package org.eclipse.milo.opcua.stack.core.util;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;

/* loaded from: input_file:org/eclipse/milo/opcua/stack/core/util/CertificateUtil.class */
public class CertificateUtil {
    public static final int SUBJECT_ALT_NAME_DNS_NAME = 2;
    public static final int SUBJECT_ALT_NAME_IP_ADDRESS = 7;
    public static final int SUBJECT_ALT_NAME_URI = 6;

    public static X509Certificate decodeCertificate(byte[] bArr) throws UaException {
        Preconditions.checkNotNull(bArr, "certificateBytes cannot be null");
        return decodeCertificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate decodeCertificate(InputStream inputStream) throws UaException {
        return decodeCertificates(inputStream).get(0);
    }

    public static List<X509Certificate> decodeCertificates(byte[] bArr) throws UaException {
        return decodeCertificates(new ByteArrayInputStream(bArr));
    }

    public static List<X509Certificate> decodeCertificates(InputStream inputStream) throws UaException {
        Preconditions.checkNotNull(inputStream, "inputStream cannot be null");
        try {
            try {
                Stream<? extends Certificate> stream = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).stream();
                Class<X509Certificate> cls = X509Certificate.class;
                X509Certificate.class.getClass();
                return (List) stream.map((v1) -> {
                    return r1.cast(v1);
                }).collect(Collectors.toList());
            } catch (CertificateException e) {
                throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
            }
        } catch (CertificateException e2) {
            throw new UaException(StatusCodes.Bad_InternalError, e2);
        }
    }

    public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X509Certificate x509Certificate) throws Exception {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
        GeneralNames generalNames = new GeneralNames((GeneralName[]) getSubjectAltNames(x509Certificate).toArray(new GeneralName[0]));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).build(keyPair.getPrivate()));
    }

    public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, String str, String str2, List<String> list, List<String> list2, String str3) throws Exception {
        return generateCsr(keyPair, new X500Name(IETFUtils.rDNsFromString(str, RFC4519Style.INSTANCE)), str2, list, list2, str3);
    }

    public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, X500Name x500Name, String str, List<String> list, List<String> list2, String str2) throws Exception {
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GeneralName(6, str));
        Stream<R> map = list.stream().map(str3 -> {
            return new GeneralName(2, str3);
        });
        arrayList.getClass();
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = list2.stream().map(str4 -> {
            return new GeneralName(7, str4);
        });
        arrayList.getClass();
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return pKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(str2).build(keyPair.getPrivate()));
    }

    public static String getCsrPem(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new MiscPEMGenerator(pKCS10CertificationRequest));
                pemWriter.flush();
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    private static List<GeneralName> getSubjectAltNames(X509Certificate x509Certificate) {
        try {
            ArrayList arrayList = new ArrayList();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() == 2) {
                    Object obj = list.get(0);
                    String objects = Objects.toString(list.get(1));
                    if (Objects.equals(obj, 2)) {
                        arrayList.add(new GeneralName(2, objects));
                    } else if (Objects.equals(obj, 7)) {
                        arrayList.add(new GeneralName(7, objects));
                    } else if (Objects.equals(obj, 6)) {
                        arrayList.add(new GeneralName(6, objects));
                    }
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    public static List<Object> getSubjectAltNameField(X509Certificate x509Certificate, int i) {
        Object obj;
        try {
            ArrayList arrayList = new ArrayList();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() == 2 && list.get(0).equals(Integer.valueOf(i)) && (obj = list.get(1)) != null) {
                    arrayList.add(obj);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    public static Optional<String> getSanUri(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 6).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        String.class.getClass();
        return filter.map(cls::cast).findFirst();
    }

    public static List<String> getSanDnsNames(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 2).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        String.class.getClass();
        return (List) filter.map(cls::cast).collect(Collectors.toList());
    }

    public static List<String> getSanIpAddresses(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 7).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        String.class.getClass();
        return (List) filter.map(cls::cast).collect(Collectors.toList());
    }

    public static ByteString thumbprint(X509Certificate x509Certificate) throws UaException {
        try {
            return ByteString.of(DigestUtil.sha1(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException e) {
            throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
        }
    }
}
