package com.alogic.cert.bc;

import com.alogic.cert.CertTools;
import com.alogic.cert.CertificateContent;
import com.alogic.cert.CertificateStore;
import com.alogic.cert.PemCertificateContent;
import com.alogic.xscript.Logiclet;
import com.alogic.xscript.LogicletContext;
import com.alogic.xscript.Script;
import com.alogic.xscript.doc.json.JsonObject;
import com.alogic.xscript.util.LogicletConstants;
import com.anysoft.util.KeyGen;
import com.anysoft.util.Properties;
import com.anysoft.util.PropertiesConstants;
import com.anysoft.util.Settings;
import com.anysoft.util.XmlElementProperties;
import com.anysoft.util.XmlTools;
import com.anysoft.util.code.util.RSAUtil;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alogic/cert/bc/CAStoreImpl.class */
public class CAStoreImpl implements CertificateStore {
    protected static final Logger LOG = LoggerFactory.getLogger(CertificateStore.class);
    public static final String XSCRIPT_OBJECT_ID = "$cert-builder";
    protected String rootX500Name = "CN=alogic-ca";
    protected SecureRandom secureRandom = null;
    protected X509Certificate rootCert = null;
    protected PrivateKey rootKey = null;
    protected long rootTTL = 10;
    protected String algorithm = "SHA512WithRSA";
    protected Logiclet onLoad = null;
    protected Logiclet onSave = null;

    protected String getRootX500Name() {
        return this.rootX500Name;
    }

    protected String getX500Name(String str) {
        return str;
    }

    protected String getX500Name(Properties properties) {
        return PropertiesConstants.getString(properties, "x500Name", this.rootX500Name);
    }

    @Override // com.anysoft.util.XMLConfigurable
    public void configure(Element element, Properties properties) {
        XmlElementProperties xmlElementProperties = new XmlElementProperties(element, properties);
        Element firstElementByPath = XmlTools.getFirstElementByPath(element, "on-load");
        if (firstElementByPath != null) {
            this.onLoad = Script.create(firstElementByPath, xmlElementProperties);
        }
        Element firstElementByPath2 = XmlTools.getFirstElementByPath(element, "on-save");
        if (firstElementByPath2 != null) {
            this.onSave = Script.create(firstElementByPath2, xmlElementProperties);
        }
        configure(xmlElementProperties);
    }

    @Override // com.anysoft.util.Configurable
    public void configure(Properties properties) {
        this.algorithm = PropertiesConstants.getString(properties, "algorithm", this.algorithm);
        this.rootTTL = PropertiesConstants.getLong(properties, "ttl", this.rootTTL);
        this.rootX500Name = PropertiesConstants.getString(properties, "x500Name", this.rootX500Name);
        try {
            this.secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
        } catch (NoSuchAlgorithmException e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        } catch (NoSuchProviderException e2) {
            LOG.error(ExceptionUtils.getStackTrace(e2));
        }
        init();
    }

    protected void loadRootCA() {
        if (this.onLoad != null) {
            LogicletContext logicletContext = new LogicletContext(Settings.get());
            try {
                JsonObject jsonObject = new JsonObject("root", new HashMap());
                this.onLoad.execute(jsonObject, jsonObject, logicletContext, null);
                String string = PropertiesConstants.getString(logicletContext, "$rootCA", "");
                String string2 = PropertiesConstants.getString(logicletContext, "$rootKey", "");
                String string3 = PropertiesConstants.getString(logicletContext, "$rootPwd", "");
                if (StringUtils.isNotEmpty(string) && StringUtils.isNotEmpty(string2) && !string.equals(LogicletConstants.ZERO) && !string2.equals(LogicletConstants.ZERO)) {
                    new PemCertificateContent();
                    this.rootCert = CertTools.loadX509Certificate(string);
                    this.rootKey = CertTools.loadPrivateKey(string2, string3);
                }
            } catch (Exception e) {
                LOG.error(ExceptionUtils.getStackTrace(e));
            }
        }
    }

    protected void saveRootCA() {
        if (this.onSave != null) {
            PemCertificateContent pemCertificateContent = new PemCertificateContent();
            pemCertificateContent.setContent(String.valueOf(this.rootCert.getSerialNumber()), this.rootCert, this.rootKey);
            LogicletContext logicletContext = new LogicletContext(Settings.get());
            try {
                JsonObject jsonObject = new JsonObject("root", new HashMap());
                logicletContext.SetValue("$rootCA", new String(pemCertificateContent.getCert(false)));
                logicletContext.SetValue("$rootKey", new String(pemCertificateContent.getKey(false)));
                this.onSave.execute(jsonObject, jsonObject, logicletContext, null);
            } catch (Exception e) {
                LOG.error(ExceptionUtils.getStackTrace(e));
            }
        }
    }

    protected void init() {
        try {
            Security.addProvider(new BouncyCastleProvider());
            loadRootCA();
            if (this.rootCert == null || this.rootKey == null) {
                KeyPair generateKeyPair = KeyPairGenerator.getInstance(RSAUtil.KEY_ALGORITHM).generateKeyPair();
                PublicKey publicKey = generateKeyPair.getPublic();
                PrivateKey privateKey = generateKeyPair.getPrivate();
                long currentTimeMillis = System.currentTimeMillis();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(getRootX500Name()), BigInteger.valueOf((currentTimeMillis * 10000) + Integer.parseInt(KeyGen.uuid(5, 0, 9))), new Date(currentTimeMillis), new Date(currentTimeMillis + (this.rootTTL * 365 * 24 * 60 * 60 * 1000)), new X500Name(getRootX500Name()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
                addExtension(x509v3CertificateBuilder);
                x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
                this.rootCert = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.algorithm).setSecureRandom(this.secureRandom).setProvider("BC").build(privateKey)));
                this.rootKey = privateKey;
                saveRootCA();
            }
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent getRoot(CertificateContent certificateContent) {
        try {
            certificateContent.setContent(this.rootCert.getSerialNumber().toString(), this.rootCert, this.rootKey);
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
        return certificateContent;
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, String str) {
        PemCertificateContent pemCertificateContent = new PemCertificateContent();
        pemCertificateContent.setContent(String.valueOf(this.rootCert.getSerialNumber()), this.rootCert, this.rootKey);
        return newCertificate(bigInteger, certificateContent, pemCertificateContent, getX500Name(str), (Logiclet) null, (Properties) null);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, CertificateContent certificateContent2, String str) {
        return newCertificate(bigInteger, certificateContent, certificateContent2, getX500Name(str), (Logiclet) null, (Properties) null);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, CertificateContent certificateContent2, Logiclet logiclet, String str) {
        return newCertificate(bigInteger, certificateContent, certificateContent2, getX500Name(str), logiclet, (Properties) null);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, String str, Properties properties) {
        PemCertificateContent pemCertificateContent = new PemCertificateContent();
        pemCertificateContent.setContent(String.valueOf(this.rootCert.getSerialNumber()), this.rootCert, this.rootKey);
        return newCertificate(bigInteger, certificateContent, pemCertificateContent, StringUtils.isNotEmpty(str) ? str : getX500Name(properties), (Logiclet) null, properties);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, CertificateContent certificateContent2, String str, Properties properties) {
        return newCertificate(bigInteger, certificateContent, certificateContent2, StringUtils.isNotEmpty(str) ? str : getX500Name(properties), (Logiclet) null, properties);
    }

    @Override // com.alogic.cert.CertificateStore
    public CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, CertificateContent certificateContent2, Logiclet logiclet, String str, Properties properties) {
        return newCertificate(bigInteger, certificateContent, certificateContent2, StringUtils.isNotEmpty(str) ? str : getX500Name(properties), logiclet, properties);
    }

    protected CertificateContent newCertificate(BigInteger bigInteger, CertificateContent certificateContent, CertificateContent certificateContent2, String str, Logiclet logiclet, Properties properties) {
        try {
            long j = properties == null ? this.rootTTL : PropertiesConstants.getLong(properties, "ttl", this.rootTTL);
            long currentTimeMillis = System.currentTimeMillis();
            KeyPair generateKeyPair = KeyPairGenerator.getInstance(RSAUtil.KEY_ALGORITHM).generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(certificateContent2 == null ? str : certificateContent2.getX500Name()), bigInteger, new Date(currentTimeMillis), new Date(currentTimeMillis + (j * 365 * 24 * 60 * 60 * 1000)), new X500Name(str), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
            addExtension(x509v3CertificateBuilder, logiclet, properties);
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.algorithm).setSecureRandom(this.secureRandom).setProvider("BC").build(certificateContent2 == null ? privateKey : certificateContent2.getPrivateKey())));
            certificateContent.setContent(certificate.getSerialNumber().toString(), certificate, privateKey);
        } catch (Exception e) {
            LOG.error(ExceptionUtils.getStackTrace(e));
        }
        return certificateContent;
    }

    public void addExtension(X509v3CertificateBuilder x509v3CertificateBuilder, Logiclet logiclet, Properties properties) throws CertIOException {
        if (logiclet == null) {
            addExtension(x509v3CertificateBuilder);
            return;
        }
        LogicletContext logicletContext = new LogicletContext(properties == null ? Settings.get() : properties);
        try {
            try {
                logicletContext.setObject("$cert-builder", x509v3CertificateBuilder);
                JsonObject jsonObject = new JsonObject("root", new HashMap());
                logiclet.execute(jsonObject, jsonObject, logicletContext, null);
                logicletContext.removeObject("$cert-builder");
            } catch (Exception e) {
                LOG.info("Failed to execute onload script" + ExceptionUtils.getStackTrace(e));
                logicletContext.removeObject("$cert-builder");
            }
        } catch (Throwable th) {
            logicletContext.removeObject("$cert-builder");
            throw th;
        }
    }

    public void addExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 + 32768));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_scvpClient);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_scvpServer);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_codeSigning);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_timeStamping);
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
    }
}
