package io.gravitee.common.security;

import com.nimbusds.jose.util.Base64URL;
import io.gravitee.gateway.api.http.HttpHeaders;
import java.io.ByteArrayInputStream;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:io/gravitee/common/security/CertificateUtils.class */
public class CertificateUtils {
    private static final Logger log = LoggerFactory.getLogger(CertificateUtils.class);

    public static Optional<X509Certificate> extractCertificate(HttpHeaders httpHeaders, String str) {
        Optional<X509Certificate> empty = Optional.empty();
        String str2 = StringUtils.hasText(str) ? httpHeaders.get(str) : null;
        if (str2 != null) {
            try {
                if (!str2.contains("\n")) {
                    str2 = URLDecoder.decode(str2, Charset.defaultCharset());
                }
                empty = Optional.ofNullable((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str2.replaceAll("\t", "\n").getBytes())));
            } catch (Exception e) {
                log.debug("Unable to retrieve peer certificate from request header '{}'", str, e);
            }
        } else {
            log.debug("Header '{}' missing, unable to retrieve client certificate", str);
        }
        return empty;
    }

    public static Optional<X509Certificate> extractPeerCertificate(SSLSession sSLSession) {
        Optional<X509Certificate> empty = Optional.empty();
        if (sSLSession != null) {
            try {
                empty = Optional.ofNullable((X509Certificate) sSLSession.getPeerCertificates()[0]);
            } catch (Exception e) {
                log.debug("Unable to retrieve peer certificate from request", e);
            }
        } else {
            log.debug("No SSL session available to retrieve peer certificate");
        }
        return empty;
    }

    public static String generateThumbprint(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return Base64URL.encode(messageDigest.digest()).toString();
        } catch (Exception e) {
            log.debug("Unable to generate thumbprint with given algorithm '{}'", str, e);
            return null;
        }
    }

    private CertificateUtils() {
    }
}
