package eu.contrail.security;

import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Console;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.x509.X509V2CRLGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import org.eclipse.persistence.sdo.SDOConstants;

/* loaded from: input_file:WEB-INF/lib/security-commons-1.0-SNAPSHOT.jar:eu/contrail/security/SecurityCommons.class */
public class SecurityCommons {
    public static final String CONTRAIL_ATTRIBUTE_ASSERTION = "1.34.5.0.14.67.101";
    public static final String CONTRAIL_ACCESS_TOKEN_OID = "1.34.5.0.14.67.102";
    static final /* synthetic */ boolean $assertionsDisabled;

    @Deprecated
    /* loaded from: input_file:WEB-INF/lib/security-commons-1.0-SNAPSHOT.jar:eu/contrail/security/SecurityCommons$MyPasswordZZZ.class */
    protected class MyPasswordZZZ implements PasswordFinder {
        private char[] password;

        public MyPasswordZZZ(char[] cArr) {
            this.password = (char[]) cArr.clone();
        }

        @Override // org.bouncycastle.openssl.PasswordFinder
        public char[] getPassword() {
            return (char[]) this.password.clone();
        }
    }

    public String[] findRDNs(String str, ASN1ObjectIdentifier... aSN1ObjectIdentifierArr) {
        String[] strArr = null;
        int length = aSN1ObjectIdentifierArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String[] rDNs = getRDNs(str, aSN1ObjectIdentifierArr[i]);
            if (rDNs != null) {
                strArr = rDNs;
                break;
            }
            i++;
        }
        return strArr;
    }

    public boolean authorise(X509Certificate[] x509CertificateArr, String str) {
        boolean z = false;
        if (str == null || str.length() == 0) {
            z = true;
        } else {
            String[] rDNs = getRDNs(x509CertificateArr[0].getSubjectDN().getName(), BCStyle.CN);
            if (rDNs != null && rDNs.length > 0 && str.indexOf(rDNs[0]) > -1) {
                z = true;
            }
        }
        return z;
    }

    public boolean authorisedCN(String str, String str2) {
        boolean z = false;
        if (str.indexOf(str2) > -1) {
            z = true;
        }
        return z;
    }

    public boolean isValidFQDN(String str) {
        return true;
    }

    public boolean isUUID(String str) {
        boolean z = false;
        try {
            UUID.fromString(str);
            z = true;
        } catch (IllegalArgumentException e) {
        }
        return z;
    }

    public boolean isUserId(String str) {
        boolean z = false;
        if (!str.startsWith("-")) {
            try {
                Integer.parseInt(str);
                z = true;
            } catch (NumberFormatException e) {
            }
        }
        return z;
    }

    public String[] getRDNs(String str, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ArrayList arrayList = new ArrayList();
        for (RDN rdn : new X500Name(str.toString()).getRDNs(aSN1ObjectIdentifier)) {
            arrayList.add(IETFUtils.valueToString(rdn.getFirst().getValue()));
        }
        String[] strArr = null;
        if (arrayList.size() > 0) {
            strArr = new String[arrayList.size()];
            arrayList.toArray(strArr);
        }
        return strArr;
    }

    public ContentSigner getContentSigner(PrivateKey privateKey, String str) throws OperatorCreationException {
        return new JcaContentSignerBuilder(str).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey);
    }

    public void addKeyIDExtensions(X509v3CertificateBuilder x509v3CertificateBuilder, PublicKey publicKey, PublicKey publicKey2) throws InvalidKeyException {
        x509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(publicKey));
        x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey2));
    }

    public X509Certificate createCertificate(PublicKey publicKey, String str, X509Certificate x509Certificate, String str2, boolean z, int i, int i2, int i3) throws CertificateException, InvalidKeyException, OperatorCreationException {
        return null;
    }

    public X509CRL createCRL(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, int i) throws Exception {
        X509V2CRLGenerator x509V2CRLGenerator = new X509V2CRLGenerator();
        Date date = new Date();
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        System.out.printf("Issuer DN = %s.%n", subjectX500Principal);
        System.out.printf("Ordered Issuer DN = %s%n", new X500Principal(reverse(subjectX500Principal.toString(), ",")));
        System.out.println("Using X500Principal from issuer Cert");
        x509V2CRLGenerator.setIssuerDN(subjectX500Principal);
        x509V2CRLGenerator.setThisUpdate(date);
        x509V2CRLGenerator.setNextUpdate(new Date(date.getTime() + 100000));
        x509V2CRLGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        x509V2CRLGenerator.addCRLEntry(bigInteger, date, i);
        x509V2CRLGenerator.addExtension((DERObjectIdentifier) X509Extension.authorityKeyIdentifier, false, (DEREncodable) new AuthorityKeyIdentifierStructure(x509Certificate));
        x509V2CRLGenerator.addExtension((DERObjectIdentifier) X509Extension.cRLNumber, false, (DEREncodable) new CRLNumber(BigInteger.valueOf(1L)));
        return x509V2CRLGenerator.generateX509CRL(privateKey, "BC");
    }

    public DERSet createExtensionRequest(Vector<ASN1ObjectIdentifier> vector, Vector<X509Extension> vector2) {
        return new DERSet(new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(new X509Extensions(vector, vector2))));
    }

    public void addStringExtensionVector(Vector<ASN1ObjectIdentifier> vector, Vector<X509Extension> vector2, ASN1ObjectIdentifier aSN1ObjectIdentifier, DEROctetString dEROctetString) {
        vector.add(aSN1ObjectIdentifier);
        vector2.add(new X509Extension(false, (ASN1OctetString) dEROctetString));
    }

    public PKCS10CertificationRequest createCSR(KeyPair keyPair, String str, String str2) throws IllegalArgumentException {
        PKCS10CertificationRequest pKCS10CertificationRequest = null;
        try {
            pKCS10CertificationRequest = new PKCS10CertificationRequest(str2, new X500Principal(str), keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate());
        } catch (InvalidKeyException e) {
            System.err.println(e);
        } catch (NoSuchAlgorithmException e2) {
            System.err.println(e2);
        } catch (NoSuchProviderException e3) {
            System.err.println(e3);
        } catch (SignatureException e4) {
            System.err.println(e4);
        }
        return pKCS10CertificationRequest;
    }

    public PKCS10CertificationRequest createServiceCSR(KeyPair keyPair, int i, String str, String str2, String str3) {
        PKCS10CertificationRequest pKCS10CertificationRequest = null;
        Vector<ASN1ObjectIdentifier> vector = new Vector<>();
        Vector<X509Extension> vector2 = new Vector<>();
        GeneralNames generalNames = new GeneralNames(new GeneralName(2, str));
        addStringExtensionVector(vector, vector2, X509Extension.subjectAlternativeName, new DEROctetString(generalNames));
        vector.add(X509Extension.subjectAlternativeName);
        vector2.add(new X509Extension(false, (ASN1OctetString) new DEROctetString(generalNames)));
        try {
            pKCS10CertificationRequest = new PKCS10CertificationRequest("SHA256withRSA", new X509Principal("CN=" + str), keyPair.getPublic(), createExtensionRequest(vector, vector2), keyPair.getPrivate());
        } catch (InvalidKeyException e) {
        } catch (NoSuchAlgorithmException e2) {
        } catch (NoSuchProviderException e3) {
        } catch (SignatureException e4) {
        }
        return pKCS10CertificationRequest;
    }

    public X509Certificate createRootCertificate(KeyPair keyPair, String str, String str2, int i, int i2) throws CertificateException, InvalidKeyException {
        try {
            return createCertificate(keyPair.getPublic(), str, i2, str, keyPair, str2, true, i, 0, 0);
        } catch (OperatorCreationException e) {
            throw new CertificateException(e);
        }
    }

    public X509Certificate createCertificate(PublicKey publicKey, String str, int i, String str2, KeyPair keyPair, String str3, boolean z, int i2, int i3, int i4) throws CertificateException, InvalidKeyException, OperatorCreationException {
        Calendar calendar = Calendar.getInstance();
        Date date = null;
        if (calendar != null) {
            date = calendar.getTime();
        } else {
            System.err.println("Calendar.getInstance returned NULL");
        }
        if (date == null) {
            System.err.println("Date origin is NULL");
        }
        return createCertificate(publicKey, str, i, str2, keyPair, str3, z, date, i2, i3, i4);
    }

    public X509Certificate createHostCertificate(PublicKey publicKey, String str, BigInteger bigInteger, X509Certificate x509Certificate, PrivateKey privateKey, String str2, Date date, int i, int i2, int i3) throws CertificateException, InvalidKeyException, OperatorCreationException {
        ContentSigner contentSigner = getContentSigner(privateKey, str2);
        X500Principal x500Principal = new X500Principal("CN=" + str);
        Date[] validityRange = getValidityRange(i, i2, i3);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, bigInteger, validityRange[0], validityRange[1], x500Principal, publicKey);
        addKeyIDExtensions(jcaX509v3CertificateBuilder, x509Certificate.getPublicKey(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(2, str)).getDERObject());
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        vector.add(KeyPurposeId.id_kp_serverAuth);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(vector));
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(jcaX509v3CertificateBuilder.build(contentSigner));
    }

    public X509Certificate createCertificate(PublicKey publicKey, String str, int i, String str2, KeyPair keyPair, String str3, boolean z, Date date, int i2, int i3, int i4) throws CertificateException, InvalidKeyException, OperatorCreationException {
        ContentSigner contentSigner = getContentSigner(keyPair.getPrivate(), str3);
        X500Name x500Name = new X500Name(str);
        X500Name x500Name2 = new X500Name(str2);
        Date[] validityRange = getValidityRange(i2, i3, i4);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name2, BigInteger.valueOf(i), validityRange[0], validityRange[1], x500Name, publicKey);
        addKeyIDExtensions(jcaX509v3CertificateBuilder, keyPair.getPublic(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(z));
        if (z) {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new X509KeyUsage(6));
        } else {
            Vector vector = new Vector();
            vector.add(KeyPurposeId.id_kp_clientAuth);
            jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(vector));
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(jcaX509v3CertificateBuilder.build(contentSigner));
    }

    public X509Certificate createUserCertificate(PublicKey publicKey, X500Principal x500Principal, String str, BigInteger bigInteger, X509Certificate x509Certificate, PrivateKey privateKey, String str2, int i, int i2, int i3) throws CertificateException, InvalidKeyException, OperatorCreationException {
        if (!isUUID(str)) {
            throw new IllegalArgumentException(String.format("UUID %s invalid", str));
        }
        ContentSigner contentSigner = getContentSigner(privateKey, str2);
        Date[] validityRange = getValidityRange(i, i2, i3);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, bigInteger, validityRange[0], validityRange[1], new X500Principal(reverse(x500Principal.toString(), ",")), publicKey);
        addKeyIDExtensions(jcaX509v3CertificateBuilder, x509Certificate.getPublicKey(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(6, "urn:uuid:" + str)).getDERObject());
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(jcaX509v3CertificateBuilder.build(contentSigner));
    }

    public X509Certificate createUserCertificateWithSAML(PublicKey publicKey, X500Principal x500Principal, String str, BigInteger bigInteger, X509Certificate x509Certificate, PrivateKey privateKey, String str2, int i, int i2, int i3, String str3, boolean z, String str4) throws CertificateException, InvalidKeyException, OperatorCreationException {
        if (!isUUID(str)) {
            throw new IllegalArgumentException(String.format("UUID %s invalid", str));
        }
        ContentSigner contentSigner = getContentSigner(privateKey, str2);
        Date[] validityRange = getValidityRange(i, i2, i3);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, bigInteger, validityRange[0], validityRange[1], new X500Principal(reverse(x500Principal.toString(), ",")), publicKey);
        addKeyIDExtensions(jcaX509v3CertificateBuilder, x509Certificate.getPublicKey(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(6, "urn:uuid:" + str)).getDERObject());
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
        if (str4 != null) {
            addStringExtension(jcaX509v3CertificateBuilder, str3, z, str4);
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(jcaX509v3CertificateBuilder.build(contentSigner));
    }

    public X509Certificate createUserCertificateWithCustomAttrs(PublicKey publicKey, X500Principal x500Principal, String str, BigInteger bigInteger, X509Certificate x509Certificate, PrivateKey privateKey, String str2, int i, int i2, int i3, Map<String, String> map) throws CertificateException, InvalidKeyException, OperatorCreationException {
        if (!isUUID(str)) {
            throw new IllegalArgumentException(String.format("UUID %s invalid", str));
        }
        ContentSigner contentSigner = getContentSigner(privateKey, str2);
        Date[] validityRange = getValidityRange(i, i2, i3);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, bigInteger, validityRange[0], validityRange[1], new X500Principal(reverse(x500Principal.toString(), ",")), publicKey);
        addKeyIDExtensions(jcaX509v3CertificateBuilder, x509Certificate.getPublicKey(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(6, "urn:uuid:" + str)).getDERObject());
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_clientAuth);
        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                addStringExtension(jcaX509v3CertificateBuilder, entry.getKey(), false, entry.getValue());
            }
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(jcaX509v3CertificateBuilder.build(contentSigner));
    }

    public String[] getBasicAuthUsernamePassword(String str) {
        String substring;
        String[] strArr = null;
        if (str != null && (substring = str.substring("Basic ".length())) != null) {
            strArr = new String(Base64.decode(substring.getBytes())).split(SDOConstants.SDO_XPATH_NS_SEPARATOR_FRAGMENT);
        }
        return strArr;
    }

    public Date[] getValidityRange(int i, int i2, int i3) throws IllegalArgumentException {
        return getValidityRange(Calendar.getInstance(), i, i2, i3);
    }

    public Date[] getValidityRange(Calendar calendar, int i, int i2, int i3) throws IllegalArgumentException {
        if (i < 0 || i2 < 0 || i3 < 0) {
            throw new IllegalArgumentException("Arguments to setCertValidity cannot be negative");
        }
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(12, -5);
        calendar2.add(6, i);
        calendar2.add(11, i2);
        calendar2.add(12, i3 + 10);
        return new Date[]{calendar2.getTime(), calendar2.getTime()};
    }

    public void addStringExtension(X509v3CertificateBuilder x509v3CertificateBuilder, String str, boolean z, String str2) {
        if (str2 != null) {
            x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier(str), z, new DEROctetString(str2.getBytes()));
        } else {
            System.err.printf("Not adding XML value", new Object[0]);
        }
    }

    public String getExtensionValueAsOctetString(X509Certificate x509Certificate, String str) throws IOException {
        String str2 = null;
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue != null) {
            DERObject dERObject = toDERObject(extensionValue);
            if (dERObject instanceof DEROctetString) {
                str2 = ((DEROctetString) dERObject).getDERObject().toString();
            } else {
                System.err.println("derOjbect is not a DERObjectString.%n");
            }
        } else {
            System.err.println("extension value is NULL.%n");
        }
        return str2;
    }

    public DERObject toDERObject(byte[] bArr) throws IOException {
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    public String reverse(String str, String str2) {
        String[] split = str.split(str2);
        ArrayUtils.reverse(split);
        return StringUtils.join(split, str2);
    }

    public int getIntegerProperty(Properties properties, String str, int i) {
        int i2 = i;
        String property = properties.getProperty(str);
        if (null != property) {
            i2 = Integer.valueOf(property).intValue();
        }
        return i2;
    }

    public KeyPair generateKeyPair(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public int getRequestedDuration(String str, String str2) {
        int i = 0;
        String[] split = str.split("=");
        if (split.length == 2 && str2.equals(split[0])) {
            try {
                i = Integer.valueOf(split[1]).intValue();
            } catch (NumberFormatException e) {
            }
        }
        return i;
    }

    public int getDays(X509Extensions x509Extensions) {
        int i = 0;
        X509Extension extension = x509Extensions.getExtension(new ASN1ObjectIdentifier("1.34.5.0.14.67.2"));
        if (extension != null) {
            i = getRequestedDuration(getExtensionValue(extension), "days");
        }
        return i;
    }

    public String expandTilde(String str) throws FileNotFoundException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("filename is null");
        }
        if (!$assertionsDisabled && str.length() <= 0) {
            throw new AssertionError("filename is zero-length");
        }
        String str2 = str;
        if (str.charAt(0) == '~') {
            if (str.length() < 3) {
                throw new FileNotFoundException("Abbreviated filename is too short to use.");
            }
            if (str.charAt(1) != '/') {
                throw new FileNotFoundException("Cannot expand '~user' notation in '" + str + "'. Use '~/' for your home directory.");
            }
            str2 = str.replaceAll("\\~", System.getProperty("user.home"));
        }
        return str2;
    }

    public String readLine(String str) throws FileNotFoundException, IOException, AssertionError {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Filename is NULL");
        }
        if (!$assertionsDisabled && str.length() <= 0) {
            throw new AssertionError("Filename is zero-length");
        }
        String expandTilde = expandTilde(str);
        BufferedReader bufferedReader = new BufferedReader(new FileReader(expandTilde));
        String readLine = bufferedReader.readLine();
        bufferedReader.close();
        if (readLine == null || readLine.length() == 0) {
            throw new IOException("Cannot read from " + expandTilde);
        }
        return readLine.trim();
    }

    public String getExtensionValueByOID(X509Extensions x509Extensions, String str) {
        String str2 = null;
        X509Extension extension = x509Extensions.getExtension(new ASN1ObjectIdentifier(str));
        if (extension != null) {
            str2 = getExtensionValue(extension);
        }
        return str2;
    }

    public String getSAMLAssertion(X509Certificate x509Certificate) throws IOException {
        return getStringExtensionValue(x509Certificate, CONTRAIL_ATTRIBUTE_ASSERTION);
    }

    public String getStringExtensionValue(X509Certificate x509Certificate, String str) throws IOException {
        String str2 = null;
        DERObject readObject = new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(x509Certificate.getExtensionValue(str)).readObject()).getOctets()).readObject();
        if (readObject instanceof DEROctetString) {
            str2 = new String(((DEROctetString) readObject).getOctets());
        }
        return str2;
    }

    public String getExtensionValue(X509Extension x509Extension) {
        return new String(x509Extension.getValue().getOctets());
    }

    public char[] getPass(String str) throws FileNotFoundException, IOException {
        char[] cArr = null;
        if (str != null) {
            cArr = str.startsWith("file:") ? readLine(str.substring("file:".length())).toCharArray() : str.toCharArray();
        }
        return cArr;
    }

    public void writeKey(String str, PrivateKey privateKey, char[] cArr) throws FileNotFoundException, IOException, IllegalArgumentException {
        writeKey(str, privateKey, cArr, "DESEDE");
    }

    public void writeKey(String str, PrivateKey privateKey, char[] cArr, String str2) throws FileNotFoundException, IOException, IllegalArgumentException {
        if (privateKey == null) {
            throw new IllegalArgumentException("Key is NULL");
        }
        if (cArr.length == 0) {
            throw new IllegalArgumentException("keyPassPhrase is 0 elements long");
        }
        File file = new File(str);
        file.createNewFile();
        file.setReadable(false, false);
        file.setReadable(true, true);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        writeKey(fileOutputStream, privateKey, str2, cArr);
        fileOutputStream.close();
    }

    public void writeKeyPair(String str, KeyPair keyPair, char[] cArr, String str2) throws FileNotFoundException, IOException, IllegalArgumentException {
        if (keyPair == null) {
            throw new IllegalArgumentException("Key is NULL");
        }
        if (cArr.length == 0) {
            throw new IllegalArgumentException("keyPassPhrase is 0 elements long");
        }
        File file = new File(str);
        file.createNewFile();
        file.setReadable(false, false);
        file.setReadable(true, true);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        writeKeyPair(fileOutputStream, keyPair, str2, cArr);
        fileOutputStream.close();
    }

    public byte[] digest(byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        return MessageDigest.getInstance(str, "BC").digest(bArr);
    }

    public byte[] sha256digest(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException {
        return digest(bArr, "SHA-256");
    }

    public void writeCertificate(X509Certificate x509Certificate, String str) throws IOException {
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(str));
        try {
            writeCertificate(outputStreamWriter, x509Certificate);
            outputStreamWriter.close();
        } catch (Exception e) {
            throw new IOException("Cannot write certificate to file '" + str + "'");
        }
    }

    public CRLDistPoint createCRLDistPoint(String[] strArr) {
        CRLDistPoint cRLDistPoint = null;
        if (strArr != null && strArr.length != 0) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (String str : strArr) {
                aSN1EncodableVector.add(new GeneralName(6, new DERIA5String(str)));
            }
            cRLDistPoint = new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(0, (ASN1Encodable) new GeneralNames(new DERSequence(aSN1EncodableVector))), null, null)});
        }
        return cRLDistPoint;
    }

    public void writeCertificateChain(X509Certificate[] x509CertificateArr, String str) throws IOException {
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(str));
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                writeCertificate(outputStreamWriter, x509Certificate);
            }
            outputStreamWriter.close();
        } catch (IOException e) {
            throw new IOException("Cannot write certificate to file '" + str + "'");
        }
    }

    public String writeCSR(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(byteArrayOutputStream));
        pEMWriter.writeObject(pKCS10CertificationRequest);
        pEMWriter.flush();
        return byteArrayOutputStream.toString();
    }

    public void writeCSR(OutputStream outputStream, PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(pKCS10CertificationRequest);
        pEMWriter.flush();
    }

    public void writeCSR(PKCS10CertificationRequest pKCS10CertificationRequest, String str) throws IOException {
        writeCSR(new FileOutputStream(str), pKCS10CertificationRequest);
    }

    public String getUsername(Console console) {
        return console.readLine("Username: ", new Object[0]);
    }

    public void writeCRL(OutputStream outputStream, X509CRL x509crl) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(x509crl);
        pEMWriter.flush();
    }

    public char[] getPassphrase(Console console, int i) throws IllegalArgumentException {
        char[] readPassword = console.readPassword("Passphrase to protect private key (at least %d characters long): ", Integer.valueOf(i));
        if (readPassword == null || readPassword.length < i) {
            throw new IllegalArgumentException("Passphrase is too short");
        }
        char[] readPassword2 = console.readPassword("%s", "Type passphrase again to confirm: ");
        if (readPassword2 == null || readPassword2.length < i) {
            throw new IllegalArgumentException("Confirmation passphrase is too short");
        }
        if (Arrays.equals(readPassword2, readPassword)) {
            return readPassword;
        }
        throw new IllegalArgumentException("Passphrases do not match");
    }

    public X509Extensions getExtensions(ASN1Set aSN1Set) {
        X509Extensions x509Extensions = null;
        int i = 0;
        while (true) {
            if (i == aSN1Set.size()) {
                break;
            }
            Attribute attribute = Attribute.getInstance(aSN1Set.getObjectAt(i));
            if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.getId().equals(attribute.getAttrType().getId())) {
                x509Extensions = X509Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
                break;
            }
            i++;
        }
        return x509Extensions;
    }

    public String findSubjectAltName(Collection collection, int i) {
        String str = null;
        Iterator it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            List list = (List) collection.iterator().next();
            if (((Integer) list.get(0)).intValue() == i) {
                str = (String) list.get(1);
                break;
            }
        }
        return str;
    }

    public String getAltName(GeneralName[] generalNameArr, int i) {
        String str = null;
        int length = generalNameArr.length;
        int i2 = 0;
        while (true) {
            if (i2 >= length) {
                break;
            }
            GeneralName generalName = generalNameArr[i2];
            if (generalName.getTagNo() == i) {
                str = generalName.getName().toString();
                break;
            }
            i2++;
        }
        return str;
    }

    public Object readPEM(InputStream inputStream, final char[] cArr) throws IOException, NoSuchAlgorithmException {
        PEMReader pEMReader = cArr == null ? new PEMReader(new InputStreamReader(inputStream)) : new PEMReader(new InputStreamReader(inputStream), new PasswordFinder() { // from class: eu.contrail.security.SecurityCommons.1
            @Override // org.bouncycastle.openssl.PasswordFinder
            public char[] getPassword() {
                return cArr;
            }
        });
        if (pEMReader == null) {
            throw new IOException("PEM reader is null");
        }
        Object readObject = pEMReader.readObject();
        pEMReader.close();
        return readObject;
    }

    public PrivateKey readPrivateKey(InputStream inputStream, char[] cArr) throws FileNotFoundException, IOException, NoSuchAlgorithmException {
        PrivateKey privateKey = null;
        Object readPEM = readPEM(inputStream, (char[]) null);
        if (readPEM == null) {
            throw new IOException("readPEM returns NULL");
        }
        if (readPEM instanceof PrivateKey) {
            privateKey = (PrivateKey) readPEM;
        } else if (readPEM instanceof KeyPair) {
            privateKey = ((KeyPair) readPEM).getPrivate();
        }
        return privateKey;
    }

    public PrivateKey readPrivateKey(String str, char[] cArr) throws FileNotFoundException, IOException, NoSuchAlgorithmException {
        PrivateKey privateKey = null;
        Object readPEM = readPEM(str, (char[]) null);
        if (readPEM == null) {
            throw new IOException("readPEM returns NULL");
        }
        if (readPEM instanceof PrivateKey) {
            privateKey = (PrivateKey) readPEM;
        } else if (readPEM instanceof KeyPair) {
            privateKey = ((KeyPair) readPEM).getPrivate();
        }
        return privateKey;
    }

    public KeyPair readKeyPair(String str, char[] cArr) throws FileNotFoundException, IOException, NoSuchAlgorithmException {
        return (KeyPair) readPEM(str, cArr);
    }

    public Object readPEM(String str, final char[] cArr) throws FileNotFoundException, IOException, NoSuchAlgorithmException {
        PEMReader pEMReader = cArr == null ? new PEMReader(new InputStreamReader(new FileInputStream(str))) : new PEMReader(new InputStreamReader(new FileInputStream(str)), new PasswordFinder() { // from class: eu.contrail.security.SecurityCommons.2
            @Override // org.bouncycastle.openssl.PasswordFinder
            public char[] getPassword() {
                return cArr;
            }
        });
        Object readObject = pEMReader.readObject();
        pEMReader.close();
        return readObject;
    }

    public PKCS10CertificationRequest readCSR(InputStream inputStream) throws IOException {
        return (PKCS10CertificationRequest) readPEM(new InputStreamReader(inputStream));
    }

    public PKCS10CertificationRequest readCSR(String str) throws FileNotFoundException, IOException {
        return (PKCS10CertificationRequest) readPEM(new InputStreamReader(new FileInputStream(str)));
    }

    public String readURL(URL url) throws IOException {
        BufferedInputStream bufferedInputStream = null;
        try {
            bufferedInputStream = new BufferedInputStream(url.openConnection().getInputStream());
            byte[] bArr = new byte[bufferedInputStream.available()];
            bufferedInputStream.read(bArr);
            String str = new String(bArr);
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e) {
                }
            }
            return str;
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    public X509Certificate getCertFromStream(InputStream inputStream) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
    }

    public X509Certificate readCertificate(InputStreamReader inputStreamReader) throws IOException {
        return (X509Certificate) readPEM(inputStreamReader);
    }

    public Object readPEM(InputStreamReader inputStreamReader) throws IOException {
        Object readObject = new PEMReader(inputStreamReader).readObject();
        if (readObject == null) {
            throw new IOException("Read a NULL PEM Object");
        }
        return readObject;
    }

    public void writeKeyPair(OutputStream outputStream, KeyPair keyPair, String str, char[] cArr) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(keyPair, str, cArr, new SecureRandom());
        pEMWriter.flush();
    }

    public void writeKey(OutputStream outputStream, PrivateKey privateKey, String str, char[] cArr) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(privateKey, str, cArr, new SecureRandom());
        pEMWriter.flush();
    }

    public void writeKey(OutputStream outputStream, PrivateKey privateKey) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(privateKey);
        pEMWriter.flush();
    }

    public void writeCertificate(OutputStream outputStream, X509Certificate x509Certificate) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream));
        pEMWriter.writeObject(x509Certificate);
        pEMWriter.flush();
    }

    public void writeCertificate(OutputStreamWriter outputStreamWriter, X509Certificate x509Certificate) throws IOException {
        PEMWriter pEMWriter = new PEMWriter(outputStreamWriter);
        pEMWriter.writeObject(x509Certificate);
        pEMWriter.flush();
    }

    static {
        $assertionsDisabled = !SecurityCommons.class.desiredAssertionStatus();
    }
}
