package org.nhindirect.dns.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.nhindirect.dns.DNSException;
import org.nhindirect.stagent.CryptoExtensions;
import org.nhindirect.stagent.cert.X509CertificateEx;

/* loaded from: input_file:org/nhindirect/dns/utils/CertUtils.class */
public class CertUtils {
    private static final Log LOGGER = LogFactory.getFactory().getInstance(CertUtils.class);

    public static byte[] pkcs12ToStrippedPkcs12(byte[] bArr, String str) throws DNSException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Pkcs byte stream cannot be null or empty.");
        }
        if (str == null) {
            throw new IllegalArgumentException("Passphrase cannot be null.");
        }
        byte[] bArr2 = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
                keyStore.load(byteArrayInputStream, str.toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                if (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    Key key = keyStore.getKey(nextElement, "".toCharArray());
                    if (key != null && (key instanceof PrivateKey)) {
                        char[] charArray = "".toCharArray();
                        keyStore.setKeyEntry("privCert", key, charArray, new Certificate[]{x509Certificate});
                        keyStore.store(byteArrayOutputStream, charArray);
                        bArr2 = byteArrayOutputStream.toByteArray();
                    }
                }
                return bArr2;
            } catch (Exception e) {
                throw new DNSException("Failed to strip encryption for PKCS stream.");
            }
        } finally {
            try {
                byteArrayInputStream.close();
            } catch (Exception e2) {
            }
            try {
                byteArrayOutputStream.close();
            } catch (Exception e3) {
            }
        }
    }

    public static byte[] x509CertificateToBytes(X509Certificate x509Certificate) throws DNSException {
        if (!(x509Certificate instanceof X509CertificateEx)) {
            try {
                return x509Certificate.getEncoded();
            } catch (Exception e) {
                throw new DNSException("Failed to convert certificate to a byte stream.");
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
                keyStore.load(null, null);
                char[] charArray = "".toCharArray();
                keyStore.setKeyEntry("privCert", ((X509CertificateEx) x509Certificate).getPrivateKey(), charArray, new Certificate[]{x509Certificate});
                keyStore.store(byteArrayOutputStream, charArray);
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e2) {
                throw new DNSException("Failed to convert certificate to a byte stream.");
            }
        } finally {
            try {
                byteArrayOutputStream.close();
            } catch (Exception e3) {
            }
        }
    }

    public static X509Certificate toX509Certificate(byte[] bArr) throws DNSException {
        return toX509Certificate(bArr, "");
    }

    public static X509Certificate toX509Certificate(byte[] bArr, String str) throws DNSException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Byte stream cannot be null or empty.");
        }
        if (str == null) {
            str = "";
        }
        X509CertificateEx x509CertificateEx = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
                    keyStore.load(byteArrayInputStream, str.toCharArray());
                    Enumeration<String> aliases = keyStore.aliases();
                    if (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                        Key key = keyStore.getKey(nextElement, str.toCharArray());
                        if (key != null && (key instanceof PrivateKey)) {
                            x509CertificateEx = X509CertificateEx.fromX509Certificate(x509Certificate, (PrivateKey) key);
                        }
                    }
                } finally {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
            }
            if (x509CertificateEx == null) {
                byteArrayInputStream.reset();
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                x509CertificateEx = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            }
            return x509CertificateEx;
        } catch (Exception e3) {
            throw new DNSException("Failed to convert byte stream to a certificate.");
        }
    }

    public static X509Certificate certFromFile(String str) {
        File file = new File(str);
        try {
            LOGGER.trace("Full path of cert file to load: " + file.getAbsolutePath());
            return toX509Certificate(FileUtils.readFileToByteArray(file));
        } catch (Exception e) {
            LOGGER.error("Failed to load certificate from file " + file.getAbsolutePath(), e);
            return null;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
