package org.bzdev.net;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.ProcessBuilder;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.Base64;
import java.util.HashMap;
import java.util.zip.CRC32;
import org.apache.batik.svggen.font.table.Table;
import org.bzdev.lang.UnexpectedExceptionError;
import org.bzdev.net.PemDecoder;

/* loaded from: input_file:libbzdev-base.jar:org/bzdev/net/SecureBasicUtilities.class */
public class SecureBasicUtilities {
    private static final char WATCH = 8986;
    private Type type;
    private static final String DEFAULT_SIGALG = "SHA256withECDSA";
    private static final String DEFAULT_CURVE = "secp256r1";
    PrivateKey privateKey;
    PublicKey publicKey;
    String encryptionAlgorithm;
    String signatureAlgorithm;
    private static HashMap<String, String> pmap;
    private static final String DIGEST = "SHA-256";
    private static final int DIGEST_LENGTH = 32;
    private static final Charset utf8 = Charset.forName("UTF-8");
    private static final char[] WATCH_ARRAY = {8986};
    private static final String WATCH_STRING = new String(WATCH_ARRAY);
    private static final char[] PEN = Character.toChars(128394);
    private static final String PEN_STRING = new String(PEN);
    private static final char[] LOCK = Character.toChars(128274);
    private static final char[] PEN_LOCK_ARRAY = {PEN[0], PEN[1], LOCK[0], LOCK[1]};
    private static final String PEN_LOCK_STRING = new String(PEN_LOCK_ARRAY);
    private static HashMap<String, String> sigpmap = new HashMap<>();

    /* loaded from: input_file:libbzdev-base.jar:org/bzdev/net/SecureBasicUtilities$Mode.class */
    public enum Mode {
        DIGEST,
        SIGNATURE_WITHOUT_CERT,
        SIGNATURE_WITH_CERT,
        PASSWORD
    }

    /* loaded from: input_file:libbzdev-base.jar:org/bzdev/net/SecureBasicUtilities$Type.class */
    public enum Type {
        PUBLIC,
        PRIVATE,
        BOTH,
        NONE
    }

    static String errorMsg(String str, Object... objArr) {
        return NetErrorMsg.errorMsg(str, objArr);
    }

    public static Mode getMode(String str) {
        if (str == null) {
            return Mode.PASSWORD;
        }
        int length = str.length();
        if (length > 3) {
            if (str.startsWith("[D]")) {
                return Mode.DIGEST;
            }
            if (str.startsWith("[S]")) {
                return Mode.SIGNATURE_WITHOUT_CERT;
            }
            if (length > 4 && str.startsWith("[SC]")) {
                return Mode.SIGNATURE_WITH_CERT;
            }
        }
        return Mode.PASSWORD;
    }

    public static String encodeRealm(String str, Mode mode) {
        if (str == null) {
            str = "";
        }
        if (mode == null) {
            return str;
        }
        switch (mode) {
            case DIGEST:
                return "[D]" + str;
            case SIGNATURE_WITHOUT_CERT:
                return "[S]" + str;
            case SIGNATURE_WITH_CERT:
                return "[SC]" + str;
            case PASSWORD:
                return str;
            default:
                throw new UnexpectedExceptionError();
        }
    }

    public static String decodeRealm(String str) {
        if (str == null) {
            str = "";
        }
        int length = str.length();
        if (length > 2) {
            if (!str.startsWith("[D]") && !str.startsWith("[S]")) {
                if (length > 3 && str.startsWith("[SC]")) {
                    return str.substring(4);
                }
            }
            return str.substring(3);
        }
        return str;
    }

    public static String iconedRealm(String str) {
        if (str == null) {
            str = "";
        }
        int length = str.length();
        if (length > 2) {
            if (str.startsWith("[D]")) {
                return WATCH_STRING + str.substring(3);
            }
            if (str.startsWith("[S]")) {
                return PEN_STRING + " " + str.substring(3);
            }
            if (length > 3 && str.startsWith("[SC]")) {
                return PEN_LOCK_STRING + str.substring(4);
            }
        }
        return str;
    }

    public Type getType() {
        return this.type;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public String getEncryptionAlgorith() {
        return this.encryptionAlgorithm;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    private void initFromPEM(InputStream inputStream) throws IOException, IllegalArgumentException, GeneralSecurityException {
        PemDecoder.Result decode = PemDecoder.decode(inputStream);
        String type = decode.getType();
        if (type.equalsIgnoreCase("CERTIFICATE")) {
            this.signatureAlgorithm = decode.getHeaders().getFirst("signature-algorithm");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode.getBytes());
            try {
                this.publicKey = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream).getPublicKey();
                this.encryptionAlgorithm = this.publicKey.getAlgorithm();
                this.type = Type.PUBLIC;
                byteArrayInputStream.close();
                return;
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        if (type.endsWith(" PUBLIC KEY")) {
            this.encryptionAlgorithm = type.substring(0, type.indexOf(" "));
            this.signatureAlgorithm = decode.getHeaders().getFirst("signature-algorithm");
            String str = pmap.get(this.encryptionAlgorithm);
            this.publicKey = (str == null ? KeyFactory.getInstance(this.encryptionAlgorithm) : KeyFactory.getInstance(this.encryptionAlgorithm, str)).generatePublic(new X509EncodedKeySpec(decode.getBytes()));
            this.type = Type.PUBLIC;
            return;
        }
        if (!type.endsWith(" PRIVATE KEY")) {
            throw new IOException(errorMsg("PemType", type));
        }
        this.encryptionAlgorithm = type.substring(0, type.indexOf(" "));
        this.signatureAlgorithm = decode.getHeaders().getFirst("signature-algorithm");
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode.getBytes(), this.encryptionAlgorithm);
        String str2 = pmap.get(this.encryptionAlgorithm);
        this.privateKey = (str2 == null ? KeyFactory.getInstance(this.encryptionAlgorithm) : KeyFactory.getInstance(this.encryptionAlgorithm, str2)).generatePrivate(pKCS8EncodedKeySpec);
        this.type = Type.PRIVATE;
    }

    public SecureBasicUtilities() {
        this.type = Type.NONE;
    }

    public SecureBasicUtilities(String str) throws IOException, IllegalArgumentException, GeneralSecurityException {
        this(new ByteArrayInputStream(str.getBytes("UTF-8")));
    }

    public SecureBasicUtilities(InputStream inputStream) throws IOException, IllegalArgumentException, GeneralSecurityException {
        initFromPEM(inputStream);
    }

    public SecureBasicUtilities(File file, String str, String str2, char[] cArr) throws IOException, IllegalArgumentException, GeneralSecurityException {
        str = str == null ? DEFAULT_SIGALG : str;
        if (str2 == null) {
            initFromPEM(new FileInputStream(file));
            if (!this.signatureAlgorithm.equals(str)) {
                throw new IllegalArgumentException(errorMsg("sigalgs", this.signatureAlgorithm, str));
            }
            return;
        }
        KeyStore keyStore = KeyStore.getInstance(file, cArr);
        Key key = keyStore.getKey(str2, cArr);
        if (!(key instanceof PrivateKey)) {
            throw new IllegalArgumentException();
        }
        this.privateKey = (PrivateKey) key;
        Certificate certificate = keyStore.getCertificate(str2);
        if (certificate == null) {
            throw new IllegalArgumentException(errorMsg("nocert", str2));
        }
        this.publicKey = certificate.getPublicKey();
        if (!this.publicKey.getAlgorithm().equals(this.privateKey.getAlgorithm())) {
            throw new IllegalArgumentException();
        }
        this.signatureAlgorithm = str;
        this.type = Type.BOTH;
    }

    public char[] createPassword(Certificate certificate, char[] cArr) throws GeneralSecurityException, UnsupportedEncodingException {
        byte[] bArr;
        int sign;
        ByteBuffer encode = utf8.encode(CharBuffer.wrap(cArr));
        byte[] bArr2 = new byte[encode.limit() - encode.position()];
        encode.get(bArr2);
        long epochSecond = Instant.now().getEpochSecond() & 4294967295L;
        long j = epochSecond;
        byte[] bArr3 = new byte[4];
        for (int i = 0; i < 4; i++) {
            bArr3[i] = (byte) (j & 255);
            j >>= 8;
        }
        CRC32 crc32 = new CRC32();
        crc32.update(bArr3, 0, bArr3.length);
        crc32.update(bArr2, 0, bArr2.length);
        long value = crc32.getValue();
        if (this.type == Type.NONE) {
            bArr = new byte[40];
            for (int i2 = 0; i2 < 4; i2++) {
                bArr[i2] = (byte) (epochSecond & 255);
                epochSecond >>= 8;
            }
            for (int i3 = 4; i3 < 8; i3++) {
                bArr[i3] = (byte) (value & 255);
                value >>= 8;
            }
            MessageDigest messageDigest = MessageDigest.getInstance(DIGEST);
            messageDigest.update(bArr, 0, 8);
            messageDigest.update(bArr2);
            messageDigest.digest(bArr, 8, 32);
            sign = 40;
        } else {
            String str = sigpmap.get(this.signatureAlgorithm);
            Signature signature = str == null ? Signature.getInstance(this.signatureAlgorithm) : Signature.getInstance(this.signatureAlgorithm, str);
            signature.initSign(this.privateKey);
            bArr = new byte[Table.languageELL];
            for (int i4 = 0; i4 < 4; i4++) {
                bArr[i4] = (byte) (epochSecond & 255);
                epochSecond >>= 8;
            }
            for (int i5 = 4; i5 < 8; i5++) {
                bArr[i5] = (byte) (value & 255);
                value >>= 8;
            }
            signature.update(bArr, 0, 8);
            if (certificate != null) {
                signature.update(certificate.getPublicKey().getEncoded());
            }
            signature.update(bArr2);
            sign = signature.sign(bArr, 8, bArr.length - 8) + 8;
        }
        CharBuffer decode = utf8.decode(Base64.getUrlEncoder().encode(ByteBuffer.wrap(bArr, 0, sign)));
        char[] cArr2 = new char[decode.limit() - decode.position()];
        decode.get(cArr2);
        return cArr2;
    }

    public static byte[] decodePassword(String str) {
        try {
            return Base64.getUrlDecoder().decode(str.getBytes(utf8));
        } catch (Exception e) {
            return null;
        }
    }

    public static byte[] decodePassword(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return new byte[0];
        }
        try {
            return Base64.getUrlDecoder().decode(bArr);
        } catch (Exception e) {
            return null;
        }
    }

    public static byte[] decodePassword(char[] cArr) {
        Base64.Decoder urlDecoder = Base64.getUrlDecoder();
        byte[] bArr = new byte[cArr.length];
        for (int i = 0; i < cArr.length; i++) {
            bArr[i] = (byte) cArr[i];
        }
        try {
            byte[] decode = urlDecoder.decode(bArr);
            for (int i2 = 0; i2 < cArr.length; i2++) {
                bArr[i2] = 0;
            }
            return decode;
        } catch (Exception e) {
            for (int i3 = 0; i3 < cArr.length; i3++) {
                bArr[i3] = 0;
            }
            return null;
        } catch (Throwable th) {
            for (int i4 = 0; i4 < cArr.length; i4++) {
                bArr[i4] = 0;
            }
            throw th;
        }
    }

    public static int getTimeDiff(byte[] bArr) {
        if (bArr == null || bArr.length < 4) {
            return Integer.MAX_VALUE;
        }
        int i = 0;
        for (int i2 = 3; i2 > 0; i2--) {
            i = (i | (bArr[i2] & 255)) << 8;
        }
        return ((int) (Instant.now().getEpochSecond() & 4294967295L)) - (i | (bArr[0] & 255));
    }

    private static long getCRC32(byte[] bArr) {
        long j = 0;
        for (int i = 7; i > 4; i--) {
            j = (j | (bArr[i] & 255)) << 8;
        }
        return j | (bArr[4] & 255);
    }

    public boolean checkPassword(byte[] bArr, Certificate certificate, String str) throws GeneralSecurityException {
        if (bArr == null || bArr.length <= 8) {
            return false;
        }
        byte[] bytes = str.getBytes(utf8);
        CRC32 crc32 = new CRC32();
        crc32.update(bArr, 0, 4);
        crc32.update(bytes, 0, bytes.length);
        if (crc32.getValue() != getCRC32(bArr)) {
            return false;
        }
        if (this.type != Type.NONE) {
            String str2 = sigpmap.get(this.signatureAlgorithm);
            Signature signature = str2 == null ? Signature.getInstance(this.signatureAlgorithm) : Signature.getInstance(this.signatureAlgorithm, str2);
            signature.initVerify(this.publicKey);
            signature.update(bArr, 0, 8);
            if (certificate != null) {
                signature.update(certificate.getPublicKey().getEncoded());
            }
            signature.update(bytes);
            return signature.verify(bArr, 8, bArr.length - 8);
        }
        if (bArr.length != 40) {
            return false;
        }
        byte[] bArr2 = new byte[40];
        MessageDigest messageDigest = MessageDigest.getInstance(DIGEST);
        messageDigest.update(bArr, 0, 8);
        messageDigest.update(bytes);
        messageDigest.digest(bArr2, 8, 32);
        for (int i = 8; i < 40; i++) {
            if (bArr2[i] != bArr[i]) {
                return false;
            }
        }
        return true;
    }

    public String[] getPEMStrings() {
        return getPEMStrings(this.privateKey, this.publicKey, this.signatureAlgorithm);
    }

    private static String[] getPEMStrings(PrivateKey privateKey, PublicKey publicKey, String str) throws IllegalStateException {
        StringBuilder sb = new StringBuilder();
        if (privateKey != null && publicKey != null && !privateKey.getAlgorithm().equals(publicKey.getAlgorithm())) {
            throw new IllegalStateException(errorMsg("keyalgs", new Object[0]));
        }
        try {
            PemEncoder pemEncoder = new PemEncoder(sb);
            String str2 = null;
            if (privateKey != null) {
                pemEncoder.addHeader("signature-algorithm", str);
                pemEncoder.encode(privateKey.getAlgorithm() + " PRIVATE KEY", privateKey.getEncoded());
                str2 = sb.toString();
                sb.setLength(0);
            }
            String str3 = null;
            if (publicKey != null) {
                pemEncoder.addHeader("signature-algorithm", str);
                pemEncoder.encode(publicKey.getAlgorithm() + " PUBLIC KEY", publicKey.getEncoded());
                str3 = sb.toString();
            }
            return new String[]{str2, str3};
        } catch (IOException e) {
            throw new IllegalStateException(errorMsg("keypairError", new Object[0]), e);
        }
    }

    public static String[] createPEMPair() {
        try {
            return createPEMPair(null, null);
        } catch (GeneralSecurityException e) {
            throw new UnexpectedExceptionError(e);
        }
    }

    public static String[] createPEMPair(String str, String str2) throws IllegalArgumentException, GeneralSecurityException {
        if (str == null) {
            str = DEFAULT_CURVE;
        }
        if (str2 == null) {
            str2 = DEFAULT_SIGALG;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "SunEC");
        keyPairGenerator.initialize(new ECGenParameterSpec(str));
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        return getPEMStrings(genKeyPair.getPrivate(), genKeyPair.getPublic(), str2);
    }

    public static String[] createPEMPair(File file, String str, String str2, String str3, String str4, char[] cArr) throws IllegalArgumentException, GeneralSecurityException, IOException {
        if (str == null) {
            str = DEFAULT_CURVE;
        }
        if (str2 == null) {
            str2 = DEFAULT_SIGALG;
        }
        String canonicalPath = file.getCanonicalPath();
        try {
            ProcessBuilder processBuilder = new ProcessBuilder("keytool", "-genkey", "-keyalg", "EC", "-groupname", str, "-sigalg", str2, "-dname", str4, "-keypass", new String(cArr), "-storepass", new String(cArr), "-validity", "36525", "-alias", str3, "-keystore", canonicalPath);
            processBuilder.redirectOutput(ProcessBuilder.Redirect.DISCARD);
            processBuilder.redirectError(ProcessBuilder.Redirect.INHERIT);
            if (processBuilder.start().waitFor() != 0) {
                throw new IllegalStateException(errorMsg("keypairError", new Object[0]));
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(canonicalPath), cArr);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str3, cArr);
            Certificate certificate = keyStore.getCertificate(str3);
            if (certificate == null) {
                throw new GeneralSecurityException();
            }
            return getPEMStrings(privateKey, certificate.getPublicKey(), str2);
        } catch (IOException e) {
            throw new IllegalStateException(errorMsg("keystoreError", new Object[0]), e);
        } catch (InterruptedException e2) {
            throw new IllegalStateException(errorMsg("keystoreError", new Object[0]), e2);
        } catch (GeneralSecurityException e3) {
            throw new IllegalStateException(errorMsg("keystoreError", new Object[0]), e3);
        }
    }

    static {
        sigpmap.put("Sha256withECDSA", "SunEC");
        pmap = new HashMap<>();
        sigpmap.put("EC", "SunEC");
    }
}
