package org.objectweb.proactive.core.security;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
import org.objectweb.proactive.core.util.log.Loggers;
import org.objectweb.proactive.core.util.log.ProActiveLogger;

/* loaded from: input_file:org/objectweb/proactive/core/security/KeyTools.class */
public class KeyTools {
    static Logger log = ProActiveLogger.getLogger(Loggers.SECURITY);

    private KeyTools() {
    }

    public static KeyPair genKeys(int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        log.debug(">genKeys()");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        log.debug("Generated " + generateKeyPair.getPublic().getAlgorithm() + " keys with length " + ((RSAPrivateKey) generateKeyPair.getPrivate()).getPrivateExponent().bitLength());
        log.debug("<genKeys()");
        return generateKeyPair;
    }

    public static KeyStore createP12(String str, PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws Exception {
        return createP12(str, privateKey, x509Certificate, x509Certificate2 == null ? (Certificate[]) null : new Certificate[]{x509Certificate2});
    }

    public static KeyStore createP12(String str, PrivateKey privateKey, X509Certificate x509Certificate, Collection<Certificate> collection) throws Exception {
        return createP12(str, privateKey, x509Certificate, collection == null ? (Certificate[]) null : (Certificate[]) collection.toArray(new Certificate[collection.size()]));
    }

    public static KeyStore createP12(String str, PrivateKey privateKey, X509Certificate x509Certificate, Certificate[] certificateArr) throws Exception {
        log.debug(">createP12: alias=" + str + ", privKey, cert=" + CertTools.getSubjectDN(x509Certificate) + ", cachain.length=" + (certificateArr == null ? 0 : certificateArr.length));
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Parameter cert cannot be null.");
        }
        PKCS12BagAttributeCarrier[] pKCS12BagAttributeCarrierArr = new Certificate[certificateArr != null ? 1 + certificateArr.length : 1];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        pKCS12BagAttributeCarrierArr[0] = certificateFactory.generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        if (certificateArr != null) {
            for (int i = 0; i < certificateArr.length; i++) {
                pKCS12BagAttributeCarrierArr[i + 1] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
            }
        }
        if (pKCS12BagAttributeCarrierArr.length > 1) {
            for (int i2 = 1; i2 < pKCS12BagAttributeCarrierArr.length; i2++) {
                X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(pKCS12BagAttributeCarrierArr[i2].getEncoded()));
                PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier = pKCS12BagAttributeCarrierArr[i2];
                String partFromDN = CertTools.getPartFromDN(CertTools.getSubjectDN(x509Certificate2), "CN");
                if (partFromDN == null) {
                    partFromDN = String.valueOf(CertTools.getPartFromDN(CertTools.getSubjectDN(x509Certificate2), "O")) + i2;
                }
                if (partFromDN == null) {
                    partFromDN = CertTools.getPartFromDN(CertTools.getSubjectDN(x509Certificate2), "OU" + i2);
                }
                if (partFromDN == null) {
                    partFromDN = "CA_unknown" + i2;
                }
                pKCS12BagAttributeCarrier.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(partFromDN));
            }
        }
        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier2 = pKCS12BagAttributeCarrierArr[0];
        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
        pKCS12BagAttributeCarrier2.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, createSubjectKeyId(pKCS12BagAttributeCarrierArr[0].getPublicKey()));
        Key generatePrivate = KeyFactory.getInstance(privateKey.getAlgorithm(), "BC").generatePrivate(new PKCS8EncodedKeySpec(privateKey.getEncoded()));
        PKCS12BagAttributeCarrier pKCS12BagAttributeCarrier3 = (PKCS12BagAttributeCarrier) generatePrivate;
        pKCS12BagAttributeCarrier3.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
        pKCS12BagAttributeCarrier3.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, createSubjectKeyId(pKCS12BagAttributeCarrierArr[0].getPublicKey()));
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, generatePrivate, null, pKCS12BagAttributeCarrierArr);
        log.debug("<createP12: alias=" + str + ", privKey, cert=" + CertTools.getSubjectDN(x509Certificate) + ", cachain.length=" + (certificateArr == null ? 0 : certificateArr.length));
        return keyStore;
    }

    public static KeyStore createJKS(String str, PrivateKey privateKey, String str2, X509Certificate x509Certificate, Certificate[] certificateArr) throws Exception {
        log.debug(">createJKS: alias=" + str + ", privKey, cert=" + CertTools.getSubjectDN(x509Certificate) + ", cachain.length=" + (certificateArr == null ? 0 : certificateArr.length));
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Parameter cert cannot be null.");
        }
        Certificate[] certificateArr2 = new Certificate[certificateArr != null ? 1 + certificateArr.length : 1];
        certificateArr2[0] = x509Certificate;
        if (certificateArr != null) {
            for (int i = 0; i < certificateArr.length; i++) {
                certificateArr2[i + 1] = certificateArr[i];
            }
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), new X509Certificate[]{x509Certificate});
        if (certificateArr != null) {
            if (!CertTools.isSelfSigned((X509Certificate) certificateArr[certificateArr.length - 1])) {
                throw new IllegalArgumentException("Root cert is not self-signed.");
            }
            keyStore.setCertificateEntry("cacert", certificateArr[certificateArr.length - 1]);
        }
        log.debug("Storing cert chain of length " + certificateArr2.length);
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), certificateArr2);
        log.debug("<createJKS: alias=" + str + ", privKey, cert=" + CertTools.getSubjectDN(x509Certificate) + ", cachain.length=" + (certificateArr == null ? 0 : certificateArr.length));
        return keyStore;
    }

    public static Certificate[] getCertChain(KeyStore keyStore, String str) throws KeyStoreException {
        System.out.println(">getCertChain: alias='" + str + "'");
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        System.out.println("Certchain retrieved from alias '" + str + "' has length " + certificateChain.length);
        if (certificateChain.length < 1) {
            log.error("Cannot load certificate chain with alias '" + str + "' from keystore.");
            System.out.println("<getCertChain: alias='" + str + "', retlength=" + certificateChain.length);
            return certificateChain;
        }
        if (certificateChain.length > 0 && CertTools.isSelfSigned((X509Certificate) certificateChain[certificateChain.length - 1])) {
            System.out.println("Issuer='" + CertTools.getIssuerDN((X509Certificate) certificateChain[certificateChain.length - 1]) + "'.");
            System.out.println("Subject='" + CertTools.getSubjectDN((X509Certificate) certificateChain[certificateChain.length - 1]) + "'.");
            System.out.println("<getCertChain: alias='" + str + "', retlength=" + certificateChain.length);
            return certificateChain;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateChain) {
            arrayList.add(certificate);
        }
        boolean z = false;
        while (!z) {
            String partFromDN = CertTools.getPartFromDN(CertTools.getIssuerDN((X509Certificate) arrayList.get(arrayList.size() - 1)), "CN");
            Certificate[] certificateChain2 = keyStore.getCertificateChain(partFromDN);
            if (certificateChain2 == null) {
                z = true;
            } else {
                System.out.println("Loaded certificate chain with length " + certificateChain2.length + " with alias '" + partFromDN + "'.");
                if (certificateChain2.length == 0) {
                    log.error("No RootCA certificate found!");
                    z = true;
                }
                for (Certificate certificate2 : certificateChain2) {
                    arrayList.add(certificate2);
                    if (CertTools.isSelfSigned((X509Certificate) certificate2)) {
                        z = true;
                    }
                }
            }
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        for (int i = 0; i < certificateArr.length; i++) {
            certificateArr[i] = (Certificate) arrayList.get(i);
            System.out.println("Issuer='" + CertTools.getIssuerDN((X509Certificate) certificateArr[i]) + "'.");
            System.out.println("Subject='" + CertTools.getSubjectDN((X509Certificate) certificateArr[i]) + "'.");
        }
        System.out.println("<getCertChain: alias='" + str + "', retlength=" + certificateArr.length);
        return certificateArr;
    }

    public static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) {
        try {
            return new SubjectKeyIdentifier(new SubjectPublicKeyInfo(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
        } catch (Exception e) {
            throw new RuntimeException("error creating key");
        }
    }
}
