package org.forgerock.openidm.util;

import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.forgerock.json.resource.InternalServerErrorException;
import org.forgerock.json.resource.ResourceException;
import org.joda.time.DateTime;

/* loaded from: input_file:org/forgerock/openidm/util/CertUtil.class */
public class CertUtil {
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;

    private CertUtil() {
    }

    public static Pair<X509Certificate, PrivateKey> generateCertificate(String str, String str2, int i, String str3, String str4, String str5) throws Exception {
        return generateCertificate(str, "None", "None", "None", "None", "None", str2, i, str3, str4, str5);
    }

    public static Pair<X509Certificate, PrivateKey> generateCertificate(String str, String str2, String str3, String str4, String str5, String str6, String str7, int i, String str8, String str9, String str10) throws Exception {
        Date date;
        Date date2;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str7);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.C, str5);
        x500NameBuilder.addRDN(BCStyle.ST, str4);
        x500NameBuilder.addRDN(BCStyle.L, str6);
        x500NameBuilder.addRDN(BCStyle.OU, str3);
        x500NameBuilder.addRDN(BCStyle.O, str2);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        if (str9 == null) {
            date = new Date(System.currentTimeMillis() - 2592000000L);
        } else {
            DateTime parseIfDate = DateUtil.getDateUtil().parseIfDate(str9);
            if (parseIfDate == null) {
                throw new InternalServerErrorException("Invalid date format for 'validFrom' property");
            }
            date = parseIfDate.toDate();
        }
        if (str10 == null) {
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(new Date());
            calendar.add(1, 10);
            date2 = calendar.getTime();
        } else {
            DateTime parseIfDate2 = DateUtil.getDateUtil().parseIfDate(str10);
            if (parseIfDate2 == null) {
                throw new InternalServerErrorException("Invalid date format for 'validTo' property");
            }
            date2 = parseIfDate2.toDate();
        }
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500NameBuilder.build(), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder(str8).setProvider(BC).build(generateKeyPair.getPrivate())));
        certificate.checkValidity(new Date());
        certificate.verify(certificate.getPublicKey());
        return Pair.of(certificate, generateKeyPair.getPrivate());
    }

    public static String getCertString(Object obj) throws Exception {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            PEMWriter pEMWriter = new PEMWriter(stringWriter);
            Throwable th2 = null;
            try {
                pEMWriter.writeObject(obj);
                pEMWriter.flush();
                String stringBuffer = stringWriter.getBuffer().toString();
                if (pEMWriter != null) {
                    if (0 != 0) {
                        try {
                            pEMWriter.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        pEMWriter.close();
                    }
                }
                return stringBuffer;
            } catch (Throwable th4) {
                if (pEMWriter != null) {
                    if (0 != 0) {
                        try {
                            pEMWriter.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        pEMWriter.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (stringWriter != null) {
                if (0 != 0) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    stringWriter.close();
                }
            }
        }
    }

    public static <T> T fromPem(String str) throws Exception {
        return (T) new PEMReader(new StringReader(str)).readObject();
    }

    public static Certificate readCertificate(String str) throws Exception {
        Object readObject = new PEMReader(new StringReader(str)).readObject();
        if (readObject instanceof X509Certificate) {
            return (X509Certificate) readObject;
        }
        throw ResourceException.newResourceException(400, "Unsupported certificate format");
    }

    public static Certificate[] readCertificateChain(List<String> list) throws Exception {
        Certificate[] certificateArr = new Certificate[list.size()];
        for (int i = 0; i < certificateArr.length; i++) {
            certificateArr[i] = readCertificate(list.get(i));
        }
        return certificateArr;
    }
}
