package org.opcfoundation.ua.utils;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.SignatureData;
import org.opcfoundation.ua.transport.security.BcCertificateProvider;
import org.opcfoundation.ua.transport.security.Cert;
import org.opcfoundation.ua.transport.security.CertificateProvider;
import org.opcfoundation.ua.transport.security.KeyPair;
import org.opcfoundation.ua.transport.security.PrivKey;
import org.opcfoundation.ua.transport.security.ScCertificateProvider;
import org.opcfoundation.ua.transport.security.SecurityAlgorithm;
import org.opcfoundation.ua.transport.security.SunJceCertificateProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opc-ua-stack-1.3.346-197.jar:org/opcfoundation/ua/utils/CertificateUtils.class */
public class CertificateUtils {
    public static final int DEFAULT_KEY_SIZE = 2048;
    private static final int NAME_URI = 6;
    private static Logger logger = LoggerFactory.getLogger(CertificateUtils.class);
    private static int keySize = 2048;
    private static String certificateSignatureAlgorithm = "SHA256WithRSA";
    private static CertificateProvider certificateProvider;

    public static SignatureData sign(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        try {
            return CryptoUtil.signAsymm(privateKey, securityAlgorithm, bArr);
        } catch (ServiceResultException e) {
            throw new SignatureException(e);
        }
    }

    public static boolean verify(X509Certificate x509Certificate, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        try {
            return CryptoUtil.verifyAsymm(x509Certificate, securityAlgorithm, bArr, bArr2);
        } catch (ServiceResultException e) {
            throw new SignatureException(e);
        }
    }

    public static X509Certificate readX509Certificate(URL url) throws IOException, CertificateException {
        InputStream inputStream = url.openConnection().getInputStream();
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            inputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public static X509Certificate readX509Certificate(File file) throws IOException, CertificateException {
        return readX509Certificate(file.toURI().toURL());
    }

    public static byte[] createThumbprint(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA1").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }

    public static X509Certificate decodeX509Certificate(byte[] bArr) throws CertificateException {
        try {
            if (bArr == null) {
                throw new IllegalArgumentException("null arg");
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return x509Certificate;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static RSAPrivateKey loadFromKeyStore(URL url, String str) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException {
        KeyStore keyStore;
        logger.debug("loadFromKeyStore: keystoreUrl={}", url);
        InputStream inputStream = url.openConnection().getInputStream();
        try {
            if (logger.isDebugEnabled()) {
                logger.debug("getproviders={}", Arrays.toString(Security.getProviders()));
            }
            try {
                try {
                    keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
                } catch (NoSuchProviderException e) {
                    keyStore = KeyStore.getInstance("PKCS12");
                }
            } catch (NoSuchProviderException e2) {
                keyStore = KeyStore.getInstance("PKCS12", CryptoUtil.getSecurityProviderName(KeyStore.class));
            }
            logger.debug("loadFromKeyStore: keyStore Provider={}", keyStore.getProvider());
            keyStore.load(inputStream, str == null ? null : str.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            Key key = null;
            while (aliases.hasMoreElements()) {
                key = keyStore.getKey(aliases.nextElement(), str == null ? null : str.toCharArray());
            }
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) key;
            inputStream.close();
            return rSAPrivateKey;
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    public static boolean saveKeyPairToProtectedStore(KeyPair keyPair, String str, String str2, String str3, String str4) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(str));
            try {
                keyStore.load(fileInputStream, str3.toCharArray());
                fileInputStream.close();
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } catch (FileNotFoundException e) {
            keyStore.load(null, null);
        }
        keyStore.setKeyEntry(str2, keyPair.privateKey.getPrivateKey(), str4.toCharArray(), new Certificate[]{keyPair.certificate.getCertificate()});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, str3.toCharArray());
            fileOutputStream.close();
            return true;
        } catch (Throwable th2) {
            fileOutputStream.close();
            throw th2;
        }
    }

    public static KeyPair loadKeyPairFromProtectedStore(String str, String str2, String str3, String str4) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        keyStore.load(fileInputStream, str3.toCharArray());
        fileInputStream.close();
        return new KeyPair(new Cert((X509Certificate) keyStore.getCertificate(str2)), new PrivKey((RSAPrivateKey) keyStore.getKey(str2, str4.toCharArray())));
    }

    public static KeyPair renewApplicationInstanceCertificate(String str, String str2, String str3, int i, KeyPair keyPair, KeyPair keyPair2, String... strArr) throws IOException, IllegalStateException, GeneralSecurityException {
        if (str3 == null) {
            throw new NullPointerException("applicationUri must not be null");
        }
        PublicKey publicKey = keyPair.getCertificate().getCertificate().getPublicKey();
        RSAPrivateKey privateKey = keyPair.getPrivateKey().getPrivateKey();
        return new KeyPair(new Cert(generateCertificate("CN=" + str + (str2 == null ? "" : ", O=" + str2), i, str3, new java.security.KeyPair(publicKey, privateKey), keyPair2, strArr)), new PrivKey(privateKey));
    }

    public static KeyPair renewApplicationInstanceCertificate(String str, String str2, String str3, int i, KeyPair keyPair, String... strArr) throws IOException, IllegalStateException, GeneralSecurityException {
        return renewApplicationInstanceCertificate(str, str2, str3, i, keyPair, null, strArr);
    }

    public static void setCertificateSignatureAlgorithm(String str) {
        certificateSignatureAlgorithm = str;
    }

    public static int getKeySize() {
        return keySize;
    }

    public static void setKeySize(int i) {
        if (i < 1024 || i % 1024 != 0 || i > 4096) {
            throw new IllegalArgumentException("KeySize must be 1024, 2048, 3072 or 4096");
        }
        keySize = i;
    }

    private static X509Certificate generateCertificate(String str, int i, String str2, java.security.KeyPair keyPair, KeyPair keyPair2, String... strArr) throws GeneralSecurityException, IOException {
        return generateCertificate(str, i, str2, keyPair.getPublic(), keyPair.getPrivate(), keyPair2, strArr);
    }

    private static X509Certificate generateCertificate(String str, int i, String str2, PublicKey publicKey, PrivateKey privateKey, KeyPair keyPair, String... strArr) throws IOException, GeneralSecurityException {
        return getCertificateProvider().generateCertificate(str, publicKey, privateKey, keyPair, getCertificateStartDate(), getCertificateEndDate(i), BigInteger.valueOf(System.currentTimeMillis()), str2, strArr);
    }

    public static CertificateProvider getCertificateProvider() {
        if (certificateProvider == null) {
            if ("SC".equals(CryptoUtil.getSecurityProviderName())) {
                certificateProvider = new ScCertificateProvider();
            } else if ("BC".equals(CryptoUtil.getSecurityProviderName())) {
                certificateProvider = new BcCertificateProvider();
            } else {
                if (!"SunJCE".equals(CryptoUtil.getSecurityProviderName())) {
                    throw new RuntimeException("NO CRYPTO PROVIDER AVAILABLE!");
                }
                certificateProvider = new SunJceCertificateProvider();
            }
        }
        return certificateProvider;
    }

    public static void setCertificateProvider(CertificateProvider certificateProvider2) {
        certificateProvider = certificateProvider2;
    }

    private static Date getCertificateStartDate() {
        return new Date(System.currentTimeMillis() - 3600000);
    }

    private static Date getCertificateEndDate(int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, i);
        return calendar.getTime();
    }

    public static KeyPair createApplicationInstanceCertificate(String str, String str2, String str3, int i, String... strArr) throws IOException, GeneralSecurityException {
        return createApplicationInstanceCertificate(str, str2, str3, i, null, strArr);
    }

    public static KeyPair createApplicationInstanceCertificate(String str, String str2, String str3, int i, KeyPair keyPair, String... strArr) throws IOException, GeneralSecurityException {
        if (str3 == null) {
            throw new NullPointerException("applicationUri must not be null");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("createApplicationInstanceCertificate: getProviders={}", Arrays.toString(Security.getProviders()));
        }
        java.security.KeyPair generateKeyPair = generateKeyPair();
        return toKeyPair(generateCertificate("CN=" + str + (str2 == null ? "" : ", O=" + str2) + ((strArr == null || strArr.length == 0) ? "" : ", DC=" + strArr[0]), i, str3, generateKeyPair, keyPair, strArr), generateKeyPair.getPrivate());
    }

    public static KeyPair toKeyPair(X509Certificate x509Certificate, PrivateKey privateKey) throws CertificateEncodingException {
        return new KeyPair(new Cert(x509Certificate), new PrivKey((RSAPrivateKey) privateKey));
    }

    private static java.security.KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(getKeySize());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair createIssuerCertificate(String str, int i, KeyPair keyPair) throws GeneralSecurityException, IOException {
        java.security.KeyPair generateKeyPair = generateKeyPair();
        Date certificateStartDate = getCertificateStartDate();
        Date certificateEndDate = getCertificateEndDate(i);
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        if (!str.startsWith("CN=")) {
            str = "CN=" + str;
        }
        return toKeyPair(getCertificateProvider().generateIssuerCert(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), keyPair, str, valueOf, certificateStartDate, certificateEndDate), generateKeyPair.getPrivate());
    }

    public static KeyPair createHttpsCertificate(String str, String str2, int i, KeyPair keyPair) throws IOException, GeneralSecurityException {
        if (str2 == null) {
            throw new NullPointerException("applicationUri must not be null");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("createApplicationInstanceCertificate: getProviders={}", Arrays.toString(Security.getProviders()));
        }
        java.security.KeyPair generateKeyPair = generateKeyPair();
        return toKeyPair(generateCertificate("CN=" + str, i, str2, generateKeyPair.getPublic(), generateKeyPair.getPrivate(), keyPair, new String[0]), generateKeyPair.getPrivate());
    }

    public static void writeToPem(X509Certificate x509Certificate, File file) throws IOException {
        getCertificateProvider().writeToPem(x509Certificate, file, null, null);
    }

    public static void saveToProtectedStore(PrivateKey privateKey, Certificate certificate, File file, String str, String str2, String str3, String str4) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException {
        char[] charArray;
        KeyStore keyStore = str4.equals("PKCS12") ? KeyStore.getInstance(str4, CryptoUtil.getSecurityProviderName(KeyStore.class)) : KeyStore.getInstance(str4);
        keyStore.load(null, null);
        Certificate[] certificateArr = {certificate};
        if (str2 != null) {
            keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), certificateArr);
        } else {
            keyStore.setKeyEntry(str, privateKey, null, certificateArr);
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        KeyStore keyStore2 = keyStore;
        if (str3 == null) {
            charArray = null;
        } else {
            try {
                charArray = str3.toCharArray();
            } catch (Throwable th) {
                fileOutputStream.close();
                throw th;
            }
        }
        keyStore2.store(fileOutputStream, charArray);
        fileOutputStream.close();
    }

    public static String getCertificateSignatureAlgorithm() {
        return certificateSignatureAlgorithm;
    }

    protected static Collection<List<?>> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        return getCertificateProvider().getSubjectAlternativeNames(x509Certificate);
    }

    public static String getApplicationUriOfCertificate(X509Certificate x509Certificate) throws CertificateParsingException {
        Collection<List<?>> subjectAlternativeNames = getSubjectAlternativeNames(x509Certificate);
        if (subjectAlternativeNames == null) {
            return "";
        }
        for (List<?> list : subjectAlternativeNames) {
            if (((Integer) list.get(0)).intValue() == 6) {
                return (String) list.get(1);
            }
        }
        return "";
    }

    public static String getApplicationUriOfCertificate(Cert cert) throws CertificateParsingException {
        return getApplicationUriOfCertificate(cert.getCertificate());
    }
}
