package org.apache.clerezza.ssl.keygen.bouncy;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Map;
import org.apache.clerezza.ssl.keygen.Certificate;
import org.apache.clerezza.ssl.keygen.KeygenService;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.crmf.CertReqMessages;
import org.bouncycastle.asn1.crmf.OptionalValidity;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.netscape.NetscapeCertRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bundles/startlevel-3/org/apache/clerezza/ssl.keygen.base/0.5-incubating/ssl.keygen.base-0.5-incubating.jar:org/apache/clerezza/ssl/keygen/bouncy/BouncyKeygenService.class */
public class BouncyKeygenService implements KeygenService {
    KeyStore keyStore;
    PrivateKey privateKey;
    X509Certificate certificate;
    SecureRandom numberGenerator;
    static final transient Logger log = LoggerFactory.getLogger(BouncyKeygenService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public BigInteger nextRandom() {
        SecureRandom secureRandom = this.numberGenerator;
        if (secureRandom == null) {
            SecureRandom secureRandom2 = new SecureRandom();
            secureRandom = secureRandom2;
            this.numberGenerator = secureRandom2;
        }
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        return new BigInteger(bArr).abs();
    }

    protected void activate(Map map) {
        log.info("in keygen activate");
        try {
            initialize();
        } catch (Exception e) {
            log.warn("could not activate keygen component", (Throwable) e);
            throw new Error("could not activate keygen component", e);
        }
    }

    public void initialize() throws Exception {
        log.info("initializing " + getClass().getCanonicalName());
        URL resource = BouncyKeygenService.class.getResource("/cacert.p12");
        try {
            InputStream openStream = resource.openStream();
            String str = null;
            try {
                this.keyStore = KeyStore.getInstance("PKCS12");
                try {
                    this.keyStore.load(openStream, "testtest".toCharArray());
                    try {
                        Enumeration<String> aliases = this.keyStore.aliases();
                        while (true) {
                            if (!aliases.hasMoreElements()) {
                                break;
                            }
                            String nextElement = aliases.nextElement();
                            if (this.keyStore.isKeyEntry(nextElement)) {
                                str = nextElement;
                                break;
                            }
                        }
                        if (str == null) {
                            throw new Exception("Invalid keystore configuration: alias unspecified ");
                        }
                        try {
                            this.privateKey = (PrivateKey) this.keyStore.getKey(str, "testtest".toCharArray());
                            try {
                                this.certificate = (X509Certificate) this.keyStore.getCertificate(str);
                                log.info("Initialization of " + getClass().getCanonicalName() + " successful.");
                            } catch (KeyStoreException e) {
                                throw new Exception("problem getting certificate with alias " + str + "from keystore.", e);
                            }
                        } catch (KeyStoreException e2) {
                            throw new Exception("could not get key with alias " + str, e2);
                        } catch (NoSuchAlgorithmException e3) {
                            throw new Exception("missing algorithm for reading store!", e3);
                        } catch (UnrecoverableKeyException e4) {
                            throw new Exception("could not recover private key in store", e4);
                        }
                    } catch (KeyStoreException e5) {
                        throw new Exception("could not find alias", e5);
                    }
                } catch (IOException e6) {
                    throw new Exception("Could not read keystore shipped with jar!", e6);
                } catch (NoSuchAlgorithmException e7) {
                    throw new Exception("missing algorithm for reading store!", e7);
                } catch (CertificateException e8) {
                    throw new Exception("certificate extension found while loading store!", e8);
                }
            } catch (KeyStoreException e9) {
                throw new Exception("could not get instance of PKCS12 keystore! SEVERE!", e9);
            }
        } catch (IOException e10) {
            throw new Exception("could not load cert file " + resource);
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.KeygenService
    public Certificate createFromPEM(String str) {
        if (str == null) {
            log.warn("pemCsr was null");
            return null;
        }
        try {
            Object readObject = new PEMReader(new StringReader(str)).readObject();
            if (readObject instanceof PKCS10CertificationRequest) {
                PKCS10CertificationRequest pKCS10CertificationRequest = (PKCS10CertificationRequest) readObject;
                DefaultCertificate defaultCertificate = new DefaultCertificate(this);
                defaultCertificate.setDefaultSerialisation(new PEMSerialisation(defaultCertificate));
                try {
                    try {
                        defaultCertificate.setSubjectPublicKey(DefaultPubKey.create(pKCS10CertificationRequest.getPublicKey()));
                        return defaultCertificate;
                    } catch (InvalidKeyException e) {
                        log.warn("Invalid key sent in certificate request", (Throwable) e);
                    }
                } catch (NoSuchAlgorithmException e2) {
                    log.warn("Don't know algorithm required by certification request ", (Throwable) e2);
                } catch (NoSuchProviderException e3) {
                    log.warn("Don't have provider for certification request ", (Throwable) e3);
                }
            }
            return null;
        } catch (IOException e4) {
            log.warn("How can this happen? Serious! An IOEXception on a StringReader?", (Throwable) e4);
            return null;
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.KeygenService
    public Certificate createFromSpkac(String str) {
        if (str == null) {
            log.warn("SPKAC parameter is null, should be checked before");
            return null;
        }
        try {
            NetscapeCertRequest netscapeCertRequest = new NetscapeCertRequest(Base64.decode(str));
            DefaultCertificate defaultCertificate = new DefaultCertificate(this);
            defaultCertificate.setDefaultSerialisation(new DERSerialisation(defaultCertificate));
            defaultCertificate.setSubjectPublicKey(DefaultPubKey.create(netscapeCertRequest.getPublicKey()));
            return defaultCertificate;
        } catch (IOException e) {
            log.warn("how can an IOError occur when reading a string?", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.KeygenService
    public Certificate createFromCRMF(String str) {
        try {
            DERInteger dERInteger = null;
            AlgorithmIdentifier algorithmIdentifier = null;
            X509Name x509Name = null;
            OptionalValidity optionalValidity = null;
            X509Name x509Name2 = null;
            SubjectPublicKeyInfo subjectPublicKeyInfo = null;
            ASN1Sequence aSN1Sequence = (ASN1Sequence) CertReqMessages.getInstance(new ASN1InputStream(Base64.decode(str)).readObject()).toCertReqMsgArray()[0].getCertReq().getCertTemplate().getDERObject();
            System.out.println("CertTemplate sequence: " + aSN1Sequence);
            Enumeration objects = aSN1Sequence.getObjects();
            while (objects.hasMoreElements()) {
                DERTaggedObject dERTaggedObject = (DERTaggedObject) ((DEREncodable) objects.nextElement());
                DEREncodable objectParser = dERTaggedObject.getObjectParser(dERTaggedObject.getTagNo(), true);
                if (dERTaggedObject.getTagNo() == 1) {
                    dERInteger = (DERInteger) objectParser;
                } else if (dERTaggedObject.getTagNo() == 2) {
                    algorithmIdentifier = AlgorithmIdentifier.getInstance(dERTaggedObject, false);
                } else if (dERTaggedObject.getTagNo() == 3) {
                    x509Name = X509Name.getInstance(dERTaggedObject, true);
                } else if (dERTaggedObject.getTagNo() == 4) {
                    optionalValidity = OptionalValidity.getInstance(objectParser.getDERObject());
                } else if (dERTaggedObject.getTagNo() == 5) {
                    x509Name2 = X509Name.getInstance(dERTaggedObject, true);
                } else if (dERTaggedObject.getTagNo() == 6) {
                    subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(dERTaggedObject, false);
                }
            }
            log.info("Serial number: " + dERInteger + " Algorithm identifier: " + algorithmIdentifier + " Issuer: " + x509Name + " Optional validity: " + optionalValidity + " Subject: " + x509Name2);
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(subjectPublicKeyInfo);
            if (!(createKey instanceof RSAKeyParameters)) {
                log.warn("KeyParam is not an RSA Key but of type" + createKey.getClass() + " need to implement this.");
                return null;
            }
            RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) createKey;
            DefaultCertificate defaultCertificate = new DefaultCertificate(this);
            defaultCertificate.setDefaultSerialisation(new DERSerialisation(defaultCertificate));
            defaultCertificate.setSubjectPublicKey(new DefaultRSAPubKey(rSAKeyParameters.getExponent(), rSAKeyParameters.getModulus()));
            return defaultCertificate;
        } catch (Exception e) {
            log.warn("caught exception in CRMF code", (Throwable) e);
            return null;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
