package com.l7tech.msso.cert;

import android.util.Base64;
import com.healthagen.iTriage.common.NonDbConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.DERObjectIdentifier;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.jce.PKCS10CertificationRequest;
import org.spongycastle.jce.X509KeyUsage;
import org.spongycastle.x509.X509V3CertificateGenerator;
import org.spongycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.spongycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: classes.dex */
public class CertUtils {
    static final int KU_cRLSign = 2;
    static final int KU_dataEncipherment = 16;
    static final int KU_decipherOnly = 32768;
    static final int KU_digitalSignature = 128;
    static final int KU_encipherOnly = 1;
    static final int KU_keyAgreement = 8;
    static final int KU_keyCertSign = 4;
    static final int KU_keyEncipherment = 32;
    static final int KU_nonRepudiation = 64;
    static final String PEM_CERT_BEGIN_MARKER = "-----BEGIN CERTIFICATE-----";
    static final String PEM_CERT_END_MARKER = "-----END CERTIFICATE-----";

    private CertUtils() {
    }

    public static X509Certificate decodeCertFromPem(String str) throws IOException {
        int indexOf = str.indexOf(PEM_CERT_BEGIN_MARKER);
        int indexOf2 = str.indexOf(PEM_CERT_END_MARKER);
        if (indexOf >= 0 && indexOf2 >= indexOf) {
            str = str.substring(indexOf + PEM_CERT_BEGIN_MARKER.length(), indexOf2);
        } else if (indexOf2 >= 0) {
            throw new IOException("Begin PEM marker present, but end marker missing");
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 0)));
        } catch (CertificateException e) {
            throw new IOException(e);
        }
    }

    public static X509Certificate[] decodeCertificateChain(byte[] bArr) {
        try {
            return toX509CertArray(CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr)));
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static byte[] encodeCertificateChain(X509Certificate[] x509CertificateArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                byteArrayOutputStream.write(x509Certificate.getEncoded());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static byte[] generateCertificateSigningRequest(String str, String str2, String str3, String str4, KeyPair keyPair) throws CertificateException {
        try {
            return new PKCS10CertificationRequest("SHA1withRSA", new X500Principal("cn=" + str + ", ou=" + str2 + ", dc=" + str3 + ", o=" + str4), keyPair.getPublic(), new DERSet(new ASN1EncodableVector()), keyPair.getPrivate(), (String) null).getEncoded();
        } catch (Exception e) {
            throw new CertificateException("Unable to generate certificate signing request: " + e.getMessage(), e);
        }
    }

    public static X509Certificate generateSelfSignedCertificate(String str, PublicKey publicKey, PrivateKey privateKey, SecureRandom secureRandom) throws CertificateException {
        X500Principal x500Principal = new X500Principal(str);
        Date date = new Date(new Date().getTime() - NonDbConstants.stuff.MEDICATIONS_CHECK_PERIOD_MS);
        Date date2 = new Date(date.getTime() + (315360000 * 1000));
        BigInteger abs = new BigInteger(64, secureRandom).abs();
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(abs);
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setIssuerDN(x500Principal);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.addExtension((DERObjectIdentifier) X509Extensions.BasicConstraints, true, (ASN1Encodable) new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension((DERObjectIdentifier) X509Extensions.KeyUsage, true, (ASN1Encodable) new X509KeyUsage(160));
        try {
            x509V3CertificateGenerator.addExtension((DERObjectIdentifier) X509Extensions.SubjectKeyIdentifier, false, (ASN1Encodable) new SubjectKeyIdentifierStructure(publicKey));
            x509V3CertificateGenerator.addExtension((DERObjectIdentifier) X509Extensions.AuthorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifierStructure(publicKey));
            return x509V3CertificateGenerator.generate(privateKey);
        } catch (Exception e) {
            throw new CertificateException("Unable to generate self-signed cert: " + e.getMessage(), e);
        }
    }

    static X509Certificate[] toX509CertArray(Collection<? extends Certificate> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends Certificate> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }
}
