package org.objectweb.proactive.core.security;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Vector;
import org.apache.log4j.Logger;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.asn1.x509.X509NameTokenizer;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.objectweb.fractal.adl.StaticJavaGenerator;
import org.objectweb.proactive.core.util.log.Loggers;
import org.objectweb.proactive.core.util.log.ProActiveLogger;

/* loaded from: input_file:org/objectweb/proactive/core/security/CertTools.class */
public class CertTools {
    public static final String EMAIL2 = "EmailAddress";
    public static final String DNS = "dNSName";
    public static final String URI = "uniformResourceIdentifier";
    public static final String URI1 = "uri";
    public static final String UPN = "upn";
    public static final String UPN_OBJECTID = "1.3.6.1.4.1.311.20.2.3";
    private static final String[] dNObjectsForward;
    private static final String[] dNObjectsReverse;
    private static final String[] dNObjects;
    static Logger log = ProActiveLogger.getLogger(Loggers.SECURITY);
    public static final String EMAIL = "rfc822name";
    public static final String EMAIL1 = "email";
    public static final String EMAIL3 = "E";
    private static final String[] EMAILIDS = {EMAIL, EMAIL1, "EmailAddress", EMAIL3};
    private static final HashMap<String, DERObjectIdentifier> oids = new HashMap<>();

    private CertTools() {
    }

    private static DERObjectIdentifier getOid(String str) {
        return oids.get(str.toLowerCase());
    }

    public static X509Name stringToBcX509Name(String str) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        while (x509NameTokenizer.hasMoreTokens()) {
            String nextToken = x509NameTokenizer.nextToken();
            int indexOf = nextToken.indexOf("=");
            if (indexOf != -1) {
                arrayList.add(nextToken.substring(0, indexOf).toLowerCase());
                arrayList2.add(nextToken.substring(indexOf + 1));
            }
        }
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        for (String str2 : dNObjects) {
            while (true) {
                int indexOf2 = arrayList.indexOf(str2);
                if (indexOf2 != -1) {
                    DERObjectIdentifier oid = getOid(str2);
                    if (oid != null) {
                        vector.add(oid);
                        vector2.add(arrayList2.remove(indexOf2));
                        arrayList.remove(indexOf2);
                    }
                }
            }
        }
        return new X509Name(vector, vector2);
    }

    public static String stringToBCDNString(String str) {
        return stringToBcX509Name(str).toString();
    }

    public static String getEmailFromDN(String str) {
        log.debug(">getEmailFromDN(" + str + ")");
        String str2 = null;
        for (int i = 0; i < EMAILIDS.length && str2 == null; i++) {
            str2 = getPartFromDN(str, EMAILIDS[i]);
        }
        log.debug("<getEmailFromDN(" + str + "): " + str2);
        return str2;
    }

    public static String getPartFromDN(String str, String str2) {
        log.debug(">getPartFromDN: dn:'" + str + "', dnpart=" + str2);
        String str3 = null;
        if (str != null && str2 != null) {
            String str4 = str2 + "=";
            X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
            while (true) {
                if (!x509NameTokenizer.hasMoreTokens()) {
                    break;
                }
                String nextToken = x509NameTokenizer.nextToken();
                if (nextToken.length() > str4.length() && nextToken.substring(0, str4.length()).equalsIgnoreCase(str4)) {
                    str3 = nextToken.substring(str4.length());
                    break;
                }
            }
        }
        log.debug("<getpartFromDN: resulting DN part=" + str3);
        return str3;
    }

    public static String getSubjectDN(X509Certificate x509Certificate) {
        return getDN(x509Certificate, 1);
    }

    public static String getIssuerDN(X509Certificate x509Certificate) {
        return getDN(x509Certificate, 2);
    }

    private static String getDN(X509Certificate x509Certificate, int i) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            X509Certificate x509Certificate2 = (X509Certificate) getCertificateFactory().generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
            return stringToBCDNString(i == 1 ? x509Certificate2.getSubjectDN().toString() : x509Certificate2.getIssuerDN().toString());
        } catch (CertificateException e) {
            log.error("CertificateException: ", e);
            return null;
        }
    }

    public static String getIssuerDN(X509CRL x509crl) {
        try {
            return stringToBCDNString(((X509CRL) getCertificateFactory().generateCRL(new ByteArrayInputStream(x509crl.getEncoded()))).getIssuerDN().toString());
        } catch (CRLException e) {
            log.error("CRLException: ", e);
            return null;
        }
    }

    public static CertificateFactory getCertificateFactory() {
        try {
            return CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "BC");
        } catch (NoSuchProviderException e) {
            log.error("NoSuchProvider: ", e);
            return null;
        } catch (CertificateException e2) {
            log.error("CertificateException: ", e2);
            return null;
        }
    }

    public static void installBCProvider() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static Collection<X509Certificate> getCertsFromPEM(String str) throws IOException, CertificateException {
        log.debug(">getCertfromPEM: certFile=" + str);
        Collection<X509Certificate> certsFromPEM = getCertsFromPEM(new FileInputStream(str));
        log.debug("<getCertfromPEM: certFile=" + str);
        return certsFromPEM;
    }

    public static Collection<X509Certificate> getCertsFromPEM(InputStream inputStream) throws IOException, CertificateException {
        String readLine;
        String readLine2;
        log.debug(">getCertfromPEM:");
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        while (bufferedReader.ready()) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PrintStream printStream = new PrintStream(byteArrayOutputStream);
            do {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
            } while (!readLine.equals("-----BEGIN CERTIFICATE-----"));
            if (readLine == null) {
                throw new IOException("Error in " + inputStream.toString() + ", missing -----BEGIN CERTIFICATE----- boundary");
            }
            while (true) {
                readLine2 = bufferedReader.readLine();
                if (readLine2 == null || readLine2.equals("-----END CERTIFICATE-----")) {
                    break;
                }
                printStream.print(readLine2);
            }
            if (readLine2 == null) {
                throw new IOException("Error in " + inputStream.toString() + ", missing -----END CERTIFICATE----- boundary");
            }
            printStream.close();
            byte[] decode = Base64.decode(byteArrayOutputStream.toByteArray());
            byteArrayOutputStream.close();
            arrayList.add((X509Certificate) getCertificateFactory().generateCertificate(new ByteArrayInputStream(decode)));
        }
        log.debug("<getcertfromPEM:" + arrayList.size());
        return arrayList;
    }

    public static byte[] getPEMFromCerts(Collection<X509Certificate> collection) throws CertificateException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintStream printStream = new PrintStream(byteArrayOutputStream);
        for (X509Certificate x509Certificate : collection) {
            byte[] encode = Base64.encode(x509Certificate.getEncoded());
            printStream.println("Subject: " + x509Certificate.getSubjectDN());
            printStream.println("Issuer: " + x509Certificate.getIssuerDN());
            printStream.println("-----BEGIN CERTIFICATE-----");
            printStream.println(new String(encode));
            printStream.println("-----END CERTIFICATE-----");
        }
        printStream.close();
        return byteArrayOutputStream.toByteArray();
    }

    public static X509Certificate getCertfromByteArray(byte[] bArr) throws IOException, CertificateException {
        log.debug(">getCertfromByteArray:");
        X509Certificate x509Certificate = (X509Certificate) getCertificateFactory().generateCertificate(new ByteArrayInputStream(bArr));
        log.debug("<getCertfromByteArray:");
        return x509Certificate;
    }

    public static X509CRL getCRLfromByteArray(byte[] bArr) throws IOException, CertificateException, CRLException {
        log.debug(">getCRLfromByteArray:");
        if (bArr == null) {
            throw new IOException("Cannot read byte[] that is 'null'!");
        }
        X509CRL x509crl = (X509CRL) getCertificateFactory().generateCRL(new ByteArrayInputStream(bArr));
        log.debug("<getCRLfromByteArray:");
        return x509crl;
    }

    public static boolean isSelfSigned(X509Certificate x509Certificate) {
        log.debug(">isSelfSigned: cert: " + getIssuerDN(x509Certificate) + "\n" + getSubjectDN(x509Certificate));
        boolean equals = getSubjectDN(x509Certificate).equals(getIssuerDN(x509Certificate));
        log.debug("<isSelfSigned:" + equals);
        return equals;
    }

    public static X509Certificate genSelfCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, boolean z) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException, IllegalStateException {
        Date date = new Date();
        date.setTime(date.getTime() - 600000);
        Date date2 = new Date();
        date2.setTime(date2.getTime() + (j * 86400000));
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(bArr).abs());
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
        x509V3CertificateGenerator.setSubjectDN(stringToBcX509Name(str));
        x509V3CertificateGenerator.setIssuerDN(stringToBcX509Name(str));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints.getId(), true, (DEREncodable) new BasicConstraints(z));
        if (z) {
            x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage.getId(), true, (DEREncodable) new X509KeyUsage(6));
        }
        if (z) {
            try {
                SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
                AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
                x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier.getId(), false, (DEREncodable) subjectKeyIdentifier);
                x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier.getId(), false, (DEREncodable) authorityKeyIdentifier);
            } catch (IOException e) {
            }
        }
        if (str2 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.CertificatePolicies.getId(), false, (DEREncodable) new DERSequence(new PolicyInformation(new DERObjectIdentifier(str2))));
        }
        return x509V3CertificateGenerator.generate(privateKey);
    }

    public static X509Certificate genCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, boolean z, String str3, PrivateKey privateKey2, PublicKey publicKey2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CertificateEncodingException, IllegalStateException {
        Date date = new Date();
        date.setTime(date.getTime() - 600000);
        Date date2 = new Date();
        date2.setTime(date2.getTime() + (j * 86400000));
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(bArr).abs());
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
        x509V3CertificateGenerator.setSubjectDN(stringToBcX509Name(str));
        x509V3CertificateGenerator.setIssuerDN(stringToBcX509Name(str3));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints.getId(), true, (DEREncodable) new BasicConstraints(z));
        if (str2 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.CertificatePolicies.getId(), false, (DEREncodable) new DERSequence(new PolicyInformation(new DERObjectIdentifier(str2))));
        }
        return x509V3CertificateGenerator.generate(privateKey2);
    }

    public static byte[] getAuthorityKeyId(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.35");
        if (extensionValue == null) {
            return null;
        }
        return new AuthorityKeyIdentifier((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject()).getKeyIdentifier();
    }

    public static byte[] getSubjectKeyId(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        return SubjectKeyIdentifier.getInstance(new ASN1InputStream(new ByteArrayInputStream(ASN1OctetString.getInstance(new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject()).getKeyIdentifier();
    }

    public static String getCertificatePolicyId(X509Certificate x509Certificate, int i) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CertificatePolicies.getId());
        if (extensionValue == null) {
            return null;
        }
        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject();
        if (aSN1Sequence.size() < i + 1) {
            return null;
        }
        return new PolicyInformation((ASN1Sequence) aSN1Sequence.getObjectAt(i)).getPolicyIdentifier().getId();
    }

    public static String getUPNAltName(X509Certificate x509Certificate) throws IOException, CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return null;
        }
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 0) {
                return DERUTF8String.getInstance(((ASN1TaggedObject) ASN1Sequence.getInstance(new ASN1InputStream(new ByteArrayInputStream((byte[]) list.get(1))).readObject()).getObjectAt(1)).getObject()).getString();
            }
        }
        return null;
    }

    public static URL getCrlDistributionPoint(X509Certificate x509Certificate) throws CertificateParsingException {
        String stringFromGeneralNames;
        try {
            DERObject extensionValue = getExtensionValue(x509Certificate, X509Extensions.CRLDistributionPoints.getId());
            if (extensionValue == null) {
                return null;
            }
            ASN1Sequence aSN1Sequence = (ASN1Sequence) extensionValue;
            for (int i = 0; i < aSN1Sequence.size(); i++) {
                ASN1Sequence aSN1Sequence2 = (ASN1Sequence) aSN1Sequence.getObjectAt(i);
                for (int i2 = 0; i2 < aSN1Sequence2.size(); i2++) {
                    ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1Sequence2.getObjectAt(i2);
                    if (aSN1TaggedObject.getTagNo() == 0 && (stringFromGeneralNames = getStringFromGeneralNames(aSN1TaggedObject.getObject())) != null) {
                        return new URL(stringFromGeneralNames);
                    }
                }
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateParsingException(e.toString());
        }
    }

    private static DERObject getExtensionValue(X509Certificate x509Certificate, String str) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject();
    }

    private static String getStringFromGeneralNames(DERObject dERObject) {
        ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance((ASN1TaggedObject) dERObject, false);
        if (aSN1Sequence.size() == 0) {
            return null;
        }
        return new String(ASN1OctetString.getInstance((DERTaggedObject) aSN1Sequence.getObjectAt(0), false).getOctets());
    }

    public static String getCertFingerprintAsString(byte[] bArr) {
        try {
            return Hex.encode(generateSHA1Fingerprint(getCertfromByteArray(bArr).getEncoded())).toString();
        } catch (IOException e) {
            log.error("Error reading byte array for X509 certificate.", e);
            return null;
        } catch (CertificateEncodingException e2) {
            log.error("Error encoding X509 certificate.", e2);
            return null;
        } catch (CertificateException e3) {
            log.error("Error decoding X509 certificate.", e3);
            return null;
        }
    }

    public static String getFingerprintAsString(X509Certificate x509Certificate) {
        try {
            return Hex.encode(generateSHA1Fingerprint(x509Certificate.getEncoded())).toString();
        } catch (CertificateEncodingException e) {
            log.error("Error encoding X509 certificate.", e);
            return null;
        }
    }

    public static String getFingerprintAsString(X509CRL x509crl) {
        try {
            return Hex.encode(generateSHA1Fingerprint(x509crl.getEncoded())).toString();
        } catch (CRLException e) {
            log.error("Error encoding X509 CRL.", e);
            return null;
        }
    }

    public static byte[] generateSHA1Fingerprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA1").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error("SHA1 algorithm not supported", e);
            return null;
        }
    }

    public static byte[] generateMD5Fingerprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("MD5").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error("MD5 algorithm not supported", e);
            return null;
        }
    }

    public static KeyPair keyPair(int i) {
        KeyPair keyPair = null;
        try {
            keyPair = KeyTools.genKeys(i);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e2) {
            e2.printStackTrace();
        }
        return keyPair;
    }

    static {
        oids.put("c", X509Name.C);
        oids.put("dc", X509Name.DC);
        oids.put("st", X509Name.ST);
        oids.put("l", X509Name.L);
        oids.put(StaticJavaGenerator.OUTPUT_PARAM_NAME, X509Name.O);
        oids.put("ou", X509Name.OU);
        oids.put("t", X509Name.T);
        oids.put("surname", X509Name.SURNAME);
        oids.put("initials", X509Name.INITIALS);
        oids.put("givenname", X509Name.GIVENNAME);
        oids.put("gn", X509Name.GIVENNAME);
        oids.put("sn", X509Name.SN);
        oids.put("serialnumber", X509Name.SN);
        oids.put("cn", X509Name.CN);
        oids.put("uid", X509Name.UID);
        oids.put("emailaddress", X509Name.EmailAddress);
        oids.put("e", X509Name.EmailAddress);
        oids.put(EMAIL1, X509Name.EmailAddress);
        dNObjectsForward = new String[]{"emailaddress", "e", EMAIL1, "uid", "cn", "sn", "serialnumber", "gn", "givenname", "initials", "surname", "t", "ou", StaticJavaGenerator.OUTPUT_PARAM_NAME, "l", "st", "dc", "c"};
        dNObjectsReverse = new String[]{"c", "dc", "st", "l", StaticJavaGenerator.OUTPUT_PARAM_NAME, "ou", "t", "surname", "initials", "givenname", "gn", "serialnumber", "sn", "cn", "uid", EMAIL1, "e", "emailaddress"};
        dNObjects = dNObjectsForward;
    }
}
