package org.jfrog.security.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.jfrog.security.util.BCProviderFactory;

/* loaded from: input_file:org/jfrog/security/ssl/CertificateHelper.class */
public abstract class CertificateHelper {
    public static final ASN1ObjectIdentifier CERT_VERSION_OID = new ASN1ObjectIdentifier("2.5.29.17.1").intern();

    /* loaded from: input_file:org/jfrog/security/ssl/CertificateHelper$CryptoInfo.class */
    public static class CryptoInfo {
        private KeyPair keyPair;
        private X509Certificate certificate;

        public CryptoInfo(KeyPair keyPair, X509Certificate x509Certificate) {
            this.keyPair = keyPair;
            this.certificate = x509Certificate;
        }

        public KeyPair getKeyPair() {
            return this.keyPair;
        }

        public void setKeyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public void setCertificate(X509Certificate x509Certificate) {
            this.certificate = x509Certificate;
        }
    }

    private CertificateHelper() {
    }

    public static int getCertificateVersion(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(CERT_VERSION_OID.getId());
        if (extensionValue == null) {
            return 0;
        }
        Integer num = null;
        for (GeneralName generalName : GeneralNames.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getNames()) {
            if (generalName.getTagNo() == 0) {
                num = Integer.valueOf(ASN1Sequence.getInstance(generalName.getName()).getObjectAt(1).getValue().intValue());
            }
        }
        return num.intValue();
    }

    public static X509Certificate generateRootCertificate(KeyPair keyPair, String str, int i) throws CertificateGenerationException {
        return SignedCertificateBuilder.builder().iss(str).issPrivateKey(keyPair.getPrivate()).sub(str).subPublicKey(keyPair.getPublic()).serialNumber(randomSerialNumber()).expireIn(Long.MAX_VALUE).certVersion(i).useSubForSAN().isCA(true).buildX509Certificate();
    }

    public static BigInteger randomSerialNumber() {
        UUID randomUUID = UUID.randomUUID();
        ByteBuffer wrap = ByteBuffer.wrap(new byte[16]);
        wrap.putLong(randomUUID.getMostSignificantBits());
        wrap.putLong(randomUUID.getLeastSignificantBits());
        return new BigInteger(1, wrap.array());
    }

    public static String getCertificateIssuerCommonName(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.CN));
    }

    public static String getCertificateSubjectAlternativeName(X509Certificate x509Certificate) throws CertificateEncodingException {
        GeneralName[] names;
        GeneralNames fromExtensions = GeneralNames.fromExtensions(new JcaX509CertificateHolder(x509Certificate).getExtensions(), Extension.subjectAlternativeName);
        return (fromExtensions == null || (names = fromExtensions.getNames()) == null || names.length == 0) ? "" : names[0].getName().toString();
    }

    public static String getCertificateSubjectCommonName(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN));
    }

    public static Date getIssuedAt(X509Certificate x509Certificate) {
        return x509Certificate.getNotBefore();
    }

    public static String getCertificateIssuerOrganizationUnit(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.OU));
    }

    public static String getCertificateIssuerOrganization(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.O));
    }

    public static String getCertificateSubjectOrganizationUnit(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.OU));
    }

    public static String getCertificateSubjectOrganization(X509Certificate x509Certificate) throws CertificateEncodingException {
        return getName("Unknown", new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.O));
    }

    public static Date getValidUntil(X509Certificate x509Certificate) {
        return x509Certificate.getNotAfter();
    }

    public static String getCertificateFingerprint(X509Certificate x509Certificate) throws CertificateEncodingException {
        byte[] sha256 = DigestUtils.sha256(x509Certificate.getEncoded());
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < sha256.length; i++) {
            String hexString = Integer.toHexString(255 & sha256[i]);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString.toUpperCase());
            if (i != sha256.length - 1) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    private static String getName(String str, RDN[] rdnArr) {
        if (rdnArr != null && rdnArr.length > 0) {
            RDN rdn = rdnArr[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    static {
        BCProviderFactory.getProvider();
    }
}
