package org.apache.nifi.toolkit.tls.util;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/util/TlsHelper.class */
public class TlsHelper {
    private TlsHelper() {
    }

    public static void addBouncyCastleProvider() {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static KeyPairGenerator createKeyPairGenerator(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator;
    }

    public static byte[] calculateHMac(String str, PublicKey publicKey) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "RAW");
        Mac mac = Mac.getInstance("Hmac-SHA256", "BC");
        mac.init(secretKeySpec);
        return mac.doFinal(getKeyIdentifier(publicKey));
    }

    public static byte[] getKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException {
        return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey).getKeyIdentifier();
    }

    public static String pemEncodeJcaObject(Object obj) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new JcaMiscPEMGenerator(obj));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    public static JcaPKCS10CertificationRequest parseCsr(String str) throws IOException {
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            if (!PKCS10CertificationRequest.class.isInstance(readObject)) {
                throw new IOException("Expecting instance of " + PKCS10CertificationRequest.class + " but got " + readObject);
            }
            JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest((PKCS10CertificationRequest) readObject);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return jcaPKCS10CertificationRequest;
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    public static X509Certificate parseCertificate(String str) throws IOException, CertificateException {
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Throwable th = null;
        try {
            Object readObject = pEMParser.readObject();
            if (!X509CertificateHolder.class.isInstance(readObject)) {
                throw new IOException("Expected " + X509CertificateHolder.class);
            }
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) readObject);
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pEMParser.close();
                }
            }
            return certificate;
        } catch (Throwable th3) {
            if (pEMParser != null) {
                if (0 != 0) {
                    try {
                        pEMParser.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pEMParser.close();
                }
            }
            throw th3;
        }
    }

    public static KeyPair generateKeyPair(String str, int i) throws NoSuchAlgorithmException {
        return createKeyPairGenerator(str, i).generateKeyPair();
    }

    public static JcaPKCS10CertificationRequest generateCertificationRequest(String str, KeyPair keyPair, String str2) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequest(new JcaPKCS10CertificationRequestBuilder(new X500Principal(str), keyPair.getPublic()).build(new JcaContentSignerBuilder(str2).build(keyPair.getPrivate())));
    }
}
