package com.ibm.security.certclient.util;

import com.ibm.misc.Debug;
import com.ibm.security.certclient.PkEeFactory;
import com.ibm.security.certclient.base.PkException;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.base.PkRejectionException;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.CertAndKeyGen;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509Key;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.12.jar:com/ibm/security/certclient/util/PkCertUtils.class */
public class PkCertUtils {
    private static final String sccsid = "@(#) 86 1.13    com/tivoli/pki/util/PkCertUtils.java, PkUtil, javapki2, 10222004 6/25/04 14:34:08";
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "PkCertUtils";
    private static final String RSA_KEY = "RSA";
    private static final String DSA_KEY = "DSA";
    private static final String ECC_KEY = "EC";

    public static void screenCert(X509Certificate x509Certificate, boolean z) throws PkException {
        try {
            x509Certificate.checkValidity();
            if (z && x509Certificate.getBasicConstraints() == -1) {
                throw new PkRejectionException(PkNLSConstants.CERT_MUST_BE_CA_CERT);
            }
        } catch (CertificateExpiredException e) {
            throw new PkRejectionException(e.getMessage());
        } catch (CertificateNotYetValidException e2) {
            throw new PkRejectionException(e2.getMessage());
        }
    }

    public static void writeCrlToFile(X509CRL x509crl, String str) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(x509crl.getEncoded());
            fileOutputStream.close();
        } catch (Exception e) {
            System.out.println("Unable to write crl to file. Error = " + e.getMessage());
        }
    }

    public static void writeCertToFile(X509Certificate x509Certificate, String str) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(x509Certificate.getEncoded());
            fileOutputStream.close();
        } catch (Exception e) {
            System.out.println("Unable to write cert to file. Error = " + e.getMessage());
            System.out.println("cert file written to file tmp#$!.cer instead");
            try {
                new FileOutputStream("tmp#$!.cer").write(x509Certificate.getEncoded());
            } catch (Exception e2) {
                System.out.println("Unable to write cert to file tmp#$!.cer . Error = " + e.getMessage());
            }
        }
    }

    public static Key[] generateKeyPair0(boolean z, int i) throws Exception {
        Key[] keyArr = new Key[2];
        CertAndKeyGen certAndKeyGen = z ? new CertAndKeyGen("RSA", "SHA1WithRSA") : new CertAndKeyGen("DSA", "SHA1WithDSA");
        certAndKeyGen.generate(i);
        Key newGetPublicKey = certAndKeyGen.newGetPublicKey();
        PrivateKey privateKey = certAndKeyGen.getPrivateKey();
        keyArr[0] = (X509Key) (z ? KeyFactory.getInstance("RSA", PkEeFactory.getProvider()) : KeyFactory.getInstance("DSA", PkEeFactory.getProvider())).translateKey(newGetPublicKey);
        keyArr[1] = privateKey;
        return keyArr;
    }

    @Deprecated
    public static Key[] generateKeyPair(boolean z, int i) throws Exception {
        return generateKeyPair(z ? "RSA" : "DSA", i, null);
    }

    public static Key[] generateKeyPair(String str, int i, String str2) throws Exception {
        Key[] keyArr = new Key[2];
        String provider = PkEeFactory.getProvider();
        if (str2 != null && !"".equals(str2)) {
            provider = str2;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, provider);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        keyArr[0] = ("RSA".equalsIgnoreCase(str) || "DSA".equalsIgnoreCase(str)) ? (X509Key) KeyFactory.getInstance(str, provider).translateKey(generateKeyPair.getPublic()) : generateKeyPair.getPublic();
        keyArr[1] = generateKeyPair.getPrivate();
        return keyArr;
    }

    private static X509CertImpl readCert(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        fileInputStream.close();
        return new X509CertImpl(x509Certificate.getEncoded());
    }

    public static X509Certificate readCert64(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new PkBase64InputStream(byteArrayInputStream));
        byteArrayInputStream.close();
        fileInputStream.close();
        return x509Certificate;
    }

    public static X509CRL readCRL(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(byteArrayInputStream);
        byteArrayInputStream.close();
        fileInputStream.close();
        return x509crl;
    }

    private static CertificationRequest readPKCS10CertReq64(String str) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        fileInputStream.close();
        return readPKCS10CertReq64(bArr);
    }

    private static CertificationRequest readPKCS10CertReq64(byte[] bArr) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        CertificationRequest certificationRequest = new CertificationRequest(new DerValue(new PkBase64InputStream(byteArrayInputStream)).toByteArray());
        byteArrayInputStream.close();
        return certificationRequest;
    }

    private static CertificationRequest readPKCS10CertReq(String str, boolean z) throws Exception {
        return new CertificationRequest(str, z);
    }

    private static CertificationRequest createPKCS10CertReq(String str, PublicKey publicKey, PrivateKey privateKey, String str2) throws IOException, NoSuchAlgorithmException, PKCSException {
        return new CertificationRequest(new CertificationRequestInfo(new X500Name(str), publicKey, (PKCSAttributes) null), privateKey, str2);
    }

    public static KeyStore keyStore(String str, String str2, char[] cArr) throws PkException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str, PkEeFactory.getProvider());
            try {
                FileInputStream fileInputStream = new FileInputStream(str2);
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
            } catch (FileNotFoundException e) {
                keyStore.load(null, cArr);
                FileOutputStream fileOutputStream = new FileOutputStream(str2);
                keyStore.store(fileOutputStream, cArr);
                fileOutputStream.close();
            }
            return keyStore;
        } catch (IOException e2) {
            if (debug != null) {
                debug.exception(4L, className, "keyStore", e2);
            }
            throw new PkException(e2);
        } catch (GeneralSecurityException e3) {
            if (debug != null) {
                debug.exception(4L, className, "keyStore", e3);
            }
            throw new PkException(e3);
        }
    }
}
