package ru.rutoken.openvpnpluginservice.utility;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;
import ru.CryptoPro.JCP.JCP;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Session;
import ru.rutoken.pkcs11wrapper.object.certificate.Pkcs11CertificateObject;
import ru.rutoken.pkcs11wrapper.object.certificate.Pkcs11X509PublicKeyCertificateObject;

/* loaded from: classes5.dex */
public class CertificateConverter {
    public static X509Certificate PEMStringToX509Certificate(String str) throws IOException, CertificateException {
        StringReader stringReader = new StringReader(str);
        try {
            PemReader pemReader = new PemReader(stringReader);
            try {
                X509Certificate X509CertificateFromDer = X509CertificateFromDer(pemReader.readPemObject().getContent());
                pemReader.close();
                stringReader.close();
                return X509CertificateFromDer;
            } finally {
            }
        } catch (Throwable th) {
            try {
                stringReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static X509Certificate X509CertificateFromDer(byte[] bArr) throws CertificateException {
        Certificate generateCertificate = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME).generateCertificate(new ByteArrayInputStream(bArr));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new CertificateException("Invalid certificate type");
    }

    private static X509Certificate X509CertificateFromPkcs11Certificate(Pkcs11Session pkcs11Session, Pkcs11X509PublicKeyCertificateObject pkcs11X509PublicKeyCertificateObject) throws CertificateException {
        return X509CertificateFromDer(pkcs11X509PublicKeyCertificateObject.getValueAttributeValue(pkcs11Session).getByteArrayValue());
    }

    public static String X509CertificateToPEMString(X509Certificate x509Certificate) throws CertificateException {
        StringWriter stringWriter = new StringWriter();
        try {
            PemWriter pemWriter = new PemWriter(stringWriter);
            try {
                pemWriter.writeObject(new PemObject(PEMParser.TYPE_CERTIFICATE, x509Certificate.getEncoded()));
                pemWriter.close();
                return stringWriter.toString();
            } finally {
            }
        } catch (IOException unused) {
            throw new CertificateException("Can not convert certificate");
        }
    }

    public static List<X509Certificate> X509CertificatesFromPkcs11Certificates(Pkcs11Session pkcs11Session, List<Pkcs11CertificateObject> list) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (Pkcs11CertificateObject pkcs11CertificateObject : list) {
            if (pkcs11CertificateObject instanceof Pkcs11X509PublicKeyCertificateObject) {
                arrayList.add(X509CertificateFromPkcs11Certificate(pkcs11Session, (Pkcs11X509PublicKeyCertificateObject) pkcs11CertificateObject));
            }
        }
        return arrayList;
    }
}
