package org.globus.cog.security.cert.request;

import cryptix.util.core.Hex;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.DERConstructedSet;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.globus.common.CoGProperties;
import org.globus.gsi.CertUtil;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.util.PEMUtils;
import org.globus.util.Util;

/* loaded from: input_file:org/globus/cog/security/cert/request/GridCertRenewalRequest.class */
public class GridCertRenewalRequest {
    public static final String usage = "\n\ngrid-cert-request [-help] [ options ...]\n-help\n-usage \nDisplays usage. \n\n-version \nDisplays version. \n\n-debug \nDisplays extra information (if problems occur). \n\n-nopassphrase \nSignals that the new key will not be protected by a passphrase. \n\n-oldcert file \nLocation of the certificate that is about to expire. If not set,  $HOME/.globus/usercert.pem  \n\n-oldkey file \nLocation of the private key to the certificate that is about to expire. If not set,   $HOME/.globus/userkey.pem\n\n-newkey file \nLocation of the replacement key that is generated by grid-cert-renew. If not set,   $HOME/.globus/userkey_new.pem is assumed. \n\n-newcertreq file \nLocation of the certificate renewal request. If not set,  $HOME/.globus/usercert_renew_request.pem is assumed. \n\n-force\nReplaces any existing renewal request\n\nchallenge \nChallenge text string, as instructed in the CA renewal notification message. This is the only required argument. \n";
    private static GlobusGSSCredentialImpl cred = null;
    private static String chalenge = "";
    private static String newPrivKeyLoc = "";
    private static String userCertRenewFile = "";
    private static String oldPassword = "";
    private static boolean noPswd = false;
    private static String userCertFile = "";
    private static String userKeyFile = "";
    private static boolean force = false;
    private static String version = "1.0";
    private static boolean verbose = false;

    public static void main(String[] strArr) {
        boolean parseCmdLine = parseCmdLine(strArr);
        if (parseCmdLine) {
            CertUtil.init();
            CoGProperties coGProperties = CoGProperties.getDefault();
            if (userCertFile.length() == 0) {
                userCertFile = coGProperties.getUserCertFile();
            }
            if (userKeyFile.length() == 0) {
                userKeyFile = coGProperties.getUserKeyFile();
            }
            if (userCertRenewFile.length() == 0) {
                userCertRenewFile = new StringBuffer().append(coGProperties.getUserCertFile().substring(0, coGProperties.getUserCertFile().length() - 4)).append("_renew_request.pem").toString();
            }
            if (newPrivKeyLoc.length() == 0) {
                newPrivKeyLoc = new StringBuffer().append(coGProperties.getUserKeyFile().substring(0, coGProperties.getUserKeyFile().length() - 4)).append("_new.pem").toString();
            }
            if (!force) {
                boolean z = false;
                if (new File(userCertRenewFile).exists()) {
                    System.out.println(new StringBuffer().append(userCertRenewFile).append(" exists").toString());
                    z = true;
                }
                if (new File(newPrivKeyLoc).exists()) {
                    System.out.println(new StringBuffer().append(newPrivKeyLoc).append(" exists").toString());
                    z = true;
                }
                if (z) {
                    System.out.println("If you wish to overwrite, run the script again with -force.");
                    parseCmdLine = false;
                }
            }
        }
        GlobusGSSCredentialImpl globusGSSCredentialImpl = null;
        if (parseCmdLine) {
            globusGSSCredentialImpl = createNewProxy(Util.getInput("Enter private key pass phrase: "), 300, 1024);
            if (globusGSSCredentialImpl == null) {
                parseCmdLine = false;
            }
        }
        String str = "";
        if (parseCmdLine && !noPswd) {
            parseCmdLine = false;
            for (int i = 0; !parseCmdLine && i < 3; i++) {
                str = Util.getInput("Enter new private key pass phrase: ");
                if (str.compareTo(Util.getInput("Verify password enter new private key pass phrase: ")) != 0) {
                    System.out.println("Verify failure");
                } else if (str.length() < 4) {
                    System.out.println("phrase is too short, needs to be at least 4 chars");
                } else {
                    parseCmdLine = true;
                }
            }
        }
        if (parseCmdLine) {
            try {
                genRenewRequest(globusGSSCredentialImpl, str, chalenge, newPrivKeyLoc, userCertRenewFile);
            } catch (IOException e) {
                e.printStackTrace();
            } catch (GeneralSecurityException e2) {
                e2.printStackTrace();
            }
        }
    }

    protected static boolean parseCmdLine(String[] strArr) {
        boolean z = true;
        if (strArr.length == 0) {
            System.out.println(usage);
            z = false;
        } else {
            int i = 0;
            while (i < strArr.length && z) {
                if (strArr[i].equalsIgnoreCase("-version")) {
                    System.out.println(version);
                } else if (strArr[i].equalsIgnoreCase("-help") || strArr[i].equalsIgnoreCase("-h") || strArr[i].equalsIgnoreCase("-?")) {
                    System.out.println(usage);
                    z = false;
                } else if (strArr[i].equalsIgnoreCase("-nopw") || strArr[i].equalsIgnoreCase("-nodes") || strArr[i].equalsIgnoreCase("-nopassphrase")) {
                    noPswd = true;
                } else if (strArr[i].equalsIgnoreCase("-verbose")) {
                    verbose = true;
                } else if (strArr[i].equalsIgnoreCase("-oldcert")) {
                    i++;
                    userCertFile = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-oldkey")) {
                    i++;
                    userKeyFile = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-newkey")) {
                    i++;
                    newPrivKeyLoc = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-newcertreq")) {
                    i++;
                    userCertRenewFile = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-force")) {
                    force = true;
                } else if (i == strArr.length - 1) {
                    chalenge = strArr[i];
                } else {
                    System.out.println(new StringBuffer().append("Error: argument #").append(i).append("(").append(strArr[i]).append(") : unknown").toString());
                }
                i++;
            }
        }
        return z;
    }

    protected static GlobusGSSCredentialImpl createNewProxy(String str, int i, int i2) {
        CertUtil.init();
        try {
            org.globus.gsi.bc.BouncyCastleOpenSSLKey bouncyCastleOpenSSLKey = new org.globus.gsi.bc.BouncyCastleOpenSSLKey(userKeyFile);
            if (bouncyCastleOpenSSLKey.isEncrypted()) {
                bouncyCastleOpenSSLKey.decrypt(str);
            }
            try {
                try {
                    return new GlobusGSSCredentialImpl(BouncyCastleCertProcessingFactory.getDefault().createCredential(new X509Certificate[]{CertUtil.loadCertificate(userCertFile)}, bouncyCastleOpenSSLKey.getPrivateKey(), i2, i, 0 != 0 ? 2 : 3), 1);
                } catch (Exception e) {
                    System.out.println(new StringBuffer().append("Failed to create a proxy: ").append(e.getMessage()).toString());
                    e.printStackTrace();
                    return null;
                }
            } catch (IOException e2) {
                System.out.println(new StringBuffer().append("Error: Failed to load cert: ").append(userCertFile).toString());
                System.out.println("Make sure you have a valide certificate installed.");
                e2.printStackTrace();
                return null;
            } catch (GeneralSecurityException e3) {
                System.out.println(new StringBuffer().append("Error: Unable to load user certificate: ").append(e3.getMessage()).toString());
                e3.printStackTrace();
                return null;
            }
        } catch (IOException e4) {
            System.out.println(new StringBuffer().append("Error: Failed to load key: ").append(userKeyFile).toString());
            System.out.println("Make sure you have a valide private key installed.");
            e4.printStackTrace();
            return null;
        } catch (GeneralSecurityException e5) {
            System.out.println("Error: Wrong grid pass phrase!");
            e5.printStackTrace();
            return null;
        }
    }

    public static void genRenewRequest(GlobusGSSCredentialImpl globusGSSCredentialImpl, String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        File file = null;
        try {
            org.globus.gsi.bc.BouncyCastleOpenSSLKey bouncyCastleOpenSSLKey = new org.globus.gsi.bc.BouncyCastleOpenSSLKey(globusGSSCredentialImpl.getPrivateKey());
            if (str.length() != 0) {
                bouncyCastleOpenSSLKey.encrypt(str);
            }
            bouncyCastleOpenSSLKey.writeTo(new File(str3).getAbsolutePath());
            Util.setFilePermissions(str3, 600);
            X509Certificate x509Certificate = globusGSSCredentialImpl.getCertificateChain()[0];
            byte[] encoded = x509Certificate.getEncoded();
            PrintStream printStream = new PrintStream(new FileOutputStream(str4));
            printStream.print(toCertPEM(encoded));
            file = File.createTempFile("digest-", ".pem");
            PrintStream printStream2 = new PrintStream(new FileOutputStream(file));
            printStream2.print(toCertPEM(encoded));
            printStream2.println(new StringBuffer().append("X").append(str2).toString());
            printStream2.close();
            FileInputStream fileInputStream = new FileInputStream(file);
            int available = fileInputStream.available();
            byte[] bArr = new byte[available];
            fileInputStream.read(bArr, 0, available);
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.getDigestLength();
            printStream.println(Hex.toString(messageDigest.digest(bArr)).toLowerCase());
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest("MD5WithRSA", new X509Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getPublicKey(), new DERConstructedSet(), bouncyCastleOpenSSLKey.getPrivateKey());
            printStream.println("Certificate Request:");
            printStream.println("    Data:");
            printStream.print(x509Certificate.toString());
            printStream.print(toCertReqPEM(pKCS10CertificationRequest.getEncoded()));
            printStream.close();
            if (file != null) {
                file.delete();
            }
        } catch (Throwable th) {
            if (file != null) {
                file.delete();
            }
            throw th;
        }
    }

    private static String toCertPEM(byte[] bArr) {
        byte[] encode = Base64.encode(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            PEMUtils.writeBase64(byteArrayOutputStream, "-----BEGIN CERTIFICATE-----", encode, "-----END CERTIFICATE-----");
        } catch (IOException e) {
        }
        return new String(byteArrayOutputStream.toByteArray());
    }

    private static String toCertReqPEM(byte[] bArr) {
        byte[] encode = Base64.encode(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            PEMUtils.writeBase64(byteArrayOutputStream, "-----BEGIN CERTIFICATE REQUEST-----", encode, "-----END CERTIFICATE REQUEST-----");
        } catch (IOException e) {
        }
        return new String(byteArrayOutputStream.toByteArray());
    }
}
