package org.opendaylight.aaa.cert.impl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/aaa/cert/impl/ODLKeyTool.class */
public class ODLKeyTool {
    private static final Logger LOG = LoggerFactory.getLogger(ODLKeyTool.class);
    private static final SecureRandom RANDOM = new SecureRandom();
    private final String workingDir;

    /* JADX INFO: Access modifiers changed from: protected */
    public ODLKeyTool() {
        this(KeyStoreConstant.KEY_STORE_PATH);
    }

    public ODLKeyTool(String str) {
        this.workingDir = str;
        KeyStoreConstant.createDir(this.workingDir);
    }

    public KeyStore addCertificate(KeyStore keyStore, String str, String str2, boolean z) {
        try {
            X509Certificate certificate = getCertificate(str);
            if (keyStore.isCertificateEntry(str2) && z) {
                keyStore.deleteEntry(str2);
            }
            if (certificate != null) {
                keyStore.setCertificateEntry(str2, certificate);
                return keyStore;
            }
            LOG.warn("{} Not a valid certificate {}", str2, str);
            return null;
        } catch (KeyStoreException e) {
            LOG.error("failed to add certificate", e);
            return null;
        }
    }

    public byte[] convertKeystoreToBytes(KeyStore keyStore, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, str.toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Fatal error convert keystore to bytes", e);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public KeyStore createKeyStoreWithSelfSignCert(String str, String str2, String str3, String str4, int i) {
        return createKeyStoreWithSelfSignCert(str, str2, str3, str4, i, KeyStoreConstant.DEFAULT_KEY_ALG, KeyStoreConstant.DEFAULT_KEY_SIZE, KeyStoreConstant.DEFAULT_SIGN_ALG);
    }

    public KeyStore createKeyStoreWithSelfSignCert(String str, String str2, String str3, String str4, int i, String str5, int i2, String str6) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str5);
            keyPairGenerator.initialize(i2);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            long currentTimeMillis = System.currentTimeMillis();
            X509CertificateHolder build = new X509v3CertificateBuilder(new X500Name(str3), getSecureRandomeInt(), new Date(currentTimeMillis), new Date(currentTimeMillis + TimeUnit.DAYS.toMillis(i)), new X500Name(str3), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder(str6).build(generateKeyPair.getPrivate()));
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, str2.toCharArray());
            keyStore.setKeyEntry(str4, generateKeyPair.getPrivate(), str2.toCharArray(), new Certificate[]{new JcaX509CertificateConverter().getCertificate(build)});
            LOG.info("{} is created", str);
            return keyStore;
        } catch (IOException | SecurityException | KeyStoreException | NoSuchAlgorithmException | CertificateException | OperatorCreationException e) {
            LOG.error("Fatal error creating keystore", e);
            return null;
        }
    }

    public KeyStore createEmptyKeyStore(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, str.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Failed to create trust keystore", e);
            return null;
        }
    }

    public boolean exportKeystore(KeyStore keyStore, String str, String str2) {
        if (keyStore == null) {
            return false;
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(KeyStoreConstant.toAbsoluteFile(str2, this.workingDir));
            try {
                keyStore.store(fileOutputStream, str.toCharArray());
                fileOutputStream.close();
                return true;
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Fatal error export keystore", e);
            return false;
        }
    }

    public String generateCertificateReq(KeyStore keyStore, String str, String str2, String str3, boolean z) {
        try {
            if (!keyStore.containsAlias(str2)) {
                LOG.info("KeyStore does not contain alias {}", str2);
                return "";
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
            String encodeToString = Base64.getEncoder().encodeToString(new PKCS10CertificationRequestBuilder(new X500Name(x509Certificate.getSubjectDN().getName()), SubjectPublicKeyInfo.getInstance(x509Certificate.getPublicKey().getEncoded())).build(new JcaContentSignerBuilder(str3).build((PrivateKey) keyStore.getKey(str2, str.toCharArray()))).getEncoded());
            return !z ? encodeToString : "-----BEGIN CERTIFICATE REQUEST-----\n" + encodeToString + "\n-----END CERTIFICATE REQUEST-----";
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | OperatorCreationException e) {
            LOG.error("Failed to generate certificate request", e);
            return "";
        }
    }

    public String getCertificate(KeyStore keyStore, String str, boolean z) {
        try {
            if (keyStore.containsAlias(str)) {
                String encodeToString = Base64.getEncoder().encodeToString(((X509Certificate) keyStore.getCertificate(str)).getEncoded());
                return !z ? encodeToString : "-----BEGIN CERTIFICATE-----\n" + encodeToString + "\n-----END CERTIFICATE-----";
            }
            LOG.info("KeyStore does not contain alias {}", str);
            return "";
        } catch (KeyStoreException | CertificateException e) {
            LOG.error("Failed to get Certificate", e);
            return "";
        }
    }

    private static X509Certificate getCertificate(String str) {
        if (str.isEmpty()) {
            return null;
        }
        if (str.contains("-----BEGIN CERTIFICATE-----")) {
            str = str.substring(str.indexOf("-----BEGIN CERTIFICATE-----") + "-----BEGIN CERTIFICATE-----".length(), str.indexOf("-----END CERTIFICATE-----"));
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateException e) {
            LOG.error("Failed to get certificate", e);
            return null;
        }
    }

    private static BigInteger getSecureRandomeInt() {
        return new BigInteger(1, BigInteger.valueOf(RANDOM.nextInt()).toByteArray());
    }

    public KeyStore loadKeyStore(byte[] bArr, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new ByteArrayInputStream(bArr), str.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Fatal error load keystore", e);
            return null;
        }
    }

    public KeyStore loadKeyStore(String str, String str2) {
        try {
            FileInputStream fileInputStream = new FileInputStream(KeyStoreConstant.toAbsoluteFile(str, this.workingDir));
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream, str2.toCharArray());
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("failed to get keystore {}", e.getMessage());
            return null;
        }
    }
}
