package org.shredzone.acme4j.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.Objects;
import javax.annotation.ParametersAreNonnullByDefault;
import javax.annotation.WillClose;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.shredzone.acme4j.Identifier;

@ParametersAreNonnullByDefault
/* loaded from: input_file:org/shredzone/acme4j/util/CertificateUtils.class */
public final class CertificateUtils {
    public static final ASN1ObjectIdentifier ACME_VALIDATION = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.31").intern();

    private CertificateUtils() {
    }

    public static PKCS10CertificationRequest readCSR(@WillClose InputStream inputStream) throws IOException {
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.US_ASCII));
        try {
            Object readObject = pEMParser.readObject();
            if (!(readObject instanceof PKCS10CertificationRequest)) {
                throw new IOException("Not a PKCS10 CSR");
            }
            PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) readObject;
            pEMParser.close();
            return pKCS10CertificationRequest;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static X509Certificate createTlsAlpn01Certificate(KeyPair keyPair, Identifier identifier, byte[] bArr) throws IOException {
        Objects.requireNonNull(keyPair, "keypair");
        Objects.requireNonNull(identifier, "id");
        if (bArr == null || bArr.length != 32) {
            throw new IllegalArgumentException("Bad acmeValidation parameter");
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            X500Name x500Name = new X500Name("CN=acme.invalid");
            BigInteger valueOf = BigInteger.valueOf(currentTimeMillis);
            Instant ofEpochMilli = Instant.ofEpochMilli(currentTimeMillis);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, valueOf, Date.from(ofEpochMilli), Date.from(ofEpochMilli.plus((TemporalAmount) Duration.ofDays(7L))), x500Name, keyPair.getPublic());
            GeneralName[] generalNameArr = new GeneralName[1];
            String type = identifier.getType();
            boolean z = -1;
            switch (type.hashCode()) {
                case 3367:
                    if (type.equals("ip")) {
                        z = true;
                        break;
                    }
                    break;
                case 99625:
                    if (type.equals("dns")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    generalNameArr[0] = new GeneralName(2, identifier.getDomain());
                    break;
                case true:
                    generalNameArr[0] = new GeneralName(7, identifier.getIP().getHostAddress());
                    break;
                default:
                    throw new IllegalArgumentException("Unsupported Identifier type " + identifier.getType());
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
            jcaX509v3CertificateBuilder.addExtension(ACME_VALIDATION, true, new DEROctetString(bArr));
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())).getEncoded()));
        } catch (CertificateException | OperatorCreationException e) {
            throw new IOException(e);
        }
    }
}
