package org.openanzo.security.keystore;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.exceptions.LogUtils;
import org.openanzo.osgi.OsgiConfigurationUtils;
import org.openanzo.rdf.utils.Pair;
import org.osgi.framework.BundleContext;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openanzo/security/keystore/KeyStoreManager.class */
public class KeyStoreManager implements IKeyStoreManager {
    private BundleContext context;
    private String anzoHome;
    private static final String BROKER_ALIAS = "anzo";
    private static final String BROKER_ISSUER_DN = "CN=localhost,OU=AnzoServer,O=Anzo";
    private static final String BROKER_SUBJECT_DN = "CN=localhost,OU=AnzoServer,O=Anzo";
    private static final String CLIENT_ALIAS = "anzoClient";
    private static final String CLIENT_ISSUER_DN = "CN=localhost,OU=AnzoServer,O=Anzo";
    private static final String CLIENT_SUBJECT_DN = "CN=localhost,OU=AnzoServer,O=Anzo";
    ConfigurationAdmin configurationAdmin;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreManager.class);
    private static Provider provider = new BouncyCastleProvider();
    private String keystoreType = "JCEKS";
    private String keystorePassword = "p@ssw0rd";
    private String truststoreType = "JCEKS";
    private String truststorePassword = "p@ssw0rd";
    private String clientKeystorePassword = "p@ssw0rd";
    private String clientKeystoreType = "JCEKS";
    private String clientTruststoreType = "JCEKS";
    private String clientTruststorePassword = "p@ssw0rd";
    private String keyAlgorithm = "RSA";
    private String brokerKeystoreFilename = null;
    private String brokerTruststoreFilename = null;
    private String clientKeystoreFilename = null;
    private String clientTruststoreFilename = null;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public KeyStoreManager(BundleContext bundleContext, ConfigurationAdmin configurationAdmin) throws AnzoException {
        this.context = null;
        this.anzoHome = null;
        this.configurationAdmin = null;
        this.context = bundleContext;
        this.anzoHome = getHomeDirectory();
        this.configurationAdmin = configurationAdmin;
        updateConfigProperties();
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void updateConfigProperties() throws AnzoException {
        try {
            Dictionary properties = this.configurationAdmin.getConfiguration("org.openanzo.osgi.SystemConfig", (String) null).getProperties();
            OsgiConfigurationUtils.updateConfigProperties(properties, this.context);
            if (properties == null || properties.isEmpty()) {
                return;
            }
            if (KeyStoreDictionary.getAlgorithm(properties) != null) {
                this.keyAlgorithm = KeyStoreDictionary.getAlgorithm(properties);
            }
            if (KeyStoreDictionary.getKeyFileLocation(properties) != null) {
                this.brokerKeystoreFilename = KeyStoreDictionary.getKeyFileLocation(properties);
            }
            if (KeyStoreDictionary.getTrustFileLocation(properties) != null) {
                this.brokerTruststoreFilename = KeyStoreDictionary.getTrustFileLocation(properties);
            }
            if (KeyStoreDictionary.getKeystoreType(properties) != null) {
                this.keystoreType = KeyStoreDictionary.getKeystoreType(properties);
            }
            if (KeyStoreDictionary.getKeyPassword(properties) != null) {
                this.keystorePassword = KeyStoreDictionary.getKeyPassword(properties);
            }
            if (KeyStoreDictionary.getTruststoreType(properties) != null) {
                this.truststoreType = KeyStoreDictionary.getTruststoreType(properties);
            }
            if (KeyStoreDictionary.getTrustPassword(properties) != null) {
                this.truststorePassword = KeyStoreDictionary.getTrustPassword(properties);
            }
            if (KeyStoreDictionary.getClientKeyFileLocation(properties) != null) {
                this.clientKeystoreFilename = KeyStoreDictionary.getClientKeyFileLocation(properties);
            }
            if (KeyStoreDictionary.getClientKeyPassword(properties) != null) {
                this.clientKeystorePassword = KeyStoreDictionary.getClientKeyPassword(properties);
            }
            if (KeyStoreDictionary.getClientKeystoreType(properties) != null) {
                this.clientKeystoreType = KeyStoreDictionary.getClientKeystoreType(properties);
            }
            if (KeyStoreDictionary.getClientTrustFileLocation(properties) != null) {
                this.clientTruststoreFilename = KeyStoreDictionary.getClientTrustFileLocation(properties);
            }
            if (KeyStoreDictionary.getClientTrustPassword(properties) != null) {
                this.clientTruststorePassword = KeyStoreDictionary.getClientTrustPassword(properties);
            }
            if (KeyStoreDictionary.getClientTruststoreType(properties) != null) {
                this.clientTruststoreType = KeyStoreDictionary.getClientTruststoreType(properties);
            }
        } catch (IOException e) {
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    private String getHomeDirectory() {
        String property = this.context.getProperty("ANZO_HOME");
        if (property == null) {
            property = System.getenv("ANZO_HOME");
        }
        if (property == null) {
            property = System.getProperty("ANZO_HOME");
        }
        if (property == null) {
            property = ".";
        }
        return property;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void writeKeystore(KeyStore keyStore, String str, String str2) throws AnzoException {
        Throwable th = null;
        try {
            try {
                FileOutputStream openOutputStream = FileUtils.openOutputStream(new File(str2));
                try {
                    keyStore.store(openOutputStream, str.toCharArray());
                    if (openOutputStream != null) {
                        openOutputStream.close();
                    }
                } catch (Throwable th2) {
                    if (openOutputStream != null) {
                        openOutputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void addTrustedCertificate(String str, String str2, String str3, String str4, InputStream inputStream) throws AnzoException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(inputStream);
            if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                x509Certificate.verify(x509Certificate.getPublicKey());
            }
            KeyStore keystore = getKeystore(str2, str3, str);
            if (keystore.containsAlias(str4)) {
                keystore.deleteEntry(str4);
            }
            keystore.setCertificateEntry(str4, x509Certificate);
            writeKeystore(keystore, str3, str);
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void addTrustedCertificate(String str, String str2, String str3, String str4, X509Certificate x509Certificate) throws AnzoException {
        try {
            KeyStore keystore = getKeystore(str2, str3, str);
            if (keystore.containsAlias(str4)) {
                keystore.deleteEntry(str4);
            }
            keystore.setCertificateEntry(str4, x509Certificate);
            writeKeystore(keystore, str3, str);
        } catch (Exception e) {
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public Pair<String, KeyStore.PrivateKeyEntry> importPKEntryFromKeystore(InputStream inputStream, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws AnzoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, str2.toCharArray());
            KeyStore keystore = getKeystore(str5, str6, str4);
            if (StringUtils.isEmpty(str3)) {
                str3 = keyStore.aliases().nextElement();
            }
            String str8 = str7 == null ? str3 : str7;
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str3, new KeyStore.PasswordProtection(str2.toCharArray()));
            keystore.setEntry(str8, privateKeyEntry, new KeyStore.PasswordProtection(str6.toCharArray()));
            writeKeystore(keystore, str6, str4);
            return new Pair<>(str8, privateKeyEntry);
        } catch (IOException | GeneralSecurityException e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error retrieving keystore", e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore.Entry importPKEntryFromKeystore(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws AnzoException {
        KeyStore keystore = getKeystore(str2, str3, str);
        KeyStore keystore2 = getKeystore(str6, str7, str5);
        String str9 = str8 == null ? str4 : str8;
        try {
            KeyStore.Entry entry = keystore.getEntry(str4, new KeyStore.PasswordProtection(str3.toCharArray()));
            keystore2.setEntry(str9, entry, new KeyStore.PasswordProtection(str7.toCharArray()));
            writeKeystore(keystore2, str7, str5);
            return entry;
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error copying certificate", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore getAnzoBrokerKeystore() throws AnzoException {
        return getKeystore(this.keystoreType, this.keystorePassword, this.brokerKeystoreFilename);
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public String getAnzoBrokerKeystorePath() throws AnzoException {
        return this.brokerKeystoreFilename;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyManager[] getBrokerKeyManager() throws AnzoException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            keyManagerFactory.init(getAnzoBrokerKeystore(), this.keystorePassword.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error creating keyManager", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyManager[] getClientKeyManager() throws AnzoException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            keyManagerFactory.init(getAnzoClientKeystore(), this.clientKeystorePassword.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error creating keyManager", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public TrustManager[] getBrokerTrustManager() throws AnzoException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
            trustManagerFactory.init(getAnzoBrokerTruststore());
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error creating trustManager", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public TrustManager[] getClientTrustManager() throws AnzoException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
            trustManagerFactory.init(getAnzoClientTruststore());
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error creating trustManager", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore getAnzoBrokerTruststore() throws AnzoException {
        return getKeystore(this.truststoreType, this.truststorePassword, this.brokerTruststoreFilename);
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public String getAnzoBrokerTruststorePath() throws AnzoException {
        return this.brokerTruststoreFilename;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore getAnzoClientKeystore() throws AnzoException {
        return getKeystore(this.clientKeystoreType, this.clientKeystorePassword, this.clientKeystoreFilename);
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public String getAnzoClientKeystorePath() throws AnzoException {
        return this.clientKeystoreFilename;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore getAnzoClientTruststore() throws AnzoException {
        return getKeystore(this.clientTruststoreType, this.clientTruststorePassword, this.clientTruststoreFilename);
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public String getAnzoClientTruststorePath() throws AnzoException {
        return this.clientTruststoreFilename;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void createAnzoKeystores() throws AnzoException {
        Throwable th;
        try {
            String concat = FilenameUtils.concat(this.anzoHome, "Common");
            String concat2 = FilenameUtils.concat(concat, "ssl/broker.ks");
            String concat3 = FilenameUtils.concat(concat, "ssl/broker.ts");
            String concat4 = FilenameUtils.concat(concat, "ssl/client.ks");
            String concat5 = FilenameUtils.concat(concat, "ssl/client.ts");
            File file = new File(FilenameUtils.concat(concat, "ssl/broker_cert"));
            File file2 = new File(FilenameUtils.concat(concat, "ssl/client_cert"));
            if (file.exists()) {
                return;
            }
            KeyStore createKeystore = createKeystore(this.keystoreType, this.keystorePassword);
            generateCertificate(createKeystore, this.keystorePassword, this.keyAlgorithm, BROKER_ALIAS, "CN=localhost,OU=AnzoServer,O=Anzo", "CN=localhost,OU=AnzoServer,O=Anzo", null);
            X509Certificate x509Certificate = (X509Certificate) createKeystore.getCertificate(BROKER_ALIAS);
            Throwable th2 = null;
            try {
                FileOutputStream openOutputStream = FileUtils.openOutputStream(file);
                try {
                    openOutputStream.write(x509Certificate.getEncoded());
                    if (openOutputStream != null) {
                        openOutputStream.close();
                    }
                    KeyStore createKeystore2 = createKeystore(this.clientKeystoreType, this.clientKeystorePassword);
                    generateCertificate(createKeystore2, this.clientKeystorePassword, this.keyAlgorithm, CLIENT_ALIAS, "CN=localhost,OU=AnzoServer,O=Anzo", "CN=localhost,OU=AnzoServer,O=Anzo", null);
                    X509Certificate x509Certificate2 = (X509Certificate) createKeystore2.getCertificate(CLIENT_ALIAS);
                    th2 = null;
                    try {
                        openOutputStream = FileUtils.openOutputStream(file2);
                        try {
                            openOutputStream.write(x509Certificate2.getEncoded());
                            if (openOutputStream != null) {
                                openOutputStream.close();
                            }
                            KeyStore createKeystore3 = createKeystore(this.truststoreType, this.truststorePassword);
                            createKeystore3.setCertificateEntry(CLIENT_ALIAS, x509Certificate2);
                            KeyStore createKeystore4 = createKeystore(this.clientTruststoreType, this.clientTruststorePassword);
                            createKeystore4.setCertificateEntry(BROKER_ALIAS, x509Certificate);
                            writeKeystore(createKeystore, this.keystorePassword, concat2);
                            writeKeystore(createKeystore3, this.truststorePassword, concat3);
                            writeKeystore(createKeystore2, this.clientKeystorePassword, concat4);
                            writeKeystore(createKeystore4, this.clientTruststorePassword, concat5);
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } catch (AnzoException e) {
            log.error(LogUtils.INTERNAL_MARKER, "Error creating AnzoKeystore", (Throwable) e);
            throw e;
        } catch (Exception e2) {
            log.error(LogUtils.INTERNAL_MARKER, "Error creating AnzoKeystore", (Throwable) e2);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e2, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore getKeystore(String str, String str2, String str3) throws AnzoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            Throwable th = null;
            try {
                FileInputStream fileInputStream = new FileInputStream(str3);
                try {
                    keyStore.load(fileInputStream, str2.toCharArray());
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return keyStore;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException | GeneralSecurityException e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error retrieving keystore", e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public KeyStore createKeystore(String str, String str2) throws AnzoException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null, str2.toCharArray());
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error creating keystore", e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    public static X509Certificate generateCertificate(KeyStore keyStore, String str, String str2, String str3, String str4, String str5, String str6) throws AnzoException {
        try {
            KeyPair generateKeyPair = generateKeyPair(str2, Objects.equals("RSA", str2) ? 2048 : 1024);
            X509Certificate createX509Certificate = createX509Certificate(generateKeyPair, 60, str4, str5, str6, getSignAlgorithm(str2));
            keyStore.setKeyEntry(str3, generateKeyPair.getPrivate(), str.toCharArray(), new X509Certificate[]{createX509Certificate});
            return createX509Certificate;
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error generating certificate", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    private static String getSignAlgorithm(String str) {
        return (str == null || "RSA".equalsIgnoreCase(str)) ? "SHA1WithRSA" : "DSA".equalsIgnoreCase(str) ? "SHA1WithDSA" : "EC".equalsIgnoreCase(str) ? "SHA1withECDSA" : "SHA1WithRSA";
    }

    private static X509Certificate createX509Certificate(KeyPair keyPair, int i, String str, String str2, String str3, String str4) throws GeneralSecurityException, IOException {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        byte[] bArr = new byte[8];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(new Date().getTime());
        secureRandom.nextBytes(bArr);
        BigInteger abs = new BigInteger(bArr).abs();
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.reset();
        x509V3CertificateGenerator.setSerialNumber(abs);
        x509V3CertificateGenerator.setIssuerDN(new X509Name(str));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + (i * 2592000000L)));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(str2));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(str4);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        if (str3 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(2, str3)));
        }
        X509Certificate generate = x509V3CertificateGenerator.generate(privateKey, "BC", new SecureRandom());
        generate.checkValidity(new Date());
        generate.verify(publicKey);
        return generate;
    }

    public static KeyPair generateKeyPair(String str, int i) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = provider == null ? KeyPairGenerator.getInstance(str) : KeyPairGenerator.getInstance(str, provider);
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public void deleteCertificate(KeyStore keyStore, String str, String str2) throws AnzoException {
        try {
            keyStore.deleteEntry(str);
            writeKeystore(keyStore, this.keystorePassword, str2);
        } catch (KeyStoreException e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error deleting certificate", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public List<String> listCertificateAliases(KeyStore keyStore) throws AnzoException {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    arrayList.add(nextElement);
                }
            }
            return arrayList;
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error listing certificate aliases", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public List<String> listKeyAliases(KeyStore keyStore) throws AnzoException {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement) && !(keyStore.getKey(nextElement, this.keystorePassword.toCharArray()) instanceof SecretKey)) {
                    arrayList.add(nextElement);
                }
            }
            return arrayList;
        } catch (Exception e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error listing key aliases", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public boolean isSelfSignedCertificate(KeyStore keyStore, String str) throws AnzoException {
        try {
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (certificateChain != null) {
                return certificateChain.length == 1;
            }
            return true;
        } catch (KeyStoreException e) {
            log.error(LogUtils.LIFECYCLE_MARKER, "Error determining if certificate is self-signed", (Throwable) e);
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    public static void byte2hex(byte b, StringBuilder sb) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        sb.append(cArr[(b & 240) >> 4]);
        sb.append(cArr[b & 15]);
    }

    public static String toHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            byte2hex(bArr[i], sb);
            if (i < length - 1) {
                sb.append(":");
            }
        }
        return sb.toString();
    }

    public static String getCertificateFingerPrint(String str, Certificate certificate) throws Exception {
        return toHexString(MessageDigest.getInstance(str).digest(certificate.getEncoded()));
    }

    public static String getBytesAsString(byte[] bArr) {
        return Base64.encodeBase64String(bArr);
    }

    public static List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return Collections.emptyList();
        }
        for (List<?> list : subjectAlternativeNames) {
            Integer num = (Integer) list.get(0);
            if (num.intValue() == 2 || num.intValue() == 7) {
                String obj = list.get(1).toString();
                if (obj != null && obj.length() > 0) {
                    arrayList.add(obj);
                }
            }
        }
        return arrayList;
    }

    public static List<String> getIssuerAlternativeNames(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
        if (issuerAlternativeNames == null) {
            return Collections.emptyList();
        }
        for (List<?> list : issuerAlternativeNames) {
            Integer num = (Integer) list.get(0);
            if (num.intValue() == 2 || num.intValue() == 7) {
                String obj = list.get(1).toString();
                if (obj != null && obj.length() > 0) {
                    arrayList.add(obj);
                }
            }
        }
        return arrayList;
    }

    @Override // org.openanzo.security.keystore.IKeyStoreManager
    public String getKeystorePassword() {
        return this.keystorePassword;
    }
}
