package org.globus.cog.security.cert.request;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.util.StringTokenizer;
import org.bouncycastle.asn1.DERConstructedSet;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.globus.common.CoGProperties;
import org.globus.gsi.CertUtil;
import org.globus.util.PEMUtils;
import org.globus.util.Util;

/* loaded from: input_file:org/globus/cog/security/cert/request/GridCertRequest.class */
public final class GridCertRequest {
    public static final String usage = "\n\ngrid-cert-request [-help] [ options ...]\n\n  Example Usage:\n\n    Creating a user certifcate:\n      grid-cert-request\n\n    Creating a host or gatekeeper certifcate:\n      grid-cert-request -host [my.host.fqdn]\n\n    Creating a LDAP server certificate:\n      grid-cert-request -service ldap -host [my.host.fqdn]\n\n  Options:\n\n    -version           : Display version\n    -?, -h, -help,     : Display usage\n    -usage\n    -cn <name>,        : Common name of the user\n    -commonname <name>\n    -service <service> : Create certificate for a service. Requires\n                         the -host option and implies that the generated\n                         key will not be password protected (ie implies -nopw). <<Not implemented yet>>\n    -host <FQDN>       : Create certificate for a host named <FQDN> <<Not implemented yet>>\n    -dir <dir_name>    : Changes the directory the private key and certificate\n                         request will be placed in. By default user\n                         certificates are placed in /home/user/.globus, host\n                         certificates are placed in /etc/grid-security and\n                         service certificates are place in\n                         /etc/grid-security/<service>.\n    -prefix <prefix>   : Causes the generated files to be named\n                         <prefix>cert.pem, <prefix>key.pem and\n                         <prefix>cert_request.pem\n    -nopw,             : Create certificate without a passwd\n    -nodes,\n    -nopassphrase,\n    -verbose           : Don't clear the screen <<Not used>>\n    -int[eractive]     : Prompt user for each component of the DN <<Not implemented yet>>\n    -force             : Overwrites preexisting certifictes";
    private static String message = "\nA certificate request and private key will be created.\nYou will be asked to enter a PEM pass phrase.\nThis pass phrase is akin to your account password,\nand is used to protect your key file.\nIf you forget your pass phrase, you will need to\nobtain a new certificate.\n";
    private static String cn = null;
    private static String service = null;
    private static String gatekeeper = null;
    private static String hostName = null;
    private static String certDir = null;
    private static String certFile = null;
    private static String keyFile = null;
    private static String reqFile = null;
    private static boolean noPswd = false;
    private static boolean interactive = false;
    private static boolean force = false;
    private static boolean resubmit = false;
    private static String version = "1.0";
    private static boolean verbose = false;
    private static String prefix = "user";

    public static void main(String[] strArr) {
        boolean parseCmdLine = parseCmdLine(strArr);
        String str = "";
        String str2 = "";
        String str3 = "";
        if (parseCmdLine) {
            CoGProperties coGProperties = CoGProperties.getDefault();
            if (certDir == null) {
                str = coGProperties.getUserCertFile();
                str2 = coGProperties.getUserKeyFile();
                certDir = str2.substring(0, str2.lastIndexOf(File.separator) + 1);
            } else {
                if (!certDir.endsWith(File.separator)) {
                    certDir = new StringBuffer().append(certDir).append(File.separator).toString();
                }
                str = new StringBuffer().append(certDir).append(prefix).append("cert.pem").toString();
                str2 = new StringBuffer().append(certDir).append(prefix).append("key.pem").toString();
            }
            str3 = new StringBuffer().append(str.substring(0, str.length() - 4)).append("_request.pem").toString();
        }
        File file = new File(certDir);
        if (parseCmdLine) {
            if (!file.exists()) {
                file.mkdir();
            }
            if (!file.exists() || !file.isDirectory()) {
                System.out.println(new StringBuffer().append("The directory ").append(certDir).append(" does not exists.").toString());
                parseCmdLine = false;
            }
        }
        if (parseCmdLine && !file.canWrite()) {
            System.out.println(new StringBuffer().append("Can't write to ").append(certDir).toString());
            parseCmdLine = false;
        }
        if (parseCmdLine && !force) {
            boolean z = false;
            if (new File(str2).exists()) {
                System.out.println(new StringBuffer().append(str2).append(" exists").toString());
                z = true;
            }
            if (new File(str).exists()) {
                System.out.println(new StringBuffer().append(str).append(" exists").toString());
                z = true;
            }
            if (new File(str3).exists()) {
                System.out.println(new StringBuffer().append(str3).append(" exists").toString());
                z = true;
            }
            if (z) {
                System.out.println("If you wish to overwrite, run the script again with -force.");
                parseCmdLine = false;
            }
        }
        String str4 = "";
        if (parseCmdLine && !noPswd) {
            parseCmdLine = false;
            System.out.println(message);
            for (int i = 0; !parseCmdLine && i < 3; i++) {
                str4 = Util.getInput("Enter PEM pass phrase: ");
                if (str4.compareTo(Util.getInput("Verify password Enter PEM pass phrase: ")) != 0) {
                    System.out.println("Verify failure");
                } else if (str4.length() < 4) {
                    System.out.println("phrase is too short, needs to be at least 4 chars");
                } else {
                    parseCmdLine = true;
                }
            }
        }
        if (parseCmdLine) {
            try {
                System.out.println(new StringBuffer().append("writing new private key to ").append(str2).toString());
                genCertificateRequest(cn, "ca@gridcanada.ca", str4, str2, str, str3);
            } catch (Exception e) {
                System.out.println(new StringBuffer().append("error: ").append(e).toString());
                e.printStackTrace();
            }
        }
    }

    protected static boolean parseCmdLine(String[] strArr) {
        boolean z = true;
        if (strArr.length == 0) {
            System.out.println(usage);
            z = false;
        } else {
            int i = 0;
            while (i < strArr.length && z) {
                if (strArr[i].equalsIgnoreCase("-version")) {
                    System.out.println(version);
                } else if (strArr[i].equalsIgnoreCase("-help") || strArr[i].equalsIgnoreCase("-h") || strArr[i].equalsIgnoreCase("-?")) {
                    System.out.println(usage);
                    z = false;
                } else if (strArr[i].equalsIgnoreCase("-cn") || strArr[i].equalsIgnoreCase("-commonname")) {
                    i++;
                    cn = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-dir")) {
                    i++;
                    certDir = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-prefix")) {
                    i++;
                    prefix = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-nopw") || strArr[i].equalsIgnoreCase("-nodes") || strArr[i].equalsIgnoreCase("-nopassphrase")) {
                    noPswd = true;
                } else if (strArr[i].equalsIgnoreCase("-verbose")) {
                    verbose = true;
                } else if (strArr[i].equalsIgnoreCase("-force")) {
                    force = true;
                } else {
                    System.out.println(new StringBuffer().append("Error: argument #").append(i).append("(").append(strArr[i]).append(") : unknown").toString());
                }
                i++;
            }
        }
        return z;
    }

    public static void genCertificateRequest(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        CertUtil.init();
        KeyPair genKeyPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
        PrivateKey privateKey = genKeyPair.getPrivate();
        byte[] encoded = new PKCS10CertificationRequest("MD5WithRSA", new X509Name(str), genKeyPair.getPublic(), new DERConstructedSet(), privateKey).getEncoded();
        PrintStream printStream = new PrintStream(new FileOutputStream(str6));
        String str7 = "";
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            str7 = new StringBuffer().append(str7).append("/").append(stringTokenizer.nextToken()).toString();
        }
        printStream.print(new StringBuffer().append("\n\nPlease mail the following certificate request to ").append(str2).append("\n").append("\n").append("==================================================================\n").append("\n").append("Certificate Subject:\n").append("\n").append(str7).append("\n").append("\n").append("The above string is known as your user certificate subject, and it \n").append("uniquely identifies this user.\n").append("\n").append("To install this user certificate, please save this e-mail message\n").append("into the following file.\n").append("\n").append("\n").append(str5).append("\n").append("\n").append("\n").append("      You need not edit this message in any way. Simply \n").append("      save this e-mail message to the file.\n").append("\n").append("\n").append("If you have any questions about the certificate contact\n").append("the Certificate Authority at ").append(str2).append("\n").append("\n").toString());
        printStream.print(toPEM(encoded));
        printStream.close();
        BouncyCastleOpenSSLKey bouncyCastleOpenSSLKey = new BouncyCastleOpenSSLKey(privateKey);
        if (str3.length() != 0) {
            bouncyCastleOpenSSLKey.encrypt(str3);
        }
        bouncyCastleOpenSSLKey.writeTo(new File(str4).getAbsolutePath());
        Util.setFilePermissions(str4, 600);
        new File(str5).createNewFile();
    }

    public static String toPEM(byte[] bArr) {
        byte[] encode = Base64.encode(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            PEMUtils.writeBase64(byteArrayOutputStream, "-----BEGIN CERTIFICATE REQUEST-----", encode, "-----END CERTIFICATE REQUEST-----");
            return new String(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException(new StringBuffer().append("Unexpected error: ").append(e.getMessage()).toString());
        }
    }
}
