package anbxj;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:anbxj/Crypto_KeyStoreBuilder.class */
public class Crypto_KeyStoreBuilder {
    private static final AnBx_Layers layer = AnBx_Layers.ENCRYPTION;
    protected Crypto_KeyStoreSettings kss;
    protected KeyStore localKeyStore;
    protected KeyStore remoteKeyStore;

    private void KeyStoreFail(Exception exc) {
        exc.printStackTrace();
        AnBx_Debug.out(AnBx_Layers.ALWAYS, "Unrecoverable error: keystore was tampered with, or password was incorrect");
        System.exit(1);
    }

    public Crypto_KeyStoreBuilder(Crypto_KeyStoreSettings crypto_KeyStoreSettings) {
        this.kss = crypto_KeyStoreSettings;
        try {
            setupLocalKeyStore();
            setupRemoteKeyStore();
        } catch (IOException e) {
            KeyStoreFail(e);
        } catch (GeneralSecurityException e2) {
            KeyStoreFail(e2);
        }
    }

    public Crypto_KeyStoreSettings getKss() {
        return this.kss;
    }

    public Certificate getLocaleCertificate() {
        try {
            if (!(this.localKeyStore.getKey(getMyAlias(), this.kss.getPassphrasePrivateKeyLocalKeyStore().toCharArray()) instanceof PrivateKey)) {
                return null;
            }
            Certificate certificate = this.localKeyStore.getCertificate(getMyAlias());
            AnBx_Debug.out(layer, "Certificate retrieved: <" + getMyAlias() + ">");
            return certificate;
        } catch (KeyStoreException e) {
            KeyStoreFail(e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        } catch (UnrecoverableKeyException e3) {
            KeyStoreFail(e3);
            return null;
        }
    }

    public PrivateKey getLocalPrivateKey() {
        try {
            Key key = this.localKeyStore.getKey(getMyAlias(), this.kss.getPassphrasePrivateKeyLocalKeyStore().toCharArray());
            if (!(key instanceof PrivateKey)) {
                return null;
            }
            AnBx_Debug.out(layer, "PrivateKey retrieved: <" + getMyAlias() + ">");
            return (PrivateKey) key;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            KeyStoreFail(e);
            return null;
        }
    }

    public String getMyAlias() {
        return this.kss.getMyAlias();
    }

    public Certificate getRemoteCertificate(String str) {
        Certificate certificate = null;
        try {
            certificate = this.remoteKeyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            KeyStoreFail(e);
        }
        AnBx_Debug.out(layer, "Certificate found: <" + str + ">");
        return certificate;
    }

    public PublicKey getRemotePublicKey(String str) {
        Certificate certificate = null;
        try {
            certificate = this.remoteKeyStore.getCertificate(str);
            AnBx_Debug.out(layer, "PublicKey found: <" + str + ">");
        } catch (KeyStoreException e) {
            KeyStoreFail(e);
        }
        try {
            if (isSelfSigned(certificate)) {
                return verifySelfSignedCertificate(str, certificate);
            }
            Certificate[] certificateArr = {this.remoteKeyStore.getCertificate(this.kss.getRootCA()), this.remoteKeyStore.getCertificate(str)};
            Object obj = null;
            try {
                obj = this.remoteKeyStore.getCertificate(this.kss.getRootCA());
                AnBx_Debug.out(layer, "Root Certificate found: <" + this.kss.getRootCA() + ">");
            } catch (KeyStoreException e2) {
                KeyStoreFail(e2);
            }
            try {
                return verifyCertificate((X509Certificate) obj, certificateArr, ((X509Certificate) this.remoteKeyStore.getCertificate(str)).getSubjectX500Principal().getName());
            } catch (KeyStoreException e3) {
                e3.printStackTrace();
                return null;
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e4) {
            e4.printStackTrace();
            return null;
        }
    }

    private PublicKey verifySelfSignedCertificate(String str, Certificate certificate) {
        PublicKey publicKey = certificate.getPublicKey();
        try {
            certificate.verify(publicKey);
            AnBx_Debug.out(layer, "PublicKey certificate is verified: <" + str + ">");
            if (!(certificate instanceof X509Certificate)) {
                AnBx_Debug.out(layer, "Unable to check validity of non-X509 certificates: <" + str + ">");
                return null;
            }
            certificateDebug((X509Certificate) certificate);
            try {
                ((X509Certificate) certificate).checkValidity();
                return publicKey;
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                AnBx_Debug.out(layer, "Certificate invalid date: " + ((X509Certificate) certificate).getSubjectX500Principal().getName());
                e.printStackTrace();
                return null;
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e2) {
            AnBx_Debug.out(layer, "Invalid PublicKey: <" + str + ">");
            e2.printStackTrace();
            return null;
        }
    }

    private PublicKey verifyCertificate(X509Certificate x509Certificate, Certificate[] certificateArr, String str) {
        int length = certificateArr.length;
        X500Principal x500Principal = null;
        for (int i = 0; i < length; i++) {
            AnBx_Debug.out(layer, "Certificate #" + i);
            X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i];
            X500Principal subjectX500Principal = x509Certificate2.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate2.getIssuerX500Principal();
            certificateDebug(x509Certificate2);
            if (x500Principal != null) {
                if (!issuerX500Principal.equals(x500Principal)) {
                    AnBx_Debug.out(layer, "Subject/issuer verification failed: <" + x500Principal.getName() + ">");
                    return null;
                }
                try {
                    certificateArr[i].verify(certificateArr[i - 1].getPublicKey());
                } catch (GeneralSecurityException e) {
                    AnBx_Debug.out(layer, "Signature verification failed: <" + x500Principal.getName() + ">");
                    return null;
                }
            }
            x500Principal = subjectX500Principal;
        }
        try {
            certificateArr[0].verify(x509Certificate.getPublicKey());
            AnBx_Debug.out(layer, "Root Certificate");
            certificateDebug(x509Certificate);
            X500Principal subjectX500Principal2 = ((X509Certificate) certificateArr[length - 1]).getSubjectX500Principal();
            if (!str.equals(subjectX500Principal2.getName())) {
                AnBx_Debug.out(layer, "StringTarget: " + str.toString());
                AnBx_Debug.out(layer, "PrincipalSubject: " + subjectX500Principal2.getName());
                AnBx_Debug.out(layer, "Target verification failed");
                return null;
            }
            Date date = new Date();
            for (int i2 = 0; i2 < length; i2++) {
                try {
                    ((X509Certificate) certificateArr[i2]).checkValidity(date);
                } catch (GeneralSecurityException e2) {
                    AnBx_Debug.out(layer, "Certificate invalid date: " + ((X509Certificate) certificateArr[i2]).getSubjectX500Principal().toString());
                    return null;
                }
            }
            return ((X509Certificate) certificateArr[length - 1]).getPublicKey();
        } catch (GeneralSecurityException e3) {
            AnBx_Debug.out(layer, "Signature verification failed");
            return null;
        }
    }

    private static void certificateDebug(X509Certificate x509Certificate) {
        AnBx_Debug.out(layer, "Subject: " + x509Certificate.getSubjectX500Principal().getName());
        AnBx_Debug.out(layer, "Issuer: " + x509Certificate.getIssuerX500Principal().getName());
        AnBx_Debug.out(layer, "Validity: from " + String.valueOf(x509Certificate.getNotBefore()) + " to " + String.valueOf(x509Certificate.getNotAfter()));
        AnBx_Debug.out(layer, "Version: " + x509Certificate.getVersion());
        AnBx_Debug.out(layer, "Serial Number: " + String.valueOf(x509Certificate.getSerialNumber()));
        AnBx_Debug.out(layer, "Signature Algorithm Name: " + x509Certificate.getSigAlgName());
    }

    public void listAliases(KeyStore keyStore, String str) throws KeyStoreException {
        AnBx_Debug.out(layer, "List Aliases in " + str + " - size: " + keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            AnBx_Debug.out(layer, "Alias: <" + aliases.nextElement() + ">");
        }
    }

    public boolean containsAlias(String str) {
        try {
            return this.remoteKeyStore.containsAlias(str);
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return false;
        }
    }

    private void setupLocalKeyStore() throws GeneralSecurityException, IOException {
        AnBx_Debug.out(layer, "Loading KeyStore: " + this.kss.getLocalKeyStore() + " - Type: " + this.kss.getKeyStoreType());
        this.localKeyStore = KeyStore.getInstance(this.kss.getKeyStoreType());
        this.localKeyStore.load(new FileInputStream(this.kss.getLocalKeyStore()), this.kss.getPassphraseLocalKeyStore().toCharArray());
    }

    private void setupRemoteKeyStore() throws GeneralSecurityException, IOException {
        AnBx_Debug.out(layer, "Loading KeyStore: " + this.kss.getRemoteKeyStore() + " - Type: " + this.kss.getKeyStoreType());
        this.remoteKeyStore = KeyStore.getInstance(this.kss.getKeyStoreType());
        this.remoteKeyStore.load(new FileInputStream(this.kss.getRemoteKeyStore()), this.kss.getPassphraseRemoteKeyStore().toCharArray());
    }

    public CertPath getCertPath() {
        try {
            return CertificateFactory.getInstance(getKss().getCertificateType()).generateCertPath(Arrays.asList(this.localKeyStore.getCertificateChain(getMyAlias())));
        } catch (KeyStoreException e) {
            KeyStoreFail(e);
            return null;
        } catch (CertificateException e2) {
            KeyStoreFail(e2);
            return null;
        }
    }

    private boolean isSelfSigned(Certificate certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            certificate.verify(certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }
}
