package kz.gov.pki.knca.applet.utils;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.asn1.ASN1InputStream;
import kz.gov.pki.kalkan.asn1.DERObjectIdentifier;
import kz.gov.pki.kalkan.asn1.DEROctetString;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.kalkan.util.encoders.Hex;
import kz.gov.pki.knca.applet.AppletConstants;
import kz.gov.pki.knca.applet.exception.AECodes;
import kz.gov.pki.knca.applet.exception.AppletException;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;

/* loaded from: input_file:kz/gov/pki/knca/applet/utils/X509Util.class */
public class X509Util {
    public static X509Certificate parsePemToX509Certificate(String str, Provider provider) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509", provider).generateCertificate(new ByteArrayInputStream(str.getBytes()));
    }

    public static String getKeyId(X509Certificate x509Certificate, Provider provider) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getExtensionValue(XMLX509SKI.SKI_OID))).readObject()).getOctets());
        ASN1InputStream aSN1InputStream = new ASN1InputStream(byteArrayInputStream);
        String encodeStr = Hex.encodeStr(((DEROctetString) aSN1InputStream.readObject()).getOctets());
        if (byteArrayInputStream != null) {
            byteArrayInputStream.close();
        }
        if (aSN1InputStream != null) {
            aSN1InputStream.close();
        }
        return encodeStr;
    }

    public static boolean containsExtKeyUsage(X509Certificate x509Certificate, String str) throws CertificateParsingException {
        if (x509Certificate.getExtendedKeyUsage() == null) {
            return false;
        }
        Iterator<String> it = x509Certificate.getExtendedKeyUsage().iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isAuthCert(X509Certificate x509Certificate) throws CertificateParsingException {
        return containsExtKeyUsage(x509Certificate, AppletConstants.EXT_KEY_USAGE_SSL_CLIENT_OID);
    }

    public static boolean isSignKey(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage[0] && keyUsage[1];
    }

    /* JADX WARN: Finally extract failed */
    public static X509Certificate getX509CertificateFromKeystore(Storage storage, String str, String str2, char[] cArr, Provider provider) throws AppletException {
        try {
            try {
                return (X509Certificate) KeyStoreUtil.getKeyStore(storage, str, cArr, provider).getCertificate(str2);
            } catch (KeyStoreException e) {
                Logger.getLogger(X509Util.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                throw new AppletException(AECodes.COMMON.name());
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public static String getRdn(X509Name x509Name, DERObjectIdentifier dERObjectIdentifier, int i) {
        return x509Name.getValues(dERObjectIdentifier).get(i).toString();
    }
}
