package io.quarkus.vault.pki;

import java.io.ByteArrayInputStream;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:io/quarkus/vault/pki/X509Parsing.class */
public class X509Parsing {
    private static final CertificateFactory certificateFactory;
    private static final Pattern PEM_CERT_REGEX;
    private static final Pattern PEM_CRL_REGEX;
    private static final int PEM_REGEX_CONTENT_GROUP = 1;
    private static final Base64.Decoder BASE64_DECODER;

    public static X509Certificate parsePEMCertificate(String str) throws CertificateException {
        Matcher matcher = PEM_CERT_REGEX.matcher(str);
        if (matcher.matches()) {
            return parseDERCertificate(BASE64_DECODER.decode(matcher.group(PEM_REGEX_CONTENT_GROUP)));
        }
        throw new CertificateException("Invalid PEM Certificate");
    }

    public static X509Certificate parseDERCertificate(byte[] bArr) throws CertificateException {
        return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static List<X509Certificate> parsePEMCertificates(String str) throws CertificateException {
        Matcher matcher = PEM_CERT_REGEX.matcher(str);
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            arrayList.add(parseDERCertificate(BASE64_DECODER.decode(matcher.group(PEM_REGEX_CONTENT_GROUP))));
        }
        return arrayList;
    }

    public static List<X509Certificate> parseDERCertificates(byte[] bArr) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = certificateFactory.generateCertificates(new ByteArrayInputStream(bArr)).iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return arrayList;
    }

    public static X509CRL parsePEMCRL(String str) throws CRLException {
        Matcher matcher = PEM_CRL_REGEX.matcher(str);
        if (matcher.matches()) {
            return parseDERCRL(BASE64_DECODER.decode(matcher.group(PEM_REGEX_CONTENT_GROUP)));
        }
        throw new CRLException("Invalid PEM CRL");
    }

    public static X509CRL parseDERCRL(byte[] bArr) throws CRLException {
        return (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(bArr));
    }

    static {
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
            PEM_CERT_REGEX = Pattern.compile("-+\\s*BEGIN\\s*CERTIFICATE\\s*-+\\s+([A-Za-z0-9+/=\\n\\s]+)-+\\s*END\\s*CERTIFICATE\\s*-+\\s*");
            PEM_CRL_REGEX = Pattern.compile("-+\\s*BEGIN\\s+X509\\s+CRL\\s*-+\\s+([A-Za-z0-9+/=\\n\\s]+)-+\\s*END\\s+X509\\s+CRL\\s*-+\\s*");
            BASE64_DECODER = Base64.getMimeDecoder();
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
