package nl.altindag.ssl.util;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.UnaryOperator;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import nl.altindag.ssl.exception.GenericCertificateException;
import nl.altindag.ssl.exception.GenericIOException;
import nl.altindag.ssl.util.internal.CollectorsUtils;
import nl.altindag.ssl.util.internal.IOUtils;
import nl.altindag.ssl.util.internal.ValidationUtils;

/* loaded from: input_file:nl/altindag/ssl/util/CertificateUtils.class */
public final class CertificateUtils {
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String P7B_HEADER = "-----BEGIN PKCS7-----";
    private static final String P7B_FOOTER = "-----END PKCS7-----";
    private static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----";
    private static final String PEM_FOOTER = "-----END CERTIFICATE-----";
    private static final String EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE = "Failed to load the certificate from the provided InputStream because it is null";
    private static final String MAX_64_CHARACTER_LINE_SPLITTER = "(?<=\\G.{64})";
    private static final String EMPTY = "";
    private static final Pattern PEM_PATTERN = Pattern.compile("-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----", 32);
    private static final Pattern P7B_PATTERN = Pattern.compile("-----BEGIN PKCS7-----(.*?)-----END PKCS7-----", 32);
    private static final UnaryOperator<String> CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE = str -> {
        return String.format("Failed to load the certificate from the classpath for the given path: [%s]", str);
    };

    private CertificateUtils() {
    }

    public static <T extends Certificate> String generateAlias(T t) {
        return t instanceof X509Certificate ? ((X509Certificate) t).getSubjectX500Principal().getName("CANONICAL").replace(" ", "-").replace(",", "_").replaceAll("[.*\\\\]+", EMPTY) : UUID.randomUUID().toString().toLowerCase(Locale.US);
    }

    public static <T extends Certificate> Map<String, T> generateAliases(List<T> list) {
        HashMap hashMap = new HashMap();
        for (T t : list) {
            String generateAlias = generateAlias(t);
            boolean z = true;
            if (hashMap.containsKey(generateAlias)) {
                int i = 0;
                while (true) {
                    if (i > 1000) {
                        break;
                    }
                    String str = generateAlias + "-" + i;
                    if (!hashMap.containsKey(str)) {
                        generateAlias = str;
                        z = true;
                        break;
                    }
                    z = false;
                    i++;
                }
            }
            if (z) {
                hashMap.put(generateAlias, t);
            }
        }
        return hashMap;
    }

    public static <T extends Certificate> void write(Path path, T t) {
        try {
            IOUtils.write(path, t.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new GenericCertificateException(e);
        }
    }

    public static List<Certificate> loadCertificate(String... strArr) {
        return loadCertificate(str -> {
            return (InputStream) ValidationUtils.requireNotNull(CertificateUtils.class.getClassLoader().getResourceAsStream(str), (String) CERTIFICATE_NOT_FOUND_EXCEPTION_MESSAGE.apply(str));
        }, strArr);
    }

    public static List<Certificate> loadCertificate(Path... pathArr) {
        return loadCertificate(path -> {
            try {
                return Files.newInputStream(path, StandardOpenOption.READ);
            } catch (IOException e) {
                throw new GenericIOException(e);
            }
        }, pathArr);
    }

    public static List<Certificate> loadCertificate(InputStream... inputStreamArr) {
        return loadCertificate(inputStream -> {
            return (InputStream) ValidationUtils.requireNotNull(inputStream, EMPTY_INPUT_STREAM_EXCEPTION_MESSAGE);
        }, inputStreamArr);
    }

    private static <T> List<Certificate> loadCertificate(Function<T, InputStream> function, T[] tArr) {
        ArrayList arrayList = new ArrayList();
        for (T t : tArr) {
            try {
                InputStream apply = function.apply(t);
                try {
                    arrayList.addAll(parseCertificate(apply));
                    if (apply != null) {
                        apply.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new GenericIOException(e);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    private static List<Certificate> parseCertificate(InputStream inputStream) {
        byte[] copyToByteArray = IOUtils.copyToByteArray(inputStream);
        String str = new String(copyToByteArray, StandardCharsets.UTF_8);
        return isPemFormatted(str) ? parsePemCertificate(str) : isP7bFormatted(str) ? parseP7bCertificate(str) : parseDerCertificate(new ByteArrayInputStream(copyToByteArray));
    }

    private static boolean isPemFormatted(String str) {
        return PEM_PATTERN.matcher(str).find();
    }

    private static boolean isP7bFormatted(String str) {
        return P7B_PATTERN.matcher(str).find();
    }

    public static List<Certificate> parsePemCertificate(String str) {
        return parseCertificate(PEM_PATTERN.matcher(str));
    }

    public static List<Certificate> parseP7bCertificate(String str) {
        return parseCertificate(P7B_PATTERN.matcher(str));
    }

    private static List<Certificate> parseCertificate(Matcher matcher) {
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(matcher.group(1).replaceAll("[\\n|\\r]+", EMPTY).trim()));
            arrayList.addAll(parseDerCertificate(byteArrayInputStream));
            IOUtils.closeSilently(byteArrayInputStream);
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static List<Certificate> parseDerCertificate(InputStream inputStream) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            try {
                List<Certificate> list = (List) CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertificates(bufferedInputStream).stream().collect(CollectorsUtils.toUnmodifiableList());
                bufferedInputStream.close();
                return list;
            } finally {
            }
        } catch (IOException | CertificateException e) {
            if (e.getMessage().contains("Duplicate extensions not allowed")) {
                return Collections.emptyList();
            }
            throw new GenericCertificateException("There is no valid certificate present to parse. Please make sure to supply a valid der formatted certificate", e);
        }
    }

    public static List<X509Certificate> getJdkTrustedCertificates() {
        return (List) Stream.of((Object[]) TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates().getAcceptedIssuers()).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static List<X509Certificate> getSystemTrustedCertificates() {
        return (List) TrustManagerUtils.createTrustManagerWithSystemTrustedCertificates().map((v0) -> {
            return v0.getAcceptedIssuers();
        }).map((v0) -> {
            return Arrays.asList(v0);
        }).map(Collections::unmodifiableList).orElseGet(Collections::emptyList);
    }

    public static List<X509Certificate> getCertificatesFromExternalSource(String str) {
        return CertificateExtractorUtils.getInstance().getCertificateFromExternalSource(str);
    }

    public static List<X509Certificate> getCertificatesFromExternalSource(Proxy proxy, String str) {
        return new CertificateExtractorUtils(proxy).getCertificateFromExternalSource(str);
    }

    public static List<X509Certificate> getCertificatesFromExternalSource(Proxy proxy, PasswordAuthentication passwordAuthentication, String str) {
        return new CertificateExtractorUtils(proxy, passwordAuthentication).getCertificateFromExternalSource(str);
    }

    public static List<String> getCertificatesFromExternalSourceAsPem(String str) {
        return (List) getCertificatesFromExternalSource(str).stream().map((v0) -> {
            return convertToPem(v0);
        }).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static List<String> getCertificatesFromExternalSourceAsPem(Proxy proxy, String str) {
        return (List) getCertificatesFromExternalSource(proxy, str).stream().map((v0) -> {
            return convertToPem(v0);
        }).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static List<String> getCertificatesFromExternalSourceAsPem(Proxy proxy, PasswordAuthentication passwordAuthentication, String str) {
        return (List) getCertificatesFromExternalSource(proxy, passwordAuthentication, str).stream().map((v0) -> {
            return convertToPem(v0);
        }).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(String... strArr) {
        return getCertificatesFromExternalSources((List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(Proxy proxy, String... strArr) {
        return getCertificatesFromExternalSources(proxy, (List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(Proxy proxy, PasswordAuthentication passwordAuthentication, String... strArr) {
        return getCertificatesFromExternalSources(proxy, passwordAuthentication, (List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(List<String> list) {
        return (Map) list.stream().map(str -> {
            return new AbstractMap.SimpleEntry(str, getCertificatesFromExternalSource(str));
        }).collect(Collectors.collectingAndThen(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }), Collections::unmodifiableMap));
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(Proxy proxy, List<String> list) {
        CertificateExtractorUtils certificateExtractorUtils = new CertificateExtractorUtils(proxy);
        return (Map) list.stream().map(str -> {
            return new AbstractMap.SimpleEntry(str, certificateExtractorUtils.getCertificateFromExternalSource(str));
        }).collect(Collectors.collectingAndThen(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }), Collections::unmodifiableMap));
    }

    public static Map<String, List<X509Certificate>> getCertificatesFromExternalSources(Proxy proxy, PasswordAuthentication passwordAuthentication, List<String> list) {
        CertificateExtractorUtils certificateExtractorUtils = new CertificateExtractorUtils(proxy, passwordAuthentication);
        return (Map) list.stream().map(str -> {
            return new AbstractMap.SimpleEntry(str, certificateExtractorUtils.getCertificateFromExternalSource(str));
        }).collect(Collectors.collectingAndThen(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }), Collections::unmodifiableMap));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(String... strArr) {
        return getCertificatesFromExternalSourcesAsPem((List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(Proxy proxy, String... strArr) {
        return getCertificatesFromExternalSourcesAsPem(proxy, (List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(Proxy proxy, PasswordAuthentication passwordAuthentication, String... strArr) {
        return getCertificatesFromExternalSourcesAsPem(proxy, passwordAuthentication, (List<String>) Arrays.asList(strArr));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(List<String> list) {
        return Collections.unmodifiableMap((Map) getCertificatesFromExternalSources(list).entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return convertToPem((List<X509Certificate>) entry.getValue());
        })));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(Proxy proxy, List<String> list) {
        return Collections.unmodifiableMap((Map) getCertificatesFromExternalSources(proxy, list).entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return convertToPem((List<X509Certificate>) entry.getValue());
        })));
    }

    public static Map<String, List<String>> getCertificatesFromExternalSourcesAsPem(Proxy proxy, PasswordAuthentication passwordAuthentication, List<String> list) {
        return Collections.unmodifiableMap((Map) getCertificatesFromExternalSources(proxy, passwordAuthentication, list).entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return convertToPem((List<X509Certificate>) entry.getValue());
        })));
    }

    public static List<String> convertToPem(List<X509Certificate> list) {
        return (List) list.stream().map((v0) -> {
            return convertToPem(v0);
        }).collect(CollectorsUtils.toUnmodifiableList());
    }

    public static String convertToPem(Certificate certificate) {
        try {
            List list = (List) Stream.of((Object[]) new String(Base64.getEncoder().encode(certificate.getEncoded())).split(MAX_64_CHARACTER_LINE_SPLITTER)).collect(CollectorsUtils.toModifiableList());
            list.add(0, PEM_HEADER);
            list.add(PEM_FOOTER);
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                list.add(0, String.format("issuer=%s", x509Certificate.getIssuerX500Principal().getName()));
                list.add(0, String.format("subject=%s", x509Certificate.getSubjectX500Principal().getName()));
            }
            return String.join(System.lineSeparator(), list);
        } catch (CertificateEncodingException e) {
            throw new GenericCertificateException(e);
        }
    }
}
