package com.prosysopc.ua;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.opcfoundation.ua.builtintypes.LocalizedText;
import org.opcfoundation.ua.core.ApplicationDescription;
import org.opcfoundation.ua.core.SignedSoftwareCertificate;
import org.opcfoundation.ua.transport.security.Cert;
import org.opcfoundation.ua.transport.security.KeyPair;
import org.opcfoundation.ua.transport.security.PrivKey;
import org.opcfoundation.ua.utils.CertificateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-3.1.8-580.jar:com/prosysopc/ua/ApplicationIdentity.class */
public class ApplicationIdentity extends SecureIdentity {
    public static final String CERT_FILE_EXTENSIONS = ".der";
    private static int A = 3650;
    private static Logger logger = LoggerFactory.getLogger(ApplicationIdentity.class);
    private static final String[] B = {".pem", ".pfx", ".key"};
    private static volatile boolean C = true;
    private static volatile String D = null;
    private ApplicationDescription applicationDescription;
    private KeyPair[] E;
    private KeyPair F;
    private String G;

    public static ApplicationIdentity createCertificate(ApplicationDescription applicationDescription, String str, KeyPair keyPair, String... strArr) throws SecureIdentityException {
        a(applicationDescription);
        ApplicationIdentity createCertificate = createCertificate(applicationDescription.getApplicationName().getText(), str, keyPair, applicationDescription.getApplicationUri(), strArr);
        createCertificate.setApplicationDescription(applicationDescription);
        return createCertificate;
    }

    public static ApplicationIdentity createCertificate(ApplicationDescription applicationDescription, String str, String... strArr) throws SecureIdentityException {
        return createCertificate(applicationDescription, str, null, strArr);
    }

    public static ApplicationIdentity createCertificate(String str, String str2, KeyPair keyPair, String str3, String... strArr) throws SecureIdentityException {
        KeyPair createKeyPair = createKeyPair(str, str2, A, keyPair, str3, strArr);
        ApplicationIdentity applicationIdentity = new ApplicationIdentity(createKeyPair.getCertificate(), createKeyPair.getPrivateKey());
        applicationIdentity.setOrganisation(str2);
        return applicationIdentity;
    }

    public static KeyPair createHttpsCertificate(ApplicationDescription applicationDescription, String str, KeyPair keyPair) throws GeneralSecurityException, IOException {
        return CertificateUtils.createHttpsCertificate(str, applicationDescription.getApplicationUri(), 3650, keyPair);
    }

    public static KeyPair createKeyPair(String str, String str2, int i, KeyPair keyPair, String str3, String... strArr) throws SecureIdentityException {
        if (str3 != null && str3.contains(SshdSocketAddress.LOCALHOST_NAME)) {
            throw new IllegalArgumentException("ApplicationURI should not contain 'localhost'.");
        }
        try {
            KeyPair createApplicationInstanceCertificate = CertificateUtils.createApplicationInstanceCertificate(str, str2, str3, i, keyPair, strArr);
            logger.info("Created a new Certificate: {}; ApplicationURI={} KeySize={}", createApplicationInstanceCertificate.getCertificate().getCertificate().getSubjectX500Principal().toString(), str3, Integer.valueOf(CertificateUtils.getKeySize()));
            return createApplicationInstanceCertificate;
        } catch (Exception e) {
            throw new SecureIdentityException("Cannot create certificate for application " + str, e);
        }
    }

    public static String getActualHostName() {
        String str;
        if (D != null) {
            return D;
        }
        try {
            InetAddress localHost = InetAddress.getLocalHost();
            String hostName = localHost.getHostName();
            logger.debug("hostName={}", hostName);
            boolean contains = hostName.toLowerCase().contains(SshdSocketAddress.LOCALHOST_NAME);
            String hostAddress = localHost.getHostAddress();
            logger.debug("ipAddress={}", hostAddress);
            if (contains || !hostName.contains(".") || hostName.equals(hostAddress)) {
                String canonicalHostName = localHost.getCanonicalHostName();
                logger.debug("canonicalHostName={}", canonicalHostName);
                boolean contains2 = canonicalHostName.toLowerCase().contains(SshdSocketAddress.LOCALHOST_NAME);
                str = contains ? contains2 ? hostAddress : canonicalHostName : (hostName.contains(".") || contains2 || canonicalHostName.equals(hostAddress)) ? hostName : canonicalHostName;
            } else {
                str = hostName;
            }
            if (C) {
                D = str;
            }
            return str;
        } catch (UnknownHostException e) {
            logger.warn("Cannot determine Hostname. Using 'localhost'", (Throwable) e);
            return SshdSocketAddress.LOCALHOST_NAME;
        }
    }

    public static String getActualHostNameWithoutDomain() {
        String actualHostName = getActualHostName();
        if (actualHostName == null) {
            return null;
        }
        int indexOf = actualHostName.indexOf(".");
        if (indexOf < 0) {
            return actualHostName;
        }
        String substring = actualHostName.substring(0, indexOf);
        return substring.matches(".*[^0-9].*") ? substring : actualHostName;
    }

    public static int getDefaultCertificateDays() {
        return A;
    }

    public static ApplicationIdentity loadOrCreateCertificate(ApplicationDescription applicationDescription, String str, String str2, File file, boolean z, String... strArr) throws SecureIdentityException, IOException {
        return loadOrCreateCertificate(applicationDescription, str, str2, file, null, null, z, strArr);
    }

    public static ApplicationIdentity loadOrCreateCertificate(ApplicationDescription applicationDescription, String str, String str2, File file, KeyPair keyPair, int[] iArr, boolean z, String... strArr) throws SecureIdentityException, IOException {
        a(applicationDescription);
        ApplicationIdentity loadOrCreateCertificate = loadOrCreateCertificate(applicationDescription.getApplicationName().getText(), str, str2, file, keyPair, iArr, z, applicationDescription.getApplicationUri(), strArr);
        loadOrCreateCertificate.setApplicationDescription(applicationDescription);
        return loadOrCreateCertificate;
    }

    public static ApplicationIdentity loadOrCreateCertificate(String str, String str2, File file, File file2, String str3, KeyPair keyPair, boolean z, String str4, String... strArr) throws SecureIdentityException, IOException {
        KeyPair loadOrCreateKeyPair = loadOrCreateKeyPair(str, str2, file, file2, str3, keyPair, z, str4, strArr);
        return new ApplicationIdentity(loadOrCreateKeyPair.getCertificate(), loadOrCreateKeyPair.getPrivateKey());
    }

    public static ApplicationIdentity loadOrCreateCertificate(String str, String str2, String str3, File file, KeyPair keyPair, int[] iArr, boolean z, String str4, String... strArr) throws SecureIdentityException, IOException {
        if (iArr == null || iArr.length == 0) {
            iArr = new int[]{0};
        }
        KeyPair[] keyPairArr = new KeyPair[iArr.length];
        for (int i = 0; i < iArr.length; i++) {
            int i2 = iArr[i];
            String str5 = str;
            if (i2 > 0) {
                str5 = str5 + "_" + i2;
                CertificateUtils.setKeySize(i2);
            }
            if (i2 == 0) {
                CertificateUtils.setKeySize(2048);
            }
            keyPairArr[i] = loadOrCreateKeyPair(str, str2, getBestFile(file, str5, CERT_FILE_EXTENSIONS), getBestFile(file, str5, B), str3, keyPair, z, str4, strArr);
        }
        return new ApplicationIdentity(keyPairArr);
    }

    public static KeyPair loadOrCreateHttpsCertificate(ApplicationDescription applicationDescription, String str, String str2, KeyPair keyPair, File file, boolean z) throws IOException, SecureIdentityException {
        String str3 = applicationDescription.getApplicationName().getText() + "_https";
        File bestFile = getBestFile(file, str3, CERT_FILE_EXTENSIONS);
        File bestFile2 = getBestFile(file, str3, B);
        boolean endsWith = bestFile2.getName().toLowerCase().endsWith(".pfx");
        KeyPair loadCertificate = loadCertificate("HTTPS", str2, z, bestFile, bestFile2, endsWith);
        KeyPair keyPair2 = loadCertificate;
        if (loadCertificate == null) {
            try {
                keyPair2 = createHttpsCertificate(applicationDescription, str, keyPair);
                try {
                    saveCertificate("HTTPS", keyPair2, bestFile, bestFile2, str2, endsWith);
                } catch (GeneralSecurityException e) {
                    throw new SecureIdentityException("Failed to save HTTPS certificate to PKCS12 store.", e);
                }
            } catch (GeneralSecurityException e2) {
                throw new SecureIdentityException("Failed to create HTTPS certificate.", e2);
            }
        }
        return keyPair2;
    }

    public static KeyPair loadOrCreateIssuerCertificate(String str, File file, String str2, int i, boolean z) throws IOException, SecureIdentityException {
        File bestFile = getBestFile(file, str, CERT_FILE_EXTENSIONS);
        File bestFile2 = getBestFile(file, str, B);
        boolean endsWith = bestFile2.getName().toLowerCase().endsWith(".pfx");
        KeyPair loadCertificate = loadCertificate("Issuer", str2, z, bestFile, bestFile2, endsWith);
        KeyPair keyPair = loadCertificate;
        if (loadCertificate == null) {
            try {
                keyPair = CertificateUtils.createIssuerCertificate(str, i, null);
                try {
                    saveCertificate("Issuer", keyPair, bestFile, bestFile2, str2, endsWith);
                } catch (GeneralSecurityException e) {
                    throw new SecureIdentityException("Failed to save Issuer certificate to PKCS12 store.", e);
                }
            } catch (GeneralSecurityException e2) {
                throw new SecureIdentityException("Failed to create Issuer certificate.", e2);
            }
        }
        return keyPair;
    }

    public static KeyPair loadOrCreateKeyPair(String str, String str2, File file, File file2, String str3, KeyPair keyPair, boolean z, String str4, String... strArr) throws IOException, SecureIdentityException {
        KeyPair keyPair2;
        boolean z2 = false;
        boolean z3 = false;
        Cert cert = null;
        PrivKey privKey = null;
        if (file.exists() && file2.exists()) {
            logger.info("Reading application certificate from {}", file.getAbsolutePath());
            try {
                cert = Cert.load(file);
                if (cert != null) {
                    try {
                        cert.getCertificate().checkValidity();
                    } catch (CertificateExpiredException e) {
                        logger.info("Certificate expired.");
                        if (!z) {
                            throw new SecureIdentityException("Certificate expired", e);
                        }
                        z2 = true;
                    } catch (CertificateException e2) {
                        throw new SecureIdentityException("Certificate cannot be loaded from file " + file, e2);
                    }
                }
                logger.info("Reading private key from keystore {}", file2.getAbsolutePath());
                try {
                    try {
                        privKey = PrivKey.load(file2, str3);
                        logger.debug("Read private key in PEM format");
                    } catch (Exception e3) {
                        logger.debug("Failed to read PEM: " + e3.getMessage(), (Throwable) e3);
                        if (e3.getMessage().contains("password")) {
                            throw new SecureIdentityException("Private key cannot be loaded from file " + file2, e3);
                        }
                    }
                    if (privKey == null) {
                        privKey = PrivKey.loadFromKeyStore(file2, str3);
                        logger.debug("Read private key in PKCS12 format");
                        z3 = true;
                    }
                } catch (IOException e4) {
                    throw new SecureIdentityException("Private key cannot be loaded from file " + file2, e4);
                } catch (GeneralSecurityException e5) {
                    throw new SecureIdentityException("Private key cannot be loaded from file " + file2, e5);
                }
            } catch (CertificateException e6) {
                throw new SecureIdentityException("Cannot load certificate", e6);
            }
        } else {
            logger.debug("Application certificate or private key not found");
            z2 = true;
        }
        if (z2) {
            logger.info("Creating a new application certificate & private key");
            a(file);
            a(file2);
            if (cert != null) {
                try {
                    keyPair2 = CertificateUtils.renewApplicationInstanceCertificate(str, str2, str4, A, new KeyPair(cert, privKey), keyPair, strArr);
                } catch (IllegalStateException e7) {
                    throw new SecureIdentityException("Failed to renew the application instance certificate", e7);
                } catch (GeneralSecurityException e8) {
                    throw new SecureIdentityException("Failed to renew the application instance certificate", e8);
                }
            } else {
                keyPair2 = createKeyPair(str, str2, A, keyPair, str4, strArr);
            }
            Cert certificate = keyPair2.getCertificate();
            PrivKey privateKey = keyPair2.getPrivateKey();
            certificate.save(file);
            if (z3) {
                try {
                    privateKey.saveToKeyStore(certificate, file2, str3, str3, "PKCS12");
                } catch (KeyStoreException e9) {
                    throw new SecureIdentityException("Cannot save the private key to file " + file2, e9);
                } catch (NoSuchAlgorithmException e10) {
                    throw new SecureIdentityException("Cannot save the private key to file " + file2, e10);
                } catch (NoSuchProviderException e11) {
                    throw new SecureIdentityException("Cannot save the private key to file " + file2, e11);
                } catch (CertificateException e12) {
                    throw new SecureIdentityException("Cannot save the private key to file " + file2, e12);
                }
            } else if (System.getProperty("java.runtime.name").toLowerCase().contains("android")) {
                privateKey.save(file2);
            } else {
                privateKey.save(file2, str3);
            }
        } else {
            keyPair2 = new KeyPair(cert, privKey);
        }
        return keyPair2;
    }

    public static void setCacheLocalHostname(boolean z) {
        C = z;
    }

    public static void setDefaultCertificateDays(int i) {
        A = i;
    }

    private static void a(File file) {
        if (file.getParentFile() != null) {
            file.getParentFile().mkdirs();
        }
    }

    private static void a(ApplicationDescription applicationDescription) throws NullPointerException {
        if (applicationDescription == null) {
            throw new NullPointerException("Cannot set null to ApplicationDescription");
        }
        applicationDescription.setApplicationUri(replaceHostNameTagWithActualHostName(applicationDescription.getApplicationUri()));
        applicationDescription.setApplicationName(new LocalizedText(replaceHostNameTagWithActualHostName(applicationDescription.getApplicationName().getText()), applicationDescription.getApplicationName().getLocale()));
    }

    protected static File getBestFile(File file, String str, String... strArr) {
        File file2 = new File(file, str + strArr[0]);
        if (!file2.exists()) {
            for (int i = 1; i < strArr.length; i++) {
                File file3 = new File(file, str + strArr[i]);
                if (file3.exists()) {
                    return file3;
                }
            }
        }
        return file2;
    }

    protected static KeyPair loadCertificate(String str, String str2, boolean z, File file, File file2, boolean z2) throws SecureIdentityException {
        PrivKey load;
        if (!file.exists() || !file2.exists()) {
            return null;
        }
        try {
            Cert load2 = Cert.load(file);
            logger.info("{} certificate loaded from {}", str, file);
            boolean z3 = false;
            try {
                load2.getCertificate().checkValidity();
                z3 = true;
            } catch (CertificateExpiredException e) {
                logger.info("{} certificate expired.", str);
                if (!z) {
                    throw new SecureIdentityException(str + " certificate expired", e);
                }
            } catch (CertificateException e2) {
                throw new SecureIdentityException("Failed to load " + str + " certificate from " + file, e2);
            }
            if (!z3) {
                return null;
            }
            try {
                if (z2) {
                    logger.debug("Reading private key in PKCS12 format");
                    load = PrivKey.loadFromKeyStore(file2, str2);
                } else {
                    logger.debug("Reading private key in PEM format");
                    load = PrivKey.load(file2, str2);
                }
                logger.info("{} private key loaded from {}", str, file2);
                return new KeyPair(load2, load);
            } catch (IOException e3) {
                throw new SecureIdentityException("Failed to load " + str + " private key from " + file2, e3);
            } catch (GeneralSecurityException e4) {
                throw new SecureIdentityException("Failed to load " + str + " private key from " + file2, e4);
            }
        } catch (IOException e5) {
            throw new SecureIdentityException("Failed to load " + str + " certificate from " + file, e5);
        } catch (CertificateException e6) {
            throw new SecureIdentityException("Failed to load " + str + " certificate from " + file, e6);
        }
    }

    protected static ApplicationIdentity loadOrCreateFromProtectedStore(ApplicationDescription applicationDescription, String str, String str2, String str3, String str4, KeyPair keyPair, String... strArr) throws IOException, SecureIdentityException {
        KeyPair createKeyPair;
        a(applicationDescription);
        String text = applicationDescription.getApplicationName().getText();
        try {
            createKeyPair = CertificateUtils.loadKeyPairFromProtectedStore(str3, text, str4, str2);
        } catch (Exception e) {
            createKeyPair = createKeyPair(text, str, A, keyPair, applicationDescription.getApplicationUri(), strArr);
            try {
                CertificateUtils.saveKeyPairToProtectedStore(createKeyPair, str3, text, str4, str2);
            } catch (KeyStoreException unused) {
                throw new SecureIdentityException("Cannot save key pair to key store " + str3, e);
            } catch (NoSuchAlgorithmException unused2) {
                throw new SecureIdentityException("Cannot save key pair to key store " + str3, e);
            } catch (CertificateException unused3) {
                throw new SecureIdentityException("Cannot save key pair to key store " + str3, e);
            }
        }
        ApplicationIdentity applicationIdentity = new ApplicationIdentity(createKeyPair.getCertificate(), createKeyPair.getPrivateKey());
        applicationIdentity.setApplicationDescription(applicationDescription);
        applicationIdentity.setOrganisation(str);
        return applicationIdentity;
    }

    protected static String replaceHostNameTagWithActualHostName(String str) {
        String str2 = str;
        if (str != null) {
            if (str.contains(SshdSocketAddress.LOCALHOST_NAME)) {
                str2 = str.replaceAll(SshdSocketAddress.LOCALHOST_NAME, getActualHostName());
            } else if (str.contains("domainname")) {
                str2 = str.replaceAll("domainname", getActualHostName());
            } else if (str.contains("hostname")) {
                str2 = str.replaceAll("hostname", getActualHostNameWithoutDomain());
            }
        }
        return str2;
    }

    protected static void saveCertificate(String str, KeyPair keyPair, File file, File file2, String str2, boolean z) throws IOException, GeneralSecurityException {
        a(file);
        a(file2);
        keyPair.getCertificate().save(file);
        logger.info("{} certificate saved to {}", str, file);
        if (z) {
            keyPair.getPrivateKey().saveToKeyStore(keyPair.getCertificate(), file2, str2, str2, "PKCS12");
        }
        keyPair.getPrivateKey().save(file2, str2);
        logger.info("{} private key saved to {}", str, file2);
    }

    public ApplicationIdentity() {
        this.applicationDescription = new ApplicationDescription();
    }

    public ApplicationIdentity(Cert cert, PrivKey privKey) {
        super(cert, privKey);
        this.applicationDescription = new ApplicationDescription();
    }

    public ApplicationIdentity(File file, File file2, String str) throws IOException, SecureIdentityException {
        super(file, file2, str);
        this.applicationDescription = new ApplicationDescription();
    }

    public ApplicationIdentity(File file, String str, String str2, String str3, String str4) throws IOException, SecureIdentityException {
        super(file, str, str2, str3, str4);
        this.applicationDescription = new ApplicationDescription();
    }

    public ApplicationIdentity(KeyPair... keyPairArr) {
        super((keyPairArr == null || keyPairArr.length <= 0) ? null : keyPairArr[0].getCertificate(), (keyPairArr == null || keyPairArr.length <= 0) ? null : keyPairArr[0].getPrivateKey());
        this.applicationDescription = new ApplicationDescription();
        this.E = keyPairArr;
    }

    public ApplicationIdentity(URL url, URL url2, String str) throws IOException, SecureIdentityException {
        super(url, url2, str);
        this.applicationDescription = new ApplicationDescription();
    }

    @Deprecated
    public void addSoftwareCertificates(SignedSoftwareCertificate[] signedSoftwareCertificateArr) {
    }

    @Override // com.prosysopc.ua.SecureIdentity
    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (this == obj) {
            return true;
        }
        return super.equals(obj) && getClass() == obj.getClass();
    }

    public ApplicationDescription getApplicationDescription() {
        return this.applicationDescription;
    }

    public KeyPair[] getCertificates() {
        return this.E != null ? this.E : new KeyPair[]{new KeyPair(getCertificate(), getPrivateKey())};
    }

    public KeyPair getHttpsCertificate() {
        return this.F;
    }

    public String getOrganisation() {
        return this.G;
    }

    @Deprecated
    public SignedSoftwareCertificate[] getSoftwareCertificates() {
        return new SignedSoftwareCertificate[0];
    }

    @Override // com.prosysopc.ua.SecureIdentity
    public int hashCode() {
        return super.hashCode() * 31;
    }

    public void setApplicationDescription(ApplicationDescription applicationDescription) {
        setApplicationDescription(applicationDescription, true);
    }

    public void setApplicationDescription(ApplicationDescription applicationDescription, boolean z) {
        if (z) {
            a(applicationDescription);
        }
        this.applicationDescription = applicationDescription;
    }

    public void setHttpsCertificate(KeyPair keyPair) {
        this.F = keyPair;
    }

    public void setOrganisation(String str) {
        this.G = str;
    }
}
