package com.alogic.cert.bc;

import com.alogic.cert.CertificateContent;
import com.alogic.cert.CertificateStore;
import com.anysoft.util.IOTools;
import com.anysoft.util.KeyGen;
import com.anysoft.util.Properties;
import com.anysoft.util.PropertiesConstants;
import com.anysoft.util.XmlElementProperties;
import com.anysoft.util.code.util.RSAUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alogic/cert/bc/CertificateStoreImpl.class */
public class CertificateStoreImpl implements CertificateStore {
    protected String jksPath;
    protected static final Logger LOG = LoggerFactory.getLogger(CertificateStore.class);
    protected static String X500NamePattern = "CN=%s,OU=%s,O=%s,L=%s,ST=%s,C=%s";
    protected String jksType = "jks";
    protected String jksPwd = "alogic";
    protected String jksRootAlias = "RootCA";
    protected String rootCN = "ALOGIC CA";
    protected String rootOU = "ALOGIC.COM";
    protected String rootO = "ALOGIC";
    protected String rootL = "GUANGZHOU";
    protected String rootST = "GUANDDONG";
    protected String rootC = "CN";
    protected SecureRandom secureRandom = null;
    protected X509Certificate rootCert = null;
    protected PrivateKey rootKey = null;
    protected KeyStore keyStore = null;
    protected long rootTTL = 10;
    protected String algorithm = "SHA512WithRSA";

    protected String getRootX500Name() {
        return String.format(X500NamePattern, this.rootCN, this.rootOU, this.rootO, this.rootL, this.rootST, this.rootC);
    }

    protected String getX500Name(String str) {
        return String.format(X500NamePattern, str, this.rootOU, this.rootO, this.rootL, this.rootST, this.rootC);
    }

    protected String getX500Name(Properties properties) {
        return String.format(X500NamePattern, PropertiesConstants.getString(properties, "CN", this.rootCN), PropertiesConstants.getString(properties, "OU", this.rootOU), PropertiesConstants.getString(properties, "O", this.rootO), PropertiesConstants.getString(properties, "L", this.rootL), PropertiesConstants.getString(properties, "ST", this.rootST), PropertiesConstants.getString(properties, "C", this.rootC));
    }

    @Override // com.anysoft.util.XMLConfigurable
    public void configure(Element element, Properties properties) {
        configure(new XmlElementProperties(element, properties));
    }

    @Override // com.anysoft.util.Configurable
    public void configure(Properties properties) {
        this.jksType = PropertiesConstants.getString(properties, "jks.type", this.jksType);
        this.jksPath = PropertiesConstants.getString(properties, "jks.path", "");
        this.jksPwd = PropertiesConstants.getString(properties, "jks.pwd", this.jksPwd);
        this.jksRootAlias = PropertiesConstants.getString(properties, "jks.root", this.jksRootAlias);
        this.algorithm = PropertiesConstants.getString(properties, "jks.algorithm", this.algorithm);
        this.rootTTL = PropertiesConstants.getLong(properties, "ttl", this.rootTTL);
        this.rootCN = PropertiesConstants.getString(properties, "CN", this.rootCN);
        this.rootOU = PropertiesConstants.getString(properties, "OU", this.rootOU);
        this.rootO = PropertiesConstants.getString(properties, "O", this.rootO);
        this.rootL = PropertiesConstants.getString(properties, "L", this.rootL);
        this.rootST = PropertiesConstants.getString(properties, "ST", this.rootST);
        this.rootC = PropertiesConstants.getString(properties, "C", this.rootC);
        try {
            this.secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
        } catch (NoSuchAlgorithmException e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        } catch (NoSuchProviderException e2) {
            LOG.error(ExceptionUtils.getStackTrace(e2));
        }
        init();
    }

    /* JADX WARN: Finally extract failed */
    protected void init() {
        try {
            Security.addProvider(new BouncyCastleProvider());
            this.keyStore = KeyStore.getInstance(this.jksType);
            File file = new File(this.jksPath);
            if (file.exists() && file.isFile()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    this.keyStore.load(new FileInputStream(file), this.jksPwd.toCharArray());
                    IOTools.close(fileInputStream);
                    this.rootCert = (X509Certificate) this.keyStore.getCertificate(this.jksRootAlias);
                    this.rootKey = (PrivateKey) this.keyStore.getKey(this.jksRootAlias, this.jksPwd.toCharArray());
                } catch (Throwable th) {
                    IOTools.close(fileInputStream);
                    throw th;
                }
            } else {
                this.keyStore.load(null, this.jksPwd.toCharArray());
            }
            if (this.rootCert == null || this.rootKey == null) {
                KeyPair generateKeyPair = KeyPairGenerator.getInstance(RSAUtil.KEY_ALGORITHM).generateKeyPair();
                PublicKey publicKey = generateKeyPair.getPublic();
                PrivateKey privateKey = generateKeyPair.getPrivate();
                long currentTimeMillis = System.currentTimeMillis();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(getRootX500Name()), BigInteger.valueOf((currentTimeMillis * 10000) + Integer.parseInt(KeyGen.uuid(5, 0, 9))), new Date(currentTimeMillis), new Date(currentTimeMillis + (this.rootTTL * 365 * 24 * 60 * 60 * 1000)), new X500Name(getRootX500Name()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
                addExtension(x509v3CertificateBuilder);
                this.keyStore.setKeyEntry(this.jksRootAlias, privateKey, this.jksPwd.toCharArray(), new X509Certificate[]{new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.algorithm).setSecureRandom(this.secureRandom).setProvider("BC").build(privateKey)))});
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                try {
                    this.keyStore.store(fileOutputStream, this.jksPwd.toCharArray());
                    IOTools.close(fileOutputStream);
                    this.rootCert = (X509Certificate) this.keyStore.getCertificate(this.jksRootAlias);
                    this.rootKey = (PrivateKey) this.keyStore.getKey(this.jksRootAlias, this.jksPwd.toCharArray());
                } catch (Throwable th2) {
                    IOTools.close(fileOutputStream);
                    throw th2;
                }
            }
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent getRoot(CertificateContent certificateContent) {
        try {
            certificateContent.setContent(this.rootCert.getSerialNumber().toString(), this.rootCert.getEncoded(), this.rootKey.getEncoded());
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
        return certificateContent;
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, String str) {
        return newCertificate(bigInteger, certificateContent, getX500Name(str), null);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, Properties properties) {
        return newCertificate(bigInteger, certificateContent, getX500Name(properties), properties);
    }

    protected CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, String str, Properties properties) {
        try {
            long j = properties == null ? this.rootTTL : PropertiesConstants.getLong(properties, "ttl", this.rootTTL);
            long currentTimeMillis = System.currentTimeMillis();
            KeyPair generateKeyPair = KeyPairGenerator.getInstance(RSAUtil.KEY_ALGORITHM).generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(getRootX500Name()), bigInteger, new Date(currentTimeMillis), new Date(currentTimeMillis + (j * 365 * 24 * 60 * 60 * 1000)), new X500Name(str), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
            addExtension(x509v3CertificateBuilder);
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.algorithm).setSecureRandom(this.secureRandom).setProvider("BC").build(this.rootKey)));
            certificateContent.setContent(certificate.getSerialNumber().toString(), certificate.getEncoded(), privateKey.getEncoded());
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
        return certificateContent;
    }

    public void addExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 + 32768));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_scvpClient);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_scvpServer);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_codeSigning);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_timeStamping);
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
    }
}
