package net.ripe.rpki.commons.crypto.x509cert;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import net.ripe.rpki.commons.crypto.util.Asn1Util;
import net.ripe.rpki.commons.validation.ValidationResult;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.util.encoders.Base64Encoder;
import org.bouncycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/X509CertificateUtil.class */
public final class X509CertificateUtil {
    private X509CertificateUtil() {
    }

    public static byte[] getSubjectKeyIdentifier(X509Extension x509Extension) {
        try {
            byte[] extensionValue = x509Extension.getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.subjectKeyIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return SubjectKeyIdentifier.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getKeyIdentifier();
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException("Cannot get SubjectKeyIdentifier for certificate", e);
        }
    }

    public static byte[] getAuthorityKeyIdentifier(X509Extension x509Extension) {
        try {
            byte[] extensionValue = x509Extension.getExtensionValue(org.bouncycastle.asn1.x509.X509Extension.authorityKeyIdentifier.getId());
            if (extensionValue == null) {
                return null;
            }
            return AuthorityKeyIdentifier.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getKeyIdentifier();
        } catch (IOException e) {
            throw new AbstractX509CertificateWrapperException("Can not get AuthorityKeyIdentifier for certificate", e);
        }
    }

    public static X509ResourceCertificate parseDerEncoded(byte[] bArr) {
        X509ResourceCertificateParser x509ResourceCertificateParser = new X509ResourceCertificateParser();
        x509ResourceCertificateParser.parse(ValidationResult.withLocation("unknown.cer"), bArr);
        return x509ResourceCertificateParser.getCertificate();
    }

    public static String getEncodedSubjectPublicKeyInfo(X509Certificate x509Certificate) {
        try {
            try {
                byte[] encoded = new TBSCertificateStructure(Asn1Util.decode(x509Certificate.getTBSCertificate())).getSubjectPublicKeyInfo().getEncoded();
                Base64Encoder base64Encoder = new Base64Encoder();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                base64Encoder.encode(encoded, 0, encoded.length, byteArrayOutputStream);
                byteArrayOutputStream.flush();
                return byteArrayOutputStream.toString();
            } catch (IOException e) {
                throw new AbstractX509CertificateWrapperException("Can't encode SubjectPublicKeyInfo for certificate", e);
            }
        } catch (CertificateEncodingException e2) {
            throw new AbstractX509CertificateWrapperException("Can't extract TBSCertificate from certificate", e2);
        }
    }
}
