package net.lightbody.bmp.mitm.tools;

import com.google.common.net.InetAddresses;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.KeyManager;
import net.lightbody.bmp.mitm.CertificateAndKey;
import net.lightbody.bmp.mitm.CertificateInfo;
import net.lightbody.bmp.mitm.exception.CertificateCreationException;
import net.lightbody.bmp.mitm.exception.ExportException;
import net.lightbody.bmp.mitm.exception.ImportException;
import net.lightbody.bmp.mitm.util.EncryptionUtil;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:BOOT-INF/lib/mitm-2.1.5.jar:net/lightbody/bmp/mitm/tools/BouncyCastleSecurityProviderTool.class */
public class BouncyCastleSecurityProviderTool implements SecurityProviderTool {
    private static final int CERTIFICATE_SERIAL_NUMBER_SIZE = 160;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createServerCertificate(CertificateInfo certificateInfo, X509Certificate x509Certificate, PrivateKey privateKey, KeyPair keyPair, String str) {
        if (certificateInfo.getCommonName() == null) {
            throw new IllegalArgumentException("Must specify CN for server certificate");
        }
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        X500Name createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new JcaX509v3CertificateBuilder(x509Certificate, EncryptionUtil.getRandomBigInteger(160), certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, keyPair.getPublic()).addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) getDomainNameSANsAsASN1Encodable(certificateInfo.getSubjectAlternativeNames())).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(keyPair.getPublic())).addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false)).build(getCertificateSigner(privateKey, EncryptionUtil.getSignatureAlgorithm(str, privateKey)))), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating new server certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createServerKeyStore(String str, CertificateAndKey certificateAndKey, X509Certificate x509Certificate, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createRootCertificateKeyStore(String str, CertificateAndKey certificateAndKey, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo, KeyPair keyPair, String str) {
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        X500Name createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        BigInteger randomBigInteger = EncryptionUtil.getRandomBigInteger(160);
        PublicKey publicKey = keyPair.getPublic();
        ContentSigner certificateSigner = getCertificateSigner(keyPair.getPrivate(), EncryptionUtil.getSignatureAlgorithm(str, keyPair.getPrivate()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new JcaX509v3CertificateBuilder(createX500NameForCertificate, randomBigInteger, certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, publicKey).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(publicKey)).addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(182)).addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector)).build(certificateSigner)), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating root certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodePrivateKeyAsPem(PrivateKey privateKey, String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("You must specify a password when serializing a private key");
        }
        return encodeObjectAsPemString(privateKey, new JcePEMEncryptorBuilder(str2).build(str.toCharArray()));
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodeCertificateAsPem(Certificate certificate) {
        return encodeObjectAsPemString(certificate, null);
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public PrivateKey decodePemEncodedPrivateKey(Reader reader, String str) {
        PrivateKeyInfo privateKeyInfo;
        Throwable th = null;
        try {
            try {
                PEMParser pEMParser = new PEMParser(reader);
                try {
                    Object readObject = pEMParser.readObject();
                    if (!(readObject instanceof PEMEncryptedKeyPair)) {
                        privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                    } else {
                        if (str == null) {
                            throw new ImportException("Unable to import private key. Key is encrypted, but no password was provided.");
                        }
                        privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())).getPrivateKeyInfo();
                    }
                    PrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    return privateKey;
                } catch (Throwable th2) {
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new ImportException("Unable to read PEM-encoded PrivateKey", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public X509Certificate decodePemEncodedCertificate(Reader reader) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore loadKeyStore(File file, String str, String str2) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public void saveKeyStore(File file, KeyStore keyStore, String str) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyManager[] getKeyManagers(KeyStore keyStore, String str) {
        return new KeyManager[0];
    }

    private static X500Name createX500NameForCertificate(CertificateInfo certificateInfo) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        if (certificateInfo.getCommonName() != null) {
            x500NameBuilder.addRDN(BCStyle.CN, certificateInfo.getCommonName());
        }
        if (certificateInfo.getOrganization() != null) {
            x500NameBuilder.addRDN(BCStyle.O, certificateInfo.getOrganization());
        }
        if (certificateInfo.getOrganizationalUnit() != null) {
            x500NameBuilder.addRDN(BCStyle.OU, certificateInfo.getOrganizationalUnit());
        }
        if (certificateInfo.getEmail() != null) {
            x500NameBuilder.addRDN(BCStyle.E, certificateInfo.getEmail());
        }
        if (certificateInfo.getLocality() != null) {
            x500NameBuilder.addRDN(BCStyle.L, certificateInfo.getLocality());
        }
        if (certificateInfo.getState() != null) {
            x500NameBuilder.addRDN(BCStyle.ST, certificateInfo.getState());
        }
        if (certificateInfo.getCountryCode() != null) {
            x500NameBuilder.addRDN(BCStyle.C, certificateInfo.getCountryCode());
        }
        return x500NameBuilder.build();
    }

    private static GeneralNames getDomainNameSANsAsASN1Encodable(List<String> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (String str : list) {
            arrayList.add(new GeneralName(InetAddresses.isInetAddress(str) ? 7 : 2, str));
        }
        return new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()]));
    }

    private static ContentSigner getCertificateSigner(PrivateKey privateKey, String str) {
        try {
            return new JcaContentSignerBuilder(str).build(privateKey);
        } catch (OperatorCreationException e) {
            throw new CertificateCreationException("Unable to create ContentSigner using signature algorithm: " + str, e);
        }
    }

    private static X509Certificate convertToJcaCertificate(X509CertificateHolder x509CertificateHolder) {
        try {
            return new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
        } catch (CertificateException e) {
            throw new CertificateCreationException("Unable to convert X590CertificateHolder to JCA X590Certificate", e);
        }
    }

    private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
        return new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(key.getEncoded()));
    }

    private static String encodeObjectAsPemString(Object obj, PEMEncryptor pEMEncryptor) {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(obj, pEMEncryptor);
                    jcaPEMWriter.flush();
                    if (jcaPEMWriter != null) {
                        jcaPEMWriter.close();
                    }
                    return stringWriter.toString();
                } catch (Throwable th2) {
                    if (jcaPEMWriter != null) {
                        jcaPEMWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new ExportException("Unable to generate PEM string representing object", e);
        }
    }
}
