package org.jivesoftware.sparkimpl.certificates;

import java.awt.Component;
import java.awt.HeadlessException;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import javax.naming.InvalidNameException;
import javax.net.ssl.KeyManagerFactory;
import javax.security.auth.x500.X500Principal;
import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;
import javax.swing.table.DefaultTableModel;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jivesoftware.Spark;
import org.jivesoftware.resource.Res;
import org.jivesoftware.spark.ui.login.CertificateDialog;
import org.jivesoftware.spark.ui.login.MutualAuthenticationSettingsPanel;
import org.jivesoftware.sparkimpl.certificates.PemHelper;
import org.jivesoftware.sparkimpl.settings.local.LocalPreferences;

/* loaded from: input_file:org/jivesoftware/sparkimpl/certificates/IdentityController.class */
public class IdentityController extends CertManager {
    private static String organizationUnit;
    private static String organization;
    private static String city;
    private static String country;
    private KeyStore idStore;
    KeyPair keyPair;
    public static final File IDENTITY = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + "identitystore");
    public static final File SECURITY_DIRECTORY = new File(Spark.getSparkUserHome() + File.separator + "security");
    private static String commonName;
    public static File CSR_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_csr.pem");
    public static File KEY_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_key.pem");
    public static File CERT_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_cert.pem");
    private static final String[] COLUMN_NAMES = {"Identity certificates"};
    private static final int NUMBER_OF_COLUMNS = COLUMN_NAMES.length;

    public IdentityController(LocalPreferences localPreferences) {
        Security.addProvider(new BouncyCastleProvider());
        loadKeyStores();
        if (localPreferences == null) {
            throw new IllegalArgumentException("localPreferences cannot be null");
        }
        this.localPreferences = localPreferences;
        createTableModel();
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void loadKeyStores() {
        this.idStore = openKeyStore(IDENTITY);
        this.blackListStore = openKeyStore(BLACKLIST);
        fillTableListWithKeyStoreContent(this.idStore, null);
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void overWriteKeyStores() {
        saveKeyStore(this.idStore, IDENTITY);
    }

    public KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, NoSuchProviderException {
        loadKeyStores();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
        keyManagerFactory.init(this.idStore, passwd);
        return keyManagerFactory;
    }

    public void setUpData(String str, String str2, String str3, String str4, String str5) {
        commonName = str;
        organizationUnit = str2;
        organization = str3;
        country = str4;
        city = str5;
        CSR_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + str + "_csr.pem");
        KEY_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + str + "_key.pem");
        CERT_FILE = new File(Spark.getSparkUserHome() + File.separator + "security" + File.separator + str + "_cert.pem");
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void createTableModel() {
        this.tableModel = new DefaultTableModel();
        this.tableModel.setColumnIdentifiers(COLUMN_NAMES);
        Object[] objArr = new Object[NUMBER_OF_COLUMNS];
        for (CertificateModel certificateModel : this.allCertificates) {
            if (certificateModel.getSubjectCommonName() != null) {
                objArr[0] = certificateModel.getSubjectCommonName();
            } else {
                objArr[0] = certificateModel.getSubject();
            }
            this.tableModel.addRow(objArr);
        }
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void showCertificate() {
        new CertificateDialog(this.localPreferences, this.allCertificates.get(MutualAuthenticationSettingsPanel.getIdTable().getSelectedRow()), this, CertificateDialogReason.SHOW_ID_CERTIFICATE);
    }

    public PKCS10CertificationRequest createCSR(KeyPair keyPair) throws OperatorCreationException {
        return new JcaPKCS10CertificationRequestBuilder(new X500Principal(createX500NameString()), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate()));
    }

    private String createX500NameString() {
        StringBuilder sb = new StringBuilder();
        if (commonName == null || commonName.isEmpty()) {
            throw new IllegalArgumentException("Common Name cannot be empty");
        }
        sb.append("CN=").append(commonName);
        if (organizationUnit != null && !organizationUnit.isEmpty()) {
            sb.append(", OU=").append(organizationUnit);
        }
        if (organization != null && !organization.isEmpty()) {
            sb.append(", O=").append(organization);
        }
        if (city != null && !city.isEmpty()) {
            sb.append(", L=").append(city);
        }
        if (country != null && !country.isEmpty()) {
            sb.append(", C=").append(country);
        }
        return sb.toString();
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void deleteEntry(String str) throws KeyStoreException {
        if (JOptionPane.showConfirmDialog((Component) null, Res.getString("dialog.certificate.sure.to.delete"), (String) null, 0) == 0) {
            this.idStore.deleteEntry(str);
            JOptionPane.showMessageDialog((Component) null, Res.getString("dialog.certificate.has.been.deleted"));
            CertificateModel certificateModel = null;
            for (CertificateModel certificateModel2 : this.allCertificates) {
                if (certificateModel2.getAlias().equals(str)) {
                    certificateModel = certificateModel2;
                }
            }
            this.allCertificates.remove(certificateModel);
        }
        refreshCertTable();
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void addOrRemoveFromExceptionList(boolean z) {
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public boolean isOnExceptionList(CertificateModel certificateModel) {
        return false;
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void refreshCertTable() {
        createTableModel();
        SwingUtilities.invokeLater(() -> {
            MutualAuthenticationSettingsPanel.getIdTable().setModel(this.tableModel);
            this.tableModel.fireTableDataChanged();
        });
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    public void addEntryFileToKeyStore(File file) throws IOException, CertificateException, InvalidKeySpecException, NoSuchAlgorithmException, KeyStoreException, InvalidNameException {
        byte[] readAllBytes = Files.readAllBytes(file.toPath());
        addEntryToKeyStore(parseCertificate(readAllBytes), parseKey(readAllBytes));
    }

    public PrivateKey parseKey(byte[] bArr) throws PEMException, InvalidKeySpecException, NoSuchAlgorithmException {
        return PemHelper.generatePrivateKeyFromDER(PemHelper.parseDERFromPEM(bArr, PemHelper.knowDelimeter(bArr, PemHelper.typeOfDelimeter.KEY_BEGIN), PemHelper.knowDelimeter(bArr, PemHelper.typeOfDelimeter.KEY_END)));
    }

    public X509Certificate parseCertificate(byte[] bArr) throws PEMException, CertificateException {
        return PemHelper.generateCertificateFromDER(PemHelper.parseDERFromPEM(bArr, PemHelper.knowDelimeter(bArr, PemHelper.typeOfDelimeter.CERT_BEGIN), PemHelper.knowDelimeter(bArr, PemHelper.typeOfDelimeter.CERT_END)));
    }

    public void addEntryToKeyStore(X509Certificate x509Certificate, PrivateKey privateKey) throws HeadlessException, InvalidNameException, KeyStoreException {
        CertificateModel certificateModel = new CertificateModel(x509Certificate);
        CertificateDialog certificateDialog = null;
        if (!checkForSameCertificate(x509Certificate)) {
            certificateDialog = showCertificate(certificateModel, CertificateDialogReason.ADD_ID_CERTIFICATE);
        }
        if (certificateDialog == null || !certificateDialog.isAddCert()) {
            return;
        }
        this.idStore.setKeyEntry(useCommonNameAsAlias(x509Certificate), privateKey, passwd, new X509Certificate[]{x509Certificate});
        this.allCertificates.add(new CertificateModel(x509Certificate));
        refreshCertTable();
        JOptionPane.showMessageDialog((Component) null, Res.getString("dialog.certificate.has.been.added.to.identity.store"));
    }

    @Override // org.jivesoftware.sparkimpl.certificates.CertManager
    protected boolean checkForSameAlias(String str) throws HeadlessException, KeyStoreException {
        return this.idStore.containsAlias(str);
    }

    public KeyPair createKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        this.keyPair = keyPairGenerator.generateKeyPair();
        return this.keyPair;
    }

    public X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws CertIOException, OperatorCreationException, CertificateException {
        long currentTimeMillis = System.currentTimeMillis();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        X500Name x500Name = new X500Name(createX500NameString());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(currentTimeMillis), new Date(System.currentTimeMillis() - 1000000000), new Date(System.currentTimeMillis() + 1000000000), x500Name, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(160));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())));
    }
}
