package org.ow2.contrail.provider.vep;

import eu.contrail.security.CertClient;
import eu.contrail.security.SecurityUtils;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:org/ow2/contrail/provider/vep/SSLCertHandler.class */
public class SSLCertHandler {
    private static Logger logger;
    private static CertClient client;
    private static String[] safeCAList = {"INRIA-Myriads CA"};

    public SSLCertHandler() {
        logger = Logger.getLogger("VEP.CertHandler");
        Security.addProvider(new BouncyCastleProvider());
        try {
            client = new CertClient(VEPHelperMethods.getProperty("caservice.uri", logger), true, VEPHelperMethods.getProperty("caservice.keystore", logger), VEPHelperMethods.getProperty("caservice.storepass", logger));
        } catch (Exception e) {
            logger.debug("Exception Caught: ", e);
            client = null;
        }
    }

    public SSLCertHandler(boolean z) {
        logger = Logger.getLogger("VEP.CertHandler");
        Security.addProvider(new BouncyCastleProvider());
        String property = VEPHelperMethods.getProperty("caservice.uri", logger);
        String property2 = VEPHelperMethods.getProperty("caservice.storepass", logger);
        String property3 = VEPHelperMethods.getProperty("caservice.keystore", logger);
        if (z) {
            return;
        }
        try {
            client = new CertClient(property, true, property3, property2);
        } catch (Exception e) {
            logger.debug("Exception Caught: ", e);
            client = null;
        }
    }

    public static KeyPair generateKeyPair() {
        try {
            return SecurityUtils.generateKeyPair("RSA", 2048);
        } catch (NoSuchAlgorithmException e) {
            logger.debug("Exception Caught: ", e);
            return null;
        }
    }

    public static X509Certificate generateCertificate(KeyPair keyPair, String str, String str2) {
        if (client == null) {
            return null;
        }
        try {
            return client.getCert(keyPair, str, str2, "password", "action point", true);
        } catch (Exception e) {
            logger.debug("Exception Caught: ", e);
            return null;
        }
    }

    public static boolean storeCertificate(X509Certificate x509Certificate, String str) {
        try {
            SecurityUtils.writeCertificate(x509Certificate, str);
            return true;
        } catch (Exception e) {
            logger.debug("Exception Caught: ", e);
            return false;
        }
    }

    public static boolean storeKeyPair(KeyPair keyPair, String str) {
        return true;
    }

    public static String getCertDetails(X509Certificate x509Certificate, String str) {
        String name = x509Certificate.getSubjectX500Principal().getName();
        String str2 = "";
        String str3 = "";
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            String[] split = name.split(",");
            int i = 0;
            while (true) {
                if (i >= split.length) {
                    break;
                }
                if (split[i].startsWith("CN=")) {
                    str3 = split[i].split("=")[1];
                    break;
                }
                i++;
            }
            logger.trace("Certificate CN field : " + str3);
            if (subjectAlternativeNames.size() > 0) {
                Iterator<List<?>> it = subjectAlternativeNames.iterator();
                while (it.hasNext()) {
                    try {
                        str2 = it.next().toString();
                        logger.debug("Subject's Alternative Name: " + str2);
                    } catch (Exception e) {
                        logger.debug("Exception Caught: ", e);
                    }
                }
            }
            logger.debug("The certificate is valid between " + x509Certificate.getNotBefore() + " and " + x509Certificate.getNotAfter());
        } catch (Exception e2) {
            logger.debug("Exception Caught: ", e2);
        }
        if (str.equalsIgnoreCase("cn")) {
            return str3;
        }
        if (str.equalsIgnoreCase("uuid")) {
            return str2;
        }
        return null;
    }

    public static boolean isCertValid(X509Certificate x509Certificate) {
        String[] split = x509Certificate.getIssuerX500Principal().getName().split(",");
        String str = "";
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            if (split[i].startsWith("CN=")) {
                str = split[i].split("=")[1];
                break;
            }
            i++;
        }
        boolean z = false;
        for (int i2 = 0; i2 < safeCAList.length; i2++) {
            if (safeCAList[i2].contentEquals(str)) {
                z = true;
                break;
            }
        }
        try {
            x509Certificate.checkValidity();
            logger.debug("The certificate was issued by CA: " + str);
            return z;
        } catch (CertificateExpiredException e) {
            logger.error("The certificate is not valid.");
            return false;
        } catch (CertificateNotYetValidException e2) {
            logger.warn("The certificate is not valid yet.");
            return false;
        }
    }
}
