package com.github.ibole.infrastructure.security.certificate;

import com.github.ibole.infrastructure.security.RSACoder;
import com.github.ibole.infrastructure.security.key.KeyStoreManagerException;
import com.github.ibole.infrastructure.security.key.KeyStoreUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import java.util.concurrent.atomic.AtomicLong;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/github/ibole/infrastructure/security/certificate/SslCertificateUtils.class */
public class SslCertificateUtils {
    public static final String KEY_STORE = "JKS";
    private static final String X509 = "X.509";
    private static final long DEFAULT_VALID_DAYS = 365;
    private static final char[] PASSPHRASE = "0w45P.Z4p".toCharArray();
    private static final String SELF_ROOT_CA_JKS_ALIAS = "self_root_ca_jks";
    private static final String SELF_USER_CA_JKS_ALIAS = "self_user_ca_jks";
    private static final String KEYSTORE_PATH = "/META-INF/cert/keys.keystore";

    public static final KeyStore createRootCA(String str, CertificateDetailsInfo certificateDetailsInfo) throws NoSuchAlgorithmException, KeyStoreManagerException {
        Date time = Calendar.getInstance().getTime();
        Date date = new Date(time.getTime() + 31536000000L);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSACoder.KEY_ALGORITHM);
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PrivateKey privateKey = genKeyPair.getPrivate();
        PublicKey publicKey = genKeyPair.getPublic();
        Security.addProvider(new BouncyCastleProvider());
        Random random = new Random();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(new BCStrictStyle());
        addField(BCStyle.C, certificateDetailsInfo.getCountry(), x500NameBuilder);
        addField(BCStyle.ST, certificateDetailsInfo.getState(), x500NameBuilder);
        addField(BCStyle.L, certificateDetailsInfo.getLocality(), x500NameBuilder);
        addField(BCStyle.O, certificateDetailsInfo.getOrganization(), x500NameBuilder);
        addField(BCStyle.OU, certificateDetailsInfo.getOrganizationUnit(), x500NameBuilder);
        addField(BCStyle.CN, certificateDetailsInfo.getCommonName(), x500NameBuilder);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(random.nextInt()), time, date, x500NameBuilder.build(), publicKey);
        KeyStore keyStore = KeyStoreUtils.getKeyStore(str, PASSPHRASE, "JKS");
        try {
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKey.getEncoded()));
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(182));
            jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth, KeyPurposeId.anyExtendedKeyUsage}));
            keyStore.setKeyEntry(SELF_ROOT_CA_JKS_ALIAS, privateKey, PASSPHRASE, new Certificate[]{new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(privateKey)))});
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException("Errors during assembling root CA.", e);
        }
    }

    public static KeyStore createCertForHost(KeyStore keyStore, CertificateDetailsInfo certificateDetailsInfo, String str) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException, NoSuchProviderException, SignatureException, KeyStoreException, IOException, UnrecoverableKeyException {
        if (str == null) {
            throw new IllegalArgumentException("Error, 'hostname' is not allowed to be null!");
        }
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(SELF_ROOT_CA_JKS_ALIAS);
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) keyStore.getKey(SELF_ROOT_CA_JKS_ALIAS, PASSPHRASE);
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (x509Certificate == null || rSAPrivateKey == null || publicKey == null) {
            throw new MissingRootCertificateException("Cannot find root certificate in Keystore 'self_root_ca_jks'");
        }
        new Random().setSeed(System.currentTimeMillis());
        AtomicLong atomicLong = new AtomicLong(((r0.nextInt() << 32) | (r0.nextInt() & 4294967295L)) & 281474976710655L);
        KeyPair createKeyPair = createKeyPair();
        Key key = createKeyPair.getPrivate();
        PublicKey publicKey2 = createKeyPair.getPublic();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        x500NameBuilder.addRDN(BCStyle.OU, certificateDetailsInfo.getOrganizationUnit());
        x500NameBuilder.addRDN(BCStyle.O, certificateDetailsInfo.getOrganization());
        x500NameBuilder.addRDN(BCStyle.C, certificateDetailsInfo.getCountry());
        x500NameBuilder.addRDN(BCStyle.EmailAddress, certificateDetailsInfo.getEmailAddress());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X509CertificateHolder(x509Certificate.getEncoded()).getSubject(), BigInteger.valueOf(atomicLong.getAndIncrement()), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 259200000000L), x500NameBuilder.build(), publicKey2);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(publicKey2.getEncoded()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        try {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(rSAPrivateKey)));
            certificate.checkValidity(new Date());
            certificate.verify(publicKey);
            keyStore.setKeyEntry(SELF_USER_CA_JKS_ALIAS, key, PASSPHRASE, new Certificate[]{certificate, x509Certificate});
            return keyStore;
        } catch (OperatorCreationException e) {
            throw new CertificateException((Throwable) e);
        }
    }

    private static void addField(ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, X500NameBuilder x500NameBuilder) {
        if (str.length() > 0) {
            x500NameBuilder.addRDN(aSN1ObjectIdentifier, str);
        }
    }

    public static KeyStore getKeyStore(String str, String str2) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    public static PrivateKey getPrivateKey(String str, String str2, String str3) throws Exception {
        return (PrivateKey) getKeyStore(str, str3).getKey(str2, str3.toCharArray());
    }

    public static PublicKey getPublicKey(String str) throws Exception {
        return getCertificate(str).getPublicKey();
    }

    public static Certificate getCertificate(String str) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(str);
        Certificate generateCertificate = certificateFactory.generateCertificate(fileInputStream);
        fileInputStream.close();
        return generateCertificate;
    }

    public static Certificate getCertificate(String str, String str2, String str3) throws Exception {
        return getKeyStore(str, str3).getCertificate(str2);
    }

    private static KeyPair createKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSACoder.KEY_ALGORITHM);
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(Long.toString(System.currentTimeMillis()).getBytes());
        keyPairGenerator.initialize(2048, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    public static final String keyStore2String(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, PASSPHRASE);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        return Base64.encodeBase64URLSafeString(byteArray);
    }

    public static final KeyStore string2Keystore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(byteArrayInputStream, PASSPHRASE);
        byteArrayInputStream.close();
        return keyStore;
    }

    public static void savePEM(KeyStore keyStore, String str, String str2) throws CertificateManagerException {
        try {
            savePEM((PrivateKey) keyStore.getKey(str, PASSPHRASE), PASSPHRASE, str2);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | OperatorCreationException e) {
            throw new CertificateManagerException(e);
        }
    }

    public static void saveX509Certificate(KeyStore keyStore, String str, String str2) throws KeyStoreException, CertificateManagerException {
        saveX509Certificate((X509Certificate) keyStore.getCertificate(str), str2);
    }

    public static void saveX509Certificate(X509Certificate x509Certificate, String str) throws CertificateManagerException {
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(str);
                fileOutputStream.write(x509Certificate.getEncoded());
                IOUtils.closeQuietly(fileOutputStream);
            } catch (IOException | CertificateEncodingException e) {
                throw new CertificateManagerException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileOutputStream);
            throw th;
        }
    }

    public static void savePEM(PrivateKey privateKey, char[] cArr, String str) throws OperatorCreationException, IOException {
        FileWriter fileWriter = null;
        try {
            JceOpenSSLPKCS8EncryptorBuilder jceOpenSSLPKCS8EncryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
            jceOpenSSLPKCS8EncryptorBuilder.setRandom(new SecureRandom());
            jceOpenSSLPKCS8EncryptorBuilder.setPasssword(cArr);
            PemObject generate = new JcaPKCS8Generator(privateKey, jceOpenSSLPKCS8EncryptorBuilder.build()).generate();
            fileWriter = new FileWriter(str);
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
            jcaPEMWriter.writeObject(generate);
            jcaPEMWriter.flush();
            fileWriter.close();
            IOUtils.closeQuietly(fileWriter);
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileWriter);
            throw th;
        }
    }

    public static KeyStore pem2Keystore(File file) throws IOException, CertificateException, InvalidKeySpecException, NoSuchAlgorithmException, KeyStoreException {
        byte[] readFileToByteArray = FileUtils.readFileToByteArray(file);
        byte[] parseDERFromPEM = parseDERFromPEM(readFileToByteArray, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
        byte[] parseDERFromPEM2 = parseDERFromPEM(readFileToByteArray, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
        X509Certificate generateCertificateFromDER = generateCertificateFromDER(parseDERFromPEM);
        RSAPrivateKey generatePrivateKeyFromDER = generatePrivateKeyFromDER(parseDERFromPEM2);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert-alias", generateCertificateFromDER);
        keyStore.setKeyEntry(SELF_USER_CA_JKS_ALIAS, generatePrivateKeyFromDER, PASSPHRASE, new Certificate[]{generateCertificateFromDER});
        return keyStore;
    }

    private static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) {
        return DatatypeConverter.parseBase64Binary(new String(bArr).split(str)[1].split(str2)[0]);
    }

    private static RSAPrivateKey generatePrivateKeyFromDER(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance(RSACoder.KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static X509Certificate generateCertificateFromDER(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static void main(String[] strArr) throws Exception {
        KeyStore createCertForHost = createCertForHost(createRootCA("E:/dev/repository/Personnel/ibole-infrastructure/infrastructure-security/src/main/resources/META-INF/cert/keys.keystore", new CertificateDetailsInfo("iBole", "iBole Root CA", "iBole Root CA", "iBole Root CA", Integer.toHexString(System.getProperty("user.name").hashCode()) + Integer.toHexString(System.getProperty("user.home").hashCode()), "CN", "gd", "10", "", null)), new CertificateDetailsInfo("iBole", "192.168.1.1", "iBole", "OSS", Integer.toHexString(System.getProperty("user.name").hashCode()) + Integer.toHexString(System.getProperty("user.home").hashCode()), "CN", "gd", "10", "chikaiwang@hotmail.com", null), "ibole.com");
        KeyStoreUtils.writeKeyStore(createCertForHost, PASSPHRASE, new File("E:/dev/repository/Personnel/ibole-infrastructure/infrastructure-security/src/main/resources/META-INF/cert/keys.keystore"));
        saveX509Certificate(createCertForHost, SELF_USER_CA_JKS_ALIAS, "E:/dev/repository/Personnel/ibole-infrastructure/infrastructure-security/src/main/resources/META-INF/cert/client.crt");
        savePEM(createCertForHost, SELF_USER_CA_JKS_ALIAS, "E:/dev/repository/Personnel/ibole-infrastructure/infrastructure-security/src/main/resources/META-INF/cert/client.key");
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
