package utils;

import com.rsa.certj.cert.AttributeValueAssertion;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.RDN;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.AuthorityKeyID;
import com.rsa.certj.cert.extensions.BasicConstraints;
import com.rsa.certj.cert.extensions.KeyUsage;
import com.rsa.certj.cert.extensions.SubjectKeyID;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_KeyPair;
import com.rsa.jsafe.JSAFE_Parameters;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import com.rsa.jsafe.cert.KeyIdentifier;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;
import weblogic.management.bootstrap.WeblogicHome;
import weblogic.security.SSL.jsseadapter.RSAPKFactory;
import weblogic.security.internal.encryption.JSafeEncryptionServiceImpl;
import weblogic.utils.encoders.BASE64Decoder;

/* loaded from: input_file:utils/CertGen.class */
public class CertGen {
    public static final String COUNTRY_PROPERTY = "x500name.country";
    public static final String STATE_PROPERTY = "x500name.state";
    public static final String LOCALITY_PROPERTY = "x500name.town";
    public static final String ORGANIZATION_PROPERTY = "x500name.organization";
    public static final String ORG_UNIT_PROPERTY = "x500name.orgunit";
    public static final String COMMON_NAME_PROPERTY = "x500name.commonname";
    public static final String EMAIL_PROPERTY = "x500name.email";
    private static final String DEFAULT_COUNTRY = "US";
    private static final String DEFAULT_STATE = "MyState";
    private static final String DEFAULT_LOCALITY = "MyTown";
    private static final String DEFAULT_ORGANIZATION = "MyOrganization";
    private static final String DEFAULT_ORG_UNIT = "FOR TESTING ONLY";
    private static final String DEFAULT_COMMON_NAME = "localhost";
    private static final String DEFAULT_CA_CERT = "CertGenCA.der";
    private static final String DEFAULT_CA_KEY = "CertGenCAKey.der";
    private static final String DEFAULT_CA_PWD = "password";
    private static final int CERT_YEARS_VALID = 15;
    private static final int CA_YEARS_VALID = 20;
    private static final int EXPORT_KEY_STRENGTH = 512;
    private static final int DOMESTIC_KEY_STRENGTH = 2048;
    private static final String DIGEST_ALGORITHM = "SHA256";
    private static final String[] KEY_USAGE_NAMES = {"digitalSignature", "nonRepudiation", "keyEncipherment", "dataEncipherment", "keyAgreement", "keyCertSign", "cRLSign", "encipherOnly", "decipherOnly"};
    private static final int[] KEY_USAGE_BITS = {Integer.MIN_VALUE, 1073741824, 536870912, 268435456, 134217728, 67108864, 33554432, 16777216, 8388608};
    private JSAFE_SecureRandom random;
    private JSAFE_PrivateKey issuerPrivateKey;
    private X500Name issuerName;
    private SubjectKeyID issuerSubjectKeyID;
    private JSAFE_PrivateKey subjectPrivateKey;
    private JSAFE_PublicKey subjectPublicKey;
    private X500Name subjectName;
    private X509Certificate subjectCert;
    private int keyStrength;
    private String digestAlgorithm;
    private boolean noSkid;
    private KeyUsage keyUsage;
    private SubjectKeyID subjectKeyIdentifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:utils/CertGen$KeyUsageException.class */
    public static class KeyUsageException extends CertificateException {
        public KeyUsageException(String str) {
            super(str);
        }
    }

    public CertGen(boolean z) throws Exception {
        this(z ? 512 : 2048);
    }

    public CertGen(int i) throws Exception {
        this.keyStrength = 2048;
        this.digestAlgorithm = "SHA256";
        this.noSkid = false;
        this.keyUsage = null;
        this.subjectKeyIdentifier = null;
        this.random = JSAFE_SecureRandom.getInstance("HMACDRBG", "Java");
        this.random.seed(generateSeed());
        this.keyStrength = i;
    }

    public void setSubjectKeyIdentifier(byte[] bArr) {
        this.subjectKeyIdentifier = bArr != null ? new SubjectKeyID(bArr, 0, bArr.length, false) : null;
    }

    public void setKeyUsage(int i, boolean z) {
        this.keyUsage = new KeyUsage(i, z);
    }

    public void setDigestAlgorithm(String str) {
        this.digestAlgorithm = str;
    }

    public void setNoSkid(boolean z) {
        this.noSkid = z;
    }

    public PrivateKey getSubjectPrivateKey() throws Exception {
        return convert(this.subjectPrivateKey);
    }

    public Certificate getSubjectCertificate() throws Exception {
        return convert(this.subjectCert);
    }

    private static byte[] generateSeed() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("IDH").append(System.identityHashCode(stringBuffer));
        stringBuffer.append("FM").append(Runtime.getRuntime().freeMemory());
        stringBuffer.append("CT").append(System.currentTimeMillis());
        Enumeration elements = System.getProperties().elements();
        while (elements.hasMoreElements()) {
            stringBuffer.append(elements.nextElement());
        }
        stringBuffer.append("VHC").append(stringBuffer.hashCode());
        return stringBuffer.toString().getBytes();
    }

    private void generateKeys() throws Exception {
        JSAFE_KeyPair jSAFE_KeyPair = JSAFE_KeyPair.getInstance("RSA", "Java");
        try {
            jSAFE_KeyPair.generateInit((JSAFE_Parameters) null, new int[]{this.keyStrength, 65537}, this.random);
            jSAFE_KeyPair.generate();
            this.subjectPublicKey = jSAFE_KeyPair.getPublicKey();
            this.subjectPrivateKey = jSAFE_KeyPair.getPrivateKey();
            if (jSAFE_KeyPair != null) {
                jSAFE_KeyPair.clearSensitiveData();
            }
        } catch (Throwable th) {
            if (jSAFE_KeyPair != null) {
                jSAFE_KeyPair.clearSensitiveData();
            }
            throw th;
        }
    }

    private void generateSubject(Properties properties) throws Exception {
        generateKeys();
        this.subjectName = createX500Name(properties);
    }

    public void generateCACertificate(Properties properties) throws Exception {
        generateSubject(properties);
        this.issuerPrivateKey = this.subjectPrivateKey;
        this.issuerName = this.subjectName;
        checkForConflictingKeyUsage(this.keyUsage);
        generateCertificate(true);
    }

    public void generateCertificate(Properties properties) throws Exception {
        generateCertificate(properties, findFile(DEFAULT_CA_CERT), findFile(DEFAULT_CA_KEY), "password");
    }

    public void generateCertificate(Properties properties, String str, String str2, String str3) throws Exception {
        generateCertificate(properties, loadX509Certificate(str), loadPKCS8PrivateKey(str2, str3));
    }

    public void generateCertificate(Properties properties, X509Certificate x509Certificate, JSAFE_PrivateKey jSAFE_PrivateKey) throws Exception {
        generateSubject(properties);
        this.issuerName = x509Certificate.getSubjectName();
        this.issuerPrivateKey = jSAFE_PrivateKey;
        this.issuerSubjectKeyID = (SubjectKeyID) x509Certificate.getExtensions().getExtensionByType(14);
        checkCAKeyUsage(x509Certificate);
        checkForConflictingKeyUsage(this.keyUsage);
        generateCertificate(false);
    }

    private void generateCertificate(boolean z) throws Exception {
        X509Certificate x509Certificate = new X509Certificate();
        x509Certificate.setVersion(2);
        byte[] bArr = new byte[16];
        this.random.generateRandomBytes(bArr, 0, bArr.length);
        x509Certificate.setSerialNumber(bArr, 0, bArr.length);
        X509V3Extensions x509V3Extensions = new X509V3Extensions(1);
        if (this.keyUsage != null) {
            x509V3Extensions.addV3Extension(this.keyUsage);
        } else if (z) {
            x509V3Extensions.addV3Extension(new KeyUsage(67108864, true));
        }
        if (z) {
            x509V3Extensions.addV3Extension(new BasicConstraints(true, 1, true));
        } else {
            AuthorityKeyID authorityKeyID = getAuthorityKeyID();
            if (authorityKeyID != null) {
                x509V3Extensions.addV3Extension(authorityKeyID);
            }
        }
        if (!this.noSkid) {
            if (this.subjectKeyIdentifier != null) {
                x509V3Extensions.addV3Extension(this.subjectKeyIdentifier);
            } else {
                x509V3Extensions.addV3Extension(getSubjectKeyID());
            }
        }
        x509Certificate.setExtensions(x509V3Extensions);
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Date time = calendar.getTime();
        calendar.add(5, 1);
        calendar.set(1, calendar.get(1) + (z ? 20 : 15));
        x509Certificate.setValidity(time, calendar.getTime());
        x509Certificate.setSubjectName(this.subjectName);
        x509Certificate.setSubjectPublicKey(this.subjectPublicKey);
        x509Certificate.setIssuerName(this.issuerName);
        if (CryptoJ.getMode() == 0) {
            CryptoJ.setMode(2);
        }
        x509Certificate.signCertificate(this.digestAlgorithm + "/RSA/PKCS1Block01Pad", "Java", this.issuerPrivateKey, this.random);
        this.subjectCert = x509Certificate;
    }

    private SubjectKeyID getSubjectKeyID() throws JSAFE_UnimplementedException, NoSuchAlgorithmException, InvalidKeySpecException {
        byte[][] keyData = this.subjectPublicKey.getKeyData("RSAPublicKey");
        byte[] generateKeyIdentifier = KeyIdentifier.generateKeyIdentifier(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(keyData[0]), new BigInteger(keyData[1]))));
        return new SubjectKeyID(generateKeyIdentifier, 0, generateKeyIdentifier.length, false);
    }

    private AuthorityKeyID getAuthorityKeyID() {
        AuthorityKeyID authorityKeyID = null;
        if (this.issuerSubjectKeyID != null) {
            authorityKeyID = new AuthorityKeyID();
            byte[] keyID = this.issuerSubjectKeyID.getKeyID();
            authorityKeyID.setKeyID(keyID, 0, keyID.length);
        }
        return authorityKeyID;
    }

    private static boolean checkCAKeyUsage(X509Certificate x509Certificate) throws CertificateException {
        KeyUsage keyUsage;
        X509V3Extensions extensions = x509Certificate.getExtensions();
        if (extensions == null || (keyUsage = (KeyUsage) extensions.getExtensionByType(15)) == null) {
            return true;
        }
        int keyUsage2 = keyUsage.getKeyUsage();
        if (keyUsage2 == 0 || (keyUsage2 & 67108864) == 0 || (keyUsage2 & 16777216) != 0 || (keyUsage2 & 8388608) != 0) {
            throw new KeyUsageException("The CA with subject name of \"" + x509Certificate.getSubjectName() + "\" has invalid keyusage setting of [" + getKeyUsageSetting(keyUsage2) + "]");
        }
        return true;
    }

    private static boolean checkForConflictingKeyUsage(KeyUsage keyUsage) throws CertificateException {
        if (keyUsage == null) {
            return true;
        }
        int keyUsage2 = keyUsage.getKeyUsage();
        if (keyUsage2 == 0) {
            return false;
        }
        if ((keyUsage2 & 16777216) != 0) {
            if ((keyUsage2 & 8388608) != 0) {
                throw new KeyUsageException("Conflicting keyusage setting between 'encipherOnly' and 'decipherOnly'");
            }
            if ((keyUsage2 & 67108864) != 0) {
                throw new KeyUsageException("Conflicting keyusage setting between 'encipherOnly' and 'keyCertSign'");
            }
        }
        if ((keyUsage2 & 8388608) == 0) {
            return false;
        }
        if ((keyUsage2 & 16777216) != 0) {
            throw new KeyUsageException("Conflicting keyusage setting between 'encipherOnly' and 'decipherOnly'");
        }
        if ((keyUsage2 & 67108864) != 0) {
            throw new KeyUsageException("Conflicting keyusage setting between 'decipherOnly' and 'keyCertSign'");
        }
        return false;
    }

    private static String getKeyUsageSetting(int i) {
        StringBuffer stringBuffer = new StringBuffer();
        if ((i & Integer.MIN_VALUE) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[0]).append(", ");
        }
        if ((i & 1073741824) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[1]).append(", ");
        }
        if ((i & 536870912) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[2]).append(", ");
        }
        if ((i & 268435456) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[3]).append(", ");
        }
        if ((i & 134217728) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[4]).append(", ");
        }
        if ((i & 67108864) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[5]).append(", ");
        }
        if ((i & 33554432) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[6]).append(", ");
        }
        if ((i & 16777216) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[7]).append(", ");
        }
        if ((i & 8388608) != 0) {
            stringBuffer.append(KEY_USAGE_NAMES[8]).append(", ");
        }
        String stringBuffer2 = stringBuffer.toString();
        int lastIndexOf = stringBuffer2.lastIndexOf(", ");
        if (lastIndexOf != -1) {
            stringBuffer2 = stringBuffer2.substring(0, lastIndexOf);
        }
        return stringBuffer2;
    }

    public static byte[] getPrivateKeyData(JSAFE_PrivateKey jSAFE_PrivateKey, char[] cArr) throws Exception {
        byte[] bArr = {0, 17, 34, 51, 68, 85, 102, 119};
        JSAFE_SymmetricCipher symmetricCipher = JSafeEncryptionServiceImpl.getSymmetricCipher("PBE/MD5/DES/CBC/PKCS5PBE-5-56", "Java");
        symmetricCipher.setSalt(bArr, 0, bArr.length);
        JSAFE_SecretKey blankKey = symmetricCipher.getBlankKey();
        blankKey.setPassword(cArr, 0, cArr.length);
        symmetricCipher.encryptInit(blankKey, (SecureRandom) null);
        return symmetricCipher.wrapPrivateKey(jSAFE_PrivateKey, true);
    }

    public static void writePKCS8PrivateKey(JSAFE_PrivateKey jSAFE_PrivateKey, String str, String str2) throws Exception {
        byte[] privateKeyData = getPrivateKeyData(jSAFE_PrivateKey, str.toCharArray());
        FileOutputStream fileOutputStream = new FileOutputStream(str2 + ".der");
        fileOutputStream.write(privateKeyData);
        fileOutputStream.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(privateKeyData);
        FileOutputStream fileOutputStream2 = new FileOutputStream(str2 + ".pem");
        der2pem.convertEncryptedKey(byteArrayInputStream, fileOutputStream2);
        byteArrayInputStream.close();
        fileOutputStream2.close();
    }

    private static void writeX509Certificate(X509Certificate x509Certificate, String str) throws Exception {
        byte[] bArr = new byte[x509Certificate.getDERLen(0)];
        x509Certificate.getDEREncoding(bArr, 0, 0);
        FileOutputStream fileOutputStream = new FileOutputStream(str + ".der");
        fileOutputStream.write(bArr);
        fileOutputStream.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        FileOutputStream fileOutputStream2 = new FileOutputStream(str + ".pem");
        der2pem.convertCertificate(byteArrayInputStream, fileOutputStream2);
        byteArrayInputStream.close();
        fileOutputStream2.close();
    }

    private static JSAFE_PrivateKey loadPKCS8PrivateKey(String str, String str2) throws Exception {
        byte[] readFile = readFile(str);
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSafeEncryptionServiceImpl.getNonFIPS140Ctx() == null ? JSAFE_SymmetricCipher.getInstance(readFile, 0, "Java") : JSAFE_SymmetricCipher.getInstance(readFile, 0, "Java", JSafeEncryptionServiceImpl.getNonFIPS140Ctx());
        JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
        blankKey.setPassword(str2.toCharArray(), 0, str2.length());
        jSAFE_SymmetricCipher.decryptInit(blankKey, (SecureRandom) null);
        return jSAFE_SymmetricCipher.unwrapPrivateKey(readFile, 0, readFile.length, true);
    }

    private static X509Certificate loadX509Certificate(String str) throws Exception {
        return new X509Certificate(readFile(str), 0, 0);
    }

    private static byte[] readFile(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(fileInputStream.available());
        while (true) {
            int read = fileInputStream.read();
            if (read == -1) {
                fileInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(read);
        }
    }

    private static X500Name createX500Name(Properties properties) throws NameException {
        if (properties == null) {
            properties = new Properties();
        }
        AttributeValueAssertion[] attributeValueAssertionArr = {new AttributeValueAssertion(1, AttributeValueAssertion.COUNTRY_NAME_OID, 4864, properties.getProperty(COUNTRY_PROPERTY, DEFAULT_COUNTRY)), new AttributeValueAssertion(3, AttributeValueAssertion.STATE_NAME_OID, 3072, properties.getProperty(STATE_PROPERTY, DEFAULT_STATE)), new AttributeValueAssertion(2, AttributeValueAssertion.LOCALITY_NAME_OID, 3072, properties.getProperty(LOCALITY_PROPERTY, DEFAULT_LOCALITY)), new AttributeValueAssertion(4, AttributeValueAssertion.ORGANIZATION_NAME_OID, 3072, properties.getProperty(ORGANIZATION_PROPERTY, DEFAULT_ORGANIZATION)), new AttributeValueAssertion(5, AttributeValueAssertion.ORGANIZATIONAL_UNIT_NAME_OID, 3072, properties.getProperty(ORG_UNIT_PROPERTY, DEFAULT_ORG_UNIT)), new AttributeValueAssertion(0, AttributeValueAssertion.COMMON_NAME_OID, 3072, properties.getProperty(COMMON_NAME_PROPERTY, "localhost"))};
        X500Name x500Name = new X500Name();
        for (AttributeValueAssertion attributeValueAssertion : attributeValueAssertionArr) {
            RDN rdn = new RDN();
            rdn.addNameAVA(attributeValueAssertion);
            x500Name.addRDN(rdn);
        }
        String property = properties.getProperty(EMAIL_PROPERTY);
        if (property != null) {
            RDN rdn2 = new RDN();
            rdn2.addNameAVA(new AttributeValueAssertion(7, AttributeValueAssertion.EMAIL_ADDRESS_OID, 5632, property));
            x500Name.addRDN(rdn2);
        }
        return x500Name;
    }

    private static String findFile(String str) throws FileNotFoundException {
        String str2 = str;
        if (!new File(str2).exists()) {
            File file = new File(new File(WeblogicHome.getWebLogicHome(), "lib"), str);
            if (!file.exists()) {
                throw new FileNotFoundException("Cannot find file: " + str);
            }
            str2 = file.getAbsolutePath();
        }
        return str2;
    }

    public static Certificate convert(X509Certificate x509Certificate) throws Exception {
        if (x509Certificate == null) {
            return null;
        }
        byte[] bArr = new byte[x509Certificate.getDERLen(0)];
        x509Certificate.getDEREncoding(bArr, 0, 0);
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    public static PrivateKey convert(JSAFE_PrivateKey jSAFE_PrivateKey) throws Exception {
        if (jSAFE_PrivateKey == null) {
            return null;
        }
        return getPKCS8EncodedPrivateKey(getPrivateKeyData(jSAFE_PrivateKey, " ".toCharArray()), " ".toCharArray());
    }

    private static PrivateKey getPKCS8EncodedPrivateKey(byte[] bArr, char[] cArr) throws Exception {
        return RSAPKFactory.getPrivateKey(new ByteArrayInputStream(bArr), cArr);
    }

    public static int getKeyUsageBitForName(String str) throws IllegalArgumentException {
        for (int i = 0; i < KEY_USAGE_NAMES.length; i++) {
            if (str.equalsIgnoreCase(KEY_USAGE_NAMES[i])) {
                return KEY_USAGE_BITS[i];
            }
        }
        throw new IllegalArgumentException(str);
    }

    private static String[] parseList(String str, String str2) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, str2);
        String[] strArr = new String[stringTokenizer.countTokens()];
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            strArr[i] = stringTokenizer.nextToken().trim();
            i++;
        }
        return strArr;
    }

    private static void printError(String str) {
        printUsage(str, true);
    }

    private static void printUsage(String str) {
        printUsage(str, false);
    }

    private static void printUsage(String str, boolean z) {
        if (str != null) {
            System.out.println();
            System.out.println(str);
        }
        System.out.println("\nUsage: java utils.CertGen\n\t-certfile <cert_file> -keyfile <private_key_file>\n\t-keyfilepass <private_key_password>\n\t[-cacert <ca_cert_file>][-cakey <ca_key_file>]\n\t[-cakeypass <ca_key_password>]\n\t[-selfsigned][-strength <key_strength>]\n\t[-digestalgorithm <message digest algorithm such as MD5, SHA1, or SHA256>]\n\t[-e <email_address>][-cn <common_name>]\n\t[-ou <org_unit>][-o <organization>]\n\t[-l <locality>][-s <state>][-c <country_code>]\n\t[-keyusage [digitalSignature,nonRepudiation,keyEncipherment,\n\t\tdataEncipherment,keyAgreement,keyCertSign,\n\t\tcRLSign,encipherOnly,decipherOnly]]\n\t[-keyusagecritical true|false]\n\t[-noskid]\n\t[-subjectkeyid <subject_key_identifier>]\n\t[-subjectkeyidformat UTF-8|BASE64]\n\t[-help]\n");
        if (z) {
            return;
        }
        System.out.println("Where:\n-cacert, -cakey, -cakeypass\n\tpublic certificate, private key file names, and private key\n\tpassword of the CA to be used as an issuer of the generated\n\tcertificate. When these options are not specified Demo CA files:\n\tCertGenCA.der, CertGenCAKey.der from the current working directory\n\tor from WebLogic lib directory will be used.\n\n-selfsigned\n\tgenerate a self-signed certificate. CA options will be ignored\n\twhen this option is specified\n\n-digestalgorithm\n\tThe message digest algorithm used with the signature algorithm to sign the certificate.\n\n-certfile, -keyfile\n\toutput file names without extensions for the generated public\n\tcertificate and private key. Appropriate extensions are appended\n\twhen the pem and der files are created.\n\n-keyfilepass\n\tpassword of the generated private key.\n\n-strength\n\tsize of the generated keys. The default is 2048 bits.\n\n-e, -cn, -ou, -o, -l, -s, -c\n\tSubject DN attributes of the generated public certificate.\n\n-keyusage\n\tgenerate certificate with keyusage extension, and with bits set\n\taccording to the comma-separated list of bit names.\n\tExtension will be marked as critical by default.\n\tUse [-keyusagecritical false] to generate certificate with\n\tnon-critical extension.\n\n-noskid\n\tdo not include subject key identifier extension in the certificate.\n\t-subjectkeyid and -subjectkeyidformat will be ignored if -noskid is present.\n\n-subjectkeyid\n\tgenerate certificate with the specified subject key identifier\n\tUse [-subjectkeyidformat UTF-8|BASE64] to indicate the format of\n\tthe specified subject key identifier string. The default is UTF-8.\n");
    }

    public static void main(String[] strArr) {
        boolean z = false;
        try {
            z = generateCertificate(strArr);
        } catch (Throwable th) {
            th.printStackTrace();
            printError("Unexpected exception while generating certificate");
        }
        System.exit(z ? 0 : 1);
    }

    public static boolean generateCertificate(String[] strArr) throws Exception {
        String[] strArr2;
        if (strArr.length == 0) {
            printUsage(null);
            return false;
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        boolean z = false;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        int i = 2048;
        String[] strArr3 = null;
        boolean z2 = true;
        String str8 = null;
        String str9 = "UTF-8";
        Properties properties = new Properties();
        boolean z3 = false;
        int i2 = 0;
        while (i2 < strArr.length) {
            try {
                if (strArr[i2].equals("-help")) {
                    printUsage(null);
                    return false;
                }
                if (strArr[i2].equals("-cacert")) {
                    i2++;
                    str = strArr[i2];
                } else if (strArr[i2].equals("-cakey")) {
                    i2++;
                    str2 = strArr[i2];
                } else if (strArr[i2].equals("-cakeypass")) {
                    i2++;
                    str3 = strArr[i2];
                } else if (strArr[i2].equals("-selfsigned")) {
                    z = true;
                } else if (strArr[i2].equals("-digestalgorithm")) {
                    i2++;
                    str4 = strArr[i2].toUpperCase();
                } else if (strArr[i2].equals("-certfile")) {
                    i2++;
                    str5 = strArr[i2];
                } else if (strArr[i2].equals("-keyfile")) {
                    i2++;
                    str6 = strArr[i2];
                } else if (strArr[i2].equals("-keyfilepass")) {
                    i2++;
                    str7 = strArr[i2];
                } else if (strArr[i2].equals("-strength")) {
                    i2++;
                    i = Integer.parseInt(strArr[i2]);
                } else if (strArr[i2].equals("-e")) {
                    i2++;
                    properties.setProperty(EMAIL_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-cn")) {
                    i2++;
                    properties.setProperty(COMMON_NAME_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-ou")) {
                    i2++;
                    properties.setProperty(ORG_UNIT_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-o")) {
                    i2++;
                    properties.setProperty(ORGANIZATION_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-l")) {
                    i2++;
                    properties.setProperty(LOCALITY_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-s")) {
                    i2++;
                    properties.setProperty(STATE_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-c")) {
                    i2++;
                    properties.setProperty(COUNTRY_PROPERTY, strArr[i2]);
                } else if (strArr[i2].equals("-keyusage")) {
                    if (i2 + 1 >= strArr.length || strArr[i2 + 1].startsWith("-")) {
                        strArr2 = new String[0];
                    } else {
                        i2++;
                        strArr2 = parseList(strArr[i2], ",");
                    }
                    strArr3 = strArr2;
                } else if (strArr[i2].equals("-keyusagecritical")) {
                    i2++;
                    z2 = Boolean.parseBoolean(strArr[i2]);
                } else if (strArr[i2].equals("-noskid")) {
                    z3 = true;
                } else if (strArr[i2].equals("-subjectkeyid")) {
                    i2++;
                    str8 = strArr[i2];
                } else {
                    if (!strArr[i2].equals("-subjectkeyidformat")) {
                        if (i2 == 0 && strArr.length >= 3) {
                            return oldCertGen(strArr);
                        }
                        printError("Unknown option: " + strArr[i2]);
                        return false;
                    }
                    i2++;
                    str9 = strArr[i2];
                }
                i2++;
            } catch (ArrayIndexOutOfBoundsException e) {
                printError("Please specify a value for " + strArr[strArr.length - 1]);
                return false;
            } catch (NumberFormatException e2) {
                printError("Please specify a valid integer value for " + strArr[i2 - 1]);
                return false;
            }
        }
        if (str6 == null) {
            printError("Please specify an output file name for the generated private key");
            return false;
        }
        if (str7 == null) {
            printError("Please specify a password for the generated private key");
            return false;
        }
        if (str5 == null) {
            printError("Please specify an output file name for the generated certificate");
            return false;
        }
        int i3 = 0;
        if (strArr3 != null) {
            for (String str10 : strArr3) {
                try {
                    i3 |= getKeyUsageBitForName(str10);
                } catch (IllegalArgumentException e3) {
                    printError("Unexpected key usage name: " + str10);
                    return false;
                }
            }
        }
        byte[] bArr = null;
        if (!z3 && str8 != null) {
            if (str9.equalsIgnoreCase("UTF-8")) {
                bArr = str8.getBytes("UTF-8");
            } else {
                if (!str9.equalsIgnoreCase("BASE64")) {
                    printError("The subjectkeyidformat must be 'UTF-8' or 'BASE64'.");
                    return false;
                }
                try {
                    bArr = new BASE64Decoder().decodeBuffer(str8);
                } catch (IOException e4) {
                    System.out.println("Could not base64 decode the subject key identifier.");
                    System.out.println("Either specify a base64 encoded subject key identifier or ");
                    System.out.println("specify '-subjectkeyidentifierformat UTF-8' if the subject key identifier is an ASCII string");
                    System.out.println(e4);
                    return false;
                }
            }
        }
        CertGen certGen = new CertGen(i);
        if (strArr3 != null) {
            certGen.setKeyUsage(i3, z2);
        }
        if (bArr != null) {
            certGen.setSubjectKeyIdentifier(bArr);
        }
        if (str4 != null) {
            certGen.setDigestAlgorithm(str4);
        }
        if (z3) {
            certGen.setNoSkid(z3);
        }
        if (!properties.containsKey(COMMON_NAME_PROPERTY)) {
            properties.setProperty(COMMON_NAME_PROPERTY, InetAddress.getLocalHost().getHostName());
        }
        try {
            if (z) {
                System.out.println("Generating a self signed certificate with common name " + properties.getProperty(COMMON_NAME_PROPERTY) + " and key strength " + i);
                certGen.generateCACertificate(properties);
            } else {
                if (str == null) {
                    str = findFile(DEFAULT_CA_CERT);
                }
                if (str2 == null) {
                    str2 = findFile(DEFAULT_CA_KEY);
                    if (str3 == null) {
                        str3 = "password";
                    }
                } else if (str3 == null) {
                    System.out.println("Please specify password for the key from " + str2 + " file");
                    return false;
                }
                System.out.println("Generating a certificate with common name " + properties.getProperty(COMMON_NAME_PROPERTY) + " and key strength " + i + "\nissued by CA with certificate from " + str + " file and key from " + str2 + " file");
                if (!z3 && str8 != null) {
                    System.out.println("with subject key identifier " + str8);
                }
                certGen.generateCertificate(properties, str, str2, str3);
            }
            try {
                writePKCS8PrivateKey(certGen.subjectPrivateKey, str7, str6);
                try {
                    writeX509Certificate(certGen.subjectCert, str5);
                    return true;
                } catch (Exception e5) {
                    System.out.println("Failed to write generated certificate to " + str5);
                    System.out.println(e5.getMessage());
                    return false;
                }
            } catch (Exception e6) {
                System.out.println("Failed to write generated private key to " + str6);
                System.out.println(e6.getMessage());
                return false;
            }
        } catch (CertificateException e7) {
            System.out.println("Failed to generate the certificate:\n" + e7.getMessage());
            System.out.println("Make sure the country code contains only printable characters, and values of the other subject name fields are valid.");
            return false;
        } catch (NameException e8) {
            System.out.println("Failed to generate the certificate:\n" + e8.getMessage());
            if (properties.getProperty(COUNTRY_PROPERTY, DEFAULT_COUNTRY).length() != 2) {
                System.out.println("The country code must consist of two printable characters.");
                return false;
            }
            System.out.println("Make sure the values of the subject name fields are valid.");
            return false;
        } catch (IOException e9) {
            if (z) {
                System.out.println("Failed to generate the certificate:");
            } else {
                System.out.println("Failed to read one of the CA files: " + str + ", or " + str2);
            }
            System.out.println(e9.getMessage());
            return false;
        } catch (KeyUsageException e10) {
            System.out.println("Failed to generate the certificate:\n" + e10.getMessage());
            return false;
        } catch (Exception e11) {
            System.out.println("Failed to generate the certificate:\n" + e11.getMessage());
            if (z) {
                return false;
            }
            System.out.println("Make sure the CA files are in DER format.");
            return false;
        } catch (JSAFE_InvalidUseException e12) {
            System.out.println("Failed to generate the certificate:\n" + e12.getMessage());
            if (i != 2048) {
                System.out.println("Make sure the key strength value is valid.");
            }
            if (z) {
                return false;
            }
            System.out.println("Make sure the CA key password is valid.");
            return false;
        }
    }

    @Deprecated
    private static boolean oldCertGen(String[] strArr) throws Exception {
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        boolean z = strArr.length > 3 && strArr[3].equalsIgnoreCase("EXPORT");
        String hostName = strArr.length > 4 ? strArr[4] : InetAddress.getLocalHost().getHostName();
        boolean z2 = strArr.length > 5 && strArr[5].equalsIgnoreCase("GENCA");
        System.out.println("......  Will generate " + (z2 ? "new CA certificate (self signed)" : "certificate signed by CA from CertGenCA.der file"));
        System.out.println("......  With " + (z ? "Export" : "Domestic") + " Key Strength");
        System.out.println("......  Common Name will have Hostname " + hostName);
        Properties properties = new Properties();
        properties.setProperty(COMMON_NAME_PROPERTY, hostName);
        CertGen certGen = new CertGen(z);
        try {
            if (z2) {
                certGen.generateCACertificate(properties);
            } else {
                certGen.generateCertificate(properties);
            }
            System.out.println("......  Issuer CA name is " + certGen.issuerName);
            try {
                writePKCS8PrivateKey(certGen.subjectPrivateKey, str, str3);
                writeX509Certificate(certGen.subjectCert, str2);
                return true;
            } catch (Exception e) {
                System.out.println("Failed to write to file\n" + e.getMessage());
                return false;
            }
        } catch (Exception e2) {
            System.out.println("Failed to generate the certificate\n" + e2.getMessage());
            return false;
        }
    }
}
