package org.jacorb.security.util;

import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Name;
import iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import iaik.security.provider.IAIK;
import iaik.utils.KeyAndCertificate;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.Hashtable;
import java.util.Random;
import java.util.Vector;

/* loaded from: input_file:org/jacorb/security/util/CertificatesManager.class */
public class CertificatesManager {
    private static final String pass_phrase = "bnv_8.12.99_passpass_find_out_ORB_JacORB1_0/beta14_SSL";
    public static int saveFormat = 2;
    private static Hashtable signers = new Hashtable();

    public static Principal addTrustedSigner(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            System.out.println("certificate is empty.");
            System.exit(0);
        }
        Principal subjectDN = x509Certificate.getSubjectDN();
        if (subjectDN == null) {
            System.out.println("Unable to get dn from certificate.");
            System.exit(0);
        }
        Vector vector = (Vector) signers.get(subjectDN);
        if (vector == null) {
            vector = new Vector(4);
            signers.put(subjectDN, vector);
        }
        vector.addElement(x509Certificate);
        if (subjectDN == null) {
            System.out.println("Unable to add dn.");
            System.exit(0);
        }
        return subjectDN;
    }

    public static void setTrustedSigners(iaik.x509.X509Certificate[] x509CertificateArr) {
        signers = new Hashtable();
        for (iaik.x509.X509Certificate x509Certificate : x509CertificateArr) {
            addTrustedSigner(x509Certificate);
        }
    }

    public static boolean hasTrustedRoot(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                if (i > 0) {
                    x509CertificateArr[i - 1].verify(x509CertificateArr[i].getPublicKey());
                }
                Vector vector = (Vector) signers.get(x509CertificateArr[i].getSubjectDN());
                if (vector != null) {
                    for (int i2 = 0; i2 < vector.size(); i2++) {
                        if (((iaik.x509.X509Certificate) vector.elementAt(i2)).equals(x509CertificateArr[i])) {
                            return true;
                        }
                    }
                }
            } catch (Exception e) {
                return false;
            }
        }
        return false;
    }

    public static void saveKeyAndCert(KeyPair keyPair, iaik.x509.X509Certificate[] x509CertificateArr, String str) throws IOException {
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(keyPair.getPrivate());
        try {
            encryptedPrivateKeyInfo.encrypt(pass_phrase, AlgorithmID.pbeWithMD5AndDES_CBC, (SecureRandom) null);
            String stringBuffer = new StringBuffer().append(str).append(saveFormat == 1 ? ".der" : ".pem").toString();
            System.out.println(new StringBuffer().append("save private key and certificate chain to file ").append(stringBuffer).append("...").toString());
            new KeyAndCertificate(encryptedPrivateKeyInfo, x509CertificateArr).saveTo(stringBuffer, saveFormat);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No implementation for pbeWithMD5AndDES_CBC!");
        }
    }

    public static KeyPair generateKeyPair(String str, int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, "IAIK");
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            System.out.println(new StringBuffer().append("Algorithm ").append(str).append(" not found!").toString());
            return null;
        } catch (NoSuchProviderException e2) {
            System.out.println("Provider IAIK not found!");
            return null;
        }
    }

    public static boolean verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        int length = x509CertificateArr.length;
        try {
            x509CertificateArr[length - 1].verify(x509CertificateArr[length - 1].getPublicKey());
            for (int i = length - 1; i > 0; i--) {
                x509CertificateArr[i - 1].verify(x509CertificateArr[i].getPublicKey());
            }
            return hasTrustedRoot(x509CertificateArr);
        } catch (Exception e) {
            return false;
        }
    }

    public static iaik.x509.X509Certificate createCertificate(Name name, PublicKey publicKey, Name name2, PrivateKey privateKey, AlgorithmID algorithmID) {
        iaik.x509.X509Certificate x509Certificate = new iaik.x509.X509Certificate();
        try {
            x509Certificate.setSerialNumber(new BigInteger(20, new Random()));
            x509Certificate.setSubjectDN(name);
            x509Certificate.setPublicKey(publicKey);
            x509Certificate.setIssuerDN(name2);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(5, -1);
            x509Certificate.setValidNotBefore(gregorianCalendar.getTime());
            gregorianCalendar.add(2, 6);
            x509Certificate.setValidNotAfter(gregorianCalendar.getTime());
            x509Certificate.sign(algorithmID, privateKey);
            return x509Certificate;
        } catch (InvalidKeyException e) {
            System.out.println(new StringBuffer("InvalidKeyException: ").append(e.getMessage()).toString());
            return null;
        } catch (NoSuchAlgorithmException e2) {
            System.out.println(new StringBuffer("NoSuchAlgorithmException: ").append(e2.getMessage()).toString());
            return null;
        } catch (CertificateException e3) {
            System.out.println(new StringBuffer("CertificateException: ").append(e3.getMessage()).toString());
            return null;
        }
    }

    public static void main(String[] strArr) throws IOException {
        String str;
        boolean z = false;
        boolean z2 = false;
        String str2 = null;
        PrivateKey privateKey = null;
        iaik.x509.X509Certificate x509Certificate = null;
        if (strArr.length == 3) {
            z = true;
            if (strArr[0].equals("-ca")) {
                str2 = strArr[1];
                str = strArr[2];
            } else if (!strArr[1].equals("-ca")) {
                System.out.println("caNotFound");
                System.out.println("Usage: CerttificatesManager [-ca caName] userName");
                return;
            } else {
                System.out.println("caFound at 1");
                str2 = strArr[2];
                str = strArr[0];
            }
        } else if (strArr.length != 1) {
            System.out.println("bad # params");
            System.out.println("Usage: CertificatesManager [-ca caName] userName");
            return;
        } else {
            str = strArr[0];
            z2 = true;
        }
        try {
            IAIK.addAsProvider();
            File file = new File("certs");
            if (file.exists()) {
                if (z) {
                    KeyAndCertificate keyAndCertificate = new KeyAndCertificate(new StringBuffer().append("certs/").append(str2).append("KeyAndCert").append(".pem").toString());
                    EncryptedPrivateKeyInfo privateKey2 = keyAndCertificate.getPrivateKey();
                    privateKey2.decrypt(pass_phrase);
                    privateKey = privateKey2.getPrivateKeyInfo();
                    x509Certificate = keyAndCertificate.getCertificateChain()[0];
                }
            } else {
                if (str2 != null) {
                    System.out.println(new StringBuffer("No certificate file ").append((String) null).toString());
                    return;
                }
                file.mkdir();
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
            String hostName = InetAddress.getLocalHost().getHostName();
            System.out.print(new StringBuffer().append("Give server host name [").append(hostName).append("]:").toString());
            String readLine = bufferedReader.readLine();
            if (readLine.length() != 0) {
                hostName = readLine;
            }
            if (z2 || !z) {
                System.out.println(new StringBuffer("create self signed RSA CA certificate... for ").append(str).toString());
                Name name = new Name();
                name.addRDN(ObjectID.country, "CH");
                name.addRDN(ObjectID.organization, "EPFL");
                name.addRDN(ObjectID.organizationalUnit, "SSLCertificateManager");
                name.addRDN(ObjectID.commonName, str);
                KeyPair generateKeyPair = generateKeyPair("RSA", 1024);
                iaik.x509.X509Certificate createCertificate = createCertificate(name, generateKeyPair.getPublic(), name, generateKeyPair.getPrivate(), AlgorithmID.md5WithRSAEncryption);
                iaik.x509.X509Certificate[] x509CertificateArr = {createCertificate};
                FileOutputStream fileOutputStream = new FileOutputStream(new StringBuffer().append("certs/").append(str).append("Cert.pem").toString());
                createCertificate.writeTo(fileOutputStream);
                fileOutputStream.close();
                saveKeyAndCert(generateKeyPair, x509CertificateArr, new StringBuffer().append("certs/").append(str).append("KeyAndCert").toString());
            } else {
                System.out.println(new StringBuffer().append("Creating server certificates for ").append(str).append(" at ").append(hostName).append("\n").toString());
                KeyPair generateKeyPair2 = generateKeyPair("RSA", 1024);
                KeyPair generateKeyPair3 = generateKeyPair("RSA", 1024);
                Name name2 = new Name();
                name2.addRDN(ObjectID.country, "CH");
                name2.addRDN(ObjectID.organization, "EPFL");
                name2.addRDN(ObjectID.organizationalUnit, "SSLCertificateManager");
                name2.addRDN(ObjectID.commonName, str2);
                Name name3 = new Name();
                name3.addRDN(ObjectID.country, "CH");
                name3.addRDN(ObjectID.organization, "EPFL");
                name3.addRDN(ObjectID.commonName, new StringBuffer().append(str).append(hostName).toString());
                name3.addRDN(ObjectID.organizationalUnit, "RSA Server Certificate");
                iaik.x509.X509Certificate[] x509CertificateArr2 = {createCertificate(name3, generateKeyPair3.getPublic(), name2, privateKey, AlgorithmID.md5WithRSAEncryption), x509Certificate};
                verifyCertificateChain(x509CertificateArr2);
                saveKeyAndCert(generateKeyPair3, x509CertificateArr2, new StringBuffer().append("certs/server").append(str).append("KeyAndCert").toString());
                System.out.println(new StringBuffer().append("Creating client test certificates for ").append(str).append(" at ").append(hostName).append("\n").toString());
                Name name4 = new Name();
                name4.addRDN(ObjectID.country, "CH");
                name4.addRDN(ObjectID.organization, "EPFL");
                name4.addRDN(ObjectID.commonName, new StringBuffer().append("Client").append(str).append(hostName).toString());
                name4.addRDN(ObjectID.organizationalUnit, "RSA Client Certificate");
                iaik.x509.X509Certificate[] x509CertificateArr3 = {createCertificate(name4, generateKeyPair2.getPublic(), name2, privateKey, AlgorithmID.md5WithRSAEncryption), x509Certificate};
                verifyCertificateChain(x509CertificateArr3);
                saveKeyAndCert(generateKeyPair2, x509CertificateArr3, new StringBuffer().append("certs/client").append(str).append("KeyAndCert").toString());
            }
            System.out.println("\nServer and Client certificates created.");
        } catch (UnknownHostException e) {
            System.out.print(new StringBuffer("UnknownHostException: ").append(e.getMessage()).toString());
        } catch (NoSuchAlgorithmException e2) {
            System.out.println(new StringBuffer("NoSuchAlgorithmException: ").append(e2.toString()).toString());
        } catch (CertificateException e3) {
            System.out.print(new StringBuffer("CertificateException: ").append(e3.getMessage()).toString());
        } catch (Exception e4) {
            System.out.println(new StringBuffer("Other Exception: ").append(e4).toString());
        }
    }
}
