package tigase.cert;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Reader;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import tigase.util.Algorithms;
import tigase.util.Base64;

/* loaded from: input_file:tigase/cert/CertificateUtil.class */
public abstract class CertificateUtil {
    private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
    private static final String BEGIN_KEY = "-----BEGIN PRIVATE KEY-----";
    private static final String BEGIN_RSA_KEY = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String ENCRIPT_TEST = "--encript-test";
    private static final String ENCRIPT_TEST_SHORT = "-et";
    private static final String END_CERT = "-----END CERTIFICATE-----";
    private static final String END_KEY = "-----END PRIVATE KEY-----";
    private static final String END_RSA_KEY = "-----END RSA PRIVATE KEY-----";
    private static final String KEY_PAIR = "--key-pair";
    private static final String KEY_PAIR_SHORT = "-kp";
    private static final String LOAD_CERT = "--load-cert";
    private static final String LOAD_CERT_SHORT = "-lc";
    private static final String LOAD_DER_PRIVATE_KEY = "--load-der-priv-key";
    private static final String LOAD_DER_PRIVATE_KEY_SHORT = "-ldpk";
    private static final String PRINT_PROVIDERS = "--print-providers";
    private static final String PRINT_PROVIDERS_SHORT = "-pp";
    private static final String PRINT_SERVICES = "--print-services";
    private static final String PRINT_SERVICES_SHORT = "-ps";
    private static final String SELF_SIGNED_CERT = "--self-signed-cert";
    private static final String SELF_SIGNED_CERT_SHORT = "-ssc";
    private static final String STORE_CERT = "--store-cert";
    private static final String STORE_CERT_SHORT = "-sc";
    protected static final byte[] ID_ON_XMPPADDR = {6, 8, 43, 6, 1, 5, 5, 7, 8, 5};
    private static final Logger log = Logger.getLogger(CertificateUtil.class.getName());

    private static void appendName(StringBuilder sb, String str, String str2) {
        if (str2 != null) {
            if (sb.length() > 0) {
                sb.append(", ");
            }
            sb.append(str).append('=').append(str2);
        }
    }

    private static int calculateLength(byte[] bArr, int i) throws ArrayIndexOutOfBoundsException {
        int i2 = i + 1;
        int i3 = bArr[i2] & 255;
        if (i3 < 128) {
            return i3;
        }
        int i4 = 0;
        int i5 = i2 + 1;
        int i6 = i3 - 128;
        for (int i7 = 0; i7 < i6; i7++) {
            i4 = (i4 << 8) + (bArr[i7 + i5] & 255);
        }
        return i4;
    }

    private static final int calculateOffset(byte[] bArr, int i) throws ArrayIndexOutOfBoundsException {
        int i2 = bArr[i + 1] & 255;
        return i2 < 128 ? i + 2 : i + (i2 - 128) + 2;
    }

    public static KeyPair createKeyPair(int i, String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    public static X509Certificate createSelfSignedCertificate(String str, String str2, String str3, String str4, String str5, String str6, String str7, KeyPair keyPair) throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion());
        Date date = new Date();
        x509CertInfo.set("validity", new CertificateValidity(date, new Date(date.getTime() + 31536000000L)));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (date.getTime() / 1000)));
        StringBuilder sb = new StringBuilder(1024);
        appendName(sb, "CN", str2);
        appendName(sb, "CN", "*." + str2);
        appendName(sb, "EMAILADDRESS", str);
        appendName(sb, "OU", str3);
        appendName(sb, "O", str4);
        appendName(sb, "L", str5);
        appendName(sb, "ST", str6);
        appendName(sb, "C", str7);
        X500Name x500Name = new X500Name(sb.toString());
        CertificateIssuerName certificateIssuerName = new CertificateIssuerName(x500Name);
        CertificateSubjectName certificateSubjectName = new CertificateSubjectName(x500Name);
        x509CertInfo.set("issuer", certificateIssuerName);
        x509CertInfo.set("subject", certificateSubjectName);
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
        x509CertInfo.set("key", new CertificateX509Key(keyPair.getPublic()));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(keyPair.getPrivate(), "SHA1WithRSA");
        return x509CertImpl;
    }

    private static void encriptTest() throws Exception {
        System.out.print("Generating key pair...");
        System.out.flush();
        KeyPair createKeyPair = createKeyPair(1024, "secret");
        System.out.println(" done.");
        byte[] bytes = "Encription test...".getBytes();
        Cipher cipher = Cipher.getInstance("RSA");
        System.out.println("Encripting text: " + new String(bytes));
        cipher.init(1, createKeyPair.getPublic());
        byte[] doFinal = cipher.doFinal(bytes);
        System.out.println("Encripted text: " + Algorithms.bytesToHex(doFinal));
        cipher.init(2, createKeyPair.getPrivate());
        System.out.println("Decripted text: " + new String(cipher.doFinal(doFinal)));
    }

    public static String exportToPemFormat(CertificateEntry certificateEntry) throws CertificateEncodingException {
        StringBuilder sb = new StringBuilder(4096);
        if (certificateEntry.getCertChain() != null && certificateEntry.getCertChain().length > 0) {
            sb.append(BEGIN_CERT).append('\n').append(Base64.encode(certificateEntry.getCertChain()[0].getEncoded())).append('\n').append(END_CERT).append('\n');
        }
        if (certificateEntry.getPrivateKey() != null) {
            sb.append(BEGIN_KEY).append('\n').append(Base64.encode(certificateEntry.getPrivateKey().getEncoded())).append('\n').append(END_KEY).append('\n');
        }
        if (certificateEntry.getCertChain() != null && certificateEntry.getCertChain().length > 1) {
            for (int i = 1; i < certificateEntry.getCertChain().length; i++) {
                sb.append(BEGIN_CERT).append('\n').append(Base64.encode(certificateEntry.getCertChain()[i].getEncoded())).append('\n').append(END_CERT).append('\n');
            }
        }
        return sb.toString();
    }

    private static String extractValue(byte[] bArr, byte[] bArr2) {
        try {
            if (bArr[0] != 48) {
                return null;
            }
            int calculateLength = calculateLength(bArr, 0);
            int calculateOffset = calculateOffset(bArr, 0);
            for (int i = 0; i < bArr2.length; i++) {
                int i2 = calculateOffset + i;
                if (i2 >= calculateLength || bArr2[i] != bArr[i2]) {
                    return null;
                }
            }
            int calculateOffset2 = calculateOffset(bArr, calculateOffset + bArr2.length);
            while (calculateOffset2 < bArr.length) {
                byte b = bArr[calculateOffset2];
                int calculateOffset3 = calculateOffset(bArr, calculateOffset2);
                int calculateLength2 = calculateLength(bArr, calculateOffset2);
                if (b == 12 || b == 22) {
                    return new String(bArr, calculateOffset3, calculateLength2);
                }
                calculateOffset2 = calculateOffset3;
            }
            return null;
        } catch (ArrayIndexOutOfBoundsException e) {
            return null;
        }
    }

    public static List<String> extractXmppAddrs(X509Certificate x509Certificate) {
        String extractValue;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return arrayList;
            }
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 0 && (extractValue = extractValue((byte[]) list.get(1), ID_ON_XMPPADDR)) != null) {
                    arrayList.add(extractValue);
                }
            }
            return arrayList;
        } catch (Exception e) {
            return arrayList;
        }
    }

    public static String getCertCName(X509Certificate x509Certificate) {
        for (String str : x509Certificate.getSubjectX500Principal().getName().split(",")) {
            String[] split = str.trim().split("=");
            if (split[0].equals("CN")) {
                return split[1];
            }
        }
        return null;
    }

    public static boolean isExpired(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return false;
        } catch (Exception e) {
            return true;
        }
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN());
    }

    private static void keyPairTest() throws Exception {
        System.out.print("Generating key pair...");
        System.out.flush();
        KeyPair createKeyPair = createKeyPair(1024, "secret");
        System.out.println(" done, private key: " + createKeyPair.getPrivate() + ", public key: " + createKeyPair.getPublic());
    }

    public static CertificateEntry loadCertificate(File file) throws FileNotFoundException, IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
        return parseCertificate(new FileReader(file));
    }

    public static CertificateEntry loadCertificate(String str) throws FileNotFoundException, IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
        return loadCertificate(new File(str));
    }

    public static PrivateKey loadPrivateKeyFromDER(File file) throws FileNotFoundException, IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        byte[] bArr = new byte[(int) file.length()];
        dataInputStream.read(bArr);
        dataInputStream.close();
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr == null || strArr.length <= 0) {
            printHelp();
            return;
        }
        if (strArr[0].equals(PRINT_PROVIDERS) || strArr[0].equals(PRINT_PROVIDERS_SHORT)) {
            printProviders(false);
        }
        if (strArr[0].equals(PRINT_SERVICES) || strArr[0].equals(PRINT_SERVICES_SHORT)) {
            printProviders(true);
        }
        if (strArr[0].equals(KEY_PAIR) || strArr[0].equals(KEY_PAIR_SHORT)) {
            keyPairTest();
        }
        if (strArr[0].equals(ENCRIPT_TEST) || strArr[0].equals(ENCRIPT_TEST_SHORT)) {
            encriptTest();
        }
        if (strArr[0].equals(SELF_SIGNED_CERT) || strArr[0].equals(SELF_SIGNED_CERT_SHORT)) {
            selfSignedCertTest();
        }
        if (strArr[0].equals(LOAD_CERT) || strArr[0].equals(LOAD_CERT_SHORT)) {
            System.out.println(loadCertificate(strArr[1]).toString());
        }
        if (strArr[0].equals(STORE_CERT) || strArr[0].equals(STORE_CERT_SHORT)) {
            String str = strArr[1];
            KeyPair createKeyPair = createKeyPair(1024, "secret");
            X509Certificate createSelfSignedCertificate = createSelfSignedCertificate("artur.hefczyc@tigase.org", "tigase.org", "XMPP Service", "Tigase.org", "Cambourne", "Cambridgeshire", "UK", createKeyPair);
            CertificateEntry certificateEntry = new CertificateEntry();
            certificateEntry.setPrivateKey(createKeyPair.getPrivate());
            certificateEntry.setCertChain(new Certificate[]{createSelfSignedCertificate});
            storeCertificate(str, certificateEntry);
        }
        if (strArr[0].equals(LOAD_DER_PRIVATE_KEY) || strArr[0].equals(LOAD_DER_PRIVATE_KEY_SHORT)) {
            System.out.println(loadPrivateKeyFromDER(new File(strArr[1])).toString());
        }
    }

    public static CertificateEntry parseCertificate(Reader reader) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException {
        BufferedReader bufferedReader = new BufferedReader(reader);
        StringBuilder sb = new StringBuilder(4096);
        ArrayList arrayList = new ArrayList();
        PrivateKey privateKey = null;
        boolean z = false;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                CertificateEntry certificateEntry = new CertificateEntry();
                certificateEntry.setCertChain((Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
                certificateEntry.setPrivateKey(privateKey);
                return certificateEntry;
            }
            if (readLine.contains(BEGIN_CERT) || readLine.contains(BEGIN_KEY) || readLine.contains(BEGIN_RSA_KEY)) {
                z = true;
            } else if (readLine.contains(END_CERT)) {
                z = false;
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(sb.toString()));
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                while (byteArrayInputStream.available() > 0) {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream));
                }
                sb = new StringBuilder(4096);
            } else if (readLine.contains(END_KEY)) {
                z = false;
                privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(sb.toString())));
                sb = new StringBuilder(4096);
            } else if (readLine.contains(END_RSA_KEY)) {
                z = false;
                privateKey = new RSAPrivateKeyDecoder(Base64.decode(sb.toString())).getPrivateKey();
                sb = new StringBuilder(4096);
            } else if (z) {
                sb.append(readLine);
            }
        }
    }

    public static Certificate[] sort(Certificate[] certificateArr) {
        List<Certificate> sort = sort(new ArrayList(Arrays.asList(certificateArr)));
        return (Certificate[]) sort.toArray(new Certificate[sort.size()]);
    }

    public static List<Certificate> sort(List<Certificate> list) {
        Certificate certificate = null;
        for (Certificate certificate2 : list) {
            if (((X509Certificate) certificate2).getIssuerDN().equals(((X509Certificate) certificate2).getSubjectDN())) {
                certificate = certificate2;
            }
        }
        if (certificate == null) {
            throw new RuntimeException("Can't find root certificate in chain!");
        }
        ArrayList arrayList = new ArrayList();
        list.remove(certificate);
        arrayList.add(certificate);
        while (!list.isEmpty()) {
            boolean z = false;
            Iterator<Certificate> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Certificate next = it.next();
                if (((X509Certificate) next).getIssuerDN().equals(((X509Certificate) certificate).getSubjectDN())) {
                    certificate = next;
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new RuntimeException("Can't sort certificate chain!!!");
            }
            list.remove(certificate);
            arrayList.add(0, certificate);
        }
        return arrayList;
    }

    private static void printHelp() {
        System.out.println(CertificateUtil.class.getName() + " test code.");
        System.out.println("You can run following tests:");
        System.out.println(" --print-providers | -pp - prints all supported providers");
        System.out.println(" --print-services | -ps - print all supported services");
        System.out.println(" --key-pair | -kp - generate a key pair and print the result");
        System.out.println(" --encript-test | -et - encript simple text with public key, decript with private");
        System.out.println(" --self-signed-cert | -ssc - generate self signed certificate");
        System.out.println(" --load-cert file.pem | -lc file.pem - load certificate from file");
        System.out.println(" --store-cert file.pem | -sc file.pem - generate self-signed certificate and save it to the given pem file");
        System.out.println(" --load-der-priv-key | -ldpk file.der - load private key from DER file.");
    }

    private static void printProviders(boolean z) {
        Provider[] providers = Security.getProviders();
        if (providers == null || providers.length <= 0) {
            System.out.println("No security providers found!");
            return;
        }
        for (Provider provider : providers) {
            System.out.println(provider.getName() + "\t" + provider.getInfo());
            if (z) {
                Iterator<Provider.Service> it = provider.getServices().iterator();
                while (it.hasNext()) {
                    System.out.println("\t" + it.next().getAlgorithm());
                }
            }
        }
    }

    private static void selfSignedCertTest() throws Exception {
        KeyPair createKeyPair = createKeyPair(1024, "secret");
        System.out.println("Creating self-signed certificate for issuer: tigase.org");
        X509Certificate createSelfSignedCertificate = createSelfSignedCertificate("artur.hefczyc@tigase.org", "tigase.org", "XMPP Service", "Tigase.org", "Cambourne", "Cambridgeshire", "UK", createKeyPair);
        System.out.print("Checking certificate validity today...");
        System.out.flush();
        createSelfSignedCertificate.checkValidity();
        System.out.println(" done.");
        System.out.print("Checking certificate validity yesterday...");
        System.out.flush();
        try {
            createSelfSignedCertificate.checkValidity(new Date(System.currentTimeMillis() - 86400000));
            System.out.println(" error.");
        } catch (CertificateNotYetValidException e) {
            System.out.println(" not valid!");
        }
        System.out.print("Verifying certificate with public key...");
        System.out.flush();
        createSelfSignedCertificate.verify(createKeyPair.getPublic());
        System.out.println(" done.");
        System.out.println(createSelfSignedCertificate.toString());
    }

    public static void storeCertificate(String str, CertificateEntry certificateEntry) throws CertificateEncodingException, IOException {
        String exportToPemFormat = exportToPemFormat(certificateEntry);
        FileWriter fileWriter = new FileWriter(str, false);
        fileWriter.write(exportToPemFormat);
        fileWriter.close();
    }

    public static CertCheckResult validateCertificate(Certificate[] certificateArr, KeyStore keyStore, boolean z) throws NoSuchAlgorithmException, KeyStoreException, InvalidAlgorithmParameterException, CertificateException {
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        pKIXBuilderParameters.setRevocationEnabled(false);
        try {
            certPathValidator.validate(CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(certificateArr)), pKIXBuilderParameters);
            return CertCheckResult.trusted;
        } catch (CertPathValidatorException e) {
            return isExpired((X509Certificate) certificateArr[0]) ? CertCheckResult.expired : (certificateArr.length == 1 && isSelfSigned((X509Certificate) certificateArr[0])) ? CertCheckResult.self_signed : CertCheckResult.untrusted;
        }
    }
}
