package org.elasticsearch.xpack.core.ssl;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.SocketException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.X509TrustedCertificateBlock;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.network.InetAddressHelper;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.license.License;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;

/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/CertUtils.class */
public class CertUtils {
    static final String CN_OID = "2.5.4.3";
    private static final int SERIAL_BIT_LENGTH = 160;
    static final BouncyCastleProvider BC_PROV;
    static final /* synthetic */ boolean $assertionsDisabled;

    private CertUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressForbidden(reason = "we don't have the environment to resolve files from when running in a transport client")
    public static Path resolvePath(String str, @Nullable Environment environment) {
        return environment != null ? environment.configFile().resolve(str) : PathUtils.get(str, new String[0]).normalize();
    }

    static KeyStore getKeyStoreFromPEM(Path path, Path path2, char[] cArr) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        BufferedReader newBufferedReader = Files.newBufferedReader(path2, StandardCharsets.UTF_8);
        try {
            PrivateKey readPrivateKey = readPrivateKey(newBufferedReader, () -> {
                return cArr;
            });
            if (newBufferedReader != null) {
                $closeResource(null, newBufferedReader);
            }
            return getKeyStore(readCertificates(Collections.singletonList(path)), readPrivateKey, cArr);
        } catch (Throwable th) {
            if (newBufferedReader != null) {
                $closeResource(null, newBufferedReader);
            }
            throw th;
        }
    }

    public static X509ExtendedKeyManager keyManager(Certificate[] certificateArr, PrivateKey privateKey, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
        return keyManager(getKeyStore(certificateArr, privateKey, cArr), cArr, KeyManagerFactory.getDefaultAlgorithm());
    }

    private static KeyStore getKeyStore(Certificate[] certificateArr, PrivateKey privateKey, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", privateKey, cArr, certificateArr);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] cArr, String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new IllegalStateException("failed to find a X509ExtendedKeyManager");
    }

    public static X509ExtendedKeyManager getKeyManager(X509KeyPairSettings x509KeyPairSettings, Settings settings, @Nullable String str, Environment environment) {
        if (str == null) {
            str = TrustManagerFactory.getDefaultAlgorithm();
        }
        KeyConfig createKeyConfig = createKeyConfig(x509KeyPairSettings, settings, str);
        if (createKeyConfig == null) {
            return null;
        }
        return createKeyConfig.createKeyManager(environment);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyConfig createKeyConfig(X509KeyPairSettings x509KeyPairSettings, Settings settings, String str) {
        String str2 = (String) ((Optional) x509KeyPairSettings.keyPath.get(settings)).orElse(null);
        String str3 = (String) ((Optional) x509KeyPairSettings.keystorePath.get(settings)).orElse(null);
        if (str2 != null && str3 != null) {
            throw new IllegalArgumentException("you cannot specify a keystore and key file");
        }
        if (str2 != null) {
            SecureString secureString = (SecureString) x509KeyPairSettings.keyPassword.get(settings);
            String str4 = (String) ((Optional) x509KeyPairSettings.certificatePath.get(settings)).orElse(null);
            if (str4 == null) {
                throw new IllegalArgumentException("you must specify the certificates [" + x509KeyPairSettings.certificatePath.getKey() + "] to use with the key [" + x509KeyPairSettings.keyPath.getKey() + "]");
            }
            return new PEMKeyConfig(str2, secureString, str4);
        }
        if (str3 == null) {
            return null;
        }
        SecureString secureString2 = (SecureString) x509KeyPairSettings.keystorePassword.get(settings);
        String str5 = (String) x509KeyPairSettings.keystoreAlgorithm.get(settings);
        String keyStoreType = SSLConfigurationSettings.getKeyStoreType(x509KeyPairSettings.keystoreType, settings, str3);
        SecureString secureString3 = (SecureString) x509KeyPairSettings.keystoreKeyPassword.get(settings);
        if (secureString3.length() == 0) {
            secureString3 = secureString2;
        }
        return new StoreKeyConfig(str3, keyStoreType, secureString2, secureString3, str5, str);
    }

    public static X509ExtendedTrustManager trustManager(Certificate[] certificateArr) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
        return trustManager(trustStore(certificateArr), TrustManagerFactory.getDefaultAlgorithm());
    }

    static KeyStore trustStore(Certificate[] certificateArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (!$assertionsDisabled && certificateArr == null) {
            throw new AssertionError("Cannot create trust store with null certificates");
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null, null);
        int i = 0;
        for (Certificate certificate : certificateArr) {
            keyStore.setCertificateEntry("cert" + i, certificate);
            i++;
        }
        return keyStore;
    }

    public static X509ExtendedTrustManager trustManager(String str, String str2, char[] cArr, String str3, @Nullable Environment environment) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
        return trustManager(readKeyStore(resolvePath(str, environment), str2, cArr), str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore readKeyStore(Path path, String str, char[] cArr) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            if (!$assertionsDisabled && cArr == null) {
                throw new AssertionError();
            }
            keyStore.load(newInputStream, cArr);
            if (newInputStream != null) {
                $closeResource(null, newInputStream);
            }
            return keyStore;
        } catch (Throwable th) {
            if (newInputStream != null) {
                $closeResource(null, newInputStream);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509ExtendedTrustManager trustManager(KeyStore keyStore, String str) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509ExtendedTrustManager) {
                return (X509ExtendedTrustManager) trustManager;
            }
        }
        throw new IllegalStateException("failed to find a X509ExtendedTrustManager");
    }

    public static Certificate[] readCertificates(List<String> list, @Nullable Environment environment) throws CertificateException, IOException {
        return readCertificates((List) list.stream().map(str -> {
            return resolvePath(str, environment);
        }).collect(Collectors.toList()));
    }

    public static Certificate[] readCertificates(List<Path> list) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList(list.size());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            BufferedReader newBufferedReader = Files.newBufferedReader(it.next(), StandardCharsets.UTF_8);
            Throwable th = null;
            try {
                try {
                    readCertificates(newBufferedReader, arrayList, certificateFactory);
                    if (newBufferedReader != null) {
                        $closeResource(null, newBufferedReader);
                    }
                } finally {
                }
            } catch (Throwable th2) {
                if (newBufferedReader != null) {
                    $closeResource(th, newBufferedReader);
                }
                throw th2;
            }
        }
        return (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
    }

    static void readCertificates(Reader reader, List<Certificate> list, CertificateFactory certificateFactory) throws IOException, CertificateException {
        X509CertificateHolder certificateHolder;
        PEMParser pEMParser = new PEMParser(reader);
        try {
            Object readObject = pEMParser.readObject();
            if (readObject == null) {
                throw new IllegalArgumentException("could not parse pem certificate");
            }
            while (readObject != null) {
                if (readObject instanceof X509CertificateHolder) {
                    certificateHolder = (X509CertificateHolder) readObject;
                } else {
                    if (!(readObject instanceof X509TrustedCertificateBlock)) {
                        String str = "parsed an unsupported object [" + readObject.getClass().getSimpleName() + "]";
                        if ((readObject instanceof PEMEncryptedKeyPair) || (readObject instanceof PEMKeyPair) || (readObject instanceof PrivateKeyInfo)) {
                            str = str + ". Encountered a PEM Key while expecting a PEM certificate.";
                        }
                        throw new IllegalArgumentException(str);
                    }
                    certificateHolder = ((X509TrustedCertificateBlock) readObject).getCertificateHolder();
                }
                list.add(certificateFactory.generateCertificate(new ByteArrayInputStream(certificateHolder.getEncoded())));
                readObject = pEMParser.readObject();
            }
        } finally {
            $closeResource(null, pEMParser);
        }
    }

    public static PrivateKey readPrivateKey(Reader reader, Supplier<char[]> supplier) throws IOException {
        PEMParser pEMParser = new PEMParser(reader);
        try {
            PrivateKeyInfo innerReadPrivateKey = innerReadPrivateKey(pEMParser, supplier);
            if (pEMParser.readObject() != null) {
                throw new IllegalStateException("key file contained more that one entry");
            }
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            jcaPEMKeyConverter.setProvider(BC_PROV);
            PrivateKey privateKey = jcaPEMKeyConverter.getPrivateKey(innerReadPrivateKey);
            $closeResource(null, pEMParser);
            return privateKey;
        } catch (Throwable th) {
            $closeResource(null, pEMParser);
            throw th;
        }
    }

    private static PrivateKeyInfo innerReadPrivateKey(PEMParser pEMParser, Supplier<char[]> supplier) throws IOException {
        PrivateKeyInfo privateKeyInfo;
        Object readObject = pEMParser.readObject();
        if (readObject == null) {
            throw new IllegalStateException("key file did not contain a supported key");
        }
        if (readObject instanceof PEMEncryptedKeyPair) {
            char[] cArr = supplier.get();
            if (cArr == null) {
                throw new IllegalArgumentException("cannot read encrypted key without a password");
            }
            privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(BC_PROV).build(cArr)).getPrivateKeyInfo();
        } else if (readObject instanceof PEMKeyPair) {
            privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
        } else {
            if (!(readObject instanceof PrivateKeyInfo)) {
                if (readObject instanceof ASN1ObjectIdentifier) {
                    return innerReadPrivateKey(pEMParser, supplier);
                }
                String str = "parsed an unsupported object [" + readObject.getClass().getSimpleName() + "]";
                if ((readObject instanceof X509CertificateHolder) || (readObject instanceof X509TrustedCertificateBlock)) {
                    str = str + ". Encountered a PEM Certificate while expecting a PEM Key.";
                }
                throw new IllegalArgumentException(str);
            }
            privateKeyInfo = (PrivateKeyInfo) readObject;
        }
        return privateKeyInfo;
    }

    public static Map<Certificate, Key> readPkcs12KeyPairs(Path path, char[] cArr, Function<String, char[]> function, Environment environment) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        KeyStore readKeyStore = readKeyStore(path, "PKCS12", cArr);
        Enumeration<String> aliases = readKeyStore.aliases();
        HashMap hashMap = new HashMap(readKeyStore.size());
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (readKeyStore.isKeyEntry(nextElement)) {
                hashMap.put(readKeyStore.getCertificate(nextElement), readKeyStore.getKey(nextElement, function.apply(nextElement)));
            }
        }
        return hashMap;
    }

    public static X509Certificate generateCACertificate(X500Principal x500Principal, KeyPair keyPair, int i) throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
        return generateSignedCertificate(x500Principal, null, keyPair, null, null, true, i, null);
    }

    public static X509Certificate generateSignedCertificate(X500Principal x500Principal, GeneralNames generalNames, KeyPair keyPair, X509Certificate x509Certificate, PrivateKey privateKey, int i) throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
        return generateSignedCertificate(x500Principal, generalNames, keyPair, x509Certificate, privateKey, false, i, null);
    }

    public static X509Certificate generateSignedCertificate(X500Principal x500Principal, GeneralNames generalNames, KeyPair keyPair, X509Certificate x509Certificate, PrivateKey privateKey, int i, String str) throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
        return generateSignedCertificate(x500Principal, generalNames, keyPair, x509Certificate, privateKey, false, i, str);
    }

    private static X509Certificate generateSignedCertificate(X500Principal x500Principal, GeneralNames generalNames, KeyPair keyPair, X509Certificate x509Certificate, PrivateKey privateKey, boolean z, int i, String str) throws NoSuchAlgorithmException, CertificateException, CertIOException, OperatorCreationException {
        X500Name x500Name;
        AuthorityKeyIdentifier createAuthorityKeyIdentifier;
        Objects.requireNonNull(keyPair, "Key-Pair must not be null");
        DateTime dateTime = new DateTime(DateTimeZone.UTC);
        if (i < 1) {
            throw new IllegalArgumentException("the certificate must be valid for at least one day");
        }
        DateTime plusDays = dateTime.plusDays(i);
        BigInteger serial = getSerial();
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        X500Name x500Name2 = X500Name.getInstance(x500Principal.getEncoded());
        if (x509Certificate == null) {
            x500Name = x500Name2;
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(keyPair.getPublic());
        } else {
            if (x509Certificate.getBasicConstraints() < 0) {
                throw new IllegalArgumentException("ca certificate is not a CA!");
            }
            x500Name = X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded());
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate.getPublicKey());
        }
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, serial, new Time(dateTime.toDate(), Locale.ROOT), new Time(plusDays.toDate(), Locale.ROOT), x500Name2, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier);
        if (generalNames != null) {
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, z, new BasicConstraints(z));
        PrivateKey privateKey2 = privateKey != null ? privateKey : keyPair.getPrivate();
        return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(Strings.isNullOrEmpty(str) ? getDefaultSignatureAlgorithm(privateKey2) : str).setProvider(BC_PROV).build(privateKey2)));
    }

    private static String getDefaultSignatureAlgorithm(PrivateKey privateKey) {
        String str;
        String algorithm = privateKey.getAlgorithm();
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 2206:
                if (algorithm.equals("EC")) {
                    z = 2;
                    break;
                }
                break;
            case 67986:
                if (algorithm.equals("DSA")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (algorithm.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str = "SHA256withRSA";
                break;
            case License.VERSION_START /* 1 */:
                str = "SHA256withDSA";
                break;
            case true:
                str = "SHA256withECDSA";
                break;
            default:
                throw new IllegalArgumentException("Unsupported algorithm : " + privateKey.getAlgorithm() + " for signature, allowed values for private key algorithm are [RSA, DSA, EC]");
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal x500Principal, GeneralNames generalNames) throws IOException, OperatorCreationException {
        Objects.requireNonNull(keyPair, "Key-Pair must not be null");
        Objects.requireNonNull(keyPair.getPublic(), "Public-Key must not be null");
        Objects.requireNonNull(x500Principal, "Principal must not be null");
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Principal, keyPair.getPublic());
        if (generalNames != null) {
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        }
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(BC_PROV).build(keyPair.getPrivate()));
    }

    public static BigInteger getSerial() {
        BigInteger bigInteger = new BigInteger(SERIAL_BIT_LENGTH, new SecureRandom());
        if ($assertionsDisabled || bigInteger.compareTo(BigInteger.valueOf(0L)) >= 0) {
            return bigInteger;
        }
        throw new AssertionError();
    }

    public static KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static GeneralNames getSubjectAlternativeNames(boolean z, Set<InetAddress> set) throws SocketException {
        HashSet hashSet = new HashSet();
        for (InetAddress inetAddress : set) {
            if (inetAddress.isAnyLocalAddress()) {
                for (InetAddress inetAddress2 : InetAddressHelper.getAllAddresses()) {
                    addSubjectAlternativeNames(z, inetAddress2, hashSet);
                }
            } else {
                addSubjectAlternativeNames(z, inetAddress, hashSet);
            }
        }
        return new GeneralNames((GeneralName[]) hashSet.toArray(new GeneralName[hashSet.size()]));
    }

    @SuppressForbidden(reason = "need to use getHostName to resolve DNS name and getHostAddress to ensure we resolved the name")
    private static void addSubjectAlternativeNames(boolean z, InetAddress inetAddress, Set<GeneralName> set) {
        String hostAddress = inetAddress.getHostAddress();
        set.add(new GeneralName(7, NetworkAddress.format(inetAddress)));
        if (!z || inetAddress.isLinkLocalAddress()) {
            return;
        }
        String hostName = inetAddress.getHostName();
        if (hostName.equals(hostAddress)) {
            return;
        }
        set.add(new GeneralName(2, hostName));
    }

    public static GeneralName createCommonName(String str) {
        return new GeneralName(0, new DERSequence(new ASN1Encodable[]{new ASN1ObjectIdentifier(CN_OID), new DERTaggedObject(true, 0, new DERUTF8String(str))}));
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }

    static {
        $assertionsDisabled = !CertUtils.class.desiredAssertionStatus();
        BC_PROV = new BouncyCastleProvider();
    }
}
