package org.nhindirect.config.model.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.nhindirect.config.model.exceptions.CertificateConversionException;

/* loaded from: input_file:org/nhindirect/config/model/utils/CertUtils.class */
public class CertUtils {
    private static final int RFC822Name_TYPE = 1;
    private static final int DNSName_TYPE = 2;
    private static final String DEFAULT_JCE_PROVIDER_STRING = "BC";
    private static final String JCE_PROVIDER_STRING_SYS_PARAM = "org.nhindirect.config.JCEProviderName";

    /* loaded from: input_file:org/nhindirect/config/model/utils/CertUtils$CertContainer.class */
    public static class CertContainer {
        private final X509Certificate cert;
        private final Key key;

        public CertContainer(X509Certificate x509Certificate, Key key) {
            this.cert = x509Certificate;
            this.key = key;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public Key getKey() {
            return this.key;
        }
    }

    public static String getJCEProviderName() {
        String property = System.getProperty(JCE_PROVIDER_STRING_SYS_PARAM);
        if (property == null || property.isEmpty()) {
            property = DEFAULT_JCE_PROVIDER_STRING;
        }
        return property;
    }

    public static void setJCEProviderName(String str) {
        if (str == null || str.isEmpty()) {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, DEFAULT_JCE_PROVIDER_STRING);
        } else {
            System.setProperty(JCE_PROVIDER_STRING_SYS_PARAM, str);
        }
    }

    public static String getOwner(X509Certificate x509Certificate) {
        String str = "";
        Collection<List<?>> collection = null;
        try {
            collection = x509Certificate.getSubjectAlternativeNames();
        } catch (CertificateParsingException e) {
        }
        if (collection != null) {
            for (List<?> list : collection) {
                if (list.size() >= DNSName_TYPE) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == RFC822Name_TYPE) {
                        str = (String) list.get(RFC822Name_TYPE);
                    } else if (num.intValue() == DNSName_TYPE && str.isEmpty()) {
                        str = (String) list.get(RFC822Name_TYPE);
                    }
                }
            }
        }
        if (!str.isEmpty()) {
            return str;
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        HashMap hashMap = new HashMap();
        hashMap.put("1.2.840.113549.1.9.1", "EMAILADDRESS");
        String name = subjectX500Principal.getName("RFC1779", hashMap);
        String str2 = "EMAILADDRESS=";
        int indexOf = name.indexOf(str2);
        if (indexOf == -1) {
            str2 = "CN=";
            indexOf = name.indexOf(str2);
            if (indexOf == -1) {
                return "";
            }
        }
        int indexOf2 = name.indexOf(",", indexOf);
        return indexOf2 > -1 ? name.substring(indexOf + str2.length(), indexOf2) : name.substring(indexOf + str2.length());
    }

    public static byte[] pkcs12ToStrippedPkcs12(byte[] bArr, String str) {
        return changePkcs12Protection(bArr, str.toCharArray(), str.toCharArray(), "".toCharArray(), "".toCharArray());
    }

    public static byte[] changePkcs12Protection(byte[] bArr, char[] cArr, char[] cArr2, char[] cArr3, char[] cArr4) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Pkcs byte stream cannot be null or empty.");
        }
        byte[] bArr2 = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
                keyStore.load(byteArrayInputStream, cArr);
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    Key key = keyStore.getKey(nextElement, cArr2);
                    if (key != null && (key instanceof PrivateKey)) {
                        keyStore.setKeyEntry("privCert", key, cArr4, new Certificate[]{x509Certificate});
                        keyStore.store(byteArrayOutputStream, cArr3);
                        bArr2 = byteArrayOutputStream.toByteArray();
                    }
                }
                return bArr2;
            } finally {
                try {
                    byteArrayInputStream.close();
                } catch (Exception e) {
                }
                try {
                    byteArrayOutputStream.close();
                } catch (Exception e2) {
                }
            }
        } catch (Exception e3) {
            throw new CertificateConversionException("Failed to strip encryption for PKCS stream.", e3);
        }
    }

    public static X509Certificate toX509Certificate(byte[] bArr) {
        return toX509Certificate(bArr, "");
    }

    public static X509Certificate toX509Certificate(byte[] bArr, String str) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Byte stream cannot be null or empty.");
        }
        if (str == null) {
            str = "";
        }
        X509Certificate x509Certificate = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
                    keyStore.load(byteArrayInputStream, str.toCharArray());
                    Enumeration<String> aliases = keyStore.aliases();
                    if (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
                        Key key = keyStore.getKey(nextElement, str.toCharArray());
                        if (key != null) {
                            if (key instanceof PrivateKey) {
                                x509Certificate = x509Certificate2;
                            }
                        }
                    }
                } catch (Exception e) {
                    throw new CertificateConversionException("Failed to convert byte stream to a certificate.", e);
                }
            } finally {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e2) {
                }
            }
        } catch (Exception e3) {
        }
        if (x509Certificate == null) {
            byteArrayInputStream.reset();
            byteArrayInputStream = new ByteArrayInputStream(bArr);
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        }
        return x509Certificate;
    }

    public X509Certificate certFromFile(String str) {
        try {
            return toX509Certificate(FileUtils.readFileToByteArray(new File(str)));
        } catch (Exception e) {
            return null;
        }
    }

    public static CertContainer toCertContainer(byte[] bArr) throws CertificateConversionException {
        return toCertContainer(bArr, "".toCharArray(), "".toCharArray());
    }

    public static CertContainer toCertContainer(byte[] bArr, char[] cArr, char[] cArr2) throws CertificateConversionException {
        CertContainer certContainer = null;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
                keyStore.load(byteArrayInputStream, cArr);
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    Key key = keyStore.getKey(nextElement, cArr2);
                    if (key != null && (key instanceof PrivateKey)) {
                        certContainer = new CertContainer(x509Certificate, key);
                    }
                }
            } catch (Exception e) {
            }
            if (certContainer == null) {
                byteArrayInputStream.reset();
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                certContainer = new CertContainer((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream), null);
            }
            byteArrayInputStream.close();
            return certContainer;
        } catch (Exception e2) {
            throw new CertificateConversionException("Data cannot be converted to a valid X.509 Certificate", e2);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
