package prizm.crypto;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.logging.Level;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.eclipse.jetty.util.StringUtil;
import prizm.Prizm;
import prizm.util.Convert;
import prizm.util.Logger;

/* loaded from: input_file:prizm/crypto/SSLCert.class */
public class SSLCert {
    private int keysize = 1024;
    private String commonName = "BenedCore";
    private String organizationalUnit = "Users";
    private String organization = "Bened Community";
    private String city = "Bened";
    private String state = "Bened";
    private String country = "EN";
    private long validity = 4384;
    private String alias = "bened";
    private char[] keyPass;
    private String pathToSave;
    private KeyPair keyPair;

    public SSLCert(String str) {
        this.keyPass = str.toCharArray();
    }

    public String write(String str) {
        try {
            return writeInternal(str);
        } catch (Exception e) {
            return null;
        }
    }

    public boolean isValid(String str) {
        if (!doesExist(str)) {
            return false;
        }
        if (tryRead(str)) {
            return true;
        }
        Logger.logInfoMessage("SSLEnforce: invalid certificate file, deleted");
        new File(str).delete();
        return false;
    }

    private boolean doesExist(String str) {
        File file = new File(str);
        return file.exists() && !file.isDirectory();
    }

    private boolean tryRead(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(str), this.keyPass);
            keyStore.getKey(this.alias, this.keyPass);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private String writeInternal(String str) {
        String str2 = "error fingerprint";
        try {
            try {
                this.pathToSave = str;
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                X509Certificate[] x509CertificateArr = {generateSelfSignedX509Certificate()};
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                messageDigest.update(x509CertificateArr[0].getEncoded());
                str2 = Convert.toHexString(messageDigest.digest()).toUpperCase().replaceAll("(.{2})", "$1 ");
                keyStore.setKeyEntry(this.alias, this.keyPair.getPrivate(), this.keyPass, x509CertificateArr);
                keyStore.store(new FileOutputStream(this.pathToSave), this.keyPass);
                return str2;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                java.util.logging.Logger.getLogger(SSLCert.class.getName()).log(Level.SEVERE, (String) null, e);
                return str2;
            }
        } catch (Throwable th) {
            return str2;
        }
    }

    public int getKeysize() {
        return this.keysize;
    }

    public void setKeysize(int i) {
        this.keysize = i;
    }

    public String getCommonName() {
        return this.commonName;
    }

    public void setCommonName(String str) {
        this.commonName = str;
    }

    public String getOrganizationalUnit() {
        return this.organizationalUnit;
    }

    public void setOrganizationalUnit(String str) {
        this.organizationalUnit = str;
    }

    public String getOrganization() {
        return this.organization;
    }

    public void setOrganization(String str) {
        this.organization = str;
    }

    public String getCity() {
        return this.city;
    }

    public void setCity(String str) {
        this.city = str;
    }

    public String getState() {
        return this.state;
    }

    public void setState(String str) {
        this.state = str;
    }

    public String getCountry() {
        return this.country;
    }

    public void setCountry(String str) {
        this.country = str;
    }

    public long getValidity() {
        return this.validity;
    }

    public void setValidity(long j) {
        this.validity = j;
    }

    public String getAlias() {
        return this.alias;
    }

    public void setAlias(String str) {
        this.alias = str;
    }

    public void setKeyPass(String str) {
        this.keyPass = str.toCharArray();
    }

    public X509Certificate generateSelfSignedX509Certificate() {
        String stringProperty = Prizm.getStringProperty("bened.apiServerHost");
        String str = (StringUtil.ALL_INTERFACES.equals(stringProperty) || "127.0.0.1".equals(stringProperty)) ? "localhost" : stringProperty;
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate x509Certificate = null;
        try {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
                keyPairGenerator.initialize(this.keysize, new SecureRandom());
                this.keyPair = keyPairGenerator.generateKeyPair();
                String str2 = "CN=" + str + ", OU=" + this.organizationalUnit + ", O=" + this.organization + ", L=" + this.city + ", ST=" + this.state + ", C=" + this.country;
                X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
                X500Principal x500Principal = new X500Principal(str2);
                x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
                x509V3CertificateGenerator.setSubjectDN(new X509Name(str2));
                x509V3CertificateGenerator.setIssuerDN(x500Principal);
                x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 86400000));
                x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 157680000000L));
                x509V3CertificateGenerator.setPublicKey(this.keyPair.getPublic());
                x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
                x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
                x509Certificate = x509V3CertificateGenerator.generate(this.keyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME);
                return x509Certificate;
            } catch (Exception e) {
                Logger.logErrorMessage("\n----error ssl e=" + String.valueOf(e));
                return x509Certificate;
            }
        } catch (Throwable th) {
            return x509Certificate;
        }
    }
}
