package org.glite.security.delegation;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERConstructedSequence;
import org.bouncycastle.asn1.DEREncodableVector;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.glite.security.util.FileCertReader;
import org.glite.security.util.PrivateKeyReader;

/* loaded from: classes.dex */
public class GrDProxyGenerator {
    static Class class$org$glite$security$delegation$GrDProxyGenerator;
    static Logger logger;
    private X509Certificate certificate;
    private int proxyType;
    private PrivateKey userPrivateKey = null;
    private String pwd = null;
    private int pathLen = -1;
    private boolean limited = true;
    private String proxyFile = GrDPX509Util.getDefaultProxyFile();
    private String keyFile = null;
    private String certFile = null;
    private int bits = 512;
    private int lifetime = 43200;
    private boolean quiet = false;
    private boolean debug = false;
    private X509Certificate certProxy = null;

    static {
        Class cls;
        if (class$org$glite$security$delegation$GrDProxyGenerator == null) {
            cls = class$("org.glite.security.delegation.GrDProxyGenerator");
            class$org$glite$security$delegation$GrDProxyGenerator = cls;
        } else {
            cls = class$org$glite$security$delegation$GrDProxyGenerator;
        }
        logger = Logger.getLogger(cls);
    }

    public GrDProxyGenerator() {
        if (Security.getProvider("BC") == null) {
            Security.insertProviderAt(new BouncyCastleProvider(), 6);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    private static DERObject copyObject(DERObject dERObject) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(dERObject);
        return new DERInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).readObject();
    }

    private X509Certificate createProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, int i2, String str) throws GeneralSecurityException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        X509Name x509Name = new X509Name(x509Certificate.getSubjectDN().getName());
        logger.debug(new StringBuffer().append("SubjectDN of IssuerCert").append(x509Certificate.getSubjectDN().toString()).toString());
        ASN1Sequence aSN1Sequence = null;
        ASN1Sequence aSN1Sequence2 = null;
        try {
            aSN1Sequence = (ASN1Sequence) copyObject(x509Name.getDERObject());
            aSN1Sequence2 = copyObject(x509Name.getDERObject());
        } catch (IOException e) {
            logger.error("Error in copying object !");
        }
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(X509Name.CN);
        dEREncodableVector.add(new DERPrintableString(str));
        ((DERConstructedSequence) aSN1Sequence2).addObject(new DERSet(new DERSequence(dEREncodableVector)));
        logger.debug(new X509Name(aSN1Sequence2).toString());
        logger.debug(new X509Name(aSN1Sequence).toString());
        x509V3CertificateGenerator.setSubjectDN(new X509Name(aSN1Sequence2));
        x509V3CertificateGenerator.setIssuerDN(new X509Name(aSN1Sequence));
        x509V3CertificateGenerator.setSerialNumber(serialNumber);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(144));
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -5);
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        if (i <= 0) {
            x509V3CertificateGenerator.setNotAfter(x509Certificate.getNotAfter());
        } else {
            gregorianCalendar.add(12, 5);
            gregorianCalendar.add(13, i);
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
        }
        return x509V3CertificateGenerator.generateX509Certificate(privateKey);
    }

    public X509Certificate createProxyFromCert(InputStream inputStream, InputStream inputStream2, InputStream inputStream3, String str) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, GeneralSecurityException {
        X509Certificate loadCertificate = GrDPX509Util.loadCertificate(inputStream2);
        PublicKey publicKey = GrDPX509Util.loadCertificate(inputStream).getPublicKey();
        PrivateKey privateKey = null;
        try {
            privateKey = PrivateKeyReader.read(new BufferedInputStream(inputStream3), str);
        } catch (Exception e) {
            logger.error("Error : createProxyFromCert , unable to load private key");
        }
        X509Certificate createProxyCertificate = createProxyCertificate(loadCertificate, privateKey, publicKey, this.lifetime, this.proxyType, null);
        this.certProxy = createProxyCertificate;
        return createProxyCertificate;
    }

    public X509Certificate[] createProxyFromCertReq(InputStream inputStream, BufferedInputStream bufferedInputStream, InputStream inputStream2, String str) throws GeneralSecurityException, IOException, Exception {
        X509Certificate[] loadCertificateChain = GrDPX509Util.loadCertificateChain(bufferedInputStream);
        logger.debug(new StringBuffer().append("User Certificate - number of certificates in chain: ").append(loadCertificateChain.length).toString());
        PrivateKey read = PrivateKeyReader.read(new BufferedInputStream(inputStream2), str);
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(new DERInputStream(new ByteArrayInputStream(GrDPX509Util.readPEM(inputStream, GrDPConstants.CRH, GrDPConstants.CRF))).readObject());
        X509Certificate[] x509CertificateArr = new X509Certificate[loadCertificateChain.length + 1];
        if (!pKCS10CertificationRequest.verify()) {
            throw new GeneralSecurityException("Certificate request verification failed.");
        }
        x509CertificateArr[0] = createProxyCertificate(loadCertificateChain[0], read, pKCS10CertificationRequest.getPublicKey(), this.lifetime, this.proxyType, "proxy");
        for (int i = 1; i <= loadCertificateChain.length; i++) {
            x509CertificateArr[i] = loadCertificateChain[i - 1];
        }
        this.certProxy = x509CertificateArr[0];
        return x509CertificateArr;
    }

    public X509Certificate getCertProxy() {
        return this.certProxy;
    }

    public void saveCertProxyTofile() throws IOException, CertificateEncodingException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.proxyFile);
        if (!GrDPX509Util.changeFileMode(this.proxyFile, 600)) {
            System.err.println("Warning: Please check file permissions for your proxy file.");
        }
        fileOutputStream.write(GrDPX509Util.writePEM(this.certProxy.getEncoded(), new StringBuffer().append(GrDPConstants.CH).append(GrDPConstants.NEWLINE).toString(), new StringBuffer().append(GrDPConstants.CF).append(GrDPConstants.NEWLINE).toString()).getBytes());
        fileOutputStream.close();
    }

    public void saveCertProxyTofile(String str, String str2) throws IOException, CertificateEncodingException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.proxyFile);
        if (!GrDPX509Util.changeFileMode(this.proxyFile, 600)) {
            System.err.println("Warning: Please check file permissions for your proxy file.");
        }
        fileOutputStream.write(new StringBuffer().append(str).append("\n").append(str2).append("\n").append(GrDPX509Util.writePEM(this.certProxy.getEncoded(), new StringBuffer().append(GrDPConstants.CH).append(GrDPConstants.NEWLINE).toString(), new StringBuffer().append(GrDPConstants.CF).append(GrDPConstants.NEWLINE).toString())).toString().getBytes());
        fileOutputStream.close();
    }

    public void setBits(int i) {
        this.bits = i;
    }

    public void setCertFile(String str) {
        this.certFile = str;
    }

    public void setKeyFile(String str) {
        this.keyFile = str;
    }

    public void setLifetime(int i) {
        this.lifetime = i * 3600;
    }

    public void setPathLength(int i) {
        this.pathLen = i;
    }

    public void setProxyAslimited() {
        this.limited = true;
    }

    public void setProxyFile(String str) {
        this.proxyFile = str;
    }

    public void setProxyType(int i) {
        this.proxyType = i;
    }

    public byte[] x509MakeProxyCert(byte[] bArr, byte[] bArr2, String str) throws IOException, GeneralSecurityException {
        X509Certificate[] loadCertificateChain = GrDPX509Util.loadCertificateChain(new BufferedInputStream(new ByteArrayInputStream(bArr2)));
        if (bArr == null || bArr2 == null || str == null) {
            throw new GeneralSecurityException("Either the cert request, proxy cert or password were passed as null arguments. Cannot continue.");
        }
        if (loadCertificateChain.length <= 0) {
            throw new GeneralSecurityException(new StringBuffer().append("Invalid number of certificates in proxy chain: ").append(loadCertificateChain.length).toString());
        }
        logger.debug(new StringBuffer().append("Number of certificates in proxy chain: ").append(loadCertificateChain.length).toString());
        PrivateKey privateKey = (PrivateKey) new FileCertReader().readProxy(new BufferedInputStream(new ByteArrayInputStream(bArr2)), "keypair").getKey("host", "keypair".toCharArray());
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(new DERInputStream(new ByteArrayInputStream(GrDPX509Util.readPEM(new ByteArrayInputStream(bArr), GrDPConstants.CRH, GrDPConstants.CRF))).readObject());
        if (!pKCS10CertificationRequest.verify()) {
            throw new GeneralSecurityException("Certificate request verification failed!");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[loadCertificateChain.length + 1];
        x509CertificateArr[0] = createProxyCertificate(loadCertificateChain[0], privateKey, pKCS10CertificationRequest.getPublicKey(), this.lifetime, this.proxyType, "proxy");
        for (int i = 0; i < loadCertificateChain.length; i++) {
            x509CertificateArr[i + 1] = loadCertificateChain[i];
        }
        this.certProxy = x509CertificateArr[0];
        return GrDPX509Util.certChainToByte(x509CertificateArr);
    }

    public byte[] x509MakeProxyCert(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws CertificateException, GeneralSecurityException, Exception {
        X509Certificate[] x509CertificateArr = null;
        PrivateKey privateKey = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(GrDPX509Util.readPEM(new ByteArrayInputStream(bArr), GrDPConstants.CRH, GrDPConstants.CRF));
        if (bArr2 == null || bArr3 == null) {
            logger.error("Error , CreateProxyFromCertReq :: UserCertificate and UserKey can not be null.");
        } else {
            x509CertificateArr = GrDPX509Util.loadCertificateChain(new BufferedInputStream(new ByteArrayInputStream(bArr2)));
            if (x509CertificateArr.length <= 0) {
                logger.error(new StringBuffer().append("Invalid user certificate. Number of certificates in chain : ").append(x509CertificateArr.length).toString());
                throw new GeneralSecurityException("Invalid user certificate.");
            }
            privateKey = PrivateKeyReader.read(new BufferedInputStream(new ByteArrayInputStream(bArr3)), str);
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(new DERInputStream(byteArrayInputStream).readObject());
        logger.debug(new StringBuffer().append("Number of Certificates in chain : ").append(Integer.toString(x509CertificateArr.length)).toString());
        if (!pKCS10CertificationRequest.verify()) {
            throw new GeneralSecurityException("Certificate request verification failed!");
        }
        x509CertificateArr2[0] = createProxyCertificate(x509CertificateArr[0], privateKey, pKCS10CertificationRequest.getPublicKey(), this.lifetime, this.proxyType, "proxy");
        for (int i = 1; i <= x509CertificateArr.length; i++) {
            x509CertificateArr2[i] = x509CertificateArr[i - 1];
        }
        this.certProxy = x509CertificateArr2[0];
        return GrDPX509Util.certChainToByte(x509CertificateArr2);
    }
}
