package com.mediasmiths.std.crypto.keygen.ca;

import com.mediasmiths.std.crypto.DNReformatter;
import com.mediasmiths.std.crypto.keygen.CaHelper;
import com.mediasmiths.std.io.FileHelper;
import com.mediasmiths.std.util.ListUtility;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:com/mediasmiths/std/crypto/keygen/ca/CertificateAuthority.class */
public class CertificateAuthority {
    private static final transient Logger log = Logger.getLogger(CertificateAuthority.class);
    public static final boolean ENABLE_PEM_PROLOGUE = true;
    public static final Provider PROVIDER;
    private final File p12;
    private final File pemCert;
    private final char[] capass;
    private X509Certificate cacert;
    private PrivateKey caSigningKey;

    public CertificateAuthority(File file, char[] cArr, File file2, BigInteger bigInteger, String str) throws Exception {
        this.p12 = file;
        this.capass = Arrays.copyOf(cArr, cArr.length);
        this.pemCert = file2;
        if (file.exists() && file2.exists()) {
            loadCA();
        } else {
            generateCA(str, bigInteger);
        }
    }

    public X509Certificate getCACertificate() {
        return this.cacert;
    }

    protected void loadCA() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", PROVIDER);
        keyStore.load(new FileInputStream(this.p12), this.capass);
        Iterator it = ListUtility.iterate(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str != null && keyStore.isKeyEntry(str)) {
                this.cacert = (X509Certificate) keyStore.getCertificate(str);
                this.caSigningKey = (PrivateKey) keyStore.getKey(str, new char[0]);
            }
        }
        init();
        save();
    }

    public void saveHash(File file) throws IOException {
        FileHelper.write(file, getHash());
    }

    protected void saveP12(File file) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", PROVIDER);
        keyStore.load(null);
        keyStore.setKeyEntry("ca", this.caSigningKey, new char[0], new Certificate[]{this.cacert});
        keyStore.store(new FileOutputStream(file), new char[0]);
    }

    protected void saveJKS(File file) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setKeyEntry("ca", this.caSigningKey, new char[0], new Certificate[]{this.cacert});
        keyStore.store(new FileOutputStream(file), new char[0]);
    }

    public void savePrivatePEM(File file) throws Exception {
        PEMWriter pEMWriter = new PEMWriter(new FileWriter(file));
        pEMWriter.writeObject(this.caSigningKey);
        pEMWriter.close();
    }

    public void savePublicPEM(File file) throws Exception {
        PEMWriter pEMWriter = new PEMWriter(new FileWriter(file));
        pEMWriter.write("CA Certificate: " + this.cacert.getSubjectDN().getName() + "\n");
        pEMWriter.write("\tIssuer:" + this.cacert.getIssuerDN().getName() + "\n");
        pEMWriter.write("\tSerial number:" + this.cacert.getSerialNumber().toString(16) + "\n");
        pEMWriter.write("\tNot Before:" + this.cacert.getNotBefore() + "\n");
        pEMWriter.write("\tNot After:" + this.cacert.getNotAfter() + "\n");
        pEMWriter.write("\tOpenSSL Hash:" + getHash() + "\n");
        pEMWriter.write("\tNot After:" + this.cacert.getNotAfter() + "\n");
        pEMWriter.write("\tFile written: " + new Date() + "\n");
        pEMWriter.writeObject(this.cacert);
        pEMWriter.close();
    }

    public void savePublicJKS(File file) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("ca", this.cacert);
        keyStore.store(new FileOutputStream(file), new char[0]);
    }

    protected void save() throws Exception {
        saveP12(this.p12);
        savePublicPEM(this.pemCert);
    }

    public String getHash() {
        return CaHelper.opensslHash(this.cacert);
    }

    protected void generateCA(String str, BigInteger bigInteger) throws Exception {
        KeyPair generateKeyPair = CaHelper.generateKeyPair(2048);
        this.caSigningKey = generateKeyPair.getPrivate();
        this.cacert = CaHelper.generateCaCertificate(str, generateKeyPair, bigInteger, toX509Name(str));
        init();
        save();
    }

    protected void init() {
        if (this.cacert == null || this.caSigningKey == null) {
            throw new IllegalStateException("Cannot initialise CA without both the CA Cert and the CA Signing Key");
        }
    }

    public X509Name getIssuer() {
        return toX509Name(this.cacert.getSubjectX500Principal());
    }

    public X509Certificate issueUser(PublicKey publicKey, String str) throws Exception {
        return CaHelper.generateClientCertificate(publicKey, this.caSigningKey, getIssuer(), toX509Name(str));
    }

    public X509Certificate issueServer(PublicKey publicKey, String str) throws Exception {
        return CaHelper.generateServerCertificate(publicKey, this.caSigningKey, getIssuer(), toX509Name(str));
    }

    private static X509Name toX509Name(String str) {
        return DNReformatter.DEFAULT.reformat(new X509Name(str));
    }

    private static X509Name toX509Name(X500Principal x500Principal) {
        return toX509Name(x500Principal.getName());
    }

    static {
        if (Security.getProvider("BC") != null) {
            PROVIDER = Security.getProvider("BC");
            return;
        }
        log.info("[CaHelper] Loading Bouncy Castle Provider");
        PROVIDER = new BouncyCastleProvider();
        Security.addProvider(PROVIDER);
        log.debug("[CaHelper] Bouncy Castle Provider loaded");
    }
}
