package com.agfa.pacs.listtext.lta.util;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/agfa/pacs/listtext/lta/util/CertificateUtils.class */
public class CertificateUtils {
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final int KEYPAIR_LENGTH = 2048;

    /* loaded from: input_file:com/agfa/pacs/listtext/lta/util/CertificateUtils$CertificateInfo.class */
    public static class CertificateInfo {
        private final PrivateKey privateKey;
        private final X509Certificate certificate;

        private CertificateInfo(PrivateKey privateKey, X509Certificate x509Certificate) {
            this.privateKey = privateKey;
            this.certificate = x509Certificate;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public Certificate getCertificate() {
            return this.certificate;
        }

        /* synthetic */ CertificateInfo(PrivateKey privateKey, X509Certificate x509Certificate, CertificateInfo certificateInfo) {
            this(privateKey, x509Certificate);
        }
    }

    public static String getLocalCN() throws UnknownHostException {
        return InetAddress.getLocalHost().getCanonicalHostName();
    }

    public static boolean isCertificateValid(X509Certificate x509Certificate) {
        return isCertificateValid(x509Certificate, false);
    }

    public static boolean isCertificateValid(X509Certificate x509Certificate, boolean z) {
        try {
            x509Certificate.checkValidity();
            if (z) {
                return StringUtils.equalsIgnoreCase(getLocalCN(), X500Name.asX500Name(x509Certificate.getSubjectX500Principal()).getCommonName());
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public static CertificateInfo createSelfSignedCertificate(String str, String str2, String str3, String str4) throws Exception {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(new GeneralNames().add(new GeneralName(new DNSName(str)))));
        X500Name x500Name = new X500Name(str, str3, str2, str4);
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", SIGNATURE_ALGORITHM, (String) null);
        certAndKeyGen.generate(KEYPAIR_LENGTH);
        return new CertificateInfo(certAndKeyGen.getPrivateKey(), certAndKeyGen.getSelfCertificate(x500Name, new Date(), 94608000L, certificateExtensions), null);
    }

    public static void clearKeystore(KeyStore keyStore, String... strArr) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (strArr == null || !ArrayUtils.contains(strArr, nextElement)) {
                keyStore.deleteEntry(nextElement);
            }
        }
    }
}
