package com.prosysopc.ua.stack.transport.security;

import com.prosysopc.ua.stack.utils.CertificateUtils;
import com.prosysopc.ua.stack.utils.CryptoUtil;
import com.prosysopc.ua.stack.utils.StringUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AuthorityKeyIdentifier;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.ExtendedKeyUsage;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.openssl.PEMEncryptedKeyPair;
import org.spongycastle.openssl.PEMKeyPair;
import org.spongycastle.openssl.PEMParser;
import org.spongycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.spongycastle.openssl.jcajce.JcaPEMWriter;
import org.spongycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.spongycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.util.encoders.Base64;
import org.spongycastle.x509.extension.X509ExtensionUtil;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/transport/security/ScCertificateProvider.class */
public class ScCertificateProvider implements CertificateProvider {
    private static final Logger logger = LoggerFactory.getLogger(ScCertificateProvider.class);

    public ScCertificateProvider() {
        CryptoUtil.loadOrInstallProvider("SC", "org.spongycastle.jce.provider.BouncyCastleProvider");
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public byte[] base64Decode(String str) {
        return Base64.decode(StringUtils.removeWhitespace(str));
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public String base64Encode(byte[] bArr) {
        try {
            return new String(Base64.encode(bArr), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public X509Certificate generateCertificate(String str, PublicKey publicKey, PrivateKey privateKey, KeyPair keyPair, Date date, Date date2, BigInteger bigInteger, String str2, String... strArr) throws IOException, GeneralSecurityException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        AuthorityKeyIdentifier createAuthorityKeyIdentifier;
        PrivateKey privateKey2;
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if (keyPair == null) {
            X500Name x500Name = new X500Name(str);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
            privateKey2 = privateKey;
        } else {
            X509Certificate certificate = keyPair.getCertificate().getCertificate();
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate, bigInteger, date, date2, new X500Principal(str), publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(certificate);
            privateKey2 = keyPair.getPrivateKey().getPrivateKey();
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, false, new BasicConstraints(false)).addExtension(Extension.keyUsage, false, new KeyUsage(244));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth}));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GeneralName(6, str2));
        boolean z = false;
        String str3 = null;
        try {
            String[] split = str2.split("[:/]");
            if (split.length > 1) {
                str3 = split[1];
                if (!str3.toLowerCase().equals(SshdSocketAddress.LOCALHOST_NAME)) {
                    arrayList.add(new GeneralName(2, str3));
                    z = true;
                }
            }
        } catch (Exception e) {
            logger.warn("Cannot initialize DNS Name to Certificate from ApplicationUri{}", str2);
        }
        ArrayList arrayList2 = new ArrayList();
        if (strArr != null) {
            for (String str4 : strArr) {
                boolean matches = str4.matches("^[0-9.]+$");
                if (!str4.equals(str3) && !str4.toLowerCase().equals(SshdSocketAddress.LOCALHOST_NAME)) {
                    GeneralName generalName = new GeneralName(str4.matches("^[0-9.]+$") ? 7 : 2, str4);
                    if (matches) {
                        arrayList2.add(generalName);
                    } else {
                        arrayList.add(generalName);
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                arrayList.add((GeneralName) it.next());
            }
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        try {
            return new JcaX509CertificateConverter().setProvider("SC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertificateUtils.getCertificateSignatureAlgorithm()).setProvider("SC").build(privateKey2)));
        } catch (OperatorCreationException e2) {
            throw new GeneralSecurityException((Throwable) e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public X509Certificate generateIssuerCert(PublicKey publicKey, PrivateKey privateKey, KeyPair keyPair, String str, BigInteger bigInteger, Date date, Date date2) throws GeneralSecurityException, IOException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        AuthorityKeyIdentifier createAuthorityKeyIdentifier;
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if (keyPair == null) {
            X500Name x500Name = new X500Name(str);
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
        } else {
            X509Certificate certificate = keyPair.getCertificate().getCertificate();
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(certificate, bigInteger, date, date2, new X500Principal(str), publicKey);
            createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(certificate);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(134));
        try {
            return new JcaX509CertificateConverter().setProvider("SC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertificateUtils.getCertificateSignatureAlgorithm()).setProvider("SC").build(privateKey)));
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException("Failed to sign the certificate", e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public Collection<List<?>> getSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        return X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate);
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public PrivateKey readPrivateKey(InputStream inputStream, String str, String str2) throws IOException {
        String securityProviderName = CryptoUtil.getSecurityProviderName(null);
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream));
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    char[] charArray = str.toCharArray();
                    PEMEncryptedKeyPair pEMEncryptedKeyPair = (PEMEncryptedKeyPair) pEMParser.readObject();
                    if (pEMEncryptedKeyPair == null) {
                        throw new IOException("readPrivateKey failed: Could not read from InputStream");
                    }
                    PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(securityProviderName).getPrivateKey(pEMEncryptedKeyPair.decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(securityProviderName).build(charArray)).getPrivateKeyInfo());
                    pEMParser.close();
                    return privateKey;
                }
            } catch (Throwable th) {
                pEMParser.close();
                throw th;
            }
        }
        PEMKeyPair pEMKeyPair = (PEMKeyPair) pEMParser.readObject();
        if (pEMKeyPair == null) {
            throw new IOException("readPrivateKey failed: Could not read from InputStream");
        }
        PrivateKey privateKey2 = new JcaPEMKeyConverter().getPrivateKey(pEMKeyPair.getPrivateKeyInfo());
        pEMParser.close();
        return privateKey2;
    }

    @Override // com.prosysopc.ua.stack.transport.security.CertificateProvider
    public void writePrivateKey(PrivateKey privateKey, OutputStream outputStream, String str, String str2) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(outputStream));
        if (str == null) {
            jcaPEMWriter.writeObject(privateKey);
        } else {
            jcaPEMWriter.writeObject(privateKey, new JcePEMEncryptorBuilder(str2).setSecureRandom(CryptoUtil.getRandom()).build(str.toCharArray()));
        }
        jcaPEMWriter.close();
    }
}
