package br.gov.serpro.scds.certapplet.provider;

import br.gov.serpro.scds.certapplet.ClientException;
import br.gov.serpro.scds.certapplet.constant.ErrorMessage;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.login.LoginException;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:br/gov/serpro/scds/certapplet/provider/ServicesImpl.class */
public class ServicesImpl {
    private final BouncyCastleProvider bouncyCastleProvider;

    public ServicesImpl(BouncyCastleProvider bouncyCastleProvider) {
        this.bouncyCastleProvider = bouncyCastleProvider;
    }

    public List<X509Certificate> decodeP7b(String str) throws ClientException {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance("X509").generateCertificates(new ByteArrayInputStream(str.getBytes())).iterator();
            while (it.hasNext()) {
                arrayList.add((X509Certificate) it.next());
            }
            X509Certificate x509Certificate = (X509Certificate) arrayList.get(0);
            if (x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                Collections.reverse(arrayList);
            }
            return arrayList;
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0100, e);
        }
    }

    public File getClientDirectory() throws ClientException {
        File file = new File(String.valueOf(System.getProperty("user.home")) + System.getProperty("file.separator") + ".scds" + System.getProperty("file.separator"));
        if (file.exists() || file.mkdirs()) {
            return file;
        }
        throw new ClientException(ErrorMessage.ERROR_0101);
    }

    public X509Certificate generateSelfSignedCertificate(java.security.Provider provider, String str, String str2, KeyPair keyPair) throws ClientException {
        try {
            Calendar calendar = Calendar.getInstance();
            Date time = calendar.getTime();
            calendar.add(1, 1);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Principal(str2), new BigInteger("1"), time, calendar.getTime(), new X500Principal(str2), keyPair.getPublic());
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(str);
            jcaContentSignerBuilder.setProvider(provider);
            X509CertificateHolder build = jcaX509v3CertificateBuilder.build(jcaContentSignerBuilder.build(keyPair.getPrivate()));
            JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
            jcaX509CertificateConverter.setProvider(this.bouncyCastleProvider);
            return jcaX509CertificateConverter.getCertificate(build);
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0102, e);
        }
    }

    public String generateCertificateRequest(java.security.Provider provider, String str, String str2, KeyPair keyPair) throws ClientException {
        try {
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(str, new X500Principal(str2), keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate(), provider.getName());
            StringWriter stringWriter = new StringWriter();
            PEMWriter pEMWriter = new PEMWriter(stringWriter);
            pEMWriter.writeObject(pKCS10CertificationRequest);
            pEMWriter.close();
            stringWriter.close();
            return stringWriter.toString();
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0103, e);
        }
    }

    public KeyPair generateKeyPair(java.security.Provider provider, String str, int i) throws ClientException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, provider);
            keyPairGenerator.initialize(i);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new ClientException(ErrorMessage.ERROR_0105, e);
        }
    }

    public PrivateKey getPrivateKey(File file, List<X509Certificate> list, char[] cArr) throws ClientException, LoginException {
        String generateKeyIdentifier = generateKeyIdentifier(list);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", (java.security.Provider) this.bouncyCastleProvider);
            keyStore.load(new FileInputStream(getPKCS12(file, generateKeyIdentifier.toString())), cArr);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(generateKeyIdentifier.toString(), cArr);
            if (privateKey == null) {
                throw new ClientException(ErrorMessage.ERROR_0106);
            }
            return privateKey;
        } catch (IOException e) {
            if ("PKCS12 key store mac invalid - wrong password or corrupted file.".equals(e.getMessage())) {
                throw new LoginException(ErrorMessage.ERROR_WRONG_PASSWORD);
            }
            throw new ClientException(ErrorMessage.ERROR_0106, e);
        } catch (Exception e2) {
            throw new ClientException(ErrorMessage.ERROR_0106, e2);
        }
    }

    public PrivateKey getPrivateKey(KeyStore keyStore, List<X509Certificate> list) throws ClientException {
        try {
            return (PrivateKey) keyStore.getKey(generateKeyIdentifier(list), null);
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0107, e);
        }
    }

    public KeyStore loadKeyStore(java.security.Provider provider, String str, char[] cArr) throws ClientException, LoginException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str, provider);
            keyStore.load(null, cArr);
            return keyStore;
        } catch (IOException e) {
            if (e.getCause() instanceof LoginException) {
                throw ((LoginException) e.getCause());
            }
            throw new ClientException(ErrorMessage.ERROR_0108, e);
        } catch (Exception e2) {
            throw new ClientException(ErrorMessage.ERROR_0108, e2);
        }
    }

    public void store(File file, PrivateKey privateKey, List<X509Certificate> list, char[] cArr) throws ClientException {
        String generateKeyIdentifier = generateKeyIdentifier(list);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", (java.security.Provider) this.bouncyCastleProvider);
            keyStore.load(null, cArr);
            keyStore.setKeyEntry(generateKeyIdentifier, privateKey, null, (Certificate[]) list.toArray(new X509Certificate[0]));
            keyStore.store(new FileOutputStream(getPKCS12(file, generateKeyIdentifier)), cArr);
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0109, e);
        }
    }

    public void export(File file, List<X509Certificate> list, String str) throws ClientException {
        File pkcs12 = getPKCS12(file, generateKeyIdentifier(list));
        File file2 = new File(str);
        try {
            FileInputStream fileInputStream = new FileInputStream(pkcs12);
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            byte[] bArr = new byte[1024];
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read <= 0) {
                    fileInputStream.close();
                    fileOutputStream.close();
                    return;
                }
                fileOutputStream.write(bArr, 0, read);
            }
        } catch (Exception e) {
            throw new ClientException(ErrorMessage.ERROR_0110);
        }
    }

    public void store(KeyStore keyStore, PrivateKey privateKey, List<X509Certificate> list) throws ClientException {
        try {
            keyStore.setKeyEntry(generateKeyIdentifier(list), privateKey, null, (Certificate[]) list.toArray(new X509Certificate[0]));
        } catch (KeyStoreException e) {
            throw new ClientException(ErrorMessage.ERROR_0111, e);
        }
    }

    private String generateKeyIdentifier(List<X509Certificate> list) throws ClientException {
        return generateKeyIdentifier(list.get(0).getPublicKey());
    }

    private String generateKeyIdentifier(PublicKey publicKey) throws ClientException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(publicKey.getEncoded());
            return new String(Hex.encode(messageDigest.digest()));
        } catch (NoSuchAlgorithmException e) {
            throw new ClientException(ErrorMessage.ERROR_0104);
        }
    }

    private File getPKCS12(File file, String str) {
        File file2 = new File(String.valueOf(file.getAbsolutePath()) + System.getProperty("file.separator") + str);
        System.out.println(file2.getAbsolutePath());
        return file2;
    }

    public boolean checkPKCS12(String str) throws ClientException {
        return getPKCS12(getClientDirectory(), generateKeyIdentifier(decodeP7b(str))).exists();
    }
}
