package de.tsl2.nano.core.secure;

import de.tsl2.nano.core.Argumentator;
import de.tsl2.nano.core.ManagedException;
import de.tsl2.nano.core.log.LogFactory;
import de.tsl2.nano.core.util.FileUtil;
import de.tsl2.nano.core.util.MapUtil;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import org.apache.commons.logging.Log;

/* JADX WARN: Classes with same name are omitted:
  input_file:tsl2.nano.core-2.4.4.jar:de/tsl2/nano/core/secure/PKI.class
 */
/* loaded from: input_file:de/tsl2/nano/core/secure/PKI.class */
public class PKI {
    private static final Log LOG = LogFactory.getLog(Crypt.class);
    Crypt crypt;
    TrustedOrganisation issuer;

    public PKI(Crypt crypt, TrustedOrganisation trustedOrganisation) {
        this.crypt = crypt;
        this.issuer = trustedOrganisation;
    }

    public Certificate createCertificate(InputStream inputStream) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (CertificateException e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public static CertPath createCertPath(InputStream inputStream) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertPath(inputStream);
        } catch (CertificateException e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public CertPath createCertPath(TrustedOrganisation trustedOrganisation, Date date, Date date2) {
        return createCertPath(trustedOrganisation, this.issuer, date, date2, (PublicKey) this.crypt.key);
    }

    public static CertPath createCertPath(TrustedOrganisation trustedOrganisation, TrustedOrganisation trustedOrganisation2, Date date, Date date2, PublicKey publicKey) {
        Set singleton;
        if (trustedOrganisation2 != null) {
            try {
                singleton = Collections.singleton(new TrustAnchor(trustedOrganisation2.toString(), publicKey, (byte[]) null));
            } catch (Exception e) {
                ManagedException.forward(e);
                return null;
            }
        } else {
            singleton = null;
        }
        Set set = singleton;
        X509CertSelector x509CertSelector = new X509CertSelector();
        if (trustedOrganisation2 != null) {
            x509CertSelector.setIssuer(trustedOrganisation2.toX500Principal());
        }
        x509CertSelector.setSubject(trustedOrganisation.toX500Principal());
        x509CertSelector.setSubjectPublicKey(publicKey);
        x509CertSelector.setCertificateValid(date2);
        x509CertSelector.setKeyUsage(new boolean[]{true});
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) set, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(true);
        pKIXBuilderParameters.setDate(date);
        return createCertPath(pKIXBuilderParameters);
    }

    public static CertPath createCertPath(CertPathParameters certPathParameters) {
        try {
            CertPath certPath = CertPathBuilder.getInstance("PKIX").build(certPathParameters).getCertPath();
            LOG.debug("build passed, path contents: " + certPath);
            return certPath;
        } catch (Exception e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public static CertPathValidatorResult verifyCertPath(CertPath certPath, CertPathParameters certPathParameters) {
        try {
            return CertPathValidator.getInstance("PKIX").validate(certPath, certPathParameters);
        } catch (Exception e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public static Key createPublicKey(byte[] bArr, String str) {
        try {
            return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public static long write(Certificate certificate, OutputStream outputStream) {
        try {
            return FileUtil.write(new ByteArrayInputStream(certificate.getEncoded()), outputStream, true);
        } catch (CertificateEncodingException e) {
            ManagedException.forward(e);
            return -1L;
        }
    }

    public static long write(Key key, OutputStream outputStream) {
        return FileUtil.write(new ByteArrayInputStream(key.getEncoded()), outputStream, true);
    }

    public byte[] sign(InputStream inputStream) {
        return sign(inputStream, (PrivateKey) this.crypt.key);
    }

    public byte[] sign(InputStream inputStream, PrivateKey privateKey) {
        return sign(inputStream, this.crypt.algorithm, privateKey);
    }

    public static byte[] sign(String str, String str2, PrivateKey privateKey) {
        return sign(FileUtil.getFile(str), str2, privateKey);
    }

    public static byte[] sign(InputStream inputStream, String str, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            byte[] bArr = new byte[1024];
            while (true) {
                int read = bufferedInputStream.read(bArr);
                if (read < 0) {
                    bufferedInputStream.close();
                    return signature.sign();
                }
                signature.update(bArr, 0, read);
            }
        } catch (Exception e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public boolean verify(InputStream inputStream, byte[] bArr) {
        return verify(inputStream, bArr, (PublicKey) this.crypt.key, this.crypt.algorithm);
    }

    public static boolean verify(InputStream inputStream, byte[] bArr, PublicKey publicKey, String str) {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
            byte[] bArr2 = new byte[1024];
            while (bufferedInputStream.available() != 0) {
                signature.update(bArr2, 0, bufferedInputStream.read(bArr2));
            }
            bufferedInputStream.close();
            boolean verify = signature.verify(bArr);
            LOG.info("signature verifies: " + verify);
            return verify;
        } catch (Exception e) {
            ManagedException.forward(e);
            return false;
        }
    }

    public static KeyStore createKeyStore() {
        return createKeyStore(null, null);
    }

    public static KeyStore createKeyStore(String str, char[] cArr) {
        return createKeyStore("PKCS12", str, cArr);
    }

    public static KeyStore createKeyStore(String str, String str2, char[] cArr) {
        InputStream inputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                if (str2 != null) {
                    inputStream = new File(str2).exists() ? new FileInputStream(str2) : Thread.currentThread().getContextClassLoader().getResourceAsStream(str2);
                }
                keyStore.load(inputStream, cArr);
                LOG.debug("keystore created: " + keyStore);
                if (inputStream != null) {
                    FileUtil.close(inputStream, true);
                }
                return keyStore;
            } catch (Exception e) {
                ManagedException.forward(e);
                if (inputStream != null) {
                    FileUtil.close(inputStream, true);
                }
                return null;
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                FileUtil.close(inputStream, true);
            }
            throw th;
        }
    }

    public static KeyManagerFactory getKeyManagerFactory(KeyStore keyStore, String str) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            return keyManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            ManagedException.forward(e);
            return null;
        }
    }

    public static void peristKeyStore(KeyStore keyStore, String str, String str2) {
        try {
            keyStore.store(new FileOutputStream(str), str2.toCharArray());
        } catch (Exception e) {
            ManagedException.forward(e);
        }
    }

    private static final Map<String, String> manual() {
        return MapUtil.asMap("help", "this help", "gencert", "creates a certificate : <subject-dn> [issuer-dn] [public-key]", "vercert", "verifies a certificate: <cert-file>");
    }

    public static void main(String[] strArr) {
        new Argumentator("PKI", manual(), strArr);
    }
}
