package de.sep.sesam.security;

import de.sep.sesam.common.security.CertificateUtils;
import de.sep.sesam.common.security.PasswordController;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import javax.security.auth.DestroyFailedException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/sep/sesam/security/CertificateGenerateUtils.class */
public class CertificateGenerateUtils {
    static final /* synthetic */ boolean $assertionsDisabled;

    public static void generateKeyWithCert(File file, File file2) throws NoSuchAlgorithmException, IOException, OperatorCreationException, CertificateException {
        if (!$assertionsDisabled && file == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && file2 == null) {
            throw new AssertionError();
        }
        generateKeyWithCert(file, file2, null, null, null, null, true);
    }

    public static void generateDbKeyWithCert(File file, File file2, File file3, File file4) throws NoSuchAlgorithmException, IOException, OperatorCreationException, CertificateException {
        if (!$assertionsDisabled && file == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && file2 == null) {
            throw new AssertionError();
        }
        generateKeyWithCert(file, file2, getUserAuthenticationCertificateSubject(file4), "CN=ui", getUserAuthenticationPrivateKey(file3), null, false);
    }

    private static void generateKeyWithCert(File file, File file2, String str, String str2, PrivateKey privateKey, Integer num, boolean z) throws NoSuchAlgorithmException, IOException, OperatorCreationException, CertificateException {
        if (!$assertionsDisabled && file == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && file2 == null) {
            throw new AssertionError();
        }
        String trim = StringUtils.isNotBlank(str2) ? StringUtils.trim(str2) : "CN=sesam";
        String trim2 = StringUtils.isNotBlank(str) ? StringUtils.trim(str) : trim;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(4096);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        if (!$assertionsDisabled && genKeyPair == null) {
            throw new AssertionError();
        }
        byte[] encoded = genKeyPair.getPrivate().getEncoded();
        FileWriter fileWriter = new FileWriter(file);
        try {
            fileWriter.append((CharSequence) "-----BEGIN PRIVATE KEY-----\n");
            fileWriter.append((CharSequence) Base64.encodeBase64String(encoded).replaceAll("(.{64})", "$1\n"));
            fileWriter.append((CharSequence) "\n-----END PRIVATE KEY-----");
            fileWriter.close();
            PrivateKey privateKey2 = privateKey != null ? privateKey : genKeyPair.getPrivate();
            Security.addProvider(new BouncyCastleProvider());
            ContentSigner build = privateKey2 != null ? new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey2) : null;
            if (build == null || genKeyPair.getPublic() == null) {
                return;
            }
            ASN1InputStream aSN1InputStream = new ASN1InputStream(genKeyPair.getPublic().getEncoded());
            try {
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aSN1InputStream.readObject());
                BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
                Date date = new Date(System.currentTimeMillis() - 100000);
                Calendar calendar = Calendar.getInstance();
                calendar.add(1, ((Integer) Optional.ofNullable(num).orElse(10)).intValue());
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(trim2), valueOf, date, new Date(calendar.getTime().getTime()), new X500Name(trim), subjectPublicKeyInfo);
                if (z) {
                    DigestCalculator digestCalculator = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new X509ExtensionUtils(digestCalculator).createSubjectKeyIdentifier(subjectPublicKeyInfo));
                    x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new X509ExtensionUtils(digestCalculator).createAuthorityKeyIdentifier(subjectPublicKeyInfo));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
                }
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(build));
                FileWriter fileWriter2 = new FileWriter(file2);
                try {
                    fileWriter2.append((CharSequence) "-----BEGIN CERTIFICATE-----\n");
                    fileWriter2.append((CharSequence) Base64.encodeBase64String(certificate.getEncoded()).replaceAll("(.{64})", "$1\n"));
                    fileWriter2.append((CharSequence) "\n-----END CERTIFICATE-----");
                    fileWriter2.close();
                    aSN1InputStream.close();
                } finally {
                }
            } catch (Throwable th) {
                try {
                    aSN1InputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Throwable th3) {
            try {
                fileWriter.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    public static List<String> generateUserCertificate(String str) throws NoSuchAlgorithmException, IOException, OperatorCreationException, CertificateException, InvalidKeySpecException {
        String str2 = null;
        String str3 = null;
        String str4 = null;
        if (StringUtils.isNotBlank(str)) {
            PrivateKey userAuthenticationPrivateKey = getUserAuthenticationPrivateKey(CertificateUtils.getUserAuthenticationPrivateKeyFile());
            String userAuthenticationCertificateSubject = getUserAuthenticationCertificateSubject(CertificateUtils.getUserAuthenticationCertificateFile());
            if (userAuthenticationPrivateKey != null && !userAuthenticationPrivateKey.isDestroyed()) {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(4096);
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                str2 = Base64.encodeBase64String(genKeyPair.getPrivate().getEncoded()).replaceAll("(.{64})", "$1\n");
                Security.addProvider(new BouncyCastleProvider());
                ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(userAuthenticationPrivateKey);
                BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
                Date date = new Date(System.currentTimeMillis() - 100000);
                Calendar calendar = Calendar.getInstance();
                calendar.add(1, 1);
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Name(StringUtils.isNotBlank(userAuthenticationCertificateSubject) ? userAuthenticationCertificateSubject : "CN=sesam"), valueOf, date, new Date(calendar.getTime().getTime()), new X500Name("CN=" + StringUtils.trim(str)), genKeyPair.getPublic()).build(build));
                if (certificate != null) {
                    str3 = Base64.encodeBase64String(certificate.getEncoded()).replaceAll("(.{64})", "$1\n");
                    try {
                        str4 = StringUtils.lowerCase(DigestUtils.sha1Hex(certificate.getEncoded()));
                    } catch (CertificateEncodingException e) {
                    }
                }
                try {
                    userAuthenticationPrivateKey.destroy();
                } catch (DestroyFailedException e2) {
                }
            }
        }
        char[] charArray = ("#" + str + "#").toCharArray();
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotBlank(str2) && StringUtils.isNotBlank(str3)) {
            arrayList.add(PasswordController.getInstance().encrypt(charArray, str2));
            arrayList.add(PasswordController.getInstance().encrypt(charArray, str3));
        }
        if (StringUtils.isNotBlank(str4)) {
            arrayList.add(PasswordController.getInstance().encrypt(charArray, str4));
        }
        return CollectionUtils.isNotEmpty(arrayList) ? Collections.unmodifiableList(arrayList) : Collections.emptyList();
    }

    private static PrivateKey getUserAuthenticationPrivateKey(File file) {
        PrivateKey privateKey = null;
        if (file != null && file.canRead()) {
            try {
                FileReader fileReader = new FileReader(file);
                try {
                    privateKey = new JcaPEMKeyConverter().getPrivateKey(PrivateKeyInfo.getInstance(new PEMParser(fileReader).readObject()));
                    fileReader.close();
                } finally {
                }
            } catch (IOException e) {
            }
        }
        return privateKey;
    }

    private static String getUserAuthenticationCertificateSubject(File file) {
        String str = null;
        if (file != null && file.canRead()) {
            try {
                FileReader fileReader = new FileReader(file);
                try {
                    Object readObject = new PEMParser(fileReader).readObject();
                    if ((readObject instanceof X509CertificateHolder) && ((X509CertificateHolder) readObject).getSubject() != null) {
                        str = ((X509CertificateHolder) readObject).getSubject().toString();
                    }
                    fileReader.close();
                } finally {
                }
            } catch (IOException e) {
            }
        }
        return str;
    }

    public static void convertPemKeyToDer(File file) {
        File privateKeyFilePk8 = CertificateUtils.getPrivateKeyFilePk8(file);
        if (privateKeyFilePk8 == null || privateKeyFilePk8.canRead()) {
            return;
        }
        byte[] bArr = null;
        PrivateKey userAuthenticationPrivateKey = getUserAuthenticationPrivateKey(file);
        if (userAuthenticationPrivateKey != null && !userAuthenticationPrivateKey.isDestroyed()) {
            if (StringUtils.equals(userAuthenticationPrivateKey.getFormat(), "PKCS#8")) {
                bArr = userAuthenticationPrivateKey.getEncoded();
            } else if (StringUtils.equals(userAuthenticationPrivateKey.getFormat(), "PKCS#1")) {
                try {
                    ASN1Encodable parsePrivateKey = PrivateKeyInfo.getInstance(userAuthenticationPrivateKey.getEncoded()).parsePrivateKey();
                    if (!$assertionsDisabled && parsePrivateKey == null) {
                        throw new AssertionError();
                    }
                    bArr = parsePrivateKey.toASN1Primitive().getEncoded(ASN1Encoding.DER);
                } catch (IOException e) {
                }
            }
        }
        if (ArrayUtils.isEmpty(bArr)) {
            return;
        }
        try {
            Files.write(privateKeyFilePk8.toPath(), bArr, new OpenOption[0]);
            CertificateUtils.checkPrivateKeyFilePermissions(privateKeyFilePk8);
        } catch (IOException e2) {
        }
    }

    static {
        $assertionsDisabled = !CertificateGenerateUtils.class.desiredAssertionStatus();
    }
}
