package io.jans.as.model.util;

import java.io.ByteArrayInputStream;
import java.net.URLDecoder;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.util.encoders.Base64;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/model/util/CertUtils.class */
public class CertUtils {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertUtils.class);

    private CertUtils() {
    }

    public static X509Certificate x509CertificateFromBytes(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            log.error("Failed to parse X.509 certificates from bytes", (Throwable) e);
            return null;
        }
    }

    public static X509Certificate x509CertificateFromPem(String str) {
        try {
            X509Certificate x509CertificateFromPemInternal = x509CertificateFromPemInternal(str);
            if (x509CertificateFromPemInternal != null) {
                return x509CertificateFromPemInternal;
            }
        } catch (Exception e) {
            log.trace("Failed to parse pem. " + e.getMessage() + ", trying to url decode it.");
        }
        try {
            return x509CertificateFromPemInternal(URLDecoder.decode(str, "UTF-8"));
        } catch (Exception e2) {
            log.error("Failed to parse pem", (Throwable) e2);
            return null;
        }
    }

    private static X509Certificate x509CertificateFromPemInternal(String str) {
        return x509CertificateFromBytes(Base64.decode(org.apache.commons.lang.StringUtils.remove(org.apache.commons.lang.StringUtils.remove(str, "-----BEGIN CERTIFICATE-----"), "-----END CERTIFICATE-----")));
    }

    public static String confirmationMethodHashS256(String str) {
        if (org.apache.commons.lang.StringUtils.isBlank(str)) {
            return "";
        }
        try {
            return confirmationMethodHashS256Internal(str);
        } catch (Exception e) {
            try {
                return confirmationMethodHashS256Internal(URLDecoder.decode(str, "UTF-8"));
            } catch (Exception e2) {
                log.error("Failed to hash certificate: " + str, (Throwable) e2);
                return "";
            }
        }
    }

    private static String confirmationMethodHashS256Internal(String str) {
        return Base64Util.base64urlencode(DigestUtils.sha256(Base64.decode(org.apache.commons.lang.StringUtils.replace(org.apache.commons.lang.StringUtils.remove(org.apache.commons.lang.StringUtils.remove(str, "-----BEGIN CERTIFICATE-----"), "-----END CERTIFICATE-----"), "\n", ""))));
    }

    @NotNull
    public static String getCN(@Nullable X509Certificate x509Certificate) {
        RDN rdn;
        if (x509Certificate == null) {
            return "";
        }
        try {
            RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN);
            return (rDNs == null || rDNs.length == 0 || (rdn = rDNs[0]) == null || rdn.getFirst() == null || rdn.getFirst().getValue() == null) ? "" : IETFUtils.valueToString(rdn.getFirst().getValue());
        } catch (CertificateEncodingException e) {
            log.error(e.getMessage(), (Throwable) e);
            return "";
        }
    }

    public static boolean equalsRdn(String str, String str2) {
        if (org.apache.commons.lang.StringUtils.isBlank(str) || org.apache.commons.lang.StringUtils.isBlank(str2)) {
            return false;
        }
        return new X500Name(str).equals(new X500Name(str2));
    }
}
