package com.ibm.rational.rtcp.keystore;

import com.ibm.cic.agent.core.api.IAgent;
import com.ibm.cic.agent.core.api.IInvokeContext;
import com.ibm.cic.agent.core.api.IMStatuses;
import com.ibm.cic.agent.core.api.IProfile;
import com.ibm.cic.common.core.model.IInstallableUnit;
import com.ibm.rational.rtcp.bouncycastle.apache.bzip2.BZip2Constants;
import com.ibm.rational.rtcp.bouncycastle.asn1.ASN1Encodable;
import com.ibm.rational.rtcp.bouncycastle.asn1.DERSequence;
import com.ibm.rational.rtcp.bouncycastle.asn1.x500.X500NameBuilder;
import com.ibm.rational.rtcp.bouncycastle.asn1.x500.style.BCStyle;
import com.ibm.rational.rtcp.bouncycastle.asn1.x509.Extension;
import com.ibm.rational.rtcp.bouncycastle.asn1.x509.GeneralName;
import com.ibm.rational.rtcp.bouncycastle.asn1.x509.GeneralNames;
import com.ibm.rational.rtcp.bouncycastle.cert.CertIOException;
import com.ibm.rational.rtcp.bouncycastle.cert.X509v3CertificateBuilder;
import com.ibm.rational.rtcp.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import com.ibm.rational.rtcp.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import com.ibm.rational.rtcp.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import com.ibm.rational.rtcp.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.core.runtime.NullProgressMonitor;

/* loaded from: input_file:com/ibm/rational/rtcp/keystore/CreateRTCPKeyStore.class */
public class CreateRTCPKeyStore {
    private static final Pattern IPv4_MATCHER_PATTERN = Pattern.compile("^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
    private static final String INSTALL_PHASE = "install";
    private static final String UNINSTALL_PHASE = "uninstall";
    private static final String CA_DN = "CN=Integration Tester Root CA";
    private static final String KEY_ALGO = "RSA";
    private static final String SECURE_RANDOM_ALGO = "SHA1PRNG";
    private static final String JAVA_KEYSTORE_EXTENSION = "jks";

    public static void main(String[] strArr) throws Exception {
        new CreateRTCPKeyStore().run(new IInvokeContext() { // from class: com.ibm.rational.rtcp.keystore.CreateRTCPKeyStore.1
            public String substituteVariables(String str) throws CoreException {
                return null;
            }

            public IInstallableUnit getUnit() {
                return null;
            }

            public IProfile getProfile() {
                return null;
            }

            public IAgent getAgent() {
                return null;
            }
        }, strArr, new PrintWriter(System.out), new NullProgressMonitor());
    }

    public void run(IInvokeContext iInvokeContext, String[] strArr, PrintWriter printWriter, IProgressMonitor iProgressMonitor) throws Exception {
        try {
            String str = strArr[0];
            if (INSTALL_PHASE.equals(str)) {
                createNewKeystore(strArr);
            } else {
                if (!UNINSTALL_PHASE.equals(str)) {
                    throw new AssertionError("Invalid IM phase: " + strArr[0]);
                }
                deleteKeystore(strArr);
            }
        } catch (Exception e) {
            e.printStackTrace(printWriter);
            throw new CoreException(IMStatuses.ERROR.get((String) null, e, e.getMessage(), new Object[0]));
        }
    }

    private static void createNewKeystore(String[] strArr) throws Exception {
        String hostFromURL = getHostFromURL(strArr[1]);
        String str = strArr[2];
        Path path = Paths.get(strArr[3], new String[0]);
        char[] charArray = strArr[4].toCharArray();
        String str2 = strArr[5];
        int parseInt = Integer.parseInt(strArr[6]);
        KeyStore keyStore = KeyStore.getInstance(JAVA_KEYSTORE_EXTENSION);
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, charArray);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("mykey");
                PrivateKey privateKey = (PrivateKey) keyStore.getKey("mykey", charArray);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGO);
                keyPairGenerator.initialize(parseInt, SecureRandom.getInstance(SECURE_RANDOM_ALGO));
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, new BigInteger(Integer.valueOf(new Random().nextInt(BZip2Constants.baseBlockSize)).toString()), x509Certificate.getNotBefore(), x509Certificate.getNotAfter(), new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, hostFromURL).build(), generateKeyPair.getPublic());
                addSANs(jcaX509v3CertificateBuilder, hostFromURL);
                setAuthKeyIdentifier(jcaX509v3CertificateBuilder, x509Certificate);
                X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).build(privateKey)));
                certificate.checkValidity();
                KeyStore keyStore2 = KeyStore.getInstance(JAVA_KEYSTORE_EXTENSION);
                keyStore2.load(null);
                keyStore2.setKeyEntry(str2, generateKeyPair.getPrivate(), charArray, new Certificate[]{certificate, x509Certificate});
                OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
                Throwable th3 = null;
                try {
                    try {
                        keyStore2.store(newOutputStream, charArray);
                        if (newOutputStream != null) {
                            if (0 == 0) {
                                newOutputStream.close();
                                return;
                            }
                            try {
                                newOutputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                    } catch (Throwable th5) {
                        th3 = th5;
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (newOutputStream != null) {
                        if (th3 != null) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th7) {
                                th3.addSuppressed(th7);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                th = th8;
                throw th8;
            }
        } catch (Throwable th9) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th9;
        }
    }

    private static void deleteKeystore(String[] strArr) throws Exception {
        String hostFromURL = getHostFromURL(strArr[1]);
        Path path = Paths.get(strArr[2], new String[0]);
        char[] charArray = strArr[3].toCharArray();
        String str = strArr[4];
        if (Files.exists(path, new LinkOption[0]) && isUneditedGreenHatKeystore(hostFromURL, path, charArray, str)) {
            Files.delete(path);
        }
    }

    private static String getHostFromURL(String str) {
        if (str == null || str.trim().equals("")) {
            return "";
        }
        try {
            return new URL(str).getHost();
        } catch (MalformedURLException e) {
            Logger.getLogger(CreateRTCPKeyStore.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            return "localhost";
        }
    }

    private static boolean isUneditedGreenHatKeystore(String str, Path path, char[] cArr, String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        Certificate[] certificateChain;
        KeyStore keyStore = KeyStore.getInstance(JAVA_KEYSTORE_EXTENSION);
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, cArr);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                if (Collections.list(keyStore.aliases()).size() == 1 && (certificateChain = keyStore.getCertificateChain(str2)) != null && certificateChain.length == 2 && (certificateChain[1] instanceof X509Certificate) && CA_DN.equals(((X509Certificate) certificateChain[1]).getIssuerX500Principal().getName())) {
                    return new StringBuilder().append("CN=").append(str).toString().equals(((X509Certificate) keyStore.getCertificate(str2)).getSubjectX500Principal().getName());
                }
                return false;
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    private static void setAuthKeyIdentifier(X509v3CertificateBuilder x509v3CertificateBuilder, X509Certificate x509Certificate) throws CertIOException, CertificateEncodingException, NoSuchAlgorithmException {
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(x509Certificate));
    }

    private static void addSANs(X509v3CertificateBuilder x509v3CertificateBuilder, String str) throws IOException {
        ArrayList<InetAddress> arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(InetAddress.getAllByName(str)));
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (InetAddress inetAddress : arrayList) {
            hashSet.add(inetAddress.getHostName());
            hashSet.add(inetAddress.getCanonicalHostName());
            hashSet2.add(stripIPv6ScopeId(inetAddress.getHostAddress()));
        }
        hashSet.add("localhost");
        hashSet2.add("::1");
        hashSet2.add("127.0.0.1");
        hashSet.removeAll(hashSet2);
        ArrayList arrayList2 = new ArrayList();
        addNames(arrayList2, 2, hashSet);
        addNames(arrayList2, 7, hashSet2);
        try {
            GeneralName generalName = isIPAddress(str) ? new GeneralName(7, stripIPv6ScopeId(str)) : new GeneralName(2, str);
            if (!arrayList2.contains(generalName)) {
                arrayList2.add(generalName);
            }
        } catch (Exception e) {
            Logger.getLogger(CreateRTCPKeyStore.class.getName()).log(Level.WARNING, str, (Throwable) e);
        }
        if (arrayList2.isEmpty()) {
            return;
        }
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) GeneralNames.getInstance(new DERSequence((ASN1Encodable[]) arrayList2.toArray(new ASN1Encodable[arrayList2.size()]))));
    }

    private static String stripIPv6ScopeId(String str) {
        return (str == null || !str.contains("%")) ? str : str.substring(0, str.indexOf("%"));
    }

    private static void addNames(List<ASN1Encodable> list, int i, Iterable<String> iterable) {
        for (String str : iterable) {
            try {
                list.add(new GeneralName(i, str));
            } catch (IllegalArgumentException e) {
                Logger.getLogger(CreateRTCPKeyStore.class.getName()).log(Level.WARNING, str, (Throwable) e);
            }
        }
    }

    private static boolean isIPAddress(String str) {
        if (str == null) {
            return false;
        }
        return (str.contains(":") && !str.contains(".")) || IPv4_MATCHER_PATTERN.matcher(str).find();
    }
}
