package org.eu.mayrhofer.channel;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.commons.codec.binary.Hex;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.apache.log4j.PropertyConfigurator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.provider.JDKPKCS12KeyStore;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.x509.X509Util;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:org/eu/mayrhofer/channel/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private static Logger logger;
    public static final String CertificateSignatureAlgorithm = "SHA1WithRSAEncryption";
    public static final String CertificateExportFriendlyName = "Certificate for IPSec WLAN access";
    public static final String KeyExportFriendlyName = "Private key for IPSec WLAN access";
    private X509Certificate caCert;
    private RSAPrivateCrtKeyParameters caPrivateKey;
    private boolean useBCAPI;
    static Class class$org$eu$mayrhofer$channel$X509CertificateGenerator;

    public static boolean createNewCa(String str, int i, String str2, String str3, String str4, boolean z) throws InvalidKeyException, DataLengthException, SecurityException, SignatureException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, CertificateException, InvalidKeySpecException, IOException, CryptoException {
        return new X509CertificateGenerator(z).createCertificate(str, i, str2, str3, str4);
    }

    public static boolean convertPKCS12toPEM(String str, String str2, String str3, String str4, String str5, String str6) {
        return false;
    }

    protected X509CertificateGenerator(boolean z) {
        this.useBCAPI = z;
        logger.debug("Protected constructor has been called. Assuming that no CA should be loaded but that a new one will be created");
        this.caPrivateKey = null;
        this.caCert = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r17v2 */
    public X509CertificateGenerator(String str, String str2, String str3, boolean z) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Key engineGetKey;
        JDKPKCS12KeyStore jDKPKCS12KeyStore;
        this.useBCAPI = z;
        if (str == null || str2 == null || str3 == null) {
            throw new IllegalArgumentException("Can not work with null parameter");
        }
        logger.info(new StringBuffer().append("Loading CA certificate and private key from file '").append(str).append("', using alias '").append(str3).append("' with ").append(this.useBCAPI ? "Bouncycastle lightweight API" : "JCE API").toString());
        if (z) {
            JDKPKCS12KeyStore jDKPKCS12KeyStore2 = new JDKPKCS12KeyStore(null);
            jDKPKCS12KeyStore2.engineLoad(new FileInputStream(new File(str)), str2.toCharArray());
            engineGetKey = jDKPKCS12KeyStore2.engineGetKey(str3, str2.toCharArray());
            jDKPKCS12KeyStore = jDKPKCS12KeyStore2;
        } else {
            ?? keyStore = KeyStore.getInstance("PKCS12");
            ((KeyStore) keyStore).load(new FileInputStream(new File(str)), str2.toCharArray());
            engineGetKey = ((KeyStore) keyStore).getKey(str3, str2.toCharArray());
            jDKPKCS12KeyStore = keyStore;
        }
        if (engineGetKey == null) {
            throw new RuntimeException("Got null key from keystore!");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) engineGetKey;
        this.caPrivateKey = new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
        if (z) {
            this.caCert = (X509Certificate) jDKPKCS12KeyStore.engineGetCertificate(str3);
        } else {
            this.caCert = (X509Certificate) ((KeyStore) jDKPKCS12KeyStore).getCertificate(str3);
        }
        if (this.caCert == null) {
            logger.error("Got null certificate from keystore, initialization failed");
            throw new RuntimeException("Got null cert from keystore!");
        }
        logger.debug(new StringBuffer().append("Successfully loaded CA key and certificate. CA DN is '").append(this.caCert.getSubjectDN().getName()).append("'").toString());
        this.caCert.verify(this.caCert.getPublicKey());
        logger.debug("Successfully verified CA certificate with its own public key.");
    }

    public String getCaDistinguishedName() {
        if (this.caCert != null) {
            return this.caCert.getSubjectDN().toString();
        }
        logger.error("CA has not been loaded properly, can not get distinguished name");
        return null;
    }

    public boolean createCertificate(String str, int i, String str2, String str3) throws IOException, InvalidKeyException, SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CryptoException, KeyStoreException, NoSuchProviderException, CertificateException, InvalidKeySpecException {
        return createCertificate(str, i, str2, str3, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r38v2 */
    protected boolean createCertificate(String str, int i, String str2, String str3, String str4) throws IOException, InvalidKeyException, SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CryptoException, KeyStoreException, NoSuchProviderException, CertificateException, InvalidKeySpecException {
        PrivateKey privateKey;
        PublicKey publicKey;
        byte[] sign;
        JDKPKCS12KeyStore jDKPKCS12KeyStore;
        if (str == null || str2 == null || str3 == null || i < 1) {
            throw new IllegalArgumentException("Can not work with null parameter");
        }
        logger.info(new StringBuffer().append("Generating certificate for distinguished common subject name '").append(str).append("', valid for ").append(i).append(" days").toString());
        SecureRandom secureRandom = new SecureRandom();
        RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = null;
        logger.debug("Creating RSA keypair");
        if (this.useBCAPI) {
            RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
            rSAKeyPairGenerator.init(new RSAKeyGenerationParameters(BigInteger.valueOf(65537L), secureRandom, 1024, 80));
            AsymmetricCipherKeyPair generateKeyPair = rSAKeyPairGenerator.generateKeyPair();
            logger.debug("Generated keypair, extracting components and creating public structure for certificate");
            RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) generateKeyPair.getPublic();
            rSAPrivateCrtKeyParameters = (RSAPrivateCrtKeyParameters) generateKeyPair.getPrivate();
            logger.debug(new StringBuffer().append("New public key is '").append(new String(Hex.encodeHex(new RSAPublicKeyStructure(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent()).getEncoded()))).append(", exponent=").append(rSAKeyParameters.getExponent()).append(", modulus=").append(rSAKeyParameters.getModulus()).toString());
            publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent()));
            privateKey = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(rSAKeyParameters.getModulus(), rSAKeyParameters.getExponent(), rSAPrivateCrtKeyParameters.getExponent(), rSAPrivateCrtKeyParameters.getP(), rSAPrivateCrtKeyParameters.getQ(), rSAPrivateCrtKeyParameters.getDP(), rSAPrivateCrtKeyParameters.getDQ(), rSAPrivateCrtKeyParameters.getQInv()));
        } else {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024, secureRandom);
            KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
            privateKey = generateKeyPair2.getPrivate();
            publicKey = generateKeyPair2.getPublic();
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, i);
        X509Name x509Name = new X509Name(new StringBuffer().append("CN=").append(str).toString());
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis())));
        if (this.caCert != null) {
            v3TBSCertificateGenerator.setIssuer(PrincipalUtil.getSubjectX509Principal(this.caCert));
        } else {
            v3TBSCertificateGenerator.setIssuer(x509Name);
        }
        v3TBSCertificateGenerator.setSubject(x509Name);
        DERObjectIdentifier algorithmOID = X509Util.getAlgorithmOID(CertificateSignatureAlgorithm);
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(algorithmOID, new DERNull());
        v3TBSCertificateGenerator.setSignature(algorithmIdentifier);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(System.currentTimeMillis())));
        v3TBSCertificateGenerator.setEndDate(new Time(calendar.getTime()));
        Hashtable hashtable = new Hashtable();
        Vector vector = new Vector();
        addExtensionHelper(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey), vector, hashtable);
        if (this.caCert != null) {
            addExtensionHelper(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(this.caCert), vector, hashtable);
        } else {
            addExtensionHelper(X509Extensions.BasicConstraints, true, new BasicConstraints(0), vector, hashtable);
        }
        v3TBSCertificateGenerator.setExtensions(new X509Extensions(vector, hashtable));
        logger.debug("Certificate structure generated, creating SHA1 digest");
        SHA1Digest sHA1Digest = new SHA1Digest();
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSAEngine());
        TBSCertificateStructure generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(generateTBSCertificate);
        if (this.useBCAPI) {
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            logger.debug(new StringBuffer().append("Block to sign is '").append(new String(Hex.encodeHex(byteArray))).append("'").toString());
            sHA1Digest.update(byteArray, 0, byteArray.length);
            byte[] bArr = new byte[sHA1Digest.getDigestSize()];
            sHA1Digest.doFinal(bArr, 0);
            if (this.caCert != null) {
                pKCS1Encoding.init(true, this.caPrivateKey);
            } else {
                logger.info("No CA has been set, creating self-signed certificate as a new CA");
                pKCS1Encoding.init(true, rSAPrivateCrtKeyParameters);
            }
            byte[] encoded = new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null), bArr).getEncoded(ASN1Encodable.DER);
            sign = pKCS1Encoding.processBlock(encoded, 0, encoded.length);
        } else {
            Signature signature = Signature.getInstance(algorithmOID.getId());
            if (this.caCert != null) {
                signature.initSign(KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(this.caPrivateKey.getModulus(), this.caPrivateKey.getPublicExponent(), this.caPrivateKey.getExponent(), this.caPrivateKey.getP(), this.caPrivateKey.getQ(), this.caPrivateKey.getDP(), this.caPrivateKey.getDQ(), this.caPrivateKey.getQInv())), secureRandom);
            } else {
                logger.info("No CA has been set, creating self-signed certificate as a new CA");
                signature.initSign(privateKey, secureRandom);
            }
            signature.update(byteArrayOutputStream.toByteArray());
            sign = signature.sign();
        }
        logger.debug(new StringBuffer().append("SHA1/RSA signature of digest is '").append(new String(Hex.encodeHex(sign))).append("'").toString());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(algorithmIdentifier);
        aSN1EncodableVector.add(new DERBitString(sign));
        X509CertificateObject x509CertificateObject = new X509CertificateObject(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)));
        logger.debug("Verifying certificate for correct signature with CA public key");
        logger.debug("Exporting certificate in PKCS12 format");
        x509CertificateObject.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str4 == null ? CertificateExportFriendlyName : str4));
        x509CertificateObject.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(publicKey));
        if (this.useBCAPI) {
            JDKPKCS12KeyStore jDKPKCS12KeyStore2 = new JDKPKCS12KeyStore(null);
            jDKPKCS12KeyStore2.engineLoad(null, null);
            jDKPKCS12KeyStore = jDKPKCS12KeyStore2;
        } else {
            ?? keyStore = KeyStore.getInstance("PKCS12");
            ((KeyStore) keyStore).load(null, null);
            jDKPKCS12KeyStore = keyStore;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(str2);
        X509Certificate[] x509CertificateArr = this.caCert != null ? new X509Certificate[]{x509CertificateObject, this.caCert} : new X509Certificate[]{x509CertificateObject};
        if (this.useBCAPI) {
            jDKPKCS12KeyStore.engineSetKeyEntry(str4 == null ? KeyExportFriendlyName : str4, privateKey, str3.toCharArray(), x509CertificateArr);
            jDKPKCS12KeyStore.engineStore(fileOutputStream, str3.toCharArray());
            return true;
        }
        ((KeyStore) jDKPKCS12KeyStore).setKeyEntry(str4 == null ? KeyExportFriendlyName : str4, privateKey, str3.toCharArray(), x509CertificateArr);
        ((KeyStore) jDKPKCS12KeyStore).store(fileOutputStream, str3.toCharArray());
        return true;
    }

    private void addExtensionHelper(DERObjectIdentifier dERObjectIdentifier, boolean z, ASN1Encodable aSN1Encodable, Vector vector, Hashtable hashtable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Encodable);
        hashtable.put(dERObjectIdentifier, new X509Extension(z, new DEROctetString(byteArrayOutputStream.toByteArray())));
        vector.addElement(dERObjectIdentifier);
    }

    private static X509Certificate loadCertificateFromKeyStore(InputStream inputStream, String str, String str2, boolean z) {
        X509Certificate x509Certificate;
        try {
            if (z) {
                JDKPKCS12KeyStore jDKPKCS12KeyStore = new JDKPKCS12KeyStore(null);
                jDKPKCS12KeyStore.engineLoad(inputStream, str.toCharArray());
                x509Certificate = (X509Certificate) jDKPKCS12KeyStore.engineGetCertificate(str2);
            } else {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(inputStream, str.toCharArray());
                x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
            }
            if (x509Certificate != null) {
                return x509Certificate;
            }
            logger.error("Got null certificate from keystore, can not load");
            return null;
        } catch (IOException e) {
            logger.error(new StringBuffer().append("Could not load from key store: ").append(e).toString());
            return null;
        } catch (KeyStoreException e2) {
            logger.error(new StringBuffer().append("Could not load from key store: ").append(e2).toString());
            return null;
        } catch (NoSuchAlgorithmException e3) {
            logger.error(new StringBuffer().append("Could not load from key store: ").append(e3).toString());
            return null;
        } catch (CertificateException e4) {
            logger.error(new StringBuffer().append("Could not load from key store: ").append(e4).toString());
            return null;
        }
    }

    public static String getCertificateDistinguishedName(InputStream inputStream, String str, String str2, boolean z) {
        X509Certificate loadCertificateFromKeyStore = loadCertificateFromKeyStore(inputStream, str, str2, z);
        if (loadCertificateFromKeyStore == null) {
            return null;
        }
        return loadCertificateFromKeyStore.getSubjectDN().toString();
    }

    public static int getCertificateValidity(InputStream inputStream, String str, String str2, boolean z) {
        X509Certificate loadCertificateFromKeyStore = loadCertificateFromKeyStore(inputStream, str, str2, z);
        if (loadCertificateFromKeyStore == null) {
            return -1;
        }
        return (int) ((((loadCertificateFromKeyStore.getNotAfter().getTime() - System.currentTimeMillis()) / 1000) / 3600) / 24);
    }

    public static void main(String[] strArr) throws Exception {
        if (System.getProperty("os.name").startsWith("Windows CE")) {
            System.out.println("Configuring log4j");
            PropertyConfigurator.configure(LogManager.DEFAULT_CONFIGURATION_FILE);
        }
        if (strArr.length > 0 && strArr[0].equals("newca")) {
            System.out.println(createNewCa("My Test CA", 365, "ca.p12", "test password", "Test CA", true));
        }
        System.out.println(new X509CertificateGenerator("ca.p12", "test password", "Test CA", true).createCertificate("Test CN", 30, "test.p12", "test"));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$eu$mayrhofer$channel$X509CertificateGenerator == null) {
            cls = class$("org.eu.mayrhofer.channel.X509CertificateGenerator");
            class$org$eu$mayrhofer$channel$X509CertificateGenerator = cls;
        } else {
            cls = class$org$eu$mayrhofer$channel$X509CertificateGenerator;
        }
        logger = Logger.getLogger(cls);
    }
}
