package ca.nrc.cadc.auth;

import ca.nrc.cadc.util.Base64;
import ca.nrc.cadc.util.FileUtil;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/auth/SSLUtil.class */
public class SSLUtil {
    private static final String SSL_PROTOCOL = "TLS";
    private static final String KEYSTORE_TYPE = "JKS";
    private static final String KEYMANAGER_ALGORITHM = "SunX509";
    private static Logger log = Logger.getLogger(SSLUtil.class);
    private static final String CERT_ALIAS = "opencadc_x509";
    private static final char[] THE_PASSWORD = CERT_ALIAS.toCharArray();

    public static void initSSL(File file, File file2) {
        HttpsURLConnection.setDefaultSSLSocketFactory(getSocketFactory(file, file2));
    }

    public static void initSSL(File file) {
        try {
            HttpsURLConnection.setDefaultSSLSocketFactory(getSocketFactory(readPemCertificateAndKey(file)));
        } catch (FileNotFoundException e) {
            throw new RuntimeException("failed to find certificate and/or key file " + file, e);
        } catch (IOException e2) {
            throw new RuntimeException("failed to read certificate file " + file, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("BUG: failed to create empty KeyStore", e3);
        } catch (CertificateException e4) {
            throw new RuntimeException("failed to load certificate from file " + file, e4);
        } catch (InvalidKeySpecException e5) {
            throw new RuntimeException("failed to read RSA private key from " + file, e5);
        }
    }

    public static SSLSocketFactory getSocketFactory(File file, File file2) {
        return getSocketFactory(getKeyStore(file, file2), (KeyStore) null);
    }

    public static SSLSocketFactory getSocketFactory(File file) {
        try {
            return getSocketFactory(readPemCertificateAndKey(file));
        } catch (IOException e) {
            throw new RuntimeException("failed to read certificate file " + file, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("BUG: failed to create empty KeyStore", e2);
        } catch (CertificateException e3) {
            throw new RuntimeException("failed to load certificate from file " + file, e3);
        } catch (InvalidKeySpecException e4) {
            throw new RuntimeException("failed to read RSA private key from " + file, e4);
        }
    }

    public static SSLSocketFactory getSocketFactory(Subject subject) {
        X509CertificateChain x509CertificateChain = null;
        if (subject != null) {
            Iterator it = subject.getPublicCredentials(X509CertificateChain.class).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509CertificateChain x509CertificateChain2 = (X509CertificateChain) it.next();
                if (x509CertificateChain2.getKey() != null) {
                    x509CertificateChain = x509CertificateChain2;
                    break;
                }
            }
        }
        if (x509CertificateChain == null) {
            return null;
        }
        return getSocketFactory(x509CertificateChain);
    }

    public static SSLSocketFactory getSocketFactory(X509CertificateChain x509CertificateChain) {
        KeyStore keyStore = null;
        if (x509CertificateChain != null) {
            keyStore = getKeyStore(x509CertificateChain.getChain(), x509CertificateChain.getPrivateKey());
        }
        return getSocketFactory(keyStore, (KeyStore) null);
    }

    static SSLSocketFactory getSocketFactory(KeyStore keyStore, KeyStore keyStore2) {
        return getContext(getKeyManagerFactory(keyStore), getTrustManagerFactory(keyStore2), keyStore).getSocketFactory();
    }

    public static Subject createSubject(File file, File file2) {
        try {
            return AuthenticationUtil.getSubject(readCertificateChain(file), readPrivateKey(file2));
        } catch (FileNotFoundException e) {
            throw new RuntimeException("failed to find certificate and/or key file " + file + "," + file2, e);
        } catch (IOException e2) {
            throw new RuntimeException("failed to read certificate file " + file, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("BUG: failed to create empty KeyStore", e3);
        } catch (CertificateException e4) {
            throw new RuntimeException("failed to load certificate from file " + file, e4);
        } catch (InvalidKeySpecException e5) {
            throw new RuntimeException("failed to read RSA private key from " + file2, e5);
        }
    }

    public static Subject createSubject(File file) {
        try {
            return AuthenticationUtil.getSubject(readPemCertificateAndKey(file));
        } catch (IOException e) {
            throw new RuntimeException("failed to read certificate file " + file, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("BUG: failed to create empty KeyStore", e2);
        } catch (CertificateException e3) {
            throw new RuntimeException("failed to load certificate from file " + file, e3);
        } catch (InvalidKeySpecException e4) {
            throw new RuntimeException("failed to read RSA private key from " + file, e4);
        }
    }

    static byte[] getPrivateKey(byte[] bArr) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(bArr)));
        String readLine = bufferedReader.readLine();
        StringBuilder sb = new StringBuilder();
        while (readLine != null) {
            if (readLine.startsWith("-----BEGIN RSA PRIVATE KEY-")) {
                String readLine2 = bufferedReader.readLine();
                while (true) {
                    String str = readLine2;
                    if (str == null || str.startsWith("-----END RSA PRIVATE KEY-")) {
                        break;
                    }
                    sb.append(str.trim());
                    readLine2 = bufferedReader.readLine();
                }
                readLine = null;
            } else {
                readLine = bufferedReader.readLine();
            }
        }
        bufferedReader.close();
        return Base64.decode(sb.toString());
    }

    public static byte[] getCertificates(byte[] bArr) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(bArr)));
        String readLine = bufferedReader.readLine();
        ArrayList<byte[]> arrayList = new ArrayList();
        int i = 0;
        if (readLine != null) {
            readLine = readLine.trim();
            if (!readLine.startsWith("---")) {
                byte[] decode = Base64.decode(readLine);
                i = 0 + decode.length;
                arrayList.add(decode);
            }
        }
        if (i == 0) {
            while (readLine != null) {
                StringBuilder sb = new StringBuilder();
                if (readLine.startsWith(X509CertificateChain.CERT_BEGIN)) {
                    String readLine2 = bufferedReader.readLine();
                    while (true) {
                        readLine = readLine2;
                        if (readLine == null || readLine.startsWith(X509CertificateChain.CERT_END)) {
                            break;
                        }
                        sb.append(readLine.trim());
                        readLine2 = bufferedReader.readLine();
                    }
                    if (readLine.startsWith(X509CertificateChain.CERT_END)) {
                        byte[] decode2 = Base64.decode(sb.toString());
                        i += decode2.length;
                        arrayList.add(decode2);
                    }
                } else {
                    readLine = bufferedReader.readLine();
                }
            }
        }
        bufferedReader.close();
        byte[] bArr2 = new byte[i];
        int i2 = 0;
        for (byte[] bArr3 : arrayList) {
            System.arraycopy(bArr3, 0, bArr2, i2, bArr3.length);
            i2 += bArr3.length;
        }
        return bArr2;
    }

    public static X509Certificate[] readCertificateChain(File file) throws CertificateException, IOException {
        try {
            X509Certificate[] readCertificateChain = readCertificateChain(FileUtil.readFile(file));
            log.debug("X509 certificate is valid");
            return readCertificateChain;
        } catch (CertificateException e) {
            throw new RuntimeException("certificate from file " + file + " is not valid", e);
        }
    }

    public static X509Certificate[] readCertificateChain(byte[] bArr) throws CertificateException, IOException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(bArr));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList = new ArrayList();
        while (bufferedInputStream.available() > 0) {
            arrayList.add(certificateFactory.generateCertificate(bufferedInputStream));
        }
        bufferedInputStream.close();
        X509Certificate[] x509CertificateArr = new X509Certificate[arrayList.size()];
        Iterator it = arrayList.iterator();
        int i = 0;
        while (it.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it.next();
            int i2 = i;
            i++;
            x509CertificateArr[i2] = x509Certificate;
            try {
                x509Certificate.checkValidity();
                log.debug("X509 certificate is valid");
            } catch (CertificateExpiredException e) {
                log.debug("X509 certificate is expired");
            } catch (CertificateException e2) {
                throw new RuntimeException("certificate byte array is not valid", e2);
            }
        }
        return x509CertificateArr;
    }

    public static PrivateKey readPrivateKey(File file) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return readPrivateKey(FileUtil.readFile(file));
    }

    public static PrivateKey readPrivateKey(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static KeyStore getKeyStore(Certificate[] certificateArr, PrivateKey privateKey) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            try {
                keyStore.load(null, null);
            } catch (Exception e) {
            }
            keyStore.setKeyEntry(CERT_ALIAS, privateKey, THE_PASSWORD, certificateArr);
            log.debug("added certificate chain to keystore: opencadc_x509," + privateKey + "," + ((Object) THE_PASSWORD) + "," + certificateArr);
            return keyStore;
        } catch (KeyStoreException e2) {
            if (e2.getCause() == null || !(e2.getCause() instanceof NoSuchAlgorithmException)) {
                throw new RuntimeException("failed to find/load KeyStore of type JKS", e2);
            }
            throw new IllegalArgumentException("Sorry, this implementation of Java, issued by " + System.getProperty("java.vendor") + ", does not support CADC Certificates.");
        }
    }

    private static KeyStore getKeyStore(File file, File file2) {
        try {
            return getKeyStore(readCertificateChain(file), readPrivateKey(file2));
        } catch (FileNotFoundException e) {
            throw new RuntimeException("failed to find certificate and/or key file " + file + "," + file2, e);
        } catch (IOException e2) {
            throw new RuntimeException("failed to read certificate file " + file, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("BUG: failed to create empty KeyStore", e3);
        } catch (CertificateException e4) {
            throw new RuntimeException("failed to load certificate from file " + file, e4);
        } catch (InvalidKeySpecException e5) {
            throw new RuntimeException("failed to read RSA private key from " + file2, e5);
        }
    }

    private static KeyStore readPKCS12(File file) {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            fileInputStream = new FileInputStream(file);
                            KeyStore keyStore = KeyStore.getInstance("PKCS12");
                            keyStore.load(fileInputStream, THE_PASSWORD);
                            try {
                                fileInputStream.close();
                            } catch (Throwable th) {
                            }
                            return keyStore;
                        } catch (KeyStoreException e) {
                            throw new RuntimeException("failed to find KeyStore for JKS", e);
                        }
                    } catch (IOException e2) {
                        throw new RuntimeException("failed to read key store file " + file, e2);
                    }
                } catch (NoSuchAlgorithmException e3) {
                    throw new RuntimeException("failed to check integtrity of key store file " + file, e3);
                }
            } catch (FileNotFoundException e4) {
                throw new RuntimeException("failed to find key store file " + file, e4);
            } catch (CertificateException e5) {
                throw new RuntimeException("failed to load proxy certificate(s) from key store file " + file, e5);
            }
        } catch (Throwable th2) {
            try {
                fileInputStream.close();
            } catch (Throwable th3) {
            }
            throw th2;
        }
    }

    private static KeyManagerFactory getKeyManagerFactory(KeyStore keyStore) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEYMANAGER_ALGORITHM);
            keyManagerFactory.init(keyStore, THE_PASSWORD);
            return keyManagerFactory;
        } catch (KeyStoreException e) {
            throw new RuntimeException("failed to init KeyManagerFactory", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("failed to find KeyManagerFactory for " + KEYMANAGER_ALGORITHM, e2);
        } catch (UnrecoverableKeyException e3) {
            throw new RuntimeException("failed to init KeyManagerFactory", e3);
        }
    }

    private static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (KeyStoreException e) {
            throw new RuntimeException("failed to init trustManagerFactory", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("BUG: failed to create TrustManagerFactory for algorithm=PKIX", e2);
        } catch (NoSuchProviderException e3) {
            throw new RuntimeException("BUG: failed to create TrustManagerFactory for provider=SunJSSE", e3);
        }
    }

    private static SSLContext getContext(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, KeyStore keyStore) {
        try {
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new BasicX509KeyManager((X509KeyManager) keyManagers[i], CERT_ALIAS);
            }
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i2 = 0; i2 < trustManagers.length; i2++) {
                trustManagers[i2] = new BasicX509TrustManager((X509TrustManager) trustManagers[i2]);
            }
            SSLContext sSLContext = SSLContext.getInstance(SSL_PROTOCOL);
            log.debug("KMF returned " + keyManagers.length + " KeyManagers");
            log.debug("TMF returned " + trustManagers.length + " TrustManagers");
            sSLContext.init(keyManagers, trustManagers, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new RuntimeException("failed to init SSLContext", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("failed to find SSLContext for TLS", e2);
        }
    }

    private static void printKeyStoreInfo(KeyStore keyStore) throws KeyStoreException {
        log.debug("Provider : " + keyStore.getProvider().getName());
        log.debug("Type : " + keyStore.getType());
        log.debug("Size : " + keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            System.out.println("Alias: " + ((Object) aliases.nextElement()));
        }
    }

    public static X509CertificateChain readPemCertificateAndKey(File file) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, CertificateException {
        return readPemCertificateAndKey(FileUtil.readFile(file));
    }

    public static X509CertificateChain readPemCertificateAndKey(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, CertificateException {
        return new X509CertificateChain(readCertificateChain(getCertificates(bArr)), KeyFactory.getInstance("RSA").generatePrivate(parseKeySpec(getPrivateKey(bArr))));
    }

    public static RSAPrivateCrtKeySpec parseKeySpec(byte[] bArr) throws IOException {
        Asn1Object read = new DerParser(bArr).read();
        if (read.getType() != 16) {
            throw new IOException("Invalid DER: not a sequence");
        }
        DerParser parser = read.getParser();
        parser.read();
        return new RSAPrivateCrtKeySpec(parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger());
    }

    private static String buildPEM(String str, byte[] bArr) {
        if (str == null || bArr == null) {
            throw new RuntimeException("Cannot build PEM of cert & privateKey. An argument is null.");
        }
        int indexOf = str.indexOf(X509CertificateChain.CERT_END);
        if (indexOf == -1) {
            throw new RuntimeException("Cannot find END mark of certificate.");
        }
        String str2 = X509CertificateChain.PRIVATE_KEY_BEGIN + X509CertificateChain.NEW_LINE + Base64.encodeLines64(bArr) + X509CertificateChain.PRIVATE_KEY_END;
        int indexOf2 = str.indexOf(X509CertificateChain.CERT_BEGIN, indexOf);
        if (indexOf2 == -1) {
            return str + X509CertificateChain.NEW_LINE + str2;
        }
        return str.substring(0, indexOf2) + str2 + X509CertificateChain.NEW_LINE + str.substring(indexOf2);
    }

    public static void validateSubject(Subject subject, Date date) throws CertificateException, CertificateExpiredException, CertificateNotYetValidException {
        if (subject != null) {
            Set publicCredentials = subject.getPublicCredentials(X509CertificateChain.class);
            if (publicCredentials.size() == 0) {
                throw new CertificateException("No certificates associated with subject");
            }
            for (X509Certificate x509Certificate : ((X509CertificateChain) publicCredentials.iterator().next()).getChain()) {
                if (date != null) {
                    x509Certificate.checkValidity(date);
                } else {
                    x509Certificate.checkValidity();
                }
            }
        }
    }

    public static void renewSubject(Subject subject, File file) {
        Subject createSubject = createSubject(file);
        subject.getPrincipals().clear();
        subject.getPrincipals().addAll(createSubject.getPrincipals());
        subject.getPublicCredentials().clear();
        subject.getPublicCredentials().addAll(createSubject.getPublicCredentials());
    }
}
