package com.hypersocket.certs;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/hypersocket/certs/X509CertificateUtils.class */
public class X509CertificateUtils {
    static Logger log = LoggerFactory.getLogger(X509CertificateUtils.class);
    private static final String BC = "BC";

    public static KeyStore loadKeystoreFromPEM(InputStream inputStream, InputStream inputStream2, char[] cArr, char[] cArr2, String str) throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException, InvalidPassphraseException, FileFormatException, MismatchedCertificateException {
        return createKeystore(loadKeyPairFromPEM(inputStream, cArr), new X509Certificate[]{loadCertificateFromPEM(inputStream2)}, str, cArr2);
    }

    public static KeyStore loadKeystoreFromPEM(InputStream inputStream, InputStream inputStream2, char[] cArr, char[] cArr2) throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException, InvalidPassphraseException, FileFormatException, MismatchedCertificateException {
        return loadKeystoreFromPEM(inputStream, inputStream2, cArr, cArr2, "importedPEM");
    }

    public static X509Certificate[] validateChain(Certificate[] certificateArr, X509Certificate x509Certificate) throws CertificateException {
        if (log.isInfoEnabled()) {
            log.info("Validating certificate against certificate chain");
        }
        ArrayList arrayList = new ArrayList();
        x509Certificate.checkValidity();
        arrayList.add(x509Certificate);
        X509Certificate x509Certificate2 = x509Certificate;
        if (log.isInfoEnabled()) {
            log.info("Certificate Subject: " + x509Certificate.getSubjectDN());
            log.info("Issued By: " + x509Certificate.getIssuerDN());
            log.info("Validating chain");
        }
        try {
            for (Certificate certificate : certificateArr) {
                X509Certificate x509Certificate3 = (X509Certificate) certificate;
                if (log.isInfoEnabled()) {
                    log.info("Checking validity of certificate " + x509Certificate3.getSubjectDN());
                    log.info("Issued By: " + x509Certificate3.getIssuerDN());
                }
                x509Certificate3.checkValidity();
                if (log.isInfoEnabled()) {
                    log.info("Certificate is valid, verifying certificate is signed by next certificate in chain");
                }
                x509Certificate2.verify(x509Certificate3.getPublicKey());
                if (log.isInfoEnabled()) {
                    log.info("Certificate has been verified against next certificate in chain");
                }
                arrayList.add(x509Certificate3);
                x509Certificate2 = x509Certificate3;
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (CertificateExpiredException e) {
            throw e;
        } catch (CertificateNotYetValidException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new CertificateException(e3);
        }
    }

    public static X509Certificate[] loadCertificateChainFromPEM(InputStream inputStream) throws IOException, CertificateException, FileFormatException {
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        while (true) {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
                    IOUtils.closeQuietly(inputStream);
                    pEMParser.close();
                    return x509CertificateArr;
                }
                if (!(readObject instanceof X509CertificateHolder)) {
                    throw new FileFormatException("Failed to read X509Certificate from InputStream provided");
                }
                arrayList.add(new JcaX509CertificateConverter().setProvider(BC).getCertificate((X509CertificateHolder) readObject));
            } catch (Throwable th) {
                IOUtils.closeQuietly(inputStream);
                pEMParser.close();
                throw th;
            }
        }
    }

    public static X509Certificate loadCertificateFromPEM(InputStream inputStream) throws IOException, CertificateException, FileFormatException {
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        try {
            Object readObject = pEMParser.readObject();
            if (!(readObject instanceof X509CertificateHolder)) {
                throw new FileFormatException("Failed to read X509Certificate from InputStream provided");
            }
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate((X509CertificateHolder) readObject);
            IOUtils.closeQuietly(inputStream);
            pEMParser.close();
            return certificate;
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            pEMParser.close();
            throw th;
        }
    }

    public static void saveKeyPair(KeyPair keyPair, OutputStream outputStream) throws CertificateException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(outputStream));
        try {
            jcaPEMWriter.writeObject(keyPair.getPrivate());
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
        } catch (IOException e) {
            throw new CertificateException("Failed to save key pair", e);
        }
    }

    public static void saveCertificate(Certificate[] certificateArr, OutputStream outputStream) throws CertificateException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(outputStream));
        try {
            for (Certificate certificate : certificateArr) {
                jcaPEMWriter.writeObject(certificate);
            }
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
        } catch (IOException e) {
            throw new CertificateException("Failed to save certificate", e);
        }
    }

    public static KeyStore loadKeyStoreFromPFX(InputStream inputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException, UnrecoverableKeyException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BC);
            keyStore.load(inputStream, cArr);
            IOUtils.closeQuietly(inputStream);
            return keyStore;
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public static KeyStore loadKeyStoreFromJKS(InputStream inputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException, UnrecoverableKeyException {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(inputStream, cArr);
            IOUtils.closeQuietly(inputStream);
            return keyStore;
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    public static KeyPair loadKeyPairFromPEM(InputStream inputStream, char[] cArr) throws InvalidPassphraseException, CertificateException, FileFormatException {
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
        try {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PEMEncryptedKeyPair) {
                    try {
                        readObject = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(cArr));
                    } catch (Exception e) {
                        throw new InvalidPassphraseException(e);
                    }
                } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                    try {
                        readObject = jcaPEMKeyConverter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(cArr)));
                    } catch (Exception e2) {
                        throw new InvalidPassphraseException(e2);
                    }
                }
                if (readObject instanceof PEMKeyPair) {
                    KeyPair loadKeyPair = loadKeyPair((PEMKeyPair) readObject);
                    IOUtils.closeQuietly(inputStream);
                    try {
                        pEMParser.close();
                    } catch (IOException e3) {
                    }
                    return loadKeyPair;
                }
                if (readObject instanceof RSAPrivateCrtKey) {
                    KeyPair loadKeyPair2 = loadKeyPair((RSAPrivateCrtKey) readObject);
                    IOUtils.closeQuietly(inputStream);
                    try {
                        pEMParser.close();
                    } catch (IOException e4) {
                    }
                    return loadKeyPair2;
                }
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new FileFormatException("The file doesn't seem to have any supported key types obj=" + readObject);
                }
                PrivateKey privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
                if (!(privateKey instanceof RSAPrivateCrtKey)) {
                    throw new FileFormatException("Unsupported private key type");
                }
                KeyPair loadKeyPair3 = loadKeyPair((RSAPrivateCrtKey) privateKey);
                IOUtils.closeQuietly(inputStream);
                try {
                    pEMParser.close();
                } catch (IOException e5) {
                }
                return loadKeyPair3;
            } catch (IOException e6) {
                throw new CertificateException("Failed to read from key file", e6);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            try {
                pEMParser.close();
            } catch (IOException e7) {
            }
            throw th;
        }
    }

    private static KeyPair loadKeyPair(RSAPrivateCrtKey rSAPrivateCrtKey) throws CertificateException {
        try {
            return new KeyPair((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent())), rSAPrivateCrtKey);
        } catch (Exception e) {
            throw new CertificateException("Failed to convert RSAPrivateCrtKey into JCE KeyPair", e);
        }
    }

    private static KeyPair loadKeyPair(PEMKeyPair pEMKeyPair) throws CertificateException {
        try {
            return new JcaPEMKeyConverter().getKeyPair(pEMKeyPair);
        } catch (Exception e) {
            throw new CertificateException("Failed to convert PEMKeyPair into JCE KeyPair", e);
        }
    }

    public static KeyPair generatePrivateKey(String str, int i) throws CertificateException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, BC);
            keyPairGenerator.initialize(i, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Throwable th) {
            throw new CertificateException("Failed to generate private key", th);
        }
    }

    static GeneralNames generateNames(String str, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GeneralName(2, str));
        for (String str2 : strArr) {
            int indexOf = str2.indexOf(58);
            if (indexOf == -1) {
                log.warn("Invalid format SAN. " + str2);
            } else {
                arrayList.add(new GeneralName(toSANType(str2.substring(0, indexOf)), str2.substring(indexOf + 1)));
            }
        }
        return new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0]));
    }

    static int toSANType(String str) {
        if (str.equalsIgnoreCase("EMAIL")) {
            return 1;
        }
        if (str.equalsIgnoreCase("DNS")) {
            return 2;
        }
        if (str.equalsIgnoreCase("URI")) {
            return 6;
        }
        if (str.equalsIgnoreCase("IP")) {
            return 7;
        }
        if (str.equalsIgnoreCase("OID")) {
            return 8;
        }
        if (str.equalsIgnoreCase("OTHER")) {
            return 0;
        }
        if (str.equalsIgnoreCase("X400")) {
            return 3;
        }
        return str.equalsIgnoreCase("EDI") ? 5 : 0;
    }

    public static X509Certificate generateSelfSignedCertificate(String str, String str2, String str3, String str4, String str5, String str6, KeyPair keyPair, String str7, String[] strArr) {
        try {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.OU, str2);
            x500NameBuilder.addRDN(BCStyle.O, str3);
            x500NameBuilder.addRDN(BCStyle.L, str4);
            x500NameBuilder.addRDN(BCStyle.ST, str5);
            x500NameBuilder.addRDN(BCStyle.CN, str);
            Date date = new Date(System.currentTimeMillis() - 2592000000L);
            Date date2 = new Date(System.currentTimeMillis() + 315360000000L);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500NameBuilder.build(), keyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, generateNames(str, strArr));
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(str7).setProvider(BC).build(keyPair.getPrivate())));
            certificate.checkValidity(new Date());
            certificate.verify(certificate.getPublicKey());
            return certificate;
        } catch (Throwable th) {
            throw new RuntimeException("Failed to generate self-signed certificate!", th);
        }
    }

    public static KeyStore createKeystore(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, MismatchedCertificateException {
        return createKeystore(keyPair, x509CertificateArr, str, cArr, "JKS");
    }

    public static KeyStore createPKCS12Keystore(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, MismatchedCertificateException {
        return createKeystore(keyPair, x509CertificateArr, str, cArr, "PKCS12");
    }

    public static KeyStore createKeystore(KeyPair keyPair, X509Certificate[] x509CertificateArr, String str, char[] cArr, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, MismatchedCertificateException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(null);
        if (!keyPair.getPublic().equals(x509CertificateArr[0].getPublicKey())) {
            throw new MismatchedCertificateException();
        }
        keyStore.setKeyEntry(str, keyPair.getPrivate(), cArr, x509CertificateArr);
        return keyStore;
    }

    public static byte[] generatePKCS10(PrivateKey privateKey, PublicKey publicKey, String str, String str2, String str3, String str4, String str5, String str6, String[] strArr) throws Exception {
        ContentSigner build = new JcaContentSignerBuilder("SHA512WithRSA").build(privateKey);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.OU, str2);
        x500NameBuilder.addRDN(BCStyle.O, str3);
        x500NameBuilder.addRDN(BCStyle.L, str4);
        x500NameBuilder.addRDN(BCStyle.C, str6);
        x500NameBuilder.addRDN(BCStyle.ST, str5);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(x500NameBuilder.build().getEncoded()), publicKey);
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generateNames(str, strArr));
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        PKCS10CertificationRequest build2 = jcaPKCS10CertificationRequestBuilder.build(build);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JcaPEMWriter jcaPEMWriter = null;
        try {
            jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream));
            jcaPEMWriter.writeObject(build2);
            if (jcaPEMWriter != null) {
                jcaPEMWriter.close();
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            if (jcaPEMWriter != null) {
                jcaPEMWriter.close();
            }
            throw th;
        }
    }
}
