package org.jfrog.security.ssl;

import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/jfrog/security/ssl/CertificateHelper.class */
public abstract class CertificateHelper {
    private static final String SIG_ALG = "SHA256WithRSA";
    private static final String BC_PROVIDER = "BC";
    private static final long ONE_DAY_IN_MS = 86400000;
    private static final long MAX_EXPIRY;

    static {
        Calendar calendar = Calendar.getInstance();
        calendar.set(7000, 0, 1, 0, 0);
        MAX_EXPIRY = calendar.getTimeInMillis();
        Security.addProvider(new BouncyCastleProvider());
    }

    private CertificateHelper() {
    }

    public static X509Certificate generateSignedCertificate(X500Principal x500Principal, PrivateKey privateKey, X500Principal x500Principal2, PublicKey publicKey, BigInteger bigInteger, long j) throws CertificateGenerationException {
        try {
            Date date = new Date(System.currentTimeMillis() - ONE_DAY_IN_MS);
            if (j < 0) {
                throw new IllegalArgumentException("'expire in' must be a positive number");
            }
            long currentTimeMillis = System.currentTimeMillis() + j;
            return X509Certificate.getInstance(new X509v3CertificateBuilder(X500Name.getInstance(x500Principal.getEncoded()), bigInteger, date, new Date((currentTimeMillis < 0 || currentTimeMillis > MAX_EXPIRY) ? MAX_EXPIRY : currentTimeMillis), X500Name.getInstance(x500Principal2.getEncoded()), SubjectPublicKeyInfo.getInstance(new ASN1InputStream(publicKey.getEncoded()).readObject())).build(new JcaContentSignerBuilder(SIG_ALG).setProvider(BC_PROVIDER).build(privateKey)).getEncoded());
        } catch (Exception e) {
            throw new CertificateGenerationException("Failed to generate signed certificate: " + e.getMessage(), e);
        }
    }

    public static String getCertificateIssuerCommonName(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.CN);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static String getCertificateIssuerOrganizationUnit(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.OU);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static String getCertificateIssuerOrganization(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(BCStyle.O);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static String getCertificateSubjectCommonName(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static String getCertificateSubjectOrganizationUnit(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.OU);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static String getCertificateSubjectOrganization(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        String str = "Unknown";
        RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.O);
        if (rDNs != null && rDNs.length > 0) {
            RDN rdn = rDNs[0];
            if (rdn.getFirst() != null && rdn.getFirst().getValue() != null) {
                str = IETFUtils.valueToString(rdn.getFirst().getValue());
            }
        }
        return str;
    }

    public static Date getValidUntil(java.security.cert.X509Certificate x509Certificate) {
        return x509Certificate.getNotAfter();
    }

    public static Date getIssuedAt(java.security.cert.X509Certificate x509Certificate) {
        return x509Certificate.getNotBefore();
    }

    public static String getCertificateFingerprint(java.security.cert.X509Certificate x509Certificate) throws CertificateEncodingException {
        byte[] sha256 = DigestUtils.sha256(x509Certificate.getEncoded());
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < sha256.length; i++) {
            String hexString = Integer.toHexString(255 & sha256[i]);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString.toUpperCase());
            if (i != sha256.length - 1) {
                sb.append(':');
            }
        }
        return sb.toString();
    }
}
