package com.yubico.internal.util;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:lib/yubico-util-1.6.4.jar:com/yubico/internal/util/CertificateParser.class */
public class CertificateParser {
    private static final Provider BC_PROVIDER = new BouncyCastleProvider();
    private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
    private static final List<String> FIXSIG = Arrays.asList("CN=Yubico U2F EE Serial 776137165", "CN=Yubico U2F EE Serial 1086591525", "CN=Yubico U2F EE Serial 1973679733", "CN=Yubico U2F EE Serial 13503277888", "CN=Yubico U2F EE Serial 13831167861", "CN=Yubico U2F EE Serial 14803321578");
    private static final int UNUSED_BITS_BYTE_INDEX_FROM_END = 257;

    public static X509Certificate parsePem(String str) throws CertificateException {
        return parseDer(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", "").replaceAll("\n", ""));
    }

    public static X509Certificate parseDer(String str) throws CertificateException {
        return parseDer(BASE64_DECODER.decode(str));
    }

    public static X509Certificate parseDer(byte[] bArr) throws CertificateException {
        return parseDer(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate parseDer(InputStream inputStream) throws CertificateException {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BC_PROVIDER).generateCertificate(inputStream);
        if (FIXSIG.contains(x509Certificate.getSubjectDN().getName())) {
            byte[] encoded = x509Certificate.getEncoded();
            if (encoded.length < UNUSED_BITS_BYTE_INDEX_FROM_END) {
                throw new IllegalArgumentException(String.format("Expected DER encoded cert to be at least %d bytes, was %d: %s", Integer.valueOf(UNUSED_BITS_BYTE_INDEX_FROM_END), Integer.valueOf(encoded.length), x509Certificate));
            }
            encoded[encoded.length - UNUSED_BITS_BYTE_INDEX_FROM_END] = 0;
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", BC_PROVIDER).generateCertificate(new ByteArrayInputStream(encoded));
        }
        return x509Certificate;
    }
}
