());
    }
}
