package jp.ac.tokushima_u.edb;

import com.lowagie.text.pdf.PdfObject;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jp.ac.tokushima_u.edb.tuple.EdbInethost;
import jp.ac.tokushima_u.edb.tuple.EdbPerson;
import jp.ac.tokushima_u.edb.tuple.EdbPersonification;
import sun.security.pkcs.PKCS10;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;

/* loaded from: input_file:jp/ac/tokushima_u/edb/EdbPKI.class */
public class EdbPKI {
    private static boolean initialized = false;
    private static TrustManagerFactory edbpkiTMF = null;
    private static KeyManagerFactory edbpkiKMF = null;
    private static X509Certificate edbpkiCACert = null;
    private static X509CRL edbpkiCRL = null;
    private static SSLContext edbpkiSSLCtx = null;
    private static SecureRandom secureRandom;

    public static String certificate2pem(EDB edb, String str) {
        return new StringBuffer().append("-----BEGIN CERTIFICATE-----").append(str.substring(str.indexOf("-----BEGIN CERTIFICATE-----") + "-----BEGIN CERTIFICATE-----".length(), str.indexOf("-----END CERTIFICATE-----")).replaceAll("\\s", "\n")).append("-----END CERTIFICATE-----").toString();
    }

    public static X509Certificate generateX509Certificate(EDB edb, String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate2pem(edb, str).getBytes()));
        } catch (Exception e) {
            edb.trace(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean initialize(EDB edb, String str, char[] cArr) {
        initialized = true;
        try {
            secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(secureRandom.generateSeed(20));
            edbpkiTMF = TrustManagerFactory.getInstance("SunX509");
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(null, null);
            if (str != null && cArr != null) {
                edbpkiKMF = KeyManagerFactory.getInstance("SunX509");
                keyStore.load(new FileInputStream(str), cArr);
                edbpkiKMF.init(keyStore, cArr);
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(EdbSite.EDB_PKI_CACERT.getBytes());
            edbpkiCACert = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            keyStore2.setCertificateEntry("ROOT", edbpkiCACert);
            edbpkiTMF.init(keyStore2);
            edbpkiSSLCtx = SSLContext.getInstance("TLS");
            if (edbpkiKMF != null) {
                edbpkiSSLCtx.init(edbpkiKMF.getKeyManagers(), edbpkiTMF.getTrustManagers(), secureRandom);
            } else {
                edbpkiSSLCtx.init(null, edbpkiTMF.getTrustManagers(), secureRandom);
            }
            HttpsURLConnection.setDefaultSSLSocketFactory(edbpkiSSLCtx.getSocketFactory());
            InputStream openStream = new URL(EdbSite.EDB_PKI_CRL_URI).openStream();
            edbpkiCRL = (X509CRL) certificateFactory.generateCRL(openStream);
            openStream.close();
            return true;
        } catch (IOException e) {
            edb.traceAlert(e);
            return false;
        } catch (KeyManagementException e2) {
            edb.traceAlert(e2);
            return false;
        } catch (KeyStoreException e3) {
            edb.traceAlert(e3);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            edb.traceAlert(e4);
            return false;
        } catch (NoSuchProviderException e5) {
            edb.traceAlert(e5);
            return false;
        } catch (UnrecoverableKeyException e6) {
            edb.traceAlert(e6);
            return false;
        } catch (CRLException e7) {
            edb.traceAlert(e7);
            return false;
        } catch (CertificateException e8) {
            edb.traceAlert(e8);
            return false;
        }
    }

    public static SSLSocketFactory createSSLSocketFactory() {
        return edbpkiSSLCtx.getSocketFactory();
    }

    public static boolean checkValidate(EDB edb, X509Certificate x509Certificate) {
        TrustManager[] trustManagers;
        try {
            x509Certificate.checkValidity();
            if (!initialized) {
                initialize(edb, null, null);
            }
            if (edbpkiTMF == null || edbpkiCACert == null) {
                return false;
            }
            try {
                x509Certificate.verify(edbpkiCACert.getPublicKey());
                if ((edbpkiCRL != null && edbpkiCRL.isRevoked(x509Certificate)) || (trustManagers = edbpkiTMF.getTrustManagers()) == null || trustManagers.length == 0) {
                    return false;
                }
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        try {
                            ((X509TrustManager) trustManagers[i]).checkClientTrusted(new X509Certificate[]{x509Certificate}, "RSA");
                            return true;
                        } catch (Exception e) {
                            edb.trace(e);
                        }
                    }
                }
                return false;
            } catch (Exception e2) {
                edb.trace(e2);
                return false;
            }
        } catch (Exception e3) {
            edb.trace(e3);
            return false;
        }
    }

    public static KeyPair generateRSAKeyPair(EDB edb) {
        if (!initialized) {
            initialize(edb, null, null);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4), secureRandom);
            return keyPairGenerator.genKeyPair();
        } catch (InvalidAlgorithmParameterException e) {
            edb.traceAlert(e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            edb.traceAlert(e2);
            return null;
        }
    }

    public static String getCommonName(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return PdfObject.NOTHING;
        }
        if (!(edbTuple instanceof EdbPerson) && !(edbTuple instanceof EdbPersonification)) {
            return edbTuple instanceof EdbInethost ? ((EdbInethost) edbTuple).getFQDN() : PdfObject.NOTHING;
        }
        return new StringBuffer().append("S").append(edbTuple.getEID()).toString();
    }

    public static PKCS10 generateCertificateRequest(EDB edb, EdbTuple edbTuple, KeyPair keyPair) {
        if (!initialized) {
            initialize(edb, null, null);
        }
        String commonName = getCommonName(edbTuple);
        if (!EdbText.isValid(commonName)) {
            return null;
        }
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            PKCS10 pkcs10 = new PKCS10(keyPair.getPublic());
            Signature signature = Signature.getInstance("MD5withRSA");
            signature.initSign(privateKey, secureRandom);
            pkcs10.encodeAndSign(new X500Signer(signature, new X500Name(commonName, "EDB", EdbSite.EDB_PKI_DN_O, EdbSite.EDB_PKI_DN_L, EdbSite.EDB_PKI_DN_ST, EdbSite.EDB_PKI_DN_C)));
            return pkcs10;
        } catch (IOException e) {
            edb.traceAlert(e);
            return null;
        } catch (InvalidKeyException e2) {
            edb.traceAlert(e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            edb.traceAlert(e3);
            return null;
        } catch (SignatureException e4) {
            edb.traceAlert(e4);
            return null;
        } catch (CertificateException e5) {
            edb.traceAlert(e5);
            return null;
        }
    }

    public static boolean storePKCS12(EDB edb, File file, char[] cArr, String str, X509Certificate x509Certificate, KeyPair keyPair) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
            keyStore.load(null, null);
            keyStore.setKeyEntry(str, keyPair.getPrivate(), cArr, new X509Certificate[]{x509Certificate});
            keyStore.store(new FileOutputStream(file), cArr);
            return true;
        } catch (IOException e) {
            edb.traceAlert(e);
            return false;
        } catch (KeyStoreException e2) {
            edb.traceAlert(e2);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            edb.traceAlert(e3);
            return false;
        } catch (NoSuchProviderException e4) {
            edb.traceAlert(e4);
            return false;
        } catch (CertificateException e5) {
            edb.traceAlert(e5);
            return false;
        }
    }

    public static EdbColumn getCertificateColumn(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return null;
        }
        return edbTuple.getTable().getCertificateColumn();
    }

    public static String getCertificatePEM(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return null;
        }
        String certificate = edbTuple.getCertificate();
        if (EdbText.isValid(certificate)) {
            return certificate2pem(edbTuple.getEDB(), certificate);
        }
        return null;
    }
}
