package de.blitzdose.minecraftserverremote;

import inet.ipaddr.HostName;
import inet.ipaddr.HostNameException;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/blitzdose/minecraftserverremote/CertificateTool.class */
public class CertificateTool {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore keystoreFromCertificate(File file, File file2) {
        byte[] parseDERFromPEM;
        RSAPrivateKey generatePrivateKeyFromDER1;
        try {
            byte[] parseDERFromPEM2 = parseDERFromPEM(Files.readAllBytes(file.toPath()), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
            try {
                parseDERFromPEM = parseDERFromPEM(Files.readAllBytes(file2.toPath()), "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
            } catch (IndexOutOfBoundsException e) {
                parseDERFromPEM = parseDERFromPEM(Files.readAllBytes(file2.toPath()), "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----");
            }
            X509Certificate generateCertificateFromDER = generateCertificateFromDER(parseDERFromPEM2);
            try {
                generatePrivateKeyFromDER1 = generatePrivateKeyFromDER8(parseDERFromPEM);
            } catch (InvalidKeySpecException e2) {
                generatePrivateKeyFromDER1 = generatePrivateKeyFromDER1(file2);
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            keyStore.setKeyEntry("key", generatePrivateKeyFromDER1, "2-X>5h5^-!/'c(ELoT;)8O7I=-I<NMs)/{t8e~#0754>l=4".toCharArray(), new X509Certificate[]{generateCertificateFromDER});
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    private static byte[] parseDERFromPEM(byte[] bArr, String str, String str2) throws IndexOutOfBoundsException {
        return Base64.getDecoder().decode(new String(bArr).split(str)[1].split(str2)[0].replaceAll("[\n|\r]", ""));
    }

    private static RSAPrivateKey generatePrivateKeyFromDER8(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static RSAPrivateKey generatePrivateKeyFromDER1(File file) throws IOException {
        PrivateKeyInfo privateKeyInfo = null;
        Object readObject = new PEMParser(new FileReader(file)).readObject();
        if (readObject instanceof PrivateKeyInfo) {
            privateKeyInfo = (PrivateKeyInfo) readObject;
        } else if (readObject instanceof PEMKeyPair) {
            privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
        }
        return (RSAPrivateKey) new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
    }

    private static X509Certificate generateCertificateFromDER(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    static X509Certificate generateCertificateSelfSigned(String str, KeyPair keyPair, int i, String str2) throws GeneralSecurityException, IOException, OperatorCreationException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        Instant now = Instant.now();
        Date from = Date.from(now);
        Date from2 = Date.from(now.plus((TemporalAmount) Duration.ofDays(i)));
        ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[1];
        aSN1EncodableArr[0] = isIP(new HostName(str.substring(str.indexOf("=") + 1))) ? new GeneralName(7, str.substring(str.indexOf("=") + 1)) : new GeneralName(2, str.substring(str.indexOf("=") + 1));
        ContentSigner build = new JcaContentSignerBuilder(str2).build(keyPair.getPrivate());
        X500Name x500Name = new X500Name(str);
        return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(now.toEpochMilli()), from, from2, x500Name, keyPair.getPublic()).addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new DERSequence(aSN1EncodableArr)).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyId(keyPair.getPublic())).addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) createAuthorityKeyId(keyPair.getPublic())).addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).build(build));
    }

    private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    public static void generateAndSaveSelfSignedCertificate(String str, String str2, String str3) throws GeneralSecurityException, IOException, OperatorCreationException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        char[] charArray = "2-X>5h5^-!/'c(ELoT;)8O7I=-I<NMs)/{t8e~#0754>l=4".toCharArray();
        keyStore.load(null, charArray);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        X509Certificate generateCertificateSelfSigned = generateCertificateSelfSigned(str, new KeyPair(generateKeyPair.getPublic(), privateKey), 3650, "SHA256withRSA");
        keyStore.setKeyEntry("cert", privateKey, "2-X>5h5^-!/'c(ELoT;)8O7I=-I<NMs)/{t8e~#0754>l=4".toCharArray(), new Certificate[]{generateCertificateSelfSigned});
        FileOutputStream fileOutputStream = new FileOutputStream(str2);
        Throwable th = null;
        try {
            try {
                keyStore.store(fileOutputStream, charArray);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                if (str3 != null) {
                    PrintWriter printWriter = new PrintWriter(str3);
                    Base64.Encoder encoder = Base64.getEncoder();
                    printWriter.println("-----BEGIN CERTIFICATE-----");
                    printWriter.println(encoder.encodeToString(generateCertificateSelfSigned.getEncoded()));
                    printWriter.println("-----END CERTIFICATE-----");
                    printWriter.close();
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    static boolean isIP(HostName hostName) {
        try {
            hostName.validate();
            return hostName.isAddress();
        } catch (HostNameException e) {
            return false;
        }
    }
}
