package org.rossonet.utils;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.rossonet.ext.picocli.CommandLine;
import org.rossonet.ext.utils.SelfSignedCertificateBuilder;

/* loaded from: input_file:org/rossonet/utils/SslHelper.class */
public class SslHelper {
    public static String DEFAULT_CONTEXT_TLS_PROTOCOL = "TLSv1.2";
    public static String DEFAULT_SIGNATURE_ALGORITHM = SelfSignedCertificateBuilder.SA_SHA256_RSA;
    public static final int SUBJECT_ALT_NAME_DNS_NAME = 2;
    public static final int SUBJECT_ALT_NAME_IP_ADDRESS = 7;
    public static final int SUBJECT_ALT_NAME_URI = 6;

    public static String certificateStringFromOneLine(String str) {
        StringBuilder sb = new StringBuilder();
        CharSequence charSequence = null;
        if (str.contains("-----BEGIN CERTIFICATE-----")) {
            charSequence = "-----BEGIN CERTIFICATE-----";
        } else if (str.contains("-----BEGIN RSA PRIVATE KEY-----")) {
            charSequence = "-----BEGIN RSA PRIVATE KEY-----";
        } else if (str.contains("-----BEGIN PRIVATE KEY-----")) {
            charSequence = "-----BEGIN PRIVATE KEY-----";
        }
        CharSequence charSequence2 = null;
        if (str.contains("-----END CERTIFICATE-----")) {
            charSequence2 = "-----END CERTIFICATE-----";
        } else if (str.contains("-----END RSA PRIVATE KEY-----")) {
            charSequence2 = "-----END RSA PRIVATE KEY-----";
        } else if (str.contains("-----END PRIVATE KEY-----")) {
            charSequence2 = "-----END PRIVATE KEY-----";
        }
        if (charSequence == null || charSequence2 == null) {
            return sb.toString();
        }
        Iterator<String> it = TextHelper.splitFixSize(str.replace(charSequence, CommandLine.Model.OptionSpec.DEFAULT_FALLBACK_VALUE).replace(charSequence2, CommandLine.Model.OptionSpec.DEFAULT_FALLBACK_VALUE), 64).iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append("\n");
        }
        return charSequence + "\n" + sb.toString() + charSequence2;
    }

    public static boolean checkSignatureWithPayload(PublicKey publicKey, PrivateKey privateKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        return checkSignatureWithPayload(publicKey, privateKey, DEFAULT_SIGNATURE_ALGORITHM);
    }

    public static boolean checkSignatureWithPayload(PublicKey publicKey, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        byte[] bytes = "1234567890".getBytes();
        signature.update(bytes);
        byte[] sign = signature.sign();
        signature.initVerify(publicKey);
        signature.update(bytes);
        return signature.verify(sign);
    }

    public static PKCS10CertificationRequest createCertificationRequest(KeyPair keyPair, X509Certificate x509Certificate) throws CertificateEncodingException, OperatorCreationException, CertificateParsingException, IOException {
        return createCertificationRequest(keyPair, x509Certificate, DEFAULT_SIGNATURE_ALGORITHM);
    }

    public static PKCS10CertificationRequest createCertificationRequest(KeyPair keyPair, X509Certificate x509Certificate, String str) throws OperatorCreationException, CertificateEncodingException, CertificateParsingException, IOException {
        PKCS10CertificationRequestBuilder pKCS10CertificationRequestBuilder = new PKCS10CertificationRequestBuilder(new JcaX509CertificateHolder(x509Certificate).getSubject(), SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())));
        ContentSigner build = new JcaContentSignerBuilder(str).build(keyPair.getPrivate());
        ArrayList arrayList = new ArrayList();
        if (getSanUri(x509Certificate).isPresent()) {
            arrayList.add(new GeneralName(6, getSanUri(x509Certificate).get()));
        }
        arrayList.addAll(getSubjectAltNames(x509Certificate));
        GeneralNames generalNames = new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0]));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
        pKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return pKCS10CertificationRequestBuilder.build(build);
    }

    public static KeyStore createKeystore(String str, X509Certificate x509Certificate, String str2, PrivateKey privateKey, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, str3.toCharArray());
        keyStore.setCertificateEntry(str, x509Certificate);
        keyStore.setKeyEntry(str2, privateKey, str3.toCharArray(), new Certificate[]{x509Certificate});
        return keyStore;
    }

    public static KeyStore createKeystore(String str, X509Certificate x509Certificate, String str2, X509Certificate x509Certificate2, String str3, PrivateKey privateKey, String str4) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, str4.toCharArray());
        keyStore.setCertificateEntry(str2, x509Certificate2);
        keyStore.setKeyEntry(str3, privateKey, str4.toCharArray(), new Certificate[]{x509Certificate2});
        return keyStore;
    }

    public static KeyStore createKeyStore(String str, Path path, String str2, Path path2, String str3, Path path3, String str4) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        PrivateKeyInfo privateKeyInfo;
        Security.addProvider(new BouncyCastleProvider());
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider("BC");
        PEMParser pEMParser = new PEMParser(new FileReader(path.toFile().getAbsolutePath()));
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
        pEMParser.close();
        X509Certificate certificate = provider.getCertificate(x509CertificateHolder);
        PEMParser pEMParser2 = new PEMParser(new FileReader(path2.toFile().getAbsolutePath()));
        X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) pEMParser2.readObject();
        pEMParser2.close();
        X509Certificate certificate2 = provider.getCertificate(x509CertificateHolder2);
        PEMParser pEMParser3 = new PEMParser(new FileReader(path3.toFile().getAbsolutePath()));
        Object readObject = pEMParser3.readObject();
        if (readObject instanceof PrivateKeyInfo) {
            privateKeyInfo = (PrivateKeyInfo) readObject;
        } else {
            if (!(readObject instanceof PEMKeyPair)) {
                throw new CertificateException("private key not valid");
            }
            privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
        }
        pEMParser3.close();
        return createKeyStore(str, certificate, str2, certificate2, str3, privateKeyInfo, str4);
    }

    public static KeyStore createKeyStore(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Path createTempFile = Files.createTempFile("caCrtFile", ".pem", new FileAttribute[0]);
        Path createTempFile2 = Files.createTempFile("crtFile", ".pem", new FileAttribute[0]);
        Path createTempFile3 = Files.createTempFile("keyFile", ".pem", new FileAttribute[0]);
        Files.write(createTempFile, str2.getBytes(), new OpenOption[0]);
        Files.write(createTempFile2, str4.getBytes(), new OpenOption[0]);
        Files.write(createTempFile3, str6.getBytes(), new OpenOption[0]);
        KeyStore createKeyStore = createKeyStore(str, createTempFile, str3, createTempFile2, str5, createTempFile3, str7);
        createTempFile.toFile().delete();
        createTempFile2.toFile().delete();
        createTempFile3.toFile().delete();
        return createKeyStore;
    }

    public static TrustManagerFactory createKeyStore(String str, X509Certificate x509Certificate) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry(str, x509Certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static KeyStore createKeyStore(String str, X509Certificate x509Certificate, String str2, PrivateKeyInfo privateKeyInfo, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return createKeystore(str, x509Certificate, str2, new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(privateKeyInfo), str3);
    }

    public static KeyStore createKeyStore(String str, X509Certificate x509Certificate, String str2, X509Certificate x509Certificate2, String str3, PrivateKeyInfo privateKeyInfo, String str4) throws PEMException, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        return createKeystore(str, x509Certificate, str2, x509Certificate2, str3, new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(privateKeyInfo), str4);
    }

    public static SSLContext createSSLContext(String str, Path path, String str2, Path path2, String str3, Path path3, String str4) throws KeyManagementException, UnrecoverableKeyException, CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        return createSSLContext(str4, path3, str4, path3, str4, path3, str4, DEFAULT_CONTEXT_TLS_PROTOCOL);
    }

    public static SSLContext createSSLContext(String str, Path path, String str2, Path path2, String str3, Path path3, String str4, String str5) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
        Security.addProvider(new BouncyCastleProvider());
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider("BC");
        PEMParser pEMParser = new PEMParser(new FileReader(path.toFile().getAbsolutePath()));
        X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pEMParser.readObject();
        pEMParser.close();
        X509Certificate certificate = provider.getCertificate(x509CertificateHolder);
        PEMParser pEMParser2 = new PEMParser(new FileReader(path2.toFile().getAbsolutePath()));
        X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) pEMParser2.readObject();
        pEMParser2.close();
        X509Certificate certificate2 = provider.getCertificate(x509CertificateHolder2);
        PEMParser pEMParser3 = new PEMParser(new FileReader(path3.toFile().getAbsolutePath()));
        PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) pEMParser3.readObject();
        pEMParser3.close();
        KeyStore createKeyStore = createKeyStore(str2, certificate2, str3, privateKeyInfo, str4);
        TrustManagerFactory createKeyStore2 = createKeyStore(str, certificate);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(createKeyStore, str4.toCharArray());
        SSLContext sSLContext = SSLContext.getInstance(str5);
        sSLContext.init(keyManagerFactory.getKeyManagers(), createKeyStore2.getTrustManagers(), null);
        return sSLContext;
    }

    public static SSLContext createSSLContext(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IOException, KeyManagementException, UnrecoverableKeyException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Path createTempFile = Files.createTempFile("caCrtFile", ".pem", new FileAttribute[0]);
        Path createTempFile2 = Files.createTempFile("crtFile", ".pem", new FileAttribute[0]);
        Path createTempFile3 = Files.createTempFile("keyFile", ".pem", new FileAttribute[0]);
        Files.write(createTempFile, str2.getBytes(), new OpenOption[0]);
        Files.write(createTempFile2, str4.getBytes(), new OpenOption[0]);
        Files.write(createTempFile3, str6.getBytes(), new OpenOption[0]);
        SSLContext createSSLContext = createSSLContext(str, createTempFile, str3, createTempFile2, str5, createTempFile3, str7);
        createTempFile.toFile().delete();
        createTempFile2.toFile().delete();
        createTempFile3.toFile().delete();
        return createSSLContext;
    }

    public static <OBJECT_TYPE> String encodeInPemFormat(OBJECT_TYPE object_type) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(object_type);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    public static String getDefaultCharSet() {
        return new OutputStreamWriter(new ByteArrayOutputStream()).getEncoding();
    }

    public static List<String> getSanDnsNames(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 2).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        return (List) filter.map(cls::cast).collect(Collectors.toList());
    }

    public static List<String> getSanIpAddresses(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 7).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        return (List) filter.map(cls::cast).collect(Collectors.toList());
    }

    public static Optional<String> getSanUri(X509Certificate x509Certificate) {
        Stream<Object> filter = getSubjectAltNameField(x509Certificate, 6).stream().filter(obj -> {
            return obj instanceof String;
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        return filter.map(cls::cast).findFirst();
    }

    public static List<Object> getSubjectAltNameField(X509Certificate x509Certificate, int i) {
        Object obj;
        try {
            ArrayList arrayList = new ArrayList();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() == 2 && list.get(0).equals(Integer.valueOf(i)) && (obj = list.get(1)) != null) {
                    arrayList.add(obj);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    public static List<GeneralName> getSubjectAltNames(X509Certificate x509Certificate) {
        try {
            ArrayList arrayList = new ArrayList();
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() == 2) {
                    Object obj = list.get(0);
                    String objects = Objects.toString(list.get(1));
                    if (Objects.equals(obj, 2)) {
                        arrayList.add(new GeneralName(2, objects));
                    } else if (Objects.equals(obj, 7)) {
                        arrayList.add(new GeneralName(7, objects));
                    } else if (Objects.equals(obj, 6)) {
                        arrayList.add(new GeneralName(6, objects));
                    }
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    public static X509Certificate signCertificate(PKCS10CertificationRequest pKCS10CertificationRequest, X509Certificate x509Certificate, PrivateKey privateKey, int i) throws IOException, OperatorCreationException, CertificateException {
        return signCertificate(pKCS10CertificationRequest, x509Certificate, privateKey, i, DEFAULT_SIGNATURE_ALGORITHM);
    }

    public static X509Certificate signCertificate(PKCS10CertificationRequest pKCS10CertificationRequest, X509Certificate x509Certificate, PrivateKey privateKey, int i, String str) throws IOException, OperatorCreationException, CertificateException {
        StringBuilder sb = new StringBuilder();
        for (Attribute attribute : pKCS10CertificationRequest.getAttributes()) {
            sb.append(attribute.getAttrValues().toString());
        }
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(str);
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(new X509CertificateHolder(x509Certificate.getEncoded()).getSubject(), new BigInteger(64, new SecureRandom()), Date.from(LocalDateTime.now().toInstant(ZoneOffset.UTC).minus(1L, (TemporalUnit) ChronoUnit.DAYS)), Date.from(LocalDateTime.now().plusDays(i).toInstant(ZoneOffset.UTC)), pKCS10CertificationRequest.getSubject(), SubjectPublicKeyInfo.getInstance(pKCS10CertificationRequest.getSubjectPublicKeyInfo())).build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(privateKey.getEncoded()))).toASN1Structure().getEncoded()));
    }

    private SslHelper() {
        throw new UnsupportedOperationException("Just for static usage");
    }
}
