package de.contecon.picapport.security.utils;

import de.contecon.picapport.server.PicApportServer;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.UUID;
import org.apache.logging.log4j.core.config.LoggerConfig;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/contecon/picapport/security/utils/CertificateUtils.class */
public class CertificateUtils {
    public static X509Certificate generateCertificate(String str, int i) throws GeneralSecurityException, IOException, OperatorCreationException {
        return generateCertificate(str, KeyPairGenerator.getInstance("RSA").generateKeyPair(), i, "SHA1withRSA");
    }

    public static X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2) throws GeneralSecurityException, IOException, OperatorCreationException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        X500Name x500Name = new X500Name(str);
        BigInteger bigInteger = new BigInteger(Long.toString(currentTimeMillis));
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        Date time = calendar.getTime();
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, time, x500Name, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, (ASN1Encodable) new BasicConstraints(true));
        return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public static void createSSLServerKeyStore(File file, char[] cArr, String str, String str2, int i) throws IOException, GeneralSecurityException, OperatorCreationException {
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        X509Certificate generateCertificate = generateCertificate(str2, generateKeyPair, i, "SHA1withRSA");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str, generateKeyPair.getPrivate(), cArr, new Certificate[]{generateCertificate});
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            keyStore.store(fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    public static String getThumbPrint(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(x509Certificate.getEncoded());
        return hexify(messageDigest.digest());
    }

    private static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            if (i > 0) {
                stringBuffer.append(ParameterizedMessage.ERROR_MSG_SEPARATOR);
            }
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    public static Certificate loadCertificate(File file, char[] cArr, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
                keyStore.load(fileInputStream, cArr);
                Certificate certificate = keyStore.getCertificate(str);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static Certificate[] loadAllCertificates(File file, char[] cArr) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
            keyStore.load(fileInputStream, cArr);
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(keyStore.getCertificate(aliases.nextElement()));
            }
            Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return certificateArr;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static RSAPrivateKey readPrivateKey(File file) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(new String(Files.readAllBytes(file.toPath()), Charset.defaultCharset()).replace("-----BEGIN PRIVATE KEY-----", "").replaceAll("[\\n\\r]", "").replace("-----END PRIVATE KEY-----", "").trim())));
    }

    public static X509Certificate[] readCertificateFile(File file) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, CertificateException {
        ArrayList arrayList = new ArrayList();
        for (String str : new String(Files.readAllBytes(file.toPath()), Charset.defaultCharset()).split("-----END CERTIFICATE-----")) {
            String trim = str.replace("-----BEGIN CERTIFICATE-----", "").replaceAll("[\\n\\r]", "").replace("-----END CERTIFICATE-----", "").trim();
            if (trim.length() > 0) {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(trim))));
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    public static final void setPEMKeyStore(PicApportServer.SslContextFactory sslContextFactory, File file, File file2) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, KeyStoreException, CertificateException {
        RSAPrivateKey readPrivateKey = readPrivateKey(file);
        X509Certificate[] readCertificateFile = readCertificateFile(file2);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        char[] charArray = UUID.randomUUID().toString().toCharArray();
        keyStore.setKeyEntry(LoggerConfig.ROOT, readPrivateKey, charArray, readCertificateFile);
        sslContextFactory.setKeyStore(keyStore);
        sslContextFactory.setKeyStorePassword(new String(charArray));
    }
}
