package org.opcfoundation.ua.utils;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.opcfoundation.ua.transport.security.KeyPair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opcfoundation/ua/utils/BouncyCastleUtils.class */
public class BouncyCastleUtils {
    static Logger logger = LoggerFactory.getLogger(BouncyCastleUtils.class);

    public static X509Certificate generateIssuerCert(PublicKey publicKey, PrivateKey privateKey, KeyPair keyPair, String str, BigInteger bigInteger, Date date, Date date2) throws GeneralSecurityException, IOException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        AuthorityKeyIdentifier createAuthorityKeyIdentifier;
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if (keyPair == null) {
            X500Name x500Name = new X500Name(str);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
        } else {
            X509Certificate certificate = keyPair.getCertificate().getCertificate();
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate, bigInteger, date, date2, new X500Principal(str), publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(certificate);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(134));
        try {
            return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertificateUtils.getCertificateSignatureAlgorithm()).setProvider("BC").build(privateKey)));
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException("Failed to sign the certificate", e);
        }
    }

    public static X509Certificate generateCertificate(String str, PublicKey publicKey, PrivateKey privateKey, KeyPair keyPair, Date date, Date date2, BigInteger bigInteger, String str2, String... strArr) throws IOException, GeneralSecurityException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        AuthorityKeyIdentifier createAuthorityKeyIdentifier;
        PrivateKey privateKey2;
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if (keyPair == null) {
            X500Name x500Name = new X500Name(str);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
            privateKey2 = privateKey;
        } else {
            X509Certificate certificate = keyPair.getCertificate().getCertificate();
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate, bigInteger, date, date2, new X500Principal(str), publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(certificate);
            privateKey2 = keyPair.getPrivateKey().getPrivateKey();
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, false, new BasicConstraints(false)).addExtension(Extension.keyUsage, false, new KeyUsage(244));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth}));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GeneralName(6, str2));
        boolean z = false;
        String str3 = null;
        try {
            String[] split = str2.split("[:/]");
            if (split.length > 1) {
                str3 = split[1];
                if (!str3.toLowerCase().equals("localhost")) {
                    arrayList.add(new GeneralName(2, str3));
                    z = true;
                }
            }
        } catch (Exception e) {
            logger.warn("Cannot initialize DNS Name to Certificate from ApplicationUri {}", str2);
        }
        ArrayList arrayList2 = new ArrayList();
        if (strArr != null) {
            for (String str4 : strArr) {
                boolean matches = str4.matches("^[0-9.]+$");
                if (!str4.equals(str3) && !str4.toLowerCase().equals("localhost")) {
                    GeneralName generalName = new GeneralName(str4.matches("^[0-9.]+$") ? 7 : 2, str4);
                    if (matches) {
                        arrayList2.add(generalName);
                    } else {
                        arrayList.add(generalName);
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                arrayList.add((GeneralName) it.next());
            }
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        try {
            return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertificateUtils.getCertificateSignatureAlgorithm()).setProvider("BC").build(privateKey2)));
        } catch (OperatorCreationException e2) {
            throw new GeneralSecurityException((Throwable) e2);
        }
    }

    public static void writeToPem(Object obj, File file, String str, String str2) throws IOException {
        CryptoUtil.getSecurityProviderName();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(new FileOutputStream(file.getCanonicalPath())));
        if (str == null) {
            jcaPEMWriter.writeObject(obj);
        } else {
            jcaPEMWriter.writeObject(obj, new JcePEMEncryptorBuilder(str2).setSecureRandom(CryptoUtil.getRandom()).build(str.toCharArray()));
        }
        jcaPEMWriter.close();
    }

    public static byte[] base64Decode(String str) {
        return Base64.decode(str);
    }

    public static String base64Encode(byte[] bArr) {
        try {
            return new String(Base64.encode(bArr), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    public static Collection<List<?>> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate);
    }

    public static byte[] PKCS5PasswordToBytes(char[] cArr) {
        return PBEParametersGenerator.PKCS5PasswordToBytes(cArr);
    }
}
