package org.cryptacular.util;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralNamesBuilder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.AlgorithmNameFinder;
import org.bouncycastle.operator.DefaultAlgorithmNameFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.cryptacular.CryptoException;
import org.cryptacular.EncodingException;
import org.cryptacular.x509.dn.NameReader;
import org.cryptacular.x509.dn.StandardAttributeType;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:repository/org/cryptacular/cryptacular/1.2.7/cryptacular-1.2.7.jar:org/cryptacular/util/CsrUtil.class */
public final class CsrUtil {
    private static final AlgorithmNameFinder ALG_NAME_FINDER = new DefaultAlgorithmNameFinder();

    private CsrUtil() {
    }

    public static String encodeCsr(PKCS10CertificationRequest pKCS10CertificationRequest) {
        StringWriter stringWriter = new StringWriter();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(pKCS10CertificationRequest);
                    jcaPEMWriter.close();
                    String stringWriter2 = stringWriter.toString();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return stringWriter2;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new EncodingException("CSR encoding error", e);
        }
    }

    public static CertificationRequest decodeCsr(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.US_ASCII);
        if (PemUtil.isPem(bytes)) {
            return CertificationRequest.getInstance(PemUtil.decode(bytes));
        }
        throw new IllegalArgumentException("Input is not PEM-encoded as required");
    }

    public static CertificationRequest decodeCsr(byte[] bArr) {
        return CertificationRequest.getInstance(bArr);
    }

    public static CertificationRequest readCsr(File file) {
        return readCsr(StreamUtil.makeStream(file));
    }

    public static CertificationRequest readCsr(InputStream inputStream) {
        byte[] readAll = StreamUtil.readAll(inputStream);
        return PemUtil.isPem(readAll) ? decodeCsr(PemUtil.decode(readAll)) : decodeCsr(readAll);
    }

    public static List<String> commonNames(CertificationRequest certificationRequest) {
        return NameReader.readX500Name(certificationRequest.getCertificationRequestInfo().getSubject()).getValues(StandardAttributeType.CommonName);
    }

    public static List<String> subjectAltNames(CertificationRequest certificationRequest) {
        GeneralNames fromExtensions;
        ArrayList arrayList = new ArrayList();
        ASN1Set attributes = certificationRequest.getCertificationRequestInfo().getAttributes();
        if (attributes == null) {
            return arrayList;
        }
        Iterator<ASN1Encodable> it = attributes.iterator();
        while (it.hasNext()) {
            Attribute attribute = Attribute.getInstance(it.next());
            if (attribute.getAttrType().equals((ASN1Primitive) PKCSObjectIdentifiers.pkcs_9_at_extensionRequest) && (fromExtensions = GeneralNames.fromExtensions(Extensions.getInstance(attribute.getAttributeValues()[0]), Extension.subjectAlternativeName)) != null) {
                for (GeneralName generalName : fromExtensions.getNames()) {
                    arrayList.add(generalName.getName().toString().toLowerCase(Locale.ROOT));
                }
            }
        }
        return arrayList;
    }

    public static String sigAlgName(CertificationRequest certificationRequest) {
        return ALG_NAME_FINDER.getAlgorithmName(certificationRequest.getSignatureAlgorithm()).replace("WITH", "with");
    }

    public static int keyLength(CertificationRequest certificationRequest) {
        int fieldSize;
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo());
            if (createKey instanceof RSAKeyParameters) {
                fieldSize = ((RSAKeyParameters) createKey).getModulus().bitLength();
            } else {
                if (!(createKey instanceof ECKeyParameters)) {
                    throw new IllegalArgumentException("Unsupported key algorithm");
                }
                fieldSize = ((ECPublicKeyParameters) createKey).getQ().getXCoord().getFieldSize();
            }
            return fieldSize;
        } catch (IOException e) {
            throw new CryptoException("Error creating public key parameters", e);
        }
    }

    public static PKCS10CertificationRequest generateCsr(KeyPair keyPair, String str, String... strArr) {
        String str2;
        String algorithm = keyPair.getPublic().getAlgorithm();
        if (JCAConstants.KEY_ALGO_RSA.equals(algorithm)) {
            str2 = JCAConstants.SIGNATURE_RSA_SHA256;
        } else {
            if (!JCAConstants.KEY_ALGO_EC.equals(algorithm)) {
                throw new IllegalArgumentException("Unsupported key algorithm");
            }
            str2 = JCAConstants.SIGNATURE_ECDSA_SHA256;
        }
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(str), keyPair.getPublic());
        if (strArr != null && strArr.length > 0) {
            GeneralNamesBuilder generalNamesBuilder = new GeneralNamesBuilder();
            for (String str3 : strArr) {
                generalNamesBuilder.addName(new GeneralName(2, str3));
            }
            try {
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(Extension.create(Extension.subjectAlternativeName, false, generalNamesBuilder.build())));
            } catch (IOException e) {
                throw new CryptoException("Error adding subject alt names to CSR", e);
            }
        }
        try {
            return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(str2).build(keyPair.getPrivate()));
        } catch (OperatorCreationException e2) {
            throw new CryptoException("Failed generating CSR", e2);
        }
    }
}
