package org.glite.security.util;

import java.io.IOException;
import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:org/glite/security/util/CertUtil.class */
public class CertUtil {
    static Logger logger = Logger.getLogger(CertUtil.class.getName());

    public static String getPEM(X509Certificate x509Certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PEMWriter pEMWriter = new PEMWriter(stringWriter);
        pEMWriter.writeObject(x509Certificate);
        pEMWriter.flush();
        return stringWriter.toString();
    }

    public static String getPEM(X509Certificate[] x509CertificateArr, int i, int i2) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PEMWriter pEMWriter = new PEMWriter(stringWriter);
        while (i <= i2) {
            pEMWriter.writeObject(x509CertificateArr[i]);
        }
        pEMWriter.flush();
        return stringWriter.toString();
    }

    public static String getPEM(X509Certificate[] x509CertificateArr) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PEMWriter pEMWriter = new PEMWriter(stringWriter);
        while (0 < x509CertificateArr.length) {
            pEMWriter.writeObject(x509CertificateArr[0]);
        }
        pEMWriter.flush();
        return stringWriter.toString();
    }

    public static int findClientCert(X509Certificate[] x509CertificateArr) {
        int length = x509CertificateArr.length - 1;
        while (length >= 0 && (x509CertificateArr[length].getBasicConstraints() != -1 || x509CertificateArr[length].getIssuerDN().equals(x509CertificateArr[length].getSubjectDN()))) {
            length--;
        }
        if (length != x509CertificateArr.length) {
            return length;
        }
        logger.error("UpdatingKeymanager: invalid certificate chain, client cert missing.");
        return -1;
    }

    public static boolean keysMatch(PrivateKey privateKey, X509Certificate x509Certificate) {
        return keysMatch(privateKey, x509Certificate.getPublicKey());
    }

    public static boolean keysMatch(PrivateKey privateKey, PublicKey publicKey) {
        if ((privateKey instanceof RSAKey) && (publicKey instanceof RSAKey)) {
            return ((RSAKey) privateKey).getModulus().equals(((RSAKey) publicKey).getModulus());
        }
        throw new IllegalArgumentException("When comparing public and private keys, only RSA keys are supported. Of the keys, " + (((privateKey instanceof RSAKey) || (publicKey instanceof RSAKey)) ? privateKey instanceof RSAKey ? "private key" : "public key" : "neither") + " was RSA key.");
    }

    public static byte[] getExtensionBytes(X509Certificate x509Certificate, String str) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return ASN1Object.fromByteArray(extensionValue).getOctets();
    }

    public static DN getUserDN(X509Certificate[] x509CertificateArr) throws IOException {
        int findClientCert = findClientCert(x509CertificateArr);
        if (findClientCert < 0) {
            throw new IOException("No user certificate found in proxy chain for: " + DNHandler.getSubject(x509CertificateArr[0]).getRFCDN());
        }
        return DNHandler.getSubject(x509CertificateArr[findClientCert]);
    }
}
