package org.xwiki.crypto.x509.internal;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.netscape.NetscapeCertRequest;
import org.xwiki.crypto.internal.Convert;
import org.xwiki.crypto.passwd.PasswordCryptoService;
import org.xwiki.crypto.x509.XWikiX509Certificate;
import org.xwiki.crypto.x509.XWikiX509KeyPair;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-crypto-5.2-milestone-2.jar:org/xwiki/crypto/x509/internal/X509KeyService.class */
public class X509KeyService {
    private final X509Keymaker keymaker = new X509Keymaker();

    public XWikiX509Certificate[] certsFromSpkac(String str, int i, String str2, String str3) throws GeneralSecurityException {
        checkWebID(str2);
        if (str == null) {
            throw new InvalidParameterException("SPKAC parameter is null");
        }
        try {
            X509Certificate[] makeClientAndAuthorityCertificates = this.keymaker.makeClientAndAuthorityCertificates(new NetscapeCertRequest(Convert.fromBase64String(str)).getPublicKey(), i, true, str2, str3);
            return new XWikiX509Certificate[]{new XWikiX509Certificate(makeClientAndAuthorityCertificates[0]), new XWikiX509Certificate(makeClientAndAuthorityCertificates[1])};
        } catch (Exception e) {
            throw new GeneralSecurityException("Failed to parse certificate request", e);
        }
    }

    public XWikiX509KeyPair newCertAndPrivateKey(int i, String str, String str2, String str3, PasswordCryptoService passwordCryptoService) throws GeneralSecurityException {
        checkWebID(str);
        KeyPair newKeyPair = this.keymaker.newKeyPair();
        return new DefaultXWikiX509KeyPair(new XWikiX509Certificate(this.keymaker.makeClientCertificate(newKeyPair.getPublic(), newKeyPair, i, false, str, str2)), newKeyPair.getPrivate(), str3, passwordCryptoService);
    }

    private void checkWebID(String str) throws GeneralSecurityException {
        try {
            if (new URI(str).isAbsolute()) {
            } else {
                throw new GeneralSecurityException("webID must be an absolute URI, got: " + str);
            }
        } catch (URISyntaxException e) {
            throw new GeneralSecurityException("webID must be valid URI, got: " + str, e);
        }
    }
}
