package com.puppetlabs.ssl_utils;

import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.joda.time.DateTime;

/* loaded from: input_file:com/puppetlabs/ssl_utils/SSLUtils.class */
public class SSLUtils {
    public static final int DEFAULT_KEY_LENGTH = 4096;

    public static KeyPair generateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException {
        return generateKeyPair(DEFAULT_KEY_LENGTH);
    }

    public static KeyPair generateKeyPair(int i) throws NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.generateKeyPair();
    }

    public static String getCommonNameFromX500Name(String str) {
        AttributeTypeAndValue first;
        RDN[] rDNs = new X500Name(BCStyle.INSTANCE, str).getRDNs(BCStyle.CN);
        String str2 = "";
        if (rDNs.length > 0 && (first = rDNs[0].getFirst()) != null) {
            str2 = first.getValue().toString();
        }
        return str2;
    }

    public static PKCS10CertificationRequest generateCertificateRequest(KeyPair keyPair, String str, List<Map<String, Object>> list) throws IOException, OperatorCreationException {
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(BCStyle.INSTANCE, str), keyPair.getPublic());
        if (list != null && list.size() > 0) {
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, ExtensionsUtils.getExtensionsObjFromMap(list));
        }
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()));
    }

    public static X509Certificate signCertificate(String str, PrivateKey privateKey, BigInteger bigInteger, Date date, Date date2, String str2, PublicKey publicKey, List<Map<String, Object>> list) throws IOException, OperatorCreationException, CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(BCStyle.INSTANCE, str), bigInteger, date, date2, new X500Name(BCStyle.INSTANCE, str2), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        Extensions extensionsObjFromMap = ExtensionsUtils.getExtensionsObjFromMap(list);
        if (extensionsObjFromMap != null) {
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier : extensionsObjFromMap.getNonCriticalExtensionOIDs()) {
                x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier, false, extensionsObjFromMap.getExtension(aSN1ObjectIdentifier).getParsedValue());
            }
            for (ASN1ObjectIdentifier aSN1ObjectIdentifier2 : extensionsObjFromMap.getCriticalExtensionOIDs()) {
                x509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier2, true, extensionsObjFromMap.getExtension(aSN1ObjectIdentifier2).getParsedValue());
            }
        }
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(privateKey.getEncoded()))));
    }

    public static X509CRL generateCRL(X500Principal x500Principal, PrivateKey privateKey, PublicKey publicKey) throws CRLException, IOException, OperatorCreationException, InvalidKeyException {
        DateTime now = DateTime.now();
        Date date = now.toDate();
        Date date2 = now.plusYears(5).toDate();
        JcaX509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(x500Principal, date);
        jcaX509v2CRLBuilder.setNextUpdate(date2);
        jcaX509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(publicKey));
        jcaX509v2CRLBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(BigInteger.ZERO));
        return new JcaX509CRLConverter().getCRL(jcaX509v2CRLBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(privateKey)));
    }

    public static boolean isRevoked(X509CRL x509crl, X509Certificate x509Certificate) {
        return x509crl.isRevoked(x509Certificate);
    }

    public static X509CRL revoke(X509CRL x509crl, PrivateKey privateKey, PublicKey publicKey, BigInteger bigInteger) throws CRLException, IOException, CertIOException, OperatorCreationException, InvalidKeyException {
        DateTime now = DateTime.now();
        Date date = now.minusSeconds(1).toDate();
        Date date2 = now.plusYears(5).toDate();
        JcaX509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(x509crl.getIssuerX500Principal(), date);
        jcaX509v2CRLBuilder.setNextUpdate(date2);
        jcaX509v2CRLBuilder.addCRL(new JcaX509CRLHolder(x509crl));
        jcaX509v2CRLBuilder.addCRLEntry(bigInteger, now.toDate(), 1);
        BigInteger bigInteger2 = (BigInteger) ExtensionsUtils.getExtensionValue(x509crl, ExtensionsUtils.CRL_NUMBER_OID);
        jcaX509v2CRLBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber((bigInteger2 == null ? BigInteger.ZERO : bigInteger2).add(BigInteger.ONE)));
        jcaX509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(publicKey));
        return new JcaX509CRLConverter().getCRL(jcaX509v2CRLBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(privateKey)));
    }

    public static X509CRL pemToCRL(Reader reader) throws IOException, CRLException {
        List<Object> pemToObjects = pemToObjects(reader);
        if (pemToObjects.size() > 1) {
            throw new IllegalArgumentException("The PEM stream contains more than one object");
        }
        return new JcaX509CRLConverter().getCRL((X509CRLHolder) pemToObjects.get(0));
    }

    public static List<X509CRL> pemToCRLs(Reader reader) throws IOException, CRLException {
        List<Object> pemToObjects = pemToObjects(reader);
        ArrayList arrayList = new ArrayList(pemToObjects.size());
        JcaX509CRLConverter jcaX509CRLConverter = new JcaX509CRLConverter();
        Iterator<Object> it = pemToObjects.iterator();
        while (it.hasNext()) {
            arrayList.add(jcaX509CRLConverter.getCRL((X509CRLHolder) it.next()));
        }
        return arrayList;
    }

    public static PKCS10CertificationRequest pemToCertificateRequest(Reader reader) throws IOException {
        List<Object> pemToObjects = pemToObjects(reader);
        if (pemToObjects.size() > 1) {
            throw new IllegalArgumentException("The PEM stream contains more than one object");
        }
        return (PKCS10CertificationRequest) pemToObjects.get(0);
    }

    public static KeyStore createKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        return keyStore;
    }

    public static List<Object> pemToObjects(Reader reader) throws IOException {
        PEMParser pEMParser = new PEMParser(reader);
        ArrayList arrayList = new ArrayList();
        Object readObject = pEMParser.readObject();
        while (true) {
            Object obj = readObject;
            if (obj == null) {
                return arrayList;
            }
            arrayList.add(obj);
            readObject = pEMParser.readObject();
        }
    }

    public static void writeToPEM(Object obj, Writer writer) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(writer);
        pEMWriter.writeObject(obj);
        pEMWriter.flush();
    }

    public static List<X509Certificate> pemToCerts(Reader reader) throws CertificateException, IOException {
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        List<Object> pemToObjects = pemToObjects(reader);
        ArrayList arrayList = new ArrayList(pemToObjects.size());
        Iterator<Object> it = pemToObjects.iterator();
        while (it.hasNext()) {
            arrayList.add(jcaX509CertificateConverter.getCertificate((X509CertificateHolder) it.next()));
        }
        return arrayList;
    }

    public static X509Certificate pemToCert(Reader reader) throws CertificateException, IOException {
        List<X509Certificate> pemToCerts = pemToCerts(reader);
        if (pemToCerts.size() != 1) {
            throw new IllegalArgumentException("The PEM stream must contain exactly 1 certificate");
        }
        return pemToCerts.get(0);
    }

    public static PrivateKey objectToPrivateKey(Object obj) throws PEMException {
        if (obj instanceof PrivateKeyInfo) {
            return new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) obj);
        }
        if (obj instanceof PEMKeyPair) {
            return new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) obj).getPrivate();
        }
        throw new IllegalArgumentException("Expected a KeyPair or PrivateKey, got " + obj);
    }

    public static List<PrivateKey> pemToPrivateKeys(Reader reader) throws IOException {
        List<Object> pemToObjects = pemToObjects(reader);
        ArrayList arrayList = new ArrayList(pemToObjects.size());
        Iterator<Object> it = pemToObjects.iterator();
        while (it.hasNext()) {
            arrayList.add(objectToPrivateKey(it.next()));
        }
        return arrayList;
    }

    public static PrivateKey pemToPrivateKey(Reader reader) throws IOException {
        List<PrivateKey> pemToPrivateKeys = pemToPrivateKeys(reader);
        if (pemToPrivateKeys.size() != 1) {
            throw new IllegalArgumentException("The PEM stream must contain exactly one private key");
        }
        return pemToPrivateKeys.get(0);
    }

    public static PublicKey pemToPublicKey(Reader reader) throws IOException {
        List<Object> pemToObjects = pemToObjects(reader);
        if (pemToObjects.size() != 1) {
            throw new IllegalArgumentException("The PEM stream must contain exactly one public key");
        }
        return new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) pemToObjects.get(0));
    }

    public static KeyStore associateCert(KeyStore keyStore, String str, X509Certificate x509Certificate) throws KeyStoreException {
        keyStore.setCertificateEntry(str, x509Certificate);
        return keyStore;
    }

    public static KeyStore associateCertsFromReader(KeyStore keyStore, String str, Reader reader) throws CertificateException, KeyStoreException, IOException {
        ListIterator<X509Certificate> listIterator = pemToCerts(reader).listIterator();
        int i = 0;
        while (listIterator.hasNext()) {
            associateCert(keyStore, str + "-" + i, listIterator.next());
            i++;
        }
        return keyStore;
    }

    public static KeyStore associatePrivateKey(KeyStore keyStore, String str, PrivateKey privateKey, String str2, X509Certificate x509Certificate) throws KeyStoreException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("associatePrivateKey requires a value for a cert");
        }
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        associatePrivateKey(keyStore, str, privateKey, str2, arrayList);
        return keyStore;
    }

    public static KeyStore associatePrivateKey(KeyStore keyStore, String str, PrivateKey privateKey, String str2, List<X509Certificate> list) throws KeyStoreException {
        if (list == null || list.size() == 0) {
            throw new IllegalArgumentException("associatePrivateKey requires at least one cert");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[list.size()];
        list.toArray(x509CertificateArr);
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), x509CertificateArr);
        return keyStore;
    }

    public static KeyStore associatePrivateKeyFromReader(KeyStore keyStore, String str, Reader reader, String str2, Reader reader2) throws CertificateException, KeyStoreException, IOException {
        PrivateKey pemToPrivateKey = pemToPrivateKey(reader);
        List<X509Certificate> pemToCerts = pemToCerts(reader2);
        if (pemToCerts.size() < 1) {
            throw new IllegalArgumentException("The PEM stream contains no certificates");
        }
        return associatePrivateKey(keyStore, str, pemToPrivateKey, str2, pemToCerts);
    }

    public static Map<String, Object> pemsToKeyAndTrustStores(Reader reader, Reader reader2, Reader reader3) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        KeyStore createKeyStore = createKeyStore();
        associateCertsFromReader(createKeyStore, "CA Certificate", reader3);
        KeyStore createKeyStore2 = createKeyStore();
        String uuid = UUID.randomUUID().toString();
        associatePrivateKeyFromReader(createKeyStore2, "Private Key", reader2, uuid, reader);
        HashMap hashMap = new HashMap();
        hashMap.put("truststore", createKeyStore);
        hashMap.put("keystore", createKeyStore2);
        hashMap.put("keystore-pw", uuid);
        return hashMap;
    }

    public static KeyManagerFactory getKeyManagerFactory(KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        return keyManagerFactory;
    }

    private static KeyManagerFactory getKeyManagerFactory(Map<String, Object> map) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        return getKeyManagerFactory((KeyStore) map.get("keystore"), (String) map.get("keystore-pw"));
    }

    public static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore, Reader reader) throws NoSuchAlgorithmException, KeyStoreException, IOException, CRLException, InvalidAlgorithmParameterException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        if (reader != null) {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
            pKIXBuilderParameters.setRevocationEnabled(true);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(pemToCRLs(reader))));
            trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
        } else {
            trustManagerFactory.init(keyStore);
        }
        return trustManagerFactory;
    }

    private static SSLContext managerFactoriesToSSLContext(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory) throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    public static SSLContext pemsToSSLContext(Reader reader, Reader reader2, Reader reader3) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
        Map<String, Object> pemsToKeyAndTrustStores = pemsToKeyAndTrustStores(reader, reader2, reader3);
        return managerFactoriesToSSLContext(getKeyManagerFactory(pemsToKeyAndTrustStores), getTrustManagerFactory((KeyStore) pemsToKeyAndTrustStores.get("truststore")));
    }

    public static SSLContext pemsToSSLContext(Reader reader, Reader reader2, Reader reader3, Reader reader4) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, CRLException, InvalidAlgorithmParameterException {
        Map<String, Object> pemsToKeyAndTrustStores = pemsToKeyAndTrustStores(reader, reader2, reader3);
        return managerFactoriesToSSLContext(getKeyManagerFactory(pemsToKeyAndTrustStores), getTrustManagerFactory((KeyStore) pemsToKeyAndTrustStores.get("truststore"), reader4));
    }

    private static KeyStore caCertPemToTrustStore(Reader reader) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        return associateCertsFromReader(createKeyStore(), "CA Certificate", reader);
    }

    public static SSLContext caCertPemToSSLContext(Reader reader) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        return managerFactoriesToSSLContext(null, getTrustManagerFactory(caCertPemToTrustStore(reader)));
    }

    public static SSLContext caCertAndCrlPemsToSSLContext(Reader reader, Reader reader2) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException, CRLException, InvalidAlgorithmParameterException {
        return managerFactoriesToSSLContext(null, getTrustManagerFactory(caCertPemToTrustStore(reader), reader2));
    }

    public static String getCnFromX500Principal(X500Principal x500Principal) {
        return getCommonNameFromX500Name(x500Principal.getName());
    }

    public static String getSubjectFromX509Certificate(X509Certificate x509Certificate) {
        return BCStyle.INSTANCE.toString(X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()));
    }

    public static PublicKey getPublicKey(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        return new JcaPEMKeyConverter().getPublicKey(pKCS10CertificationRequest.getSubjectPublicKeyInfo());
    }

    public static PublicKey getPublicKey(KeyPair keyPair) {
        return keyPair.getPublic();
    }

    public static PrivateKey getPrivateKey(KeyPair keyPair) {
        return keyPair.getPrivate();
    }

    public static BigInteger getSerialNumber(X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber();
    }

    public static String x500Name(List<String> list) {
        if (list.size() % 2 != 0) {
            throw new IllegalArgumentException("The RDN pairs list must contain an even number of elements.");
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        int i = 0;
        while (i < list.size()) {
            String str = list.get(i);
            int i2 = i + 1;
            x500NameBuilder.addRDN(BCStyle.INSTANCE.attrNameToOID(str), list.get(i2));
            i = i2 + 1;
        }
        return x500NameBuilder.build().toString();
    }

    public static String x500NameCn(String str) {
        return new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, str).build().toString();
    }

    public static boolean isSignatureValid(PKCS10CertificationRequest pKCS10CertificationRequest) throws OperatorCreationException, PKCSException {
        return pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(pKCS10CertificationRequest.getSubjectPublicKeyInfo()));
    }

    public static String getFingerprint(X509Certificate x509Certificate, String str) throws CertificateEncodingException {
        return getFingerprint(x509Certificate.getEncoded(), str);
    }

    public static String getFingerprint(PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws IOException {
        return getFingerprint(pKCS10CertificationRequest.getEncoded(), str);
    }

    private static String getFingerprint(byte[] bArr, String str) {
        return Hex.encodeHexString(DigestUtils.getDigest(str).digest(bArr));
    }
}
