package org.objectweb.proactive.ext.security;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Random;
import java.util.Set;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
import org.objectweb.proactive.core.ProActiveException;
import org.objectweb.proactive.core.node.Node;
import org.objectweb.proactive.core.runtime.RuntimeFactory;
import org.objectweb.proactive.ext.security.exceptions.SecurityMigrationException;
import org.objectweb.proactive.ext.security.exceptions.SecurityNotAvailableException;
import org.objectweb.proactive.p2p.core.service.P2PService;

/* loaded from: input_file:org/objectweb/proactive/ext/security/ProActiveSecurity.class */
public class ProActiveSecurity {
    public static Object[] generateGenericCertificateSelfSigned() {
        Security.addProvider(new BouncyCastleProvider());
        SecureRandom secureRandom = new SecureRandom();
        JDKKeyPairGenerator.RSA rsa = new JDKKeyPairGenerator.RSA();
        rsa.initialize(1024, secureRandom);
        KeyPair generateKeyPair = rsa.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        String stringBuffer = new StringBuffer().append("CN=Generic Certificate ").append(new Random().nextLong()).append(", OU=Generic Certificate, EmailAddress=none").toString();
        return generateCertificate(stringBuffer, stringBuffer, privateKey, publicKey);
    }

    public static Object[] genCert(String str, long j, String str2, PrivateKey privateKey, PublicKey publicKey, boolean z, String str3, PrivateKey privateKey2, PublicKey publicKey2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        Date date = new Date();
        date.setTime(date.getTime() - P2PService.TTU);
        Date date2 = new Date();
        date2.setTime(date2.getTime() + (j * 86400000));
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(bArr).abs());
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
        x509V3CertificateGenerator.setSubjectDN(CertTools.stringToBcX509Name(str));
        x509V3CertificateGenerator.setIssuerDN(CertTools.stringToBcX509Name(str3));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints.getId(), true, (DEREncodable) new BasicConstraints(z));
        if (str2 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.CertificatePolicies.getId(), false, (DEREncodable) new DERSequence(new PolicyInformation(new DERObjectIdentifier(str2))));
        }
        return new Object[]{x509V3CertificateGenerator.generateX509Certificate(privateKey2), privateKey};
    }

    public static Object[] generateCertificate(String str, String str2, PrivateKey privateKey, PublicKey publicKey) {
        SecureRandom secureRandom = new SecureRandom();
        JDKKeyPairGenerator.RSA rsa = new JDKKeyPairGenerator.RSA();
        rsa.initialize(1024, secureRandom);
        KeyPair generateKeyPair = rsa.generateKeyPair();
        Object[] objArr = null;
        try {
            objArr = genCert(str, 365L, null, generateKeyPair.getPrivate(), generateKeyPair.getPublic(), true, str2, privateKey, publicKey);
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        } catch (SignatureException e3) {
            e3.printStackTrace();
        }
        return objArr;
    }

    public static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) {
        try {
            return new SubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
        } catch (Exception e) {
            throw new RuntimeException("error creating key");
        }
    }

    public static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey, X509Name x509Name, int i) {
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject());
            GeneralName generalName = new GeneralName(x509Name);
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(generalName);
            return new AuthorityKeyIdentifier(subjectPublicKeyInfo, new GeneralNames(new DERSequence(aSN1EncodableVector)), BigInteger.valueOf(i));
        } catch (Exception e) {
            throw new RuntimeException("error creating AuthorityKeyId");
        }
    }

    public static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) {
        try {
            return new AuthorityKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) new DERInputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
        } catch (Exception e) {
            throw new RuntimeException("error creating AuthorityKeyId");
        }
    }

    public static String retrieveVNName(String str) {
        String str2 = null;
        try {
            str2 = RuntimeFactory.getDefaultRuntime().getVNName(str);
        } catch (ProActiveException e) {
            e.printStackTrace();
        }
        return str2;
    }

    public static void migrateTo(PolicyServer policyServer, String str, Node node) throws SecurityMigrationException {
        PolicyServer policyServer2 = null;
        String str2 = null;
        String str3 = null;
        try {
            policyServer2 = RuntimeFactory.getDefaultRuntime().getPolicyServer();
            str3 = RuntimeFactory.getDefaultRuntime().getVNName(str.substring(str.lastIndexOf("/") + 1));
            str2 = node.getVnName();
            if (str2 == null) {
                String url = node.getNodeInformation().getURL();
                str2 = node.getProActiveRuntime().getVNName(url.substring(url.lastIndexOf("/") + 1));
            }
        } catch (ProActiveException e) {
            e.printStackTrace();
        }
        if (policyServer2 != null && !policyServer2.canMigrateTo("VN", str3, str2)) {
            throw new SecurityMigrationException(new StringBuffer().append("matching rule : VN[").append(str3).append("] --> VN[").append(str2).append("]").toString());
        }
        if (policyServer != null) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (str == null) {
                arrayList.add(new DefaultEntity());
            }
            if (str2 == null) {
                arrayList2.add(new DefaultEntity());
            }
            SecurityContext securityContext = new SecurityContext(SecurityContext.MIGRATION_TO, arrayList, arrayList2);
            try {
                securityContext = policyServer.getPolicy(securityContext);
            } catch (SecurityNotAvailableException e2) {
            }
            if (!securityContext.isMigration()) {
                throw new SecurityMigrationException(new StringBuffer().append("matching rule : VN[").append(str3).append("] --> VN[").append(str2).append("]").toString());
            }
        }
    }

    public static X509Certificate decodeCertificate(byte[] bArr) {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            e.printStackTrace();
        }
        return x509Certificate;
    }

    public static void verifyCertificates(X509Certificate[] x509CertificateArr, boolean z) throws GeneralSecurityException {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (z) {
                x509CertificateArr[i].checkValidity();
            }
            x509CertificateArr[i].verify((i + 1 >= x509CertificateArr.length ? x509CertificateArr[i] : x509CertificateArr[i + 1]).getPublicKey());
        }
    }

    public static void checkCertificateChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                arrayList.add(x509Certificate2);
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setSigProvider("BC");
            CertPathValidator certPathValidator = null;
            try {
                certPathValidator = CertPathValidator.getInstance("PKIX", "BC");
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
            }
            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
            PolicyNode policyTree = pKIXCertPathValidatorResult.getPolicyTree();
            PublicKey publicKey = pKIXCertPathValidatorResult.getPublicKey();
            System.out.println("Certificate validated");
            System.out.println(new StringBuffer().append("Policy Tree:\n").append(policyTree).toString());
            System.out.println(new StringBuffer().append("Subject Public key:\n").append(publicKey).toString());
        } catch (InvalidAlgorithmParameterException e2) {
            e2.printStackTrace();
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
        } catch (CertPathValidatorException e4) {
            System.out.println(new StringBuffer().append("Validation failure, cert[").append(e4.getIndex()).append("] :").append(e4.getMessage()).toString());
        } catch (CertificateException e5) {
            e5.printStackTrace();
        }
    }
}
