package sun.security;

import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.net.InetAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.jsafe.Provider;
import sun.security.pkcs.PKCS10;
import sun.security.ssl.Record;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;
import sun.security.x509.X500SignerFactory;
import sun.security.x509.X509Key;

/* loaded from: input_file:sun/security/CertStore.class */
public final class CertStore implements ExportControl {
    private AuthContext authContext;
    private String keystore;
    private String original;
    private String filename;
    PrivateKey privateKey;
    X509Certificate[] chain;
    static final String beginCert = "-----BEGIN CERTIFICATE-----";
    static final String endCert = "-----END CERTIFICATE-----";
    static final String beginCSR = "-----BEGIN NEW CERTIFICATE REQUEST-----";
    static final String endCSR = "-----END NEW CERTIFICATE REQUEST-----";
    private String command = "list";
    private String sigType = "MD5withRSA";
    private String keyType = "RSA";
    private boolean verbose = false;
    private int keysize = 768;
    private boolean pem = false;
    private int validity = 90;
    private String alias = "ssl-RSA-default";
    private boolean isAliasSet = false;

    private CertStore() {
    }

    public static void main(String[] strArr) {
        Provider.install();
        try {
            new CertStore().doCommands(strArr, System.out);
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
    }

    private void doCommands(String[] strArr, PrintStream printStream) throws Exception {
        int i = 0;
        while (i < strArr.length) {
            if (strArr[i].equalsIgnoreCase("-list")) {
                this.command = "list";
            } else if (strArr[i].equalsIgnoreCase("-certresp")) {
                i++;
                this.filename = strArr[i];
                this.command = "certresp";
            } else if (strArr[i].equalsIgnoreCase("-importCA")) {
                if (!this.isAliasSet) {
                    this.alias = "";
                }
                i++;
                this.filename = strArr[i];
                this.command = "importCA";
            } else if (strArr[i].equalsIgnoreCase("-listCA")) {
                this.command = "listCA";
            } else if (strArr[i].equalsIgnoreCase("-clone")) {
                i++;
                this.original = strArr[i];
                this.command = "clone";
            } else if (strArr[i].equalsIgnoreCase("-csr")) {
                i++;
                this.filename = strArr[i];
                this.command = "csr";
            } else if (strArr[i].equalsIgnoreCase("-delete")) {
                this.command = "delete";
            } else if (strArr[i].equalsIgnoreCase("-dumpcert")) {
                i++;
                this.filename = strArr[i];
                this.command = "dumpcert";
            } else {
                if (strArr[i].equalsIgnoreCase("-help")) {
                    usage();
                    return;
                }
                if (strArr[i].equalsIgnoreCase("-selfcert")) {
                    this.command = "selfcert";
                } else if (strArr[i].equalsIgnoreCase("-signcert")) {
                    i++;
                    this.filename = strArr[i];
                    this.command = "signcert";
                } else if (strArr[i].equalsIgnoreCase("-verbose")) {
                    this.verbose = true;
                } else if (strArr[i].equalsIgnoreCase("-pem")) {
                    this.pem = true;
                } else if (strArr[i].equalsIgnoreCase("-keysize")) {
                    i++;
                    this.keysize = Integer.parseInt(strArr[i]);
                } else if (strArr[i].equalsIgnoreCase("-keytype")) {
                    i++;
                    this.keyType = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-signature")) {
                    i++;
                    this.sigType = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-validity")) {
                    i++;
                    this.validity = Integer.parseInt(strArr[i]);
                } else if (strArr[i].equalsIgnoreCase("-keystore")) {
                    i++;
                    this.keystore = strArr[i];
                } else if (strArr[i].equalsIgnoreCase("-alias")) {
                    this.isAliasSet = true;
                    i++;
                    this.alias = strArr[i];
                } else {
                    printStream.println(new StringBuffer("Unrecognized flag:  ").append(strArr[i]).toString());
                    usage();
                    System.exit(1);
                }
            }
            i++;
        }
        if (this.keystore == null) {
            printStream.println("must specify keystore");
            System.exit(1);
        }
        boolean z = false;
        this.authContext = AuthContext.getDefault();
        sun.security.ssl.KeyStore keyStore = new sun.security.ssl.KeyStore(this.authContext, AuthContext.getPassphraseIndex());
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keystore);
            keyStore.load(fileInputStream);
            fileInputStream.close();
        } catch (FileNotFoundException unused) {
            if (!this.command.equals("selfcert") && !this.command.equals("certresp")) {
                System.out.println(new StringBuffer("Keystore file does not exist:  ").append(this.keystore).toString());
                System.out.println(new StringBuffer("command = ").append(this.command).toString());
                System.exit(1);
            }
        }
        if (this.command.equals("list")) {
            TrustDecider trustDecider = this.authContext.getTrustDecider();
            Date date = new Date();
            printStream.println(new StringBuffer("** Dumping Key Store:  ").append(this.keystore).toString());
            printStream.println(new StringBuffer("** ").append(keyStore.size()).append(" entr").append(keyStore.size() == 1 ? "y" : "ies").toString());
            Enumeration listAliases = keyStore.listAliases();
            while (listAliases.hasMoreElements()) {
                String str = (String) listAliases.nextElement();
                lookupAlias(keyStore, str);
                printStream.println(new StringBuffer("ALIAS:  ").append(str).toString());
                printStream.println(new StringBuffer("CERT CHAIN, length = ").append(this.chain.length).append(":").toString());
                for (int i2 = 0; i2 < this.chain.length; i2++) {
                    if (this.pem) {
                        dumpPEM(this.chain[i2], printStream);
                    } else if (this.verbose) {
                        printStream.println(new StringBuffer("chain [").append(i2).append("] = ").append(this.chain[i2].toString()).toString());
                    } else {
                        printStream.println(new StringBuffer(String.valueOf(this.chain[i2].getPublicKey().getAlgorithm())).append(" key\n  for <").append(this.chain[i2].getSubjectDN()).append(">\n  by <").append(this.chain[i2].getIssuerDN()).append(">").toString());
                    }
                }
                printStream.println(new StringBuffer("PRIVATE KEY:  ").append(this.privateKey).toString());
                if (trustDecider != null) {
                    System.out.println("Trusted for:  ");
                    System.out.println(new StringBuffer("  channel authentication --> ").append(trustDecider.isTrustedFor(this.chain, "channel", date)).toString());
                    System.out.println(new StringBuffer("  code signing --> ").append(trustDecider.isTrustedFor(this.chain, "codesigning", date)).toString());
                }
                printStream.println();
            }
        } else if (this.command.equals("clone")) {
            lookupAlias(keyStore, this.original);
            keyStore.setAlias(this.alias, this.privateKey, this.chain);
            z = true;
        } else if (this.command.equals("delete")) {
            lookupAlias(keyStore, this.alias);
            if (inputString(new DataInputStream(System.in), new StringBuffer("Please type \"yes\" to delete alias <").append(this.alias).append(">").toString(), "no").equalsIgnoreCase("yes")) {
                keyStore.deleteAlias(this.alias);
                z = true;
            } else {
                System.out.println("... alias not deleted.");
            }
        } else if (this.command.equals("dumpcert")) {
            X509Certificate importPEM = importPEM(new FileInputStream(this.filename));
            if (this.pem) {
                dumpPEM(importPEM, printStream);
            } else {
                printStream.println(new StringBuffer("Cert = ").append(importPEM.toString()).toString());
            }
        } else if (this.command.equals("selfcert")) {
            try {
                lookupAlias(keyStore, this.alias);
                System.out.println(" ... selfcert not created, alias already exists");
            } catch (Exception unused2) {
                doSelfCert();
                keyStore.setAlias(this.alias, this.privateKey, this.chain);
                z = true;
            }
        } else if (this.command.equals("signcert")) {
            lookupAlias(keyStore, this.alias);
            doSignCert(this.filename);
        } else if (this.command.equals("csr")) {
            lookupAlias(keyStore, this.alias);
            doCertReq(this.filename);
        } else if (this.command.equals("importCA")) {
            doImportCA(this.filename);
        } else if (this.command.equals("listCA")) {
            doListCA();
        } else if (this.command.equals("certresp")) {
            lookupAlias(keyStore, this.alias);
            keyStore.setAlias(this.alias, this.privateKey, doCertResponse(this.filename));
            z = true;
        }
        if (z) {
            System.out.println(new StringBuffer("[Saving ").append(this.keystore).append("]").toString());
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystore);
            if (keyStore.size() == 0) {
                new File(this.keystore).delete();
            } else {
                keyStore.store(fileOutputStream);
            }
            fileOutputStream.close();
        }
    }

    private void usage() throws Exception {
        System.out.println("usage [command] [options]  [-alias name] -keystore /path/to/keystore.db");
        System.out.println("  commands are -list (default) -clone -csr -delete -selfcert -certresp");
        System.out.println("      -signcert -dumpcert");
        System.out.println("  options are -keysize -keytype -verbose -signature");
    }

    private void doSelfCert() throws Exception {
        X500Name x500Name = getX500Name();
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(this.keyType, this.sigType);
        System.out.println(new StringBuffer("Generating ").append(this.keysize).append(" bit ").append(this.keyType).append(" keys for ").append(this.sigType).append(" self-signed certificate").toString());
        certAndKeyGen.generate(this.keysize);
        this.privateKey = certAndKeyGen.getPrivateKey();
        this.chain = new X509Certificate[1];
        this.chain[0] = X509Certificate.getInstance(certAndKeyGen.getSelfCert(x500Name, this.validity * 24 * 60 * 60).getSignedCert());
    }

    private void doSignCert(String str) throws Exception {
        PKCS10 importCSR = importCSR(new FileInputStream(str));
        new DataInputStream(System.in);
        System.out.println(new StringBuffer("CSR subject is:  <").append(importCSR.getSubjectName()).append(">").toString());
        System.out.println(new StringBuffer("CSR public key is:  ").append(importCSR.getSubjectPublicKeyInfo()).toString());
        System.out.println("XXX sorry, no CA functionality yet");
    }

    private void doListCA() throws Exception {
        X509Certificate[] allCertificates = new CertFileManager(getCertificateFile(), this.authContext, AuthContext.getPassphraseIndex()).getAllCertificates();
        for (int i = 0; i < allCertificates.length; i++) {
            System.out.println("*************");
            if (this.verbose) {
                System.out.println(new StringBuffer("chain[").append(i).append("] = ").append(allCertificates[i].toString()).toString());
            } else {
                System.out.println(new StringBuffer("Algorithm:").append(allCertificates[i].getPublicKey().getAlgorithm()).toString());
                System.out.println(new StringBuffer("Subject Name:").append(allCertificates[i].getSubjectDN()).toString());
                System.out.println(new StringBuffer("Issuer Name:").append(allCertificates[i].getIssuerDN()).toString());
            }
            System.out.println("*************");
        }
    }

    private void doImportCA(String str) throws Exception {
        String readLine;
        X509Certificate x509Certificate;
        String readLine2;
        FileInputStream fileInputStream = new FileInputStream(str);
        StringBuffer stringBuffer = new StringBuffer(Record.maxExpansion);
        DataInputStream dataInputStream = new DataInputStream(fileInputStream);
        CertFileManager certFileManager = new CertFileManager(getCertificateFile(), this.authContext, AuthContext.getPassphraseIndex());
        boolean z = true;
        do {
            readLine = dataInputStream.readLine();
            if (readLine == null) {
                break;
            }
        } while (!readLine.equals(beginCert));
        if (readLine == null) {
            z = false;
            dataInputStream = new DataInputStream(new FileInputStream(str));
        }
        if (z) {
            System.out.println("Trying PEM format");
            while (true) {
                readLine2 = dataInputStream.readLine();
                if (readLine2 == null || readLine2.equals(endCert)) {
                    break;
                } else {
                    stringBuffer.append(readLine2);
                }
            }
            if (readLine2 == null) {
                throw new IOException("missing END CERTIFICATE");
            }
            x509Certificate = X509Certificate.getInstance(new BASE64Decoder().decodeBuffer(stringBuffer.toString()));
        } else {
            System.out.println("Trying DER format");
            x509Certificate = X509Certificate.getInstance(dataInputStream);
        }
        if (this.alias.equals("")) {
            throw new IOException("No Alias specified");
        }
        if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
            x509Certificate.verify(x509Certificate.getPublicKey());
            if (!askForAcceptance(x509Certificate)) {
                throw new IOException("Cannot accept certificate");
            }
            certFileManager.setCertificate(x509Certificate, this.alias, null);
        }
    }

    private void doCertReq(String str) throws Exception {
        DataInputStream dataInputStream = new DataInputStream(System.in);
        PrintStream printStream = new PrintStream(new FileOutputStream(str));
        X509Key publicKey = this.chain[0].getPublicKey();
        PKCS10 pkcs10 = new PKCS10(publicKey);
        String algorithm = this.privateKey.getAlgorithm();
        if (!publicKey.getAlgorithm().equals(algorithm)) {
            throw new InvalidKeyException(new StringBuffer("Private key algorithm ").append(algorithm).append(" incompatible with certificate ").append(publicKey.getAlgorithm()).toString());
        }
        Signature signature = Signature.getInstance(algorithm);
        signature.initSign(this.privateKey);
        X500Name subjectDN = this.chain[0].getSubjectDN();
        pkcs10.encodeAndSign(X500SignerFactory.newX500Signer(signature, subjectDN));
        String inputString = inputString(dataInputStream, "Who is the Webmaster for this site?", "unknown");
        String inputString2 = inputString(dataInputStream, "What is the E-Mail address of this webmaster?", new StringBuffer("webmaster@").append(subjectDN.getCommonName()).toString());
        String inputString3 = inputString(dataInputStream, "What is the phone number of this webmaster?", "unknown");
        printStream.println(new StringBuffer("Webmaster Name:\t\t").append(inputString).toString());
        printStream.println(new StringBuffer("Webmaster E-Mail:\t").append(inputString2).toString());
        printStream.println(new StringBuffer("Webmaster Telephone:\t").append(inputString3).toString());
        printStream.println();
        printStream.println("Server Software:\tJava Web Server");
        printStream.println("Server Version:\t\t1.0 Alpha4");
        printStream.println();
        printStream.println(new StringBuffer("Common Name:\t\t").append(subjectDN.getCommonName()).toString());
        printStream.println(new StringBuffer("Organizational Unit:\t").append(subjectDN.getOrganizationalUnit()).toString());
        printStream.println(new StringBuffer("Organization:\t\t").append(subjectDN.getOrganization()).toString());
        printStream.println(new StringBuffer("Locality:\t\t").append(subjectDN.getLocality()).toString());
        printStream.println(new StringBuffer("State:\t\t\t").append(subjectDN.getState()).toString());
        printStream.println(new StringBuffer("Country:\t\t").append(subjectDN.getCountry()).toString());
        printStream.println();
        pkcs10.print(printStream);
        printStream.close();
        System.out.println(new StringBuffer("... wrote cert request into ").append(str).toString());
        System.out.println("Submit this to your certificate authority.");
    }

    private X509Certificate[] doCertResponse(String str) throws IOException {
        X509Certificate importPEM = importPEM(new FileInputStream(str));
        CertFileManager certFileManager = new CertFileManager(getCertificateFile(), this.authContext, AuthContext.getPassphraseIndex());
        Vector vector = new Vector(2);
        vector.addElement(importPEM);
        while (!importPEM.getSubjectDN().equals(importPEM.getIssuerDN())) {
            X509Certificate cert = VeriSign.getCert(importPEM.getIssuerDN());
            if (cert == null) {
                X509Certificate[] allCertificates = certFileManager.getAllCertificates();
                for (int i = 0; i < allCertificates.length; i++) {
                    if (allCertificates[i].getSubjectDN().equals(importPEM.getIssuerDN())) {
                        cert = allCertificates[i];
                    }
                }
            }
            if (cert == null) {
                throw new SecurityException(new StringBuffer("unsupported CA, ").append(importPEM.getIssuerDN()).toString());
            }
            try {
                importPEM.verify(cert.getPublicKey());
                vector.addElement(cert);
                importPEM = cert;
                if (this.alias.equals("")) {
                    throw new IOException("No Alias specified");
                }
            } catch (Exception e) {
                throw new SecurityException(new StringBuffer("Certificate verify error: ").append(e.getMessage()).toString());
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        for (int i2 = 0; i2 < vector.size(); i2++) {
            x509CertificateArr[i2] = (X509Certificate) vector.elementAt(i2);
        }
        if (x509CertificateArr[0].getPublicKey().equals(this.chain[0].getPublicKey())) {
            return x509CertificateArr;
        }
        throw new SecurityException("imported cert chain does not use the right public key");
    }

    private boolean askForAcceptance(X509Certificate x509Certificate) throws IOException {
        System.out.println("\n");
        System.out.println(new StringBuffer("Certificate issued by:").append(x509Certificate.getIssuerDN()).toString());
        System.out.println(new StringBuffer("To:").append(x509Certificate.getSubjectDN()).toString());
        System.out.println("\n");
        System.out.print("Do you want to trust this certificate as a CA certificate [yes/no]:");
        return new DataInputStream(System.in).readLine().equals("yes");
    }

    private void lookupAlias(KeyStore keyStore, String str) throws Exception {
        this.privateKey = keyStore.getPrivateKey(str);
        this.chain = keyStore.getCertificateChain(str);
        if (this.privateKey == null || this.chain == null) {
            throw new Exception(new StringBuffer("Alias <").append(str).append("> has no value").toString());
        }
    }

    private X500Name getX500Name() throws IOException {
        X500Name x500Name;
        DataInputStream dataInputStream = new DataInputStream(System.in);
        String str = "Test and Evaluation Only";
        String str2 = "Unknown";
        String str3 = "Unknown";
        String str4 = "Unknown";
        String str5 = "Unknown";
        String hostName = InetAddress.getLocalHost().getHostName();
        do {
            hostName = inputString(dataInputStream, "What is the fully qualified DNS name of the SSL server?", hostName);
            str2 = inputString(dataInputStream, "What is the name of your organization?", str2);
            str = inputString(dataInputStream, "What is the name of your organizational unit?", str);
            str3 = inputString(dataInputStream, "What is the name of your City or Locality?", str3);
            str4 = inputString(dataInputStream, "What is the name of your State or Province?", str4);
            str5 = inputString(dataInputStream, "What is the two-letter country code for this unit?", str5);
            x500Name = new X500Name(hostName, str, str2, str3, str4, str5);
        } while (!inputString(dataInputStream, new StringBuffer("Is <").append(x500Name).append("> correct?").toString(), "no").equalsIgnoreCase("yes"));
        System.out.println();
        return x500Name;
    }

    private String inputString(DataInputStream dataInputStream, String str, String str2) throws IOException {
        System.out.println(str);
        System.out.print(new StringBuffer("  [").append(str2).append("]:  ").toString());
        System.out.flush();
        String readLine = dataInputStream.readLine();
        if (readLine == null || readLine.equals("")) {
            readLine = str2;
        }
        return readLine;
    }

    static X509Certificate importPEM(InputStream inputStream) throws IOException {
        String readLine;
        String readLine2;
        StringBuffer stringBuffer = new StringBuffer(Record.maxExpansion);
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        do {
            readLine = dataInputStream.readLine();
            if (readLine == null) {
                break;
            }
        } while (!readLine.equals(beginCert));
        if (readLine == null) {
            throw new IOException("missing BEGIN CERTIFICATE");
        }
        while (true) {
            readLine2 = dataInputStream.readLine();
            if (readLine2 == null || readLine2.equals(endCert)) {
                break;
            }
            stringBuffer.append(readLine2);
        }
        if (readLine2 == null) {
            throw new IOException("missing END CERTIFICATE");
        }
        try {
            return X509Certificate.getInstance(new BASE64Decoder().decodeBuffer(stringBuffer.toString()));
        } catch (CertificateException e) {
            throw new IOException(e.getMessage());
        }
    }

    private static void dumpPEM(X509Certificate x509Certificate, PrintStream printStream) throws IOException {
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        printStream.println(beginCert);
        try {
            bASE64Encoder.encodeBuffer(x509Certificate.getEncoded(), printStream);
            printStream.println(endCert);
        } catch (CertificateException e) {
            throw new IOException(e.getMessage());
        }
    }

    static PKCS10 importCSR(InputStream inputStream) throws IOException, SignatureException, NoSuchAlgorithmException {
        String readLine;
        String readLine2;
        StringBuffer stringBuffer = new StringBuffer(Record.maxExpansion);
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        do {
            readLine = dataInputStream.readLine();
            if (readLine == null) {
                break;
            }
        } while (!readLine.equals(beginCSR));
        if (readLine == null) {
            throw new IOException("missing BEGIN NEW CERTIFICATE REQUEST");
        }
        while (true) {
            readLine2 = dataInputStream.readLine();
            if (readLine2 == null || readLine2.equals(endCSR)) {
                break;
            }
            stringBuffer.append(readLine2);
        }
        if (readLine2 == null) {
            throw new IOException("missing END NEW CERTIFICATE REQUEST");
        }
        return new PKCS10(new BASE64Decoder().decodeBuffer(stringBuffer.toString()));
    }

    private File getCertificateFile() throws IOException {
        String property = System.getProperty("user.trusted_CA_certs");
        if (property == null) {
            throw new IOException("No file specified");
        }
        return new File(property);
    }
}
