package eu.contrail.security;

import gnu.getopt.Getopt;
import java.io.BufferedReader;
import java.io.Console;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpMessage;
import org.apache.http.HttpResponse;
import org.apache.http.HttpVersion;
import org.apache.http.StatusLine;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.ClientContext;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.BasicHttpContext;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:WEB-INF/lib/security-commons-1.0-SNAPSHOT.jar:eu/contrail/security/CertClient.class */
public class CertClient {
    private DefaultHttpClient httpClient;
    private URI uri;
    private HttpResponse response;
    private StatusLine statusLine;
    private int status;
    private HttpPost httpPost = null;
    SecurityCommons sc = new SecurityCommons();

    public CertClient(String str, boolean z, String str2, String str3) throws URISyntaxException {
        String property;
        this.uri = new URI(str);
        int port = this.uri.getPort();
        this.httpClient = new DefaultHttpClient();
        this.httpClient = WebClientDevWrapper.wrapClient(this.httpClient, port, str2, str3);
        if (!z || (property = System.getProperty("http.proxyHost")) == null) {
            return;
        }
        setProxy(property, System.getProperty("http.proxyPort"), HttpHost.DEFAULT_SCHEME_NAME);
    }

    public DefaultHttpClient getHttpClient(int i) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            new MySSLSocketFactory(keyStore, "alias");
            BasicHttpParams basicHttpParams = new BasicHttpParams();
            HttpProtocolParams.setVersion(basicHttpParams, HttpVersion.HTTP_1_1);
            HttpProtocolParams.setContentCharset(basicHttpParams, "UTF-8");
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            schemeRegistry.register(new Scheme(HttpHost.DEFAULT_SCHEME_NAME, 80, PlainSocketFactory.getSocketFactory()));
            schemeRegistry.register(new Scheme("https", i, SSLSocketFactory.getSocketFactory()));
            return new DefaultHttpClient(new SingleClientConnManager(schemeRegistry), basicHttpParams);
        } catch (Exception e) {
            return new DefaultHttpClient();
        }
    }

    public void shutdownConnection() {
        this.httpClient.getConnectionManager().shutdown();
    }

    public URI getUri() {
        return this.uri;
    }

    public BasicHttpContext setAuth(String str, String str2) {
        HttpHost httpHost = new HttpHost(this.uri.getHost(), this.uri.getPort(), this.uri.getScheme());
        this.httpClient.getCredentialsProvider().setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort()), new UsernamePasswordCredentials(str, str2));
        BasicScheme basicScheme = new BasicScheme();
        BasicAuthCache basicAuthCache = new BasicAuthCache();
        basicAuthCache.put(httpHost, basicScheme);
        BasicHttpContext basicHttpContext = new BasicHttpContext();
        basicHttpContext.setAttribute(ClientContext.AUTH_CACHE, basicAuthCache);
        return basicHttpContext;
    }

    public void setFormData(String str, String str2) throws UnsupportedEncodingException {
        this.httpPost = new HttpPost(this.uri);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(str, str2));
        this.httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
    }

    public int executePost(BasicHttpContext basicHttpContext) throws HttpException, IOException {
        try {
            this.response = this.httpClient.execute(this.httpPost, basicHttpContext);
            this.statusLine = this.response.getStatusLine();
            return this.statusLine.getStatusCode();
        } catch (ClientProtocolException e) {
            System.err.println(e);
            throw new HttpException("CPE");
        }
    }

    public int executePost() throws HttpException, IOException {
        this.response = this.httpClient.execute(this.httpPost);
        this.statusLine = this.response.getStatusLine();
        return this.statusLine.getStatusCode();
    }

    public StatusLine getStatusLine() {
        return this.statusLine;
    }

    public void setStatus(int i) {
        this.status = i;
    }

    public int getStatus() {
        return this.status;
    }

    public InputStream getStream() throws IOException {
        return this.response.getEntity().getContent();
    }

    public void setProxy(String str, String str2, String str3) {
        int i;
        if (str == null || str2 == null) {
            return;
        }
        try {
            i = Integer.valueOf(str2).intValue();
        } catch (NumberFormatException e) {
            i = 8080;
        }
        if (i <= 0) {
            throw new NumberFormatException();
        }
        this.httpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(str, i, str3 == null ? HttpHost.DEFAULT_SCHEME_NAME : str3));
    }

    public X509Certificate getCert(KeyPair keyPair, String str, String str2, String str3, String str4, boolean z) throws HttpException, IOException {
        PKCS10CertificationRequest createCSR = this.sc.createCSR(keyPair, "", str);
        InputStream inputStream = null;
        try {
            try {
                try {
                    BasicHttpContext auth = setAuth(str2, str3);
                    setFormData("certificate_request", this.sc.writeCSR(createCSR));
                    this.status = executePost(auth);
                    if (this.status != 200) {
                        throw new HttpException("Code: " + this.statusLine.getStatusCode() + ", Reason: " + this.statusLine.getReasonPhrase());
                    }
                    InputStream stream = getStream();
                    if (stream.available() == 0) {
                        throw new IOException("Input stream is empty");
                    }
                    X509Certificate certFromStream = this.sc.getCertFromStream(stream);
                    if (stream != null) {
                        try {
                            stream.close();
                        } catch (IOException e) {
                        }
                    }
                    if (!z) {
                        shutdownConnection();
                    }
                    return certFromStream;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    if (!z) {
                        shutdownConnection();
                    }
                    throw th;
                }
            } catch (UnsupportedEncodingException e3) {
                throw new IllegalArgumentException(e3);
            }
        } catch (CertificateException e4) {
            throw new IllegalArgumentException(e4);
        }
    }

    public static void writeStream(InputStream inputStream, OutputStream outputStream) throws IOException, FileNotFoundException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
            PrintStream printStream = new PrintStream(outputStream, true, "UTF-8");
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else {
                    printStream.println(readLine);
                }
            }
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e) {
                }
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    public static void printHeaders(HttpMessage httpMessage) {
        for (Header header : httpMessage.getAllHeaders()) {
            System.err.printf("Name=%s, Value=%s.%n", header.getName(), header.getValue());
        }
    }

    public static String getUsername(Console console) {
        return console.readLine("Enter username: ", new Object[0]);
    }

    public static void main(String[] strArr) {
        PKCS10CertificationRequest createCSR;
        SecurityCommons securityCommons = new SecurityCommons();
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        char[] cArr = null;
        String str9 = null;
        char[] cArr2 = null;
        boolean z = false;
        int i = 0;
        boolean z2 = false;
        String str10 = null;
        int i2 = -1;
        try {
            Getopt getopt = new Getopt("CA Client", strArr, "c:hk:u:p:r:R:vs:S:T:U:C:D:K:P:Q:H:");
            while (true) {
                int i3 = getopt.getopt();
                if (i3 != -1) {
                    switch (i3) {
                        case 67:
                            str5 = getopt.getOptarg();
                            break;
                        case 68:
                            getopt.getOptarg();
                            break;
                        case 72:
                            str10 = getopt.getOptarg();
                            break;
                        case 75:
                            str4 = getopt.getOptarg();
                            break;
                        case 80:
                            cArr = securityCommons.getPass(getopt.getOptarg());
                            break;
                        case 81:
                            cArr2 = securityCommons.getPass(getopt.getOptarg());
                            if (cArr2.length >= 8) {
                                break;
                            } else {
                                throw new IllegalArgumentException("key pass-phrase is too short");
                            }
                        case 83:
                            if (str5 != null) {
                                break;
                            } else {
                                z = true;
                                str3 = getopt.getOptarg();
                                break;
                            }
                        case 84:
                            str6 = getopt.getOptarg();
                            break;
                        case 85:
                            str7 = getopt.getOptarg();
                            break;
                        case 99:
                            str2 = getopt.getOptarg();
                            i++;
                            break;
                        case 104:
                            System.err.println("Usage: GetCert  URI");
                            System.exit(0);
                            break;
                        case 107:
                            str = getopt.getOptarg();
                            i++;
                            break;
                        case 112:
                            str9 = new String(securityCommons.getPass(getopt.getOptarg()));
                            break;
                        case 114:
                            getopt.getOptarg();
                            break;
                        case 115:
                            if (str5 != null) {
                                break;
                            } else {
                                z = true;
                                str3 = getopt.getOptarg();
                                z2 = true;
                                break;
                            }
                        case 117:
                            str8 = getopt.getOptarg();
                            break;
                    }
                } else {
                    i2 = getopt.getOptind();
                    if (i2 == strArr.length) {
                        System.err.println("Missing required argument HOSTURI");
                        System.exit(-1);
                    }
                    if (str6 == null) {
                        str6 = "/etc/ssl/certs/java/cacerts";
                    }
                    if (str7 == null) {
                        str7 = "changeit";
                    }
                }
            }
        } catch (FileNotFoundException e) {
            System.err.printf("Cannot find file " + e.getMessage() + " - exiting.%n", new Object[0]);
            System.exit(-1);
        } catch (IOException e2) {
            System.err.printf("Cannot open/read from file." + e2.getMessage() + "%n", new Object[0]);
            System.exit(-1);
        }
        if (str4 != null && str != null) {
            System.err.println("Cannot provide both a filename for an existing private key and an output filename for a new private key..%n");
            System.exit(-1);
        }
        Console console = System.console();
        if (str8 == null) {
            str8 = getUsername(console);
        }
        if (str9 == null) {
            str9 = new String(console.readPassword("Enter password:", new Object[0]));
        }
        String property = System.getProperty("user.home");
        if (i == 0) {
            String property2 = System.getProperty("userKeyPath", property);
            String property3 = System.getProperty("userKeyPath", property);
            String remove = str10 == null ? "user" : StringUtils.remove(str10, "CN=");
            str = property2 + "/" + remove + ".key";
            str2 = property3 + "/" + remove + ".crt";
        }
        if (str4 != null) {
            str = null;
        }
        if (i == 1 && str4 == null) {
            System.err.println("Must supply either both output filenames, or no output filenames.");
            System.err.printf("You supplied: key output file %s, certificate output file %s.%n", str, str2);
            System.exit(-1);
        }
        if (cArr != null && str4 == null) {
            System.err.println("Must supply a filename for an existing private key ('-K key') if you specify a passphrase with '-P'. %n");
            System.exit(-1);
        }
        if (str4 == null && cArr2 == null) {
            boolean z3 = false;
            while (!z3) {
                try {
                    cArr2 = securityCommons.getPassphrase(console, 8);
                    z3 = true;
                } catch (IllegalArgumentException e3) {
                    System.err.println("Error: passphrases do not match.%n");
                }
            }
        }
        String str11 = strArr[i2];
        InputStream inputStream = null;
        X509Certificate x509Certificate = null;
        KeyPair keyPair = null;
        CertClient certClient = null;
        try {
            try {
                try {
                    try {
                        try {
                            Security.addProvider(new BouncyCastleProvider());
                            if (str5 != null) {
                                createCSR = securityCommons.readCSR(str5);
                            } else {
                                keyPair = str4 != null ? securityCommons.readKeyPair(str4, cArr) : securityCommons.generateKeyPair("RSA", 2048);
                                createCSR = securityCommons.createCSR(keyPair, str10 != null ? str10 : "", "SHA256withRSA");
                            }
                            if (createCSR == null) {
                                System.err.println("Couldn't create CSR.%n");
                                System.exit(-1);
                            }
                            String writeCSR = securityCommons.writeCSR(createCSR);
                            if (z) {
                                securityCommons.writeCSR(createCSR, str3);
                            }
                            if (z2) {
                                System.out.printf("Saved CSR file to %s%n", str3);
                                System.exit(0);
                            }
                            certClient = new CertClient(str11, true, str6, str7);
                            BasicHttpContext auth = certClient.setAuth(str8, str9);
                            certClient.setFormData("certificate_request", writeCSR);
                            if (certClient.executePost(auth) != 200) {
                                System.err.println("Status line is " + certClient.getStatusLine());
                                certClient.shutdownConnection();
                                System.exit(-1);
                            }
                            inputStream = certClient.getStream();
                            x509Certificate = securityCommons.getCertFromStream(inputStream);
                            if (x509Certificate == null) {
                                System.err.println("Problem reading certificate from server.");
                                System.exit(-1);
                            }
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e4) {
                                }
                            }
                        } catch (Throwable th) {
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e5) {
                                }
                            }
                            throw th;
                        }
                    } catch (URISyntaxException e6) {
                        System.err.printf("Error: URI %s is not in the correct format. Exiting.%n", str11);
                        System.exit(-1);
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e7) {
                            }
                        }
                    }
                } catch (IOException e8) {
                    System.err.println(e8);
                    System.exit(-1);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e9) {
                        }
                    }
                } catch (NoSuchAlgorithmException e10) {
                    System.err.println(e10);
                    System.exit(-1);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e11) {
                        }
                    }
                }
            } catch (UnknownHostException e12) {
                System.err.println(e12);
                System.exit(-1);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e13) {
                    }
                }
            } catch (HttpException e14) {
                System.err.println(e14);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e15) {
                    }
                }
            }
        } catch (UnsupportedEncodingException e16) {
            System.err.println("Can't encode form parameters.");
            System.exit(-1);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e17) {
                }
            }
        } catch (CertificateException e18) {
            System.err.println(e18);
            System.exit(-1);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e19) {
                }
            }
        }
        try {
            if (str != null && keyPair != null) {
                try {
                    try {
                        securityCommons.writeKey(str, keyPair.getPrivate(), cArr2);
                        System.out.printf("Wrote private key to %s%n", str);
                    } catch (FileNotFoundException e20) {
                        System.err.println(e20);
                        System.exit(-1);
                        certClient.shutdownConnection();
                        return;
                    } catch (Exception e21) {
                        System.err.println(e21);
                        e21.printStackTrace();
                        System.exit(-1);
                        certClient.shutdownConnection();
                        return;
                    }
                } catch (IOException e22) {
                    System.err.println(e22.getMessage());
                    System.exit(-1);
                    certClient.shutdownConnection();
                    return;
                } catch (VerifyError e23) {
                    System.err.printf("Fatal: Cannot verify certificate.%n", new Object[0]);
                    System.exit(-1);
                    certClient.shutdownConnection();
                    return;
                }
            }
            securityCommons.writeCertificate(x509Certificate, str2);
            System.out.printf("Wrote certificate to %s%n", str2);
            System.exit(0);
            certClient.shutdownConnection();
        } catch (Throwable th2) {
            certClient.shutdownConnection();
            throw th2;
        }
    }
}
