package ghidra.net;

import generic.random.SecureRandomFactory;
import ghidra.util.Msg;
import ghidra.util.exception.AssertException;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.SyncFailedException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import javax.swing.filechooser.FileNameExtensionFilter;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.IPAddress;

/* loaded from: input_file:ghidra/net/ApplicationKeyManagerUtils.class */
public class ApplicationKeyManagerUtils {
    public static final String RSA_TYPE = "RSA";
    private static final int KEY_SIZE = 4096;
    private static final String SIGNING_ALGORITHM = "SHA512withRSA";
    private static final int MILLISECONDS_PER_DAY = 86400000;
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERT = "-----END CERTIFICATE-----";
    public static final String[] PKCS_FILE_EXTENSIONS = {"p12", "pks", "pfx"};
    public static final FileNameExtensionFilter PKCS_FILENAME_FILTER = new FileNameExtensionFilter("PKCS Key File", PKCS_FILE_EXTENSIONS);

    private ApplicationKeyManagerUtils() {
    }

    public static SignedToken getSignedToken(Principal[] principalArr, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, CertificateException {
        X509KeyManager x509KeyManager;
        String chooseClientAlias;
        PrivateKey privateKey = null;
        X509Certificate[] x509CertificateArr = null;
        try {
            KeyManager[] keyManagers = ApplicationKeyManagerFactory.getInstance().getKeyManagers();
            int length = keyManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                KeyManager keyManager = keyManagers[i];
                if ((keyManager instanceof X509KeyManager) && (chooseClientAlias = (x509KeyManager = (X509KeyManager) keyManager).chooseClientAlias(new String[]{RSA_TYPE}, principalArr, null)) != null) {
                    privateKey = x509KeyManager.getPrivateKey(chooseClientAlias);
                    x509CertificateArr = x509KeyManager.getCertificateChain(chooseClientAlias);
                    break;
                }
                i++;
            }
            if (privateKey == null || x509CertificateArr == null) {
                CertificateException certificateException = new CertificateException("suitable PKI certificate not found");
                certificateException.printStackTrace();
                throw certificateException;
            }
            String sigAlgName = x509CertificateArr[0].getSigAlgName();
            Signature signature = Signature.getInstance(sigAlgName);
            try {
                signature.initSign(privateKey);
                signature.update(bArr);
                SignedToken signedToken = new SignedToken(bArr, signature.sign(), x509CertificateArr, sigAlgName);
                if (privateKey != null) {
                    try {
                        privateKey.destroy();
                    } catch (DestroyFailedException e) {
                    }
                }
                return signedToken;
            } catch (InvalidKeyException e2) {
                throw new CertificateException("suitable PKI certificate not found", e2);
            }
        } catch (Throwable th) {
            if (privateKey != null) {
                try {
                    privateKey.destroy();
                } catch (DestroyFailedException e3) {
                }
            }
            throw th;
        }
    }

    public static boolean isMySignature(Principal[] principalArr, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, SignatureException, CertificateException {
        return Arrays.equals(bArr2, getSignedToken(principalArr, bArr).signature);
    }

    public static X500Principal[] getTrustedIssuers() throws CertificateException {
        TrustManager[] trustManagers = ApplicationTrustManagerFactory.getTrustManagers();
        if (ApplicationTrustManagerFactory.hasCertError()) {
            throw new CertificateException("failed to load CA certs", ApplicationTrustManagerFactory.getCertError());
        }
        HashSet hashSet = new HashSet();
        boolean z = true;
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    z = false;
                    for (X509Certificate x509Certificate : acceptedIssuers) {
                        hashSet.add(x509Certificate.getSubjectX500Principal());
                    }
                }
            } else {
                Msg.warn(ApplicationKeyManagerUtils.class, "Unexpected trust manager implementation: " + trustManager.getClass().getName());
                z = false;
            }
        }
        if (z) {
            return null;
        }
        return (X500Principal[]) hashSet.toArray(new X500Principal[hashSet.size()]);
    }

    public static void validateClient(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertificateException certificateException = null;
        TrustManager[] trustManagers = ApplicationTrustManagerFactory.getTrustManagers();
        if (ApplicationTrustManagerFactory.hasCertError()) {
            throw new CertificateException("failed to load CA certs", ApplicationTrustManagerFactory.getCertError());
        }
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                    certificateException = null;
                    break;
                } catch (CertificateException e) {
                    certificateException = e;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
    }

    private static Certificate[] makeCertificateChain(Certificate certificate, Certificate... certificateArr) {
        Certificate[] certificateArr2 = new Certificate[certificateArr.length + 1];
        certificateArr2[0] = certificate;
        System.arraycopy(certificateArr, 0, certificateArr2, 1, certificateArr.length);
        return certificateArr2;
    }

    public static void exportX509Certificates(Certificate[] certificateArr, File file) throws IOException, CertificateEncodingException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            PrintWriter printWriter = new PrintWriter(fileOutputStream);
            try {
                for (Certificate certificate : certificateArr) {
                    if (certificate instanceof X509Certificate) {
                        printWriter.println(BEGIN_CERT);
                        String encodeToString = Base64.getEncoder().encodeToString(certificate.getEncoded());
                        while (encodeToString.length() != 0) {
                            int min = Math.min(44, encodeToString.length());
                            printWriter.println(encodeToString.substring(0, min));
                            encodeToString = encodeToString.substring(min);
                        }
                        printWriter.println(END_CERT);
                        printWriter.println();
                    }
                }
                printWriter.close();
                fileOutputStream.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static final KeyStore createKeyStore(String str, String str2, int i, KeyStore.PrivateKeyEntry privateKeyEntry, File file, String str3, Collection<String> collection, char[] cArr) throws KeyStoreException {
        final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        KeyStore.LoadStoreParameter loadStoreParameter = null;
        if (file != null && file.exists()) {
            loadStoreParameter = new KeyStore.LoadStoreParameter() { // from class: ghidra.net.ApplicationKeyManagerUtils.1
                @Override // java.security.KeyStore.LoadStoreParameter
                public KeyStore.ProtectionParameter getProtectionParameter() {
                    return passwordProtection;
                }
            };
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str3);
                keyStore.load(loadStoreParameter);
                SecureRandom secureRandom = SecureRandomFactory.getSecureRandom();
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_TYPE);
                keyPairGenerator.initialize(4096);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                PrivateKey privateKey = generateKeyPair.getPrivate();
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded());
                X500Name x500Name = new X500Name(str2);
                X500Name x500Name2 = x500Name;
                KeyUsage keyUsage = new KeyUsage(164);
                if (privateKeyEntry != null) {
                    Certificate certificate = privateKeyEntry.getCertificate();
                    if (!(certificate instanceof X509Certificate)) {
                        throw new CertificateException("Unsupported certificate type: " + certificate.getType());
                    }
                    x500Name2 = new X500Name(((X509Certificate) certificate).getSubjectX500Principal().getName());
                    keyUsage = new KeyUsage(160);
                    privateKey = privateKeyEntry.getPrivateKey();
                }
                Date date = new Date();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, new BigInteger(128, secureRandom), date, new Date(date.getTime() + (i * 86400000)), x500Name, subjectPublicKeyInfo);
                x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) keyUsage);
                if (collection != null && !collection.isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    for (String str4 : collection) {
                        arrayList.add(new GeneralName(IPAddress.isValid(str4) ? 7 : 2, str4));
                    }
                    x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames((GeneralName[]) arrayList.toArray(i2 -> {
                        return new GeneralName[i2];
                    })));
                }
                if (privateKeyEntry == null) {
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(1));
                }
                X509Certificate certificate2 = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNING_ALGORITHM).build(privateKey)));
                keyStore.setKeyEntry(str, generateKeyPair.getPrivate(), cArr, privateKeyEntry == null ? new Certificate[]{certificate2} : makeCertificateChain(certificate2, privateKeyEntry.getCertificateChain()));
                if (file != null) {
                    FileOutputStream fileOutputStream = new FileOutputStream(file);
                    try {
                        keyStore.store(fileOutputStream, cArr);
                        fileOutputStream.flush();
                        fileOutputStream.getFD().sync();
                        long size = fileOutputStream.getChannel().size();
                        String.valueOf(file);
                        Msg.debug(ApplicationKeyManagerUtils.class, size + " bytes written to key/cert file: " + ApplicationKeyManagerUtils.class);
                        fileOutputStream.close();
                    } catch (SyncFailedException e) {
                        fileOutputStream.close();
                    } catch (Throwable th) {
                        fileOutputStream.close();
                        throw th;
                    }
                    file.setReadable(true, true);
                    file.setWritable(false);
                }
                Msg.debug(ApplicationKeyManagerUtils.class, "Certificate Generated (" + str + "): " + str2);
                try {
                    passwordProtection.destroy();
                    return keyStore;
                } catch (DestroyFailedException e2) {
                    throw new AssertException(e2);
                }
            } catch (IOException | GeneralSecurityException | OperatorException e3) {
                throw new KeyStoreException("Failed to generate/store certificate (" + str2 + ")", e3);
            }
        } catch (Throwable th2) {
            try {
                passwordProtection.destroy();
                throw th2;
            } catch (DestroyFailedException e4) {
                throw new AssertException(e4);
            }
        }
    }

    public static final KeyStore.PrivateKeyEntry createKeyEntry(String str, String str2, int i, KeyStore.PrivateKeyEntry privateKeyEntry, File file, String str3, Collection<String> collection, char[] cArr) throws KeyStoreException {
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        try {
            try {
                KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) createKeyStore(str, str2, i, privateKeyEntry, file, str3, collection, cArr).getEntry(str, passwordProtection);
                try {
                    passwordProtection.destroy();
                    return privateKeyEntry2;
                } catch (DestroyFailedException e) {
                    throw new AssertException(e);
                }
            } catch (NoSuchAlgorithmException | UnrecoverableEntryException e2) {
                throw new KeyStoreException("Failed to generate/store certificate (" + str2 + ")", e2);
            }
        } catch (Throwable th) {
            try {
                passwordProtection.destroy();
                throw th;
            } catch (DestroyFailedException e3) {
                throw new AssertException(e3);
            }
        }
    }

    static {
        X500Name.setDefaultStyle(RFC4519Style.INSTANCE);
    }
}
