package org.beigesoft.ajetty.crypto;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.Locale;
import java.util.ResourceBundle;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS12PfxPdu;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;

/* loaded from: input_file:org/beigesoft/ajetty/crypto/CryptoService.class */
public class CryptoService implements ICryptoService {
    private ResourceBundle messages;

    public CryptoService() {
        try {
            this.messages = ResourceBundle.getBundle("MessagesCrypto");
        } catch (Exception e) {
            try {
                this.messages = ResourceBundle.getBundle("MessagesCrypto", new Locale("en", "US"));
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
    }

    @Override // org.beigesoft.ajetty.crypto.ICryptoService
    public final String isPasswordStrong(char[] cArr) {
        if (cArr == null || cArr.length < 15) {
            return getMsg("Password15");
        }
        String lowerCase = new String(cArr).toLowerCase();
        if (lowerCase.contains("qwert") || lowerCase.contains("qwaszx") || lowerCase.contains("qweasd") || lowerCase.contains("qazwsx") || lowerCase.contains("wsxedc") || lowerCase.contains("wqsaxz") || lowerCase.contains("ewqdsa") || lowerCase.contains("zaqxsw") || lowerCase.contains("xswzaq") || lowerCase.contains("qscwdv") || lowerCase.contains("csqvdw") || lowerCase.contains("zaxqsc") || lowerCase.contains("qscax") || lowerCase.contains("csqxa") || lowerCase.contains("trewq") || lowerCase.contains("asdfg") || lowerCase.contains("zxcvb") || lowerCase.contains("bvcxz") || lowerCase.contains("gfdsa")) {
            return getMsg("noQwerty");
        }
        if (lowerCase.contains("raccooneatstone") || lowerCase.contains("nraccooteaeston")) {
            return getMsg("noDemoPassw");
        }
        if (lowerCase.contains("2345") || lowerCase.contains("admin") || lowerCase.contains("user") || lowerCase.contains("5432") || lowerCase.contains("5678") || lowerCase.contains("9876") || lowerCase.contains("password")) {
            return getMsg("noAdmin12345");
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (char c : cArr) {
            if (!Character.isLetterOrDigit(c)) {
                return getMsg("letterOrDig");
            }
            if (Character.isDigit(c)) {
                arrayList.add(Character.valueOf(c));
            } else {
                arrayList2.add(Character.valueOf(c));
            }
            hashSet.add(Character.valueOf(c));
        }
        double length = cArr.length;
        double size = arrayList2.size();
        double size2 = hashSet.size();
        if (size / length < 0.49999999999d) {
            return getMsg("lettersAtLeast50pr");
        }
        if (size2 / length < 0.59999999999d) {
            return getMsg("distinct60pr");
        }
        if (arrayList.size() < 3) {
            return getMsg("atLeast3digits");
        }
        return null;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.beigesoft.ajetty.crypto.ICryptoService
    public final void createKeyStoreWithCredentials(String str, int i, char[] cArr) throws Exception {
        File file = str == null ? new File("ajettykeystore." + i) : new File(str + File.separator + "ajettykeystore." + i);
        if (file.exists()) {
            throw new Exception("File already exist - " + file.getPath());
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(1, 10);
        Date time2 = calendar.getTime();
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair3 = keyPairGenerator.generateKeyPair();
        X509Certificate buildCaCertSelfSign = buildCaCertSelfSign(generateKeyPair3, "CN=A-Jetty" + i + " CA, OU=A-Jetty" + i + " CA, O=A-Jetty" + i + " CA, C=RU", time, time2);
        X509Certificate buildLocalhostHttpsCert = buildLocalhostHttpsCert(generateKeyPair.getPublic(), generateKeyPair3.getPrivate(), buildCaCertSelfSign, 2, "CN=localhost, OU=A-Jetty" + i + " HTTPS, O=A-Jetty" + i + " HTTPS, C=RU", time, time2);
        X509Certificate buildEndEntityCert = buildEndEntityCert(generateKeyPair2.getPublic(), generateKeyPair3.getPrivate(), buildCaCertSelfSign, 3, "CN=A-Jetty" + i + " File Exchanger, OU=A-Jetty" + i + " File Exchanger, O=A-Jetty" + i + " File Exchanger, C=RU", time, time2);
        JcePKCSPBEOutputEncryptorBuilder jcePKCSPBEOutputEncryptorBuilder = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC);
        jcePKCSPBEOutputEncryptorBuilder.setProvider("BC");
        OutputEncryptor build = jcePKCSPBEOutputEncryptorBuilder.build(cArr);
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder(buildCaCertSelfSign);
        jcaPKCS12SafeBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("AJettyCa" + i));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder2 = new JcaPKCS12SafeBagBuilder(buildLocalhostHttpsCert);
        jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("AJettyHttps" + i));
        SubjectKeyIdentifier createSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(buildLocalhostHttpsCert.getPublicKey());
        jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier);
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder3 = new JcaPKCS12SafeBagBuilder(generateKeyPair.getPrivate(), build);
        jcaPKCS12SafeBagBuilder3.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("AJettyHttps" + i));
        jcaPKCS12SafeBagBuilder3.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier);
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder4 = new JcaPKCS12SafeBagBuilder(buildEndEntityCert);
        jcaPKCS12SafeBagBuilder4.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("AJettyFileExch" + i));
        SubjectKeyIdentifier createSubjectKeyIdentifier2 = jcaX509ExtensionUtils.createSubjectKeyIdentifier(buildEndEntityCert.getPublicKey());
        jcaPKCS12SafeBagBuilder4.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier2);
        JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder5 = new JcaPKCS12SafeBagBuilder(generateKeyPair2.getPrivate(), build);
        jcaPKCS12SafeBagBuilder5.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("AJettyFileExch" + i));
        jcaPKCS12SafeBagBuilder5.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, createSubjectKeyIdentifier2);
        PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
        pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder3.build());
        pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder5.build());
        pKCS12PfxPduBuilder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(cArr), new PKCS12SafeBag[]{jcaPKCS12SafeBagBuilder2.build(), jcaPKCS12SafeBagBuilder4.build(), jcaPKCS12SafeBagBuilder.build()});
        PKCS12PfxPdu build2 = pKCS12PfxPduBuilder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), cArr);
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(build2.getEncoded("DL"));
            fileOutputStream.flush();
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    @Override // org.beigesoft.ajetty.crypto.ICryptoService
    public final byte[] calculateSha1(File file) throws Exception {
        BufferedInputStream bufferedInputStream = null;
        SHA1Digest sHA1Digest = new SHA1Digest();
        try {
            bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            byte[] bArr = new byte[1024];
            while (bufferedInputStream.read(bArr) >= 0) {
                sHA1Digest.update(bArr, 0, bArr.length);
            }
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            byte[] bArr2 = new byte[sHA1Digest.getDigestSize()];
            sHA1Digest.doFinal(bArr2, 0);
            return bArr2;
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
            throw th;
        }
    }

    @Override // org.beigesoft.ajetty.crypto.ICryptoService
    public final void init() throws Exception {
        if (Security.getProvider(getProviderName()) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override // org.beigesoft.ajetty.crypto.ICryptoService
    public final String getProviderName() {
        return "BC";
    }

    public final String getMsg(String str) {
        try {
            return this.messages.getString(str);
        } catch (Exception e) {
            return "[" + str + "]";
        }
    }

    public final X509Certificate buildRootCert(KeyPair keyPair, String str, Date date, Date date2) throws Exception {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v1CertificateBuilder(new X500Name(str), BigInteger.valueOf(1L), date, date2, new X500Name(str), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(keyPair.getPrivate())));
    }

    public final X509Certificate buildCaCert(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, String str, Date date, Date date2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), BigInteger.valueOf(2L), date, date2, new X500Principal(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate)).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, true, new BasicConstraints(0)).addExtension(Extension.keyUsage, true, new KeyUsage(134));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privateKey)));
    }

    public final X509Certificate buildCaCertSelfSign(KeyPair keyPair, String str, Date date, Date date2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Principal(str), BigInteger.valueOf(1L), date, date2, new X500Principal(str), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(keyPair.getPrivate())));
    }

    public final X509Certificate buildEndEntityCert(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, int i, String str, Date date, Date date2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), BigInteger.valueOf(i), date, date2, new X500Principal(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate)).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(160));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privateKey)));
    }

    public final X509Certificate buildLocalhostHttpsCert(PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, int i, String str, Date date, Date date2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), BigInteger.valueOf(i), date, date2, new X500Principal(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName[]{new GeneralName(2, "localhost"), new GeneralName(7, "127.0.0.1")}));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privateKey)));
    }

    public final ResourceBundle getMessages() {
        return this.messages;
    }

    public final void setMessages(ResourceBundle resourceBundle) {
        this.messages = resourceBundle;
    }
}
