package dev.sigstore.encryption.certificates;

import com.google.common.collect.ImmutableList;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

/* loaded from: input_file:dev/sigstore/encryption/certificates/Certificates.class */
public class Certificates {
    private static final String SCT_X509_OID = "1.3.6.1.4.1.11129.2.4.2";

    public static String toPemString(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        try {
            jcaPEMWriter.writeObject(certificate);
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static byte[] toPemBytes(Certificate certificate) throws IOException {
        return toPemString(certificate).getBytes(StandardCharsets.UTF_8);
    }

    public static Certificate fromPem(String str) throws CertificateException {
        List<? extends Certificate> certificates = fromPemChain(str).getCertificates();
        if (certificates.size() > 1) {
            throw new CertificateException("Found chain of length " + certificates.size() + " when parsing a single cert");
        }
        return certificates.get(0);
    }

    public static Certificate fromPem(byte[] bArr) throws CertificateException {
        return fromPem(new String(bArr, StandardCharsets.UTF_8));
    }

    public static Certificate fromDer(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static CertPath fromDer(List<byte[]> list) throws CertificateException {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(fromDer(it.next()));
        }
        return CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
    }

    public static String toPemString(CertPath certPath) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        try {
            Iterator<? extends Certificate> it = certPath.getCertificates().iterator();
            while (it.hasNext()) {
                jcaPEMWriter.writeObject(it.next());
            }
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            return stringWriter.toString();
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static byte[] toPemBytes(CertPath certPath) throws IOException {
        return toPemString(certPath).getBytes(StandardCharsets.UTF_8);
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0058, code lost:
    
        throw new java.security.cert.CertificateException("Unsupported pem section: " + r0.getClass().toString() + " is not an X509Certificate");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.CertPath fromPemChain(java.lang.String r6) throws java.security.cert.CertificateException {
        /*
            org.bouncycastle.openssl.PEMParser r0 = new org.bouncycastle.openssl.PEMParser     // Catch: java.io.IOException -> L99
            r1 = r0
            java.io.StringReader r2 = new java.io.StringReader     // Catch: java.io.IOException -> L99
            r3 = r2
            r4 = r6
            r3.<init>(r4)     // Catch: java.io.IOException -> L99
            r1.<init>(r2)     // Catch: java.io.IOException -> L99
            r7 = r0
            java.util.ArrayList r0 = new java.util.ArrayList     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r0
            r1.<init>()     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r8 = r0
        L18:
            r0 = r7
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r9 = r0
            r0 = r9
            if (r0 != 0) goto L24
            goto L68
        L24:
            r0 = r9
            boolean r0 = r0 instanceof org.bouncycastle.cert.X509CertificateHolder     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            if (r0 == 0) goto L45
            org.bouncycastle.cert.jcajce.JcaX509CertificateConverter r0 = new org.bouncycastle.cert.jcajce.JcaX509CertificateConverter     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r0
            r1.<init>()     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r9
            org.bouncycastle.cert.X509CertificateHolder r1 = (org.bouncycastle.cert.X509CertificateHolder) r1     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            java.security.cert.X509Certificate r0 = r0.getCertificate(r1)     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r10 = r0
            r0 = r8
            r1 = r10
            boolean r0 = r0.add(r1)     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            goto L59
        L45:
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r0
            r2 = r9
            java.lang.Class r2 = r2.getClass()     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            java.lang.String r2 = "Unsupported pem section: " + r2 + " is not an X509Certificate"     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
            throw r0     // Catch: java.lang.Throwable -> L5c java.lang.Throwable -> L89 java.io.IOException -> L99
        L59:
            goto L18
        L5c:
            r9 = move-exception
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r0
            java.lang.String r2 = "failed to parse PEM object to certificate"
            r3 = r9
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            throw r0     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
        L68:
            r0 = r8
            boolean r0 = r0.isEmpty()     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            if (r0 == 0) goto L79
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r0
            java.lang.String r2 = "no valid PEM certificates were found"
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            throw r0     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
        L79:
            java.lang.String r0 = "X.509"
            java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r1 = r8
            java.security.cert.CertPath r0 = r0.generateCertPath(r1)     // Catch: java.lang.Throwable -> L89 java.io.IOException -> L99
            r9 = r0
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L99
            r0 = r9
            return r0
        L89:
            r8 = move-exception
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L91 java.io.IOException -> L99
            goto L97
        L91:
            r9 = move-exception
            r0 = r8
            r1 = r9
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> L99
        L97:
            r0 = r8
            throw r0     // Catch: java.io.IOException -> L99
        L99:
            r7 = move-exception
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            r1 = r0
            java.lang.String r2 = "failed to close PEM parser"
            r3 = r7
            r1.<init>(r2, r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: dev.sigstore.encryption.certificates.Certificates.fromPemChain(java.lang.String):java.security.cert.CertPath");
    }

    public static CertPath fromPemChain(byte[] bArr) throws CertificateException {
        return fromPemChain(new String(bArr, StandardCharsets.UTF_8));
    }

    public static CertPath toCertPath(Certificate certificate) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertPath(Collections.singletonList(certificate));
    }

    public static CertPath append(CertPath certPath, CertPath certPath2) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertPath((List<? extends Certificate>) ImmutableList.builder().addAll(certPath2.getCertificates()).addAll(certPath.getCertificates()).build());
    }

    public static CertPath trimParent(CertPath certPath, CertPath certPath2) throws CertificateException {
        if (!containsParent(certPath, certPath2)) {
            throw new IllegalArgumentException("trim path was not the parent of the provider chain");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        return CertificateFactory.getInstance("X.509").generateCertPath(certificates.subList(0, certificates.size() - certPath2.getCertificates().size()));
    }

    public static boolean containsParent(CertPath certPath, CertPath certPath2) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        List<? extends Certificate> certificates2 = certPath2.getCertificates();
        return certificates2.size() <= certificates.size() && certificates.subList(certificates.size() - certificates2.size(), certificates.size()).equals(certificates2);
    }

    public static Optional<byte[]> getEmbeddedSCTs(Certificate certificate) {
        return Optional.ofNullable(((X509Certificate) certificate).getExtensionValue("1.3.6.1.4.1.11129.2.4.2"));
    }

    public static boolean isSelfSigned(Certificate certificate) {
        return ((X509Certificate) certificate).getIssuerX500Principal().equals(((X509Certificate) certificate).getSubjectX500Principal());
    }

    public static boolean isSelfSigned(CertPath certPath) {
        return isSelfSigned(certPath.getCertificates().get(certPath.getCertificates().size() - 1));
    }

    public static X509Certificate getLeaf(CertPath certPath) {
        return (X509Certificate) certPath.getCertificates().get(0);
    }

    public static long validity(X509Certificate x509Certificate, ChronoUnit chronoUnit) {
        return chronoUnit.between(x509Certificate.getNotAfter().toInstant(), x509Certificate.getNotBefore().toInstant());
    }
}
