package com.ibm.gsk.ikeyman.keystore.entry;

import com.ibm.gsk.ikeyman.command.CommandParameters;
import com.ibm.gsk.ikeyman.command.Constants;
import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.io.CertificateParserFactory;
import com.ibm.gsk.ikeyman.io.SecretKeyReader;
import com.ibm.gsk.ikeyman.keystore.entry.DisplayItemFactory;
import com.ibm.gsk.ikeyman.messages.Messages;
import com.ibm.gsk.ikeyman.util.Debug;
import com.ibm.gsk.ikeyman.util.KeymanUtil;
import com.ibm.gsk.ikeyman.util.TypeDisplayerFactory;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcsutil.PKCSAttribute;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.pkcsutil.PKCSOID;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.BasicConstraintsExtension;
import com.ibm.security.x509.CertAttrSet;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.SerialNumber;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

/* loaded from: input_file:libs/gskikm.jar:com/ibm/gsk/ikeyman/keystore/entry/EntryFactory.class */
public class EntryFactory {
    private static TypeDisplayerFactory.TypeDisplayer classDisplayer = TypeDisplayerFactory.newGUIEntryDisplayer();

    public static void setClassDisplayer(TypeDisplayerFactory.TypeDisplayer typeDisplayer) {
        classDisplayer = typeDisplayer;
    }

    public static TypeDisplayerFactory.TypeDisplayer getClassDisplayer() {
        return classDisplayer;
    }

    public static Collection loadCertificateItems(String str, String str2) throws KeyManagerException {
        try {
            Collection generateCertificates = generateCertificates(str, str2);
            if (generateCertificates.isEmpty()) {
                throw new CertificateException(Messages.getString("Label.EmptyFile"));
            }
            ArrayList arrayList = new ArrayList();
            Iterator it = generateCertificates.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) ((Certificate) it.next());
                arrayList.add(new CertificateItemImpl(x509Certificate.getSubjectDN().getName(), x509Certificate));
            }
            return arrayList;
        } catch (CertificateException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CORRUPT_CERTIFICATE, e, new String[]{str});
        }
    }

    public static CertificateItem newCertificateItem(String str, X509Certificate x509Certificate) throws KeyManagerException {
        return new CertificateItemImpl(str, x509Certificate);
    }

    public static CertificateKeyItem newKeyItem(String str, PrivateKey privateKey, Certificate[] certificateArr) throws KeyManagerException {
        return new CertificateKeyItemImpl(str, privateKey, certificateArr);
    }

    public static CertificateKeyItem newKeyItem(CommandParameters commandParameters, KeyPair keyPair, String str, String str2) throws KeyManagerException {
        try {
            DisplayItemFactory.DNItem dn = commandParameters.isParameterPresent(Constants.Parameter.DN) ? commandParameters.getDn() : DisplayItemFactory.getDNItem("");
            if (dn.isEmpty() && commandParameters.getSan().isEmpty()) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_DN_OR_SAN);
            }
            X500Name x500Name = dn.getX500Name();
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(6, commandParameters.getExpire());
            CertificateValidity certificateValidity = new CertificateValidity(calendar.getTime(), calendar2.getTime());
            X509CertInfo x509CertInfo = new X509CertInfo(str2);
            x509CertInfo.set("version", Integer.valueOf(commandParameters.getX509Ver().getInternalVersion()));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (calendar.getTime().getTime() / 1000)));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(str)));
            x509CertInfo.set("subject", x500Name);
            x509CertInfo.set("key", new CertificateX509Key(publicKey));
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("issuer", x500Name);
            try {
                CertificateExtensions certificateExtensions = new CertificateExtensions();
                CertAttrSet extension = commandParameters.getSan().toExtension(dn.isEmpty());
                if (extension != null) {
                    certificateExtensions.set(extension.getName(), extension);
                }
                if (commandParameters.isParameterPresent(Constants.Parameter.CA) && commandParameters.isCa()) {
                    certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, Integer.MAX_VALUE));
                }
                Vector extendedKeyUsage = commandParameters.getExtendedKeyUsage();
                if (extendedKeyUsage.size() > 0) {
                    certificateExtensions.set("ExtKeyUsage", new ExtKeyUsageExtension(extendedKeyUsage));
                }
                KeyUsageExtension keyUsage = commandParameters.getKeyUsage();
                if (keyUsage != null) {
                    certificateExtensions.set("KeyUsage", keyUsage);
                }
                byte[] bArr = new byte[8];
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.update(publicKey.getEncoded());
                byte[] digest = messageDigest.digest();
                System.arraycopy(digest, digest.length - 8, bArr, 0, 8);
                bArr[0] = (byte) (bArr[0] & 143 & bArr[0]);
                KeyIdentifier keyIdentifier = new KeyIdentifier(bArr);
                certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(keyIdentifier.getIdentifier()));
                certificateExtensions.set("AuthorityKeyIdentifier", new AuthorityKeyIdentifierExtension(keyIdentifier, (GeneralNames) null, (SerialNumber) null));
                x509CertInfo.set("extensions", certificateExtensions);
                Certificate x509CertImpl = new X509CertImpl(x509CertInfo, str2);
                x509CertImpl.sign(privateKey, str, str2);
                return new CertificateKeyItemImpl(commandParameters.getLabel(), privateKey, new Certificate[]{x509CertImpl});
            } catch (IOException e) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_SAN, e, new String[]{e.getMessage()});
            }
        } catch (IOException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.IO_ERROR, e2);
        } catch (InvalidKeyException e3) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_FOR_SIGNING, e3, new String[]{commandParameters.getLabel()});
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e4, new String[]{str});
        } catch (NoSuchProviderException e5) {
            throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e5, new String[]{str2});
        } catch (SignatureException e6) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.SIGNATURE_ERROR, e6, new String[]{commandParameters.getLabel()});
        } catch (CertificateException e7) {
            if (e7.getMessage().contains("Invalid version")) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_CERTIFICATE_VERSION, e7, new String[]{commandParameters.getLabel()});
            }
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_CREATE_ERROR, e7);
        }
    }

    public static CertificateKeyItem newKeyItem(String str, X509Certificate x509Certificate, PrivateKey privateKey) throws KeyManagerException {
        return new CertificateKeyItemImpl(str, privateKey, new Certificate[]{x509Certificate});
    }

    public static SecretKeyItem newSecretKey(String str, SecretKey secretKey) throws KeyManagerException {
        return new SecretKeyItemImpl(str, secretKey);
    }

    public static Collection loadSecretKeys(String str, PrivateKey privateKey, String str2) throws KeyManagerException {
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
                            List<SecretKeyReader.SecretKeyInfo> readKeys = new SecretKeyReader(bufferedInputStream).readKeys();
                            ArrayList arrayList = new ArrayList();
                            for (SecretKeyReader.SecretKeyInfo secretKeyInfo : readKeys) {
                                arrayList.add(SecretKeyItemImpl.decryptKey(privateKey, secretKeyInfo.encryptedKey, secretKeyInfo.algorithm, secretKeyInfo.alias, str2));
                            }
                            if (bufferedInputStream != null) {
                                try {
                                    bufferedInputStream.close();
                                } catch (IOException e) {
                                    Debug.log(e.toString(), new Object[0]);
                                }
                            }
                            return arrayList;
                        } catch (NoSuchPaddingException e2) {
                            throw new KeyManagerException(KeyManagerException.ExceptionReason.KEY_DECRYPTION_ERROR, e2, new String[]{str});
                        }
                    } catch (InvalidKeyException e3) {
                        throw new KeyManagerException(KeyManagerException.ExceptionReason.KEY_DECRYPTION_ERROR, e3);
                    } catch (NoSuchAlgorithmException e4) {
                        throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e4, new String[]{e4.getMessage()});
                    }
                } catch (IOException e5) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.INPUT_STREAM_CLOSE_ERROR, e5, new String[]{str});
                } catch (Exception e6) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.SECRET_KEY_FILE_FORMAT_NOT_SUPPORTED, e6, new String[]{str});
                }
            } catch (FileNotFoundException e7) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INPUT_FILE_NOT_FOUND, e7, new String[]{str});
            } catch (NoSuchProviderException e8) {
                throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e8);
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e9) {
                    Debug.log(e9.toString(), new Object[0]);
                }
            }
            throw th;
        }
    }

    public static CMSCertificateItem newCMSCertificate(String str, X509Certificate x509Certificate) throws KeyManagerException {
        return new CMSCertificateItemImpl(str, x509Certificate);
    }

    public static CMSKeyItem newCMSKey(String str, PrivateKey privateKey, Certificate[] certificateArr) throws KeyManagerException {
        return new CMSKeyItemImpl(str, privateKey, certificateArr);
    }

    public static CertificateRequestKeyItem newUnloadableCertificateRequestItem(String str) throws KeyManagerException {
        return new UnloadableCertificateRequestItemImpl(str);
    }

    public static CertificateRequestItem loadCertificateRequestItem(String str, CommandParameters commandParameters) throws KeyManagerException {
        try {
            return new CertificateRequestItemImpl(str, new CertificationRequest(commandParameters.getFile(), true), commandParameters);
        } catch (IOException e) {
            if (e.getMessage().contains("not found")) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_REQUEST_FILE_NOT_FOUND, e, new String[]{commandParameters.getFile()});
            }
            throw new KeyManagerException(KeyManagerException.ExceptionReason.CERTIFICATE_REQUEST_DECODING_ERROR, e, new String[]{commandParameters.getFile()});
        }
    }

    public static CertificateRequestKeyItem loadCertificateRequestItem(String str, CertificationRequest certificationRequest, PrivateKey privateKey) throws KeyManagerException {
        return new CertificateRequestKeyItemImpl(str, certificationRequest, privateKey);
    }

    public static CertificateRequestKeyItem newCertificateRequestItem(CommandParameters commandParameters, KeyPair keyPair, String str, String str2) throws KeyManagerException {
        return newCertificateRequestItem(commandParameters, commandParameters.getLabel(), commandParameters.isParameterPresent(Constants.Parameter.DN) ? commandParameters.getDn() : DisplayItemFactory.getDNItem(""), commandParameters.getSan(), keyPair, str, str2, null);
    }

    public static CertificateRequestKeyItem newCertificateRequestItem(CommandParameters commandParameters, CertificateItem certificateItem, KeyPair keyPair, String str) throws KeyManagerException {
        DisplayItemFactory.SanItem san = certificateItem.getSan();
        return newCertificateRequestItem(commandParameters, certificateItem.getLabel(), certificateItem.getSubjectDN(), san, keyPair, KeymanUtil.getSignatureDigest(keyPair.getPrivate(), certificateItem.getSignatureAlgorithm().getOID()), str, certificateItem);
    }

    private static CertificateRequestKeyItem newCertificateRequestItem(CommandParameters commandParameters, String str, DisplayItemFactory.DNItem dNItem, DisplayItemFactory.SanItem sanItem, KeyPair keyPair, String str2, String str3, CertificateItem certificateItem) throws KeyManagerException {
        if (dNItem.isEmpty() && sanItem.isEmpty()) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_DN_OR_SAN);
        }
        try {
            CertAttrSet extension = sanItem.toExtension(dNItem.isEmpty());
            PKCSAttributes pKCSAttributes = null;
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            if (extension != null) {
                certificateExtensions.set(extension.getName(), extension);
            }
            Vector extendedKeyUsageV = commandParameters == null ? certificateItem.getExtendedKeyUsageV() : commandParameters.getExtendedKeyUsage();
            if (extendedKeyUsageV.size() > 0) {
                certificateExtensions.set("ExtKeyUsage", new ExtKeyUsageExtension(extendedKeyUsageV));
            }
            KeyUsageExtension keyUsage = commandParameters == null ? certificateItem.getKeyUsage() : commandParameters.getKeyUsage();
            if (keyUsage != null) {
                certificateExtensions.set("KeyUsage", keyUsage);
            }
            if (certificateExtensions.getAllExtensions().size() > 0) {
                pKCSAttributes = new PKCSAttributes(new PKCSAttribute[]{new PKCSAttribute(PKCSOID.EXTENSION_REQUEST_OID, certificateExtensions)});
            }
            return new CertificateRequestKeyItemImpl(str, new CertificationRequest(new CertificationRequestInfo(dNItem.getX500Name(), keyPair.getPublic(), pKCSAttributes, str3), str3).sign(str2, keyPair.getPrivate()), keyPair.getPrivate());
        } catch (SignatureException e) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.SIGNATURE_ERROR, e, new String[]{str});
        } catch (PKCSException e2) {
            throw new KeyManagerException(KeyManagerException.ExceptionReason.REQUEST_SIGNING_ERROR, e2, new String[]{str});
        } catch (IOException e3) {
            e3.printStackTrace();
            throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_DN, e3, new String[]{dNItem.toString()});
        }
    }

    private static Collection generateCertificates(String str, String str2) throws KeyManagerException {
        return CertificateParserFactory.getCertificateParser().getCertificates(new File(str), str2);
    }

    public static List reorderCertChain(Collection collection) {
        List extractCertChain = extractCertChain((CertificateItem[]) collection.toArray(new CertificateItem[0]), (CertificateItem) collection.toArray()[0]);
        if (extractCertChain.size() < collection.size()) {
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                CertificateItem certificateItem = (CertificateItem) it.next();
                boolean z = false;
                Iterator it2 = extractCertChain.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (certificateItem.equals((CertificateItem) it2.next())) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    extractCertChain.add(certificateItem);
                }
            }
        }
        return extractCertChain;
    }

    public static List extractCertChain(CertificateItem[] certificateItemArr, CertificateItem certificateItem) {
        ArrayList arrayList = new ArrayList();
        CertificateItem findLowestCert = findLowestCert(certificateItem, certificateItemArr);
        arrayList.add(findLowestCert);
        CertificateItem certificateItem2 = findLowestCert;
        for (int i = 0; i < certificateItemArr.length - 1; i++) {
            int length = certificateItemArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                CertificateItem certificateItem3 = certificateItemArr[i2];
                if (!(certificateItem3 instanceof UnloadableCertificateItemImpl) && !(certificateItem3 instanceof UnloadableCMSCertificateItem) && !certificateItem2.equals(certificateItem3) && certificateItem2.getIssuerDN().getX500Name().equals(certificateItem3.getSubjectDN().getX500Name())) {
                    certificateItem2 = certificateItem3;
                    break;
                }
                i2++;
            }
            if (!certificateItem2.equals(findLowestCert)) {
                arrayList.add(certificateItem2);
                findLowestCert = certificateItem2;
            }
        }
        return arrayList;
    }

    public static Set extractCertTrustAnchor(CertificateItem[] certificateItemArr) {
        HashSet hashSet = new HashSet();
        for (CertificateItem certificateItem : certificateItemArr) {
            if (certificateItem.getIssuerDN().getX500Name().equals(certificateItem.getSubjectDN().getX500Name())) {
                hashSet.add(new TrustAnchor(certificateItem.getCert(), null));
            }
        }
        return hashSet;
    }

    private static CertificateItem findLowestCert(CertificateItem certificateItem, CertificateItem[] certificateItemArr) {
        CertificateItem certificateItem2 = certificateItem;
        for (int i = 0; i < certificateItemArr.length - 1; i++) {
            int length = certificateItemArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                CertificateItem certificateItem3 = certificateItemArr[i2];
                if (!(certificateItem3 instanceof UnloadableCertificateItemImpl) && !(certificateItem3 instanceof UnloadableCMSCertificateItem) && certificateItem3.getIssuerDN().getX500Name().equals(certificateItem2.getSubjectDN().getX500Name()) && !certificateItem3.getIssuerDN().getX500Name().equals(certificateItem3.getSubjectDN().getX500Name())) {
                    certificateItem2 = certificateItem3;
                    break;
                }
                i2++;
            }
            if (certificateItem2.equals(certificateItem)) {
                break;
            }
        }
        return certificateItem2;
    }
}
