package jp.ac.tokushima_u.edb;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import jp.ac.tokushima_u.db.common.TextUtility;
import jp.ac.tokushima_u.edb.tuple.EdbInethost;
import jp.ac.tokushima_u.edb.tuple.EdbPerson;
import jp.ac.tokushima_u.edb.tuple.EdbPersonification;

/* loaded from: input_file:jp/ac/tokushima_u/edb/EdbPKI.class */
public class EdbPKI {
    private static SecureRandom secureRandom;
    private static final String EdbPKIXClassName = "jp.ac.tokushima_u.db.app.EdbPKIX";
    private static final String EdbPKIXJAR = "jar:http://cms.db.tokushima-u.ac.jp/dist/EDB/Java/EdbPKIX/EdbPKIX.jar!/";
    private static final String EdbPKIXJAR_signed = "jar:http://cms.db.tokushima-u.ac.jp/dist/EDB/Java/EdbPKIX/EdbPKIX-signed.jar!/";
    private static boolean initialized = false;
    private static TrustManagerFactory edbpkiTMF = null;
    private static KeyManagerFactory edbpkiKMF = null;
    private static X509Certificate edbpkiCACert = null;
    private static X509Certificate edbpkiCACert2nd = null;
    private static Map<String, X509Certificate> m_edbpkiCACert = new HashMap();
    private static X509CRL edbpkiCRL = null;
    private static X509CRL edbpkiCRL2nd = null;
    private static Map<String, X509CRL> m_edbpkiCRL = new HashMap();
    private static SSLContext edbpkiSSLCtx = null;
    private static Class<?> edbPkix_Class = null;

    public static String certificate2pem(EDB edb, String str) {
        return "-----BEGIN CERTIFICATE-----" + str.substring(str.indexOf("-----BEGIN CERTIFICATE-----") + "-----BEGIN CERTIFICATE-----".length(), str.indexOf("-----END CERTIFICATE-----")).replaceAll("\\s", "\n") + "-----END CERTIFICATE-----";
    }

    public static X509Certificate generateX509Certificate(EDB edb, String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate2pem(edb, str).getBytes()));
        } catch (Exception e) {
            edb.trace(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean initialize(EDB edb, String str, char[] cArr) {
        initialized = true;
        try {
            secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(secureRandom.generateSeed(20));
            edbpkiTMF = TrustManagerFactory.getInstance("SunX509");
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(null, null);
            if (str != null && cArr != null) {
                edbpkiKMF = KeyManagerFactory.getInstance("SunX509");
                keyStore.load(new FileInputStream(str), cArr);
                edbpkiKMF.init(keyStore, cArr);
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(EdbSite.EDB_PKI_CACERT.getBytes());
            edbpkiCACert = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            keyStore2.setCertificateEntry("ROOT", edbpkiCACert);
            m_edbpkiCACert.put(getSubjectX509DN(edbpkiCACert), edbpkiCACert);
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(EdbSite.EDB_PKI2_CACERT.getBytes());
            edbpkiCACert2nd = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
            byteArrayInputStream2.close();
            keyStore2.setCertificateEntry("ROOT2ND", edbpkiCACert2nd);
            m_edbpkiCACert.put(getSubjectX509DN(edbpkiCACert2nd), edbpkiCACert2nd);
            edbpkiTMF.init(keyStore2);
            edbpkiSSLCtx = SSLContext.getInstance("TLSv1.2");
            if (edbpkiKMF != null) {
                edbpkiSSLCtx.init(edbpkiKMF.getKeyManagers(), edbpkiTMF.getTrustManagers(), secureRandom);
            } else {
                edbpkiSSLCtx.init(null, edbpkiTMF.getTrustManagers(), secureRandom);
            }
            HttpsURLConnection.setDefaultSSLSocketFactory(edbpkiSSLCtx.getSocketFactory());
            InputStream openStream = new URL(EdbSite.EDB_PKI_CRL_URI).openStream();
            edbpkiCRL = (X509CRL) certificateFactory.generateCRL(openStream);
            openStream.close();
            m_edbpkiCRL.put(getIssuerX509DN(edbpkiCRL), edbpkiCRL);
            InputStream openStream2 = new URL(EdbSite.EDB_PKI2_CRL_URI).openStream();
            edbpkiCRL2nd = (X509CRL) certificateFactory.generateCRL(openStream2);
            openStream2.close();
            m_edbpkiCRL.put(getIssuerX509DN(edbpkiCRL2nd), edbpkiCRL2nd);
            return true;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CRLException | CertificateException e) {
            edb.traceAlert(e);
            return false;
        }
    }

    public static SSLSocketFactory createSSLSocketFactory() {
        return edbpkiSSLCtx.getSocketFactory();
    }

    public static boolean checkValidate(EDB edb, X509Certificate x509Certificate) {
        StringWriter stringWriter = new StringWriter();
        try {
            PrintWriter printWriter = new PrintWriter(stringWriter);
            Throwable th = null;
            try {
                try {
                    boolean checkValidate = checkValidate(edb, x509Certificate, printWriter);
                    if (printWriter != null) {
                        if (0 != 0) {
                            try {
                                printWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            printWriter.close();
                        }
                    }
                    return checkValidate;
                } finally {
                }
            } finally {
            }
        } finally {
            StringBuffer buffer = stringWriter.getBuffer();
            if (TextUtility.textIsValid(buffer)) {
                edb.trace(buffer);
            }
        }
    }

    public static boolean checkValidate(EDB edb, X509Certificate x509Certificate, PrintWriter printWriter) {
        X509Certificate x509Certificate2;
        TrustManager[] trustManagers;
        try {
            x509Certificate.checkValidity();
            if (!initialized) {
                initialize(edb, null, null);
            }
            if (edbpkiTMF == null || (x509Certificate2 = m_edbpkiCACert.get(getIssuerX509DN(x509Certificate))) == null) {
                return false;
            }
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                X509CRL x509crl = m_edbpkiCRL.get(getIssuerX509DN(x509Certificate));
                if (x509crl == null) {
                    return false;
                }
                if ((x509crl != null && x509crl.isRevoked(x509Certificate)) || (trustManagers = edbpkiTMF.getTrustManagers()) == null || trustManagers.length == 0) {
                    return false;
                }
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[i];
                        try {
                            x509TrustManager.checkClientTrusted(new X509Certificate[]{x509Certificate}, "RSA");
                            return true;
                        } catch (Exception e) {
                            try {
                                x509TrustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, "RSA");
                                return true;
                            } catch (Exception e2) {
                                if (e != null) {
                                    printWriter.println(e);
                                }
                                if (e2 != null) {
                                    printWriter.println(e2);
                                }
                            }
                        }
                    }
                }
                return false;
            } catch (Exception e3) {
                printWriter.println(e3);
                return false;
            }
        } catch (CertificateExpiredException | CertificateNotYetValidException e4) {
            printWriter.println(getSubjectX509DN(x509Certificate) + ":" + e4);
            return false;
        } catch (Exception e5) {
            printWriter.println(e5);
            return false;
        }
    }

    public static KeyPair generateRSAKeyPair(EDB edb, int i) {
        if (!initialized) {
            initialize(edb, null, null);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            int i2 = 2048;
            if (i >= 2) {
                i2 = 4096;
            }
            keyPairGenerator.initialize(new RSAKeyGenParameterSpec(i2, RSAKeyGenParameterSpec.F4), secureRandom);
            return keyPairGenerator.genKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            edb.traceAlert(e);
            return null;
        }
    }

    public static String getCommonName(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return "";
        }
        if (!(edbTuple instanceof EdbPerson) && !(edbTuple instanceof EdbPersonification)) {
            return edbTuple instanceof EdbInethost ? ((EdbInethost) edbTuple).getFQDN() : "";
        }
        return "S" + edbTuple.eid();
    }

    public static String generateCertificateRequest(EDB edb, int i, EdbTuple edbTuple, KeyPair keyPair) {
        if (!initialized) {
            initialize(edb, null, null);
        }
        String commonName = getCommonName(edbTuple);
        if (!TextUtility.textIsValid(commonName)) {
            return null;
        }
        if (edbPkix_Class == null) {
            try {
                System.err.println("Try to load jar:http://cms.db.tokushima-u.ac.jp/dist/EDB/Java/EdbPKIX/EdbPKIX.jar!/");
                edbPkix_Class = URLClassLoader.newInstance(new URL[]{new URL(EdbPKIXJAR)}).loadClass(EdbPKIXClassName);
            } catch (ClassNotFoundException | MalformedURLException e) {
                System.err.println(e);
            }
            if (edbPkix_Class == null) {
                try {
                    System.err.println("Try to load jar:http://cms.db.tokushima-u.ac.jp/dist/EDB/Java/EdbPKIX/EdbPKIX-signed.jar!/");
                    edbPkix_Class = URLClassLoader.newInstance(new URL[]{new URL(EdbPKIXJAR_signed)}).loadClass(EdbPKIXClassName);
                } catch (ClassNotFoundException | MalformedURLException e2) {
                    System.err.println(e2);
                }
            }
        }
        if (edbPkix_Class == null) {
            return null;
        }
        try {
            Object invoke = edbPkix_Class.getMethod("generateCertificateRequest", String.class, KeyPair.class).invoke(null, commonName, keyPair);
            if (invoke == null || !(invoke instanceof String)) {
                return null;
            }
            return (String) invoke;
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e3) {
            edb.traceAlert(e3);
            return null;
        }
    }

    public static boolean storePKCS12(EDB edb, int i, File file, char[] cArr, String str, X509Certificate x509Certificate, KeyPair keyPair) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "SunJSSE");
            keyStore.load(null, null);
            keyStore.setKeyEntry(str, keyPair.getPrivate(), cArr, new X509Certificate[]{x509Certificate});
            keyStore.store(new FileOutputStream(file), cArr);
            return true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            edb.traceAlert(e);
            return false;
        }
    }

    public static EdbColumn getCertificateColumn(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return null;
        }
        return edbTuple.getTable().getCertificateColumn();
    }

    public static String getCertificatePEM(EdbTuple edbTuple) {
        if (edbTuple == null) {
            return null;
        }
        String certificate = edbTuple.getCertificate();
        if (TextUtility.textIsValid(certificate)) {
            return certificate2pem(edbTuple.getEDB(), certificate);
        }
        return null;
    }

    public static String getX509DN(X500Principal x500Principal) {
        String[] split = x500Principal.toString().replaceAll("EMAILADDRESS=", "emailAddress=").split(", ");
        String str = "";
        for (int length = split.length - 1; length >= 0; length--) {
            str = str + "/" + split[length];
        }
        return str;
    }

    public static String getIssuerX509DN(X509Certificate x509Certificate) {
        return getX509DN(x509Certificate.getIssuerX500Principal());
    }

    public static String getSubjectX509DN(X509Certificate x509Certificate) {
        return getX509DN(x509Certificate.getSubjectX500Principal());
    }

    public static String getIssuerX509DN(X509CRL x509crl) {
        return getX509DN(x509crl.getIssuerX500Principal());
    }

    public static int getCertificateGeneration(X509Certificate x509Certificate) {
        String x500Principal = x509Certificate.getIssuerX500Principal().toString();
        if (x500Principal.indexOf(EdbSite.EDB_PKI_ROOT_CN) >= 0) {
            return 1;
        }
        return x500Principal.indexOf(EdbSite.EDB_PKI2_ROOT_CN) >= 0 ? 2 : 0;
    }

    public static int getCertificateGeneration(EDB edb, String str) {
        return getCertificateGeneration(generateX509Certificate(edb, str));
    }
}
