package net.osbee.app.se.module;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PKCS8Generator;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemGenerationException;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:net/osbee/app/se/module/TSEKeyAndSignatureManager.class */
public class TSEKeyAndSignatureManager {
    private static final String NAMED_ELLIPTIC_CURVE = "secp384r1";
    private static final String SIGNATURE_ALGORITHM = "SHA384WithECDSA";
    private static final String ENCRYPTION_PASSWORD = "h3sD6#59Xdk%Gv'?sd<-j*";
    private static final String SERIAL_NUMBER_HASH_ALGO = "SHA-256";
    private X509Certificate certificate;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private Signature signature;
    private Signature verifier;
    private byte[] publicKeyHash;
    private TSEDatabaseManager databaseManager;
    private static String privateKeyFile = "";
    private static String publicKeyFile = "";
    private static String certificateFile = "";
    private static String privateSSLKeyFile = String.valueOf(System.getProperty("user.home")) + "/tse/compex_ssl_zertifikat.pkcs8";
    private static String SSLCertificateFile = String.valueOf(System.getProperty("user.home")) + "/tse/compex_ssl_zertifikat.cer";
    private static final Boolean ENCRYPT_PRIVATE_KEY = true;
    private static final ASN1ObjectIdentifier PRIVATE_KEY_ENCRYPTION_METHOD = PKCS8Generator.PBE_SHA1_3DES;
    private static final char[] hexArray = "0123456789ABCDEF".toCharArray();
    private String ENCRYPTION_ALGORITHM_TYPE = "EC";
    private Boolean prepared = false;
    private Boolean forSSLEncryption = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDatabaseManager(TSEDatabaseManager tSEDatabaseManager) {
        this.databaseManager = tSEDatabaseManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean prepare() throws SQLException {
        if (!this.prepared.booleanValue()) {
            this.prepared = importKeysAndVerify(privateKeyFile, publicKeyFile, certificateFile);
        }
        return this.prepared;
    }

    void createNewKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.ENCRYPTION_ALGORITHM_TYPE);
            keyPairGenerator.initialize(new ECGenParameterSpec(NAMED_ELLIPTIC_CURVE));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.privateKey = generateKeyPair.getPrivate();
            this.publicKey = generateKeyPair.getPublic();
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    Boolean createCertificateRequest(String str) {
        Boolean bool = true;
        try {
            PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=Requested Test Certificate"), this.publicKey).build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(this.privateKey));
            if (verifyCertificateRequestSignature(build).booleanValue()) {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(str));
                jcaPEMWriter.writeObject(build);
                jcaPEMWriter.close();
            } else {
                bool = false;
                System.err.println("CSR was not created, because the private key used for signing it did not match the public key from the CSR.");
            }
        } catch (OperatorCreationException | IOException e) {
            e.printStackTrace();
            bool = false;
        }
        return bool;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean exportCertificate(File file) {
        Boolean bool = true;
        try {
            exportKey(new FileWriter(file), KeyObject.Certificate);
        } catch (IOException e) {
            bool = false;
            e.printStackTrace();
        }
        return bool;
    }

    private void saveKeyInDB(KeyObject keyObject) throws SQLException {
        String str;
        try {
            TableColumnHashMap columns = this.databaseManager.getColumns(SecureElement.TSEParameterTableName);
            StringWriter stringWriter = new StringWriter();
            if (exportKey(stringWriter, keyObject).booleanValue()) {
                str = stringWriter.toString();
            } else {
                System.err.println(String.valueOf(keyObject.getParamName()) + " could be not be saved in database!");
                str = "";
            }
            TableFieldValueAssignment tableFieldValueAssignment = new TableFieldValueAssignment();
            tableFieldValueAssignment.put(columns.get("STRING_VALUE"), new TableFieldValue(str));
            if (this.databaseManager.updateDB(SecureElement.TSEParameterTableName, tableFieldValueAssignment, String.format("param_name = '%s'", String.valueOf(getSSLPrefix()) + keyObject.getDBParamName())).booleanValue()) {
                return;
            }
            System.err.println(String.valueOf(keyObject.getParamName()) + " could be not be saved in database!");
        } catch (SQLException e) {
            System.err.println(String.valueOf(keyObject.getParamName()) + " could be not be saved in database!");
            throw e;
        }
    }

    private Boolean exportKey(Writer writer, KeyObject keyObject) {
        Boolean bool = true;
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
            if (keyObject == KeyObject.PrivateKey) {
                jcaPEMWriter.writeObject(privateKeyToPemObject(this.privateKey));
            } else if (keyObject == KeyObject.PublicKey) {
                jcaPEMWriter.writeObject(this.publicKey);
            } else if (keyObject == KeyObject.Certificate) {
                jcaPEMWriter.writeObject(this.certificate);
            }
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
        } catch (IOException e) {
            e.printStackTrace();
            bool = false;
        }
        return bool;
    }

    private PemObject privateKeyToPemObject(PrivateKey privateKey) {
        PemObject pemObject = null;
        OutputEncryptor outputEncryptor = null;
        if (ENCRYPT_PRIVATE_KEY.booleanValue()) {
            outputEncryptor = makeEncryptorForKeyfileEncryption();
        }
        if (!ENCRYPT_PRIVATE_KEY.booleanValue() || outputEncryptor != null) {
            try {
                pemObject = new JcaPKCS8Generator(privateKey, outputEncryptor).generate();
            } catch (PemGenerationException e) {
                e.printStackTrace();
            }
        }
        return pemObject;
    }

    private OutputEncryptor makeEncryptorForKeyfileEncryption() {
        OutputEncryptor outputEncryptor = null;
        try {
            JceOpenSSLPKCS8EncryptorBuilder jceOpenSSLPKCS8EncryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PRIVATE_KEY_ENCRYPTION_METHOD);
            jceOpenSSLPKCS8EncryptorBuilder.setRandom(getRandomNumberGenerator());
            jceOpenSSLPKCS8EncryptorBuilder.setPasssword(ENCRYPTION_PASSWORD.toCharArray());
            outputEncryptor = jceOpenSSLPKCS8EncryptorBuilder.build();
        } catch (OperatorCreationException e) {
            e.printStackTrace();
        }
        return outputEncryptor;
    }

    private Boolean verifyCertificateRequestSignature(PKCS10CertificationRequest pKCS10CertificationRequest) {
        Boolean bool = false;
        try {
            Security.addProvider(new BouncyCastleProvider());
            bool = Boolean.valueOf(pKCS10CertificationRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(pKCS10CertificationRequest.getSubjectPublicKeyInfo())));
        } catch (OperatorCreationException | PKCSException e) {
            e.printStackTrace();
        }
        return bool;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean importKeysAndVerify(String str, String str2, String str3) throws SQLException {
        Boolean bool = false;
        if (!str3.equals("")) {
            try {
                bool = Boolean.valueOf(importPrivateKey(str).booleanValue() && importCertificate(new FileInputStream(str3)).booleanValue());
            } catch (FileNotFoundException e) {
                e.printStackTrace();
            }
        } else if (str2.equals("")) {
            String keyStringFromDB = getKeyStringFromDB(KeyObject.Certificate);
            System.out.println(keyStringFromDB);
            bool = Boolean.valueOf(importPrivateKey(str).booleanValue() && importCertificate(new ByteArrayInputStream(keyStringFromDB.getBytes(StandardCharsets.UTF_8))).booleanValue());
        } else {
            bool = Boolean.valueOf(importPrivateKey(str).booleanValue() && importPublicKey(str2).booleanValue());
        }
        if (bool.booleanValue() && !this.forSSLEncryption.booleanValue()) {
            System.out.println("Schl�sselimport erfolgreich!");
            createSignature(false);
            createSignature(true);
            byte[] bytes = "Diese Daten sollen signiert werden.".getBytes(StandardCharsets.UTF_8);
            if (verifyData(bytes, signData(bytes)).booleanValue()) {
                System.out.println("Signierung und Verifikation erfolgreich!");
            } else {
                System.out.println("Signierung und Verifikation fehlerhaft!");
            }
        } else if (!bool.booleanValue()) {
            System.out.println("Schl�sselimport fehlgeschlagen!");
        }
        if (bool.booleanValue()) {
            if (!str.equals("")) {
                saveKeyInDB(KeyObject.PrivateKey);
            }
            if (!str3.equals("")) {
                saveKeyInDB(KeyObject.Certificate);
            } else if (!str2.equals("")) {
                saveKeyInDB(KeyObject.PublicKey);
            }
        }
        return bool;
    }

    private Boolean importPrivateKey(String str) throws SQLException {
        if (str.equals("")) {
            this.privateKey = getPrivateKeyFromDB();
        } else {
            this.privateKey = getPrivateKeyFromFile(str);
        }
        return this.privateKey != null;
    }

    private Boolean importPublicKey(String str) {
        this.publicKey = getPublicKeyFromFile(str);
        return this.publicKey != null;
    }

    public Boolean importCertificate(InputStream inputStream) {
        Boolean bool = true;
        try {
            this.certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            this.publicKey = this.certificate.getPublicKey();
        } catch (CertificateException e) {
            e.printStackTrace();
            bool = false;
        }
        return bool;
    }

    private PrivateKey getPrivateKeyFromFile(String str) {
        PrivateKey privateKey = null;
        try {
            privateKey = decodePrivateKey(new String(Files.readAllBytes(Paths.get(str, new String[0]))));
        } catch (IOException e) {
            e.printStackTrace();
        }
        return privateKey;
    }

    private PrivateKey getPrivateKeyFromDB() throws SQLException {
        PrivateKey privateKey = null;
        String keyStringFromDB = getKeyStringFromDB(KeyObject.PrivateKey);
        if (keyStringFromDB.equals("")) {
            System.out.println("Private key empty!");
        } else {
            privateKey = decodePrivateKey(keyStringFromDB);
        }
        return privateKey;
    }

    private String getKeyStringFromDB(KeyObject keyObject) throws SQLException {
        TableColumnData tableColumnData = this.databaseManager.getColumns(SecureElement.TSEParameterTableName).get("STRING_VALUE");
        ArrayList<TableFieldValueAssignment> selectFromDB = this.databaseManager.selectFromDB(SecureElement.TSEParameterTableName, new TableColumnData[]{tableColumnData}, String.format("param_name = '%s'", String.valueOf(getSSLPrefix()) + keyObject.dbParamName));
        return selectFromDB != null ? selectFromDB.get(0).get(tableColumnData).getStringValue() : "";
    }

    private PrivateKey decodePrivateKey(String str) {
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec;
        PrivateKey privateKey = null;
        try {
            byte[] decode = Base64.decode(str.replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", "").replace("-----END ENCRYPTED PRIVATE KEY-----", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", ""));
            if (ENCRYPT_PRIVATE_KEY.booleanValue()) {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(decode);
                pKCS8EncodedKeySpec = encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(ENCRYPTION_PASSWORD.toCharArray())));
            } else {
                pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            }
            privateKey = KeyFactory.getInstance(this.ENCRYPTION_ALGORITHM_TYPE).generatePrivate(pKCS8EncodedKeySpec);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return privateKey;
    }

    private PublicKey getPublicKeyFromFile(String str) {
        PublicKey publicKey = null;
        try {
            PemReader pemReader = new PemReader(new StringReader(new String(Files.readAllBytes(Paths.get(str, new String[0])))));
            try {
                PemObject readPemObject = pemReader.readPemObject();
                pemReader.close();
                publicKey = KeyFactory.getInstance(this.ENCRYPTION_ALGORITHM_TYPE).generatePublic(new X509EncodedKeySpec(readPemObject.getContent()));
            } catch (Throwable th) {
                pemReader.close();
                throw th;
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return publicKey;
    }

    private void createSignature(Boolean bool) {
        try {
            if (bool.booleanValue()) {
                this.verifier = Signature.getInstance(SIGNATURE_ALGORITHM);
                this.verifier.initVerify(this.publicKey);
            } else {
                this.signature = Signature.getInstance(SIGNATURE_ALGORITHM);
                this.signature.initSign(this.privateKey, getRandomNumberGenerator());
            }
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    byte[] signData(byte[] bArr) {
        byte[] bArr2;
        byte[] bArr3 = new byte[0];
        try {
            this.signature.update(bArr);
            bArr2 = this.signature.sign();
        } catch (SignatureException e) {
            e.printStackTrace();
            bArr2 = bArr3;
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] signData(ByteArrayOutputStream byteArrayOutputStream) {
        return signData(byteArrayOutputStream.toByteArray());
    }

    Boolean verifyData(byte[] bArr, byte[] bArr2) {
        Boolean bool = false;
        try {
            this.verifier.update(bArr);
            bool = Boolean.valueOf(this.verifier.verify(bArr2));
        } catch (SignatureException e) {
            e.printStackTrace();
        }
        return bool;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Boolean verifyData(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        return verifyData(byteArrayOutputStream.toByteArray(), bArr);
    }

    private SecureRandom getRandomNumberGenerator() {
        return new SecureRandom();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] hashPublicKey() {
        try {
            if (this.publicKeyHash == null) {
                this.publicKeyHash = MessageDigest.getInstance(SERIAL_NUMBER_HASH_ALGO).digest(this.publicKey.getEncoded());
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            System.err.println("Serial number could not be computed!");
        }
        return this.publicKeyHash;
    }

    public Date getCertificateExpirationDate() {
        return this.certificate.getNotAfter();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] convertToPlainMode(byte[] bArr) {
        try {
            ASN1Sequence fromByteArray = DERSequence.fromByteArray(bArr);
            ASN1Integer objectAt = fromByteArray.getObjectAt(0);
            ASN1Integer objectAt2 = fromByteArray.getObjectAt(1);
            byte[] bArr2 = null;
            byte[] bArr3 = null;
            if (objectAt instanceof ASN1Integer) {
                bArr2 = objectAt.getValue().toByteArray();
                bArr3 = objectAt2.getValue().toByteArray();
            }
            byte[] removeLeadingZero = removeLeadingZero(bArr2);
            byte[] removeLeadingZero2 = removeLeadingZero(bArr3);
            byte[] bArr4 = new byte[removeLeadingZero.length + removeLeadingZero2.length];
            System.arraycopy(removeLeadingZero, 0, bArr4, 0, removeLeadingZero.length);
            System.arraycopy(removeLeadingZero2, 0, bArr4, removeLeadingZero.length, removeLeadingZero2.length);
            return bArr4;
        } catch (IOException unused) {
            System.err.println("Error: Signature " + bArr + " could not be converted to plain format!");
            return bArr;
        }
    }

    static byte[] removeLeadingZero(byte[] bArr) {
        if (bArr[0] == 0) {
            bArr = Arrays.copyOfRange(bArr, 1, bArr.length);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] convertToASN1Mode(byte[] bArr) {
        int length = bArr.length;
        if (length % 2 != 0) {
            return new byte[0];
        }
        byte[] bArr2 = new byte[length / 2];
        byte[] bArr3 = new byte[length / 2];
        System.arraycopy(bArr, 0, bArr2, 0, length / 2);
        System.arraycopy(bArr, length / 2, bArr3, 0, length / 2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, bArr2)));
        aSN1EncodableVector.add(new ASN1Integer(new BigInteger(1, bArr3)));
        try {
            dEROutputStream.writeObject(new DERSequence(aSN1EncodableVector));
        } catch (IOException e) {
            e.printStackTrace();
        }
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = hexArray[i2 >>> 4];
            cArr[(i * 2) + 1] = hexArray[i2 & 15];
        }
        return new String(cArr);
    }

    public void initSSLFactories(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, SQLException {
        this.ENCRYPTION_ALGORITHM_TYPE = "RSA";
        this.forSSLEncryption = true;
        setDatabaseManager(new TSEDatabaseManager());
        importKeysAndVerify(privateSSLKeyFile, "", SSLCertificateFile);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, ENCRYPTION_PASSWORD.toCharArray());
        X509Certificate[] x509CertificateArr = {this.certificate};
        keyStore.setCertificateEntry(this.certificate.getSubjectX500Principal().getName(), this.certificate);
        keyStore.setKeyEntry("SSL_Private_Key", this.privateKey, ENCRYPTION_PASSWORD.toCharArray(), x509CertificateArr);
        keyManagerFactory.init(keyStore, ENCRYPTION_PASSWORD.toCharArray());
        trustManagerFactory.init(keyStore);
    }

    private String getSSLPrefix() {
        return this.forSSLEncryption.booleanValue() ? "SSL_" : "";
    }
}
