package net.sourceforge.jcetaglib.lib;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import net.sourceforge.jcetaglib.exceptions.CryptoException;
import net.sourceforge.jcetaglib.tools.FileTools;
import net.sourceforge.jcetaglib.tools.KeyTools;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V2CRLGenerator;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.netscape.NetscapeCertRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:net/sourceforge/jcetaglib/lib/X509Cert.class */
public class X509Cert {
    private static final String NS_CA = "ca";
    private static final String NS_SERVER = "server";
    private static final String NS_CLIENT = "client";
    private static final String NS_ALL = "all";

    public static KeyPair generateKeyPair(String str, int i, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, CryptoException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "BC");
        keyPairGenerator.initialize(i, Seed.getSecureRandom(bArr));
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate selfsign(PrivateKey privateKey, PublicKey publicKey, String str, long j, String str2, boolean z, String str3) throws CertificateException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            Date date = new Date();
            date.setTime(date.getTime() - 600000);
            Date date2 = new Date();
            date2.setTime(date2.getTime() + (j * 86400000));
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            byte[] bArr = new byte[8];
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(new Date().getTime());
            secureRandom.nextBytes(bArr);
            x509V3CertificateGenerator.setSerialNumber(new BigInteger(bArr).abs());
            x509V3CertificateGenerator.setIssuerDN(new X509Principal(str2));
            x509V3CertificateGenerator.setNotBefore(date);
            x509V3CertificateGenerator.setNotAfter(date2);
            x509V3CertificateGenerator.setSubjectDN(new X509Principal(str2));
            x509V3CertificateGenerator.setPublicKey(publicKey);
            x509V3CertificateGenerator.setSignatureAlgorithm(str);
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, CertTools.createSubjectKeyId(publicKey));
            x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(z));
            if (NS_CA.equalsIgnoreCase(str3)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(7));
            } else if (NS_SERVER.equalsIgnoreCase(str3)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(64));
            } else if (NS_CLIENT.equalsIgnoreCase(str3)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(176));
            } else if (NS_ALL.equalsIgnoreCase(str3)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(247));
            }
            X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(privateKey);
            generateX509Certificate.checkValidity(new Date());
            generateX509Certificate.verify(publicKey);
            return generateX509Certificate;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateException(e.getMessage());
        }
    }

    public static X509Certificate sign(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, String str, long j, String str2, boolean z, String str3, String str4) throws CertificateException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            Date date = new Date();
            date.setTime(date.getTime() - 600000);
            Date date2 = new Date();
            date2.setTime(date2.getTime() + (j * 86400000));
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            byte[] bArr = new byte[8];
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(new Date().getTime());
            secureRandom.nextBytes(bArr);
            BigInteger abs = new BigInteger(bArr).abs();
            String obj = x509Certificate.getSubjectDN().toString();
            x509V3CertificateGenerator.setSerialNumber(abs);
            x509V3CertificateGenerator.setIssuerDN(new X509Principal(obj));
            x509V3CertificateGenerator.setNotBefore(date);
            x509V3CertificateGenerator.setNotAfter(date2);
            x509V3CertificateGenerator.setSubjectDN(new X509Principal(str2));
            x509V3CertificateGenerator.setPublicKey(publicKey);
            x509V3CertificateGenerator.setSignatureAlgorithm(str);
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, CertTools.createSubjectKeyId(publicKey));
            x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, CertTools.createAuthorityKeyId(x509Certificate.getPublicKey()));
            x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(z));
            if (str3 != null && !str3.equalsIgnoreCase("")) {
                x509V3CertificateGenerator.addExtension(X509Extensions.CRLDistributionPoints.getId(), false, new DistributionPoint(new DistributionPointName(0, new GeneralNames(new DERSequence(new GeneralName(new DERIA5String(str3), 6)))), (ReasonFlags) null, (GeneralNames) null));
            }
            if (NS_CA.equalsIgnoreCase(str4)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(7));
            } else if (NS_SERVER.equalsIgnoreCase(str4)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(64));
            } else if (NS_CLIENT.equalsIgnoreCase(str4)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(176));
            } else if (NS_ALL.equalsIgnoreCase(str4)) {
                x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(247));
            }
            X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(privateKey);
            generateX509Certificate.checkValidity(new Date());
            generateX509Certificate.verify(x509Certificate.getPublicKey());
            return generateX509Certificate;
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateException(e.getMessage());
        }
    }

    public static X509CRL CreateCRL(BigInteger[] bigIntegerArr, int i, long j, String str, X509Certificate x509Certificate, PrivateKey privateKey) throws CertificateException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date2.getTime() + (j * 60 * 60 * 1000));
            X509V2CRLGenerator x509V2CRLGenerator = new X509V2CRLGenerator();
            x509V2CRLGenerator.setThisUpdate(date);
            x509V2CRLGenerator.setNextUpdate(date2);
            x509V2CRLGenerator.setSignatureAlgorithm(str);
            x509V2CRLGenerator.setIssuerDN(new X509Principal(x509Certificate.getSubjectDN().toString()));
            for (BigInteger bigInteger : bigIntegerArr) {
                x509V2CRLGenerator.addCRLEntry(bigInteger, date, 0);
            }
            x509V2CRLGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, CertTools.createAuthorityKeyId(x509Certificate.getPublicKey()));
            x509V2CRLGenerator.addExtension(X509Extensions.CRLNumber.getId(), false, new CRLNumber(BigInteger.valueOf(i)));
            return x509V2CRLGenerator.generateX509CRL(privateKey);
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateException(e.getMessage());
        }
    }

    public static String verifyCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2, X509CRL x509crl) throws CertificateException {
        String str = "INVALID";
        try {
            if (x509crl.isRevoked(x509Certificate)) {
                str = "REVOKED";
            } else {
                try {
                    x509Certificate.checkValidity(new Date());
                } catch (Exception e) {
                    str = "EXPIRED";
                }
                if (!str.equals("EXPIRED")) {
                    try {
                        x509Certificate.verify(x509Certificate2.getPublicKey());
                        str = "VERIFIED";
                    } catch (Exception e2) {
                        str = "INVALID";
                    }
                }
            }
            return str;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CertificateException(e3.getMessage());
        }
    }

    public static String getCertificateAsPem(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new StringBuffer().append("-----BEGIN CERTIFICATE-----\n").append(new String(Base64.encode(x509Certificate.getEncoded()))).append("\n-----END CERTIFICATE-----").toString();
    }

    public static String getPrivateAsPem(PrivateKey privateKey) {
        return new StringBuffer().append("-----BEGIN PRIVATE KEY-----\n").append(new String(Base64.encode(privateKey.getEncoded()))).append("\n-----END PRIVATE KEY-----").toString();
    }

    public static void saveAsP12(X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, String str, String str2, StringBuffer stringBuffer) throws KeyStoreException, NoSuchProviderException, Exception {
        KeyStore.getInstance("PKCS12", "BC");
        KeyTools.createP12(str2, privateKey, x509Certificate, x509Certificate2).store(new FileOutputStream(str), stringBuffer.toString().toCharArray());
    }

    public static X509Certificate getCertificateFromP12(String str, String str2, StringBuffer stringBuffer) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, IOException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(new FileInputStream(str), stringBuffer.toString().toCharArray());
        return (X509Certificate) KeyTools.getCertChain(keyStore, str2)[0];
    }

    public static X509Certificate getCACertificateFromP12(String str, String str2, StringBuffer stringBuffer) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, IOException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(new FileInputStream(str), stringBuffer.toString().toCharArray());
        Certificate[] certChain = KeyTools.getCertChain(keyStore, str2);
        return (X509Certificate) certChain[certChain.length - 1];
    }

    public static PrivateKey getPrivateFromP12(String str, String str2, StringBuffer stringBuffer) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, IOException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
        keyStore.load(new FileInputStream(str), stringBuffer.toString().toCharArray());
        return (PrivateKey) keyStore.getKey(str2, stringBuffer.toString().toCharArray());
    }

    public static String replace(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(str.length());
        int i = 0;
        while (true) {
            int indexOf = str.indexOf(str2, i);
            if (indexOf == -1) {
                stringBuffer.append(str.substring(i));
                return stringBuffer.toString();
            }
            stringBuffer.append(str.substring(i, indexOf)).append(str3);
            i = indexOf + str2.length();
        }
    }

    public static PKCS10CertificationRequest getPKCS10Request(String str) throws CertificateException {
        byte[] decode;
        try {
            try {
                decode = FileTools.getBytesFromPEM(str.getBytes(), "-----BEGIN CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----");
            } catch (IOException e) {
                try {
                    decode = FileTools.getBytesFromPEM(str.getBytes(), "-----BEGIN NEW CERTIFICATE REQUEST-----", "-----END NEW CERTIFICATE REQUEST-----");
                } catch (IOException e2) {
                    decode = Base64.decode(replace(replace(str, "\n", ""), "\r", "").getBytes());
                }
            }
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(new DERInputStream(new ByteArrayInputStream(decode)).readObject());
            if (pKCS10CertificationRequest.verify()) {
                return pKCS10CertificationRequest;
            }
            throw new CertificateException("Not a valid PKCS10 request");
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CertificateException(e3.getMessage());
        }
    }

    public static NetscapeCertRequest getNetscapeRequest(String str) throws CertificateException {
        try {
            NetscapeCertRequest netscapeCertRequest = new NetscapeCertRequest(new DERInputStream(new ByteArrayInputStream(Base64.decode(replace(replace(str, "\n", ""), "\r", "").getBytes()))).readObject());
            netscapeCertRequest.setChallenge("challenge");
            if (netscapeCertRequest.verify("challenge")) {
                return netscapeCertRequest;
            }
            throw new CertificateException("Not a valid Netscape request");
        } catch (Exception e) {
            e.printStackTrace();
            throw new CertificateException(e.getMessage());
        }
    }
}
