package de.christofreichardt.jca.shamirsdemo;

import de.christofreichardt.diagnosis.AbstractTracer;
import de.christofreichardt.diagnosis.LogLevel;
import de.christofreichardt.jca.shamir.ShamirsLoadParameter;
import de.christofreichardt.jca.shamirsdemo.Menu;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.spec.ECGenParameterSpec;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.crypto.KeyGenerator;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/christofreichardt/jca/shamirsdemo/KeyStoreMenu.class */
public class KeyStoreMenu extends AbstractMenu {
    private final KeyStore keyStore;
    private final ShamirsLoadParameter shamirsLoadParameter;

    /* loaded from: input_file:de/christofreichardt/jca/shamirsdemo/KeyStoreMenu$KeystoreCommand.class */
    public enum KeystoreCommand implements Menu.Command {
        LIST_ENTRIES("l", "list entries"),
        SECRET_KEY("s", "secret key"),
        PRIVATE_KEY("p", "private key"),
        CERTIFICATE("c", "certificate"),
        MAIN_MENU("m", "main menu");

        String shortCut;
        String fullName;

        KeystoreCommand(String str, String str2) {
            this.shortCut = str;
            this.fullName = str2;
        }

        @Override // de.christofreichardt.jca.shamirsdemo.Menu.Command
        public String getShortCut() {
            return this.shortCut;
        }

        @Override // de.christofreichardt.jca.shamirsdemo.Menu.Command
        public String getFullName() {
            return this.fullName;
        }

        @Override // de.christofreichardt.jca.shamirsdemo.Menu.Command
        public String getDisplayName() {
            return this.fullName.replaceFirst(this.shortCut, "(" + this.shortCut + ")");
        }
    }

    public KeyStoreMenu(App app, KeyStore keyStore, ShamirsLoadParameter shamirsLoadParameter) {
        super(app);
        this.keyStore = keyStore;
        this.shamirsLoadParameter = shamirsLoadParameter;
    }

    @Override // de.christofreichardt.jca.shamirsdemo.Menu
    public void print() {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "printMenu()");
        try {
            System.console().printf("\n", new Object[0]);
            System.console().printf("Current time: %s\n", LocalDateTime.now().format(DateTimeFormatter.ISO_LOCAL_DATE_TIME));
            System.console().printf("   Workspace: %s\n", this.app.getCurrentWorkspace().getFileName());
            System.console().printf("\n", new Object[0]);
            String name = this.shamirsLoadParameter.getFile().getName();
            System.console().printf("%s-> KeyStore menu [%s]\n", this.app.getCurrentWorkspace().getFileName(), name.substring(0, name.length() - ".p12".length()));
            System.console().printf("\n", new Object[0]);
            System.console().printf("   %20s", KeystoreCommand.LIST_ENTRIES.getDisplayName());
            System.console().printf("   %20s", KeystoreCommand.PRIVATE_KEY.getDisplayName());
            System.console().printf("   %20s", KeystoreCommand.SECRET_KEY.getDisplayName());
            System.console().printf("\n", new Object[0]);
            System.console().printf("   %20s", KeystoreCommand.CERTIFICATE.getDisplayName());
            System.console().printf("   %20s", KeystoreCommand.MAIN_MENU.getDisplayName());
            System.console().printf("\n", new Object[0]);
        } finally {
            currentTracer.wayout();
        }
    }

    @Override // de.christofreichardt.jca.shamirsdemo.Menu
    public Map<String, Menu.Command> computeShortCutMap() {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("Map<String, Command>", this, "computeShortCutMap()");
        try {
            EnumSet allOf = EnumSet.allOf(KeystoreCommand.class);
            currentTracer.out().printfIndentln("keystoreCommands = %s", new Object[]{allOf});
            Map<String, Menu.Command> map = (Map) allOf.stream().collect(Collectors.toMap(keystoreCommand -> {
                return keystoreCommand.getShortCut();
            }, Function.identity()));
            currentTracer.out().printfIndentln("shortCuts = %s", new Object[]{map});
            currentTracer.wayout();
            return map;
        } catch (Throwable th) {
            currentTracer.wayout();
            throw th;
        }
    }

    @Override // de.christofreichardt.jca.shamirsdemo.Menu
    public <T extends Menu.Command> void execute(T t) throws IOException, GeneralSecurityException {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "execute(Command command)");
        try {
            currentTracer.out().printfIndentln("command = %s", new Object[]{t});
            switch (KeystoreCommand.valueOf(t.toString())) {
                case MAIN_MENU:
                    this.keyStore.store(this.shamirsLoadParameter);
                    this.app.setMenu(new MainMenu(this.app));
                    break;
                case SECRET_KEY:
                    addSecretKey();
                    break;
                case LIST_ENTRIES:
                    listEntries();
                    break;
                case PRIVATE_KEY:
                    addPrivateKey();
                    break;
                case CERTIFICATE:
                    addCertificate();
                    break;
            }
        } finally {
            currentTracer.wayout();
        }
    }

    void addSecretKey() throws GeneralSecurityException, IOException {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "addSecretKey()");
        try {
            String readString = this.console.readString("AES|ChaCha20|HmacSHA512", "Algorithm");
            int readInt = this.console.readInt("128|256|512", "Keysize");
            String readString2 = this.console.readString("[A-Za-z0-9-]{5,25}", "Alias");
            KeyGenerator keyGenerator = KeyGenerator.getInstance(readString);
            keyGenerator.init(readInt);
            this.keyStore.setEntry(readString2, new KeyStore.SecretKeyEntry(keyGenerator.generateKey()), this.shamirsLoadParameter.getProtectionParameter());
            this.keyStore.store(this.shamirsLoadParameter);
            currentTracer.wayout();
        } catch (Throwable th) {
            currentTracer.wayout();
            throw th;
        }
    }

    void listEntries() throws GeneralSecurityException {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "listEntries()");
        try {
            Iterator<String> asIterator = this.keyStore.aliases().asIterator();
            while (asIterator.hasNext()) {
                String next = asIterator.next();
                KeyStore.Entry entry = this.keyStore.getEntry(next, this.shamirsLoadParameter.getProtectionParameter());
                String str = null;
                Object obj = null;
                if (entry instanceof KeyStore.SecretKeyEntry) {
                    str = ((KeyStore.SecretKeyEntry) entry).getSecretKey().getAlgorithm();
                    obj = "Secret Key";
                } else if (this.keyStore.entryInstanceOf(next, KeyStore.PrivateKeyEntry.class)) {
                    str = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey().getAlgorithm();
                    obj = "Private Key";
                } else if (this.keyStore.entryInstanceOf(next, KeyStore.TrustedCertificateEntry.class)) {
                    str = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate().getPublicKey().getAlgorithm();
                    obj = "Trusted Certificate";
                }
                Map map = (Map) entry.getAttributes().stream().peek(attribute -> {
                    currentTracer.out().printfIndentln("attr: %s = %s", new Object[]{attribute.getName(), attribute.getValue()});
                }).collect(Collectors.toMap(attribute2 -> {
                    return attribute2.getName();
                }, Function.identity()));
                String value = map.containsKey("1.2.840.113549.1.9.20") ? ((KeyStore.Entry.Attribute) map.get("1.2.840.113549.1.9.20")).getValue() : "null";
                String value2 = map.containsKey("1.2.840.113549.1.9.21") ? ((KeyStore.Entry.Attribute) map.get("1.2.840.113549.1.9.21")).getValue() : "null";
                currentTracer.out().printfIndentln("friendlyName(%1$s) = %2$s, localId(%1$s) = %3$s, algorithm(%1$s) = %4$s, trustedKeyUsage(%1$s) = %5$s", new Object[]{next, value, value2, str, map.containsKey("2.16.840.1.113894.746875.1.1") ? ((KeyStore.Entry.Attribute) map.get("2.16.840.1.113894.746875.1.1")).getValue() : "null"});
                System.console().printf("%s-> %s: friendlyName=%s, localId=%s, algorithm=%s, keytype=%s\n", this.app.getCurrentWorkspace().getFileName(), next, value, value2, str, obj);
            }
        } finally {
            currentTracer.wayout();
        }
    }

    void addPrivateKey() throws GeneralSecurityException, IOException {
        String str;
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "addPrivateKey()");
        try {
            String readString = this.console.readString("DSA|RSA|EC", "Keygenerator algorithm");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(readString);
            boolean z = -1;
            switch (readString.hashCode()) {
                case 2206:
                    if (readString.equals("EC")) {
                        z = 2;
                        break;
                    }
                    break;
                case 67986:
                    if (readString.equals("DSA")) {
                        z = false;
                        break;
                    }
                    break;
                case 81440:
                    if (readString.equals("RSA")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    keyPairGenerator.initialize(2048);
                    str = "SHA256withDSA";
                    break;
                case true:
                    keyPairGenerator.initialize(4096);
                    str = "SHA256withRSA";
                    break;
                case true:
                    keyPairGenerator.initialize(new ECGenParameterSpec("secp521r1"));
                    str = "SHA256withECDSA";
                    break;
                default:
                    throw new NoSuchAlgorithmException(String.format("%s is not supported.", readString));
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            currentTracer.out().printfIndentln("keyPair.getPrivate().getAlgorithm() = %s, keyPair.getPrivate().getEncoded().length = %d", new Object[]{generateKeyPair.getPrivate().getAlgorithm(), Integer.valueOf(generateKeyPair.getPrivate().getEncoded().length)});
            int readInt = this.console.readInt("[0-9]+", "Validity");
            String format = String.format("CN=%s, L=%s, ST=%s, C=%s", this.console.readString("[A-Za-z- ]{5,30}", "Common Name"), this.console.readString("[A-Za-z- ]{5,30}", "Locality"), this.console.readString("[A-Za-z- ]{5,30}", "State"), this.console.readString("[A-Za-z- ]{5,30}", "Country"));
            String readString2 = this.console.readString("[a-z0-9-]{5,25}", "Alias");
            Instant now = Instant.now();
            Date from = Date.from(now);
            Date from2 = Date.from(now.plus((TemporalAmount) Duration.ofDays(readInt)));
            try {
                ContentSigner build = new JcaContentSignerBuilder(str).build(generateKeyPair.getPrivate());
                X500Name x500Name = new X500Name(format);
                X509CertificateHolder build2 = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(now.toEpochMilli()), from, from2, x500Name, generateKeyPair.getPublic()).build(build);
                JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
                jcaX509CertificateConverter.setProvider(new BouncyCastleProvider());
                this.keyStore.setEntry(readString2, new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new Certificate[]{jcaX509CertificateConverter.getCertificate(build2)}), this.shamirsLoadParameter.getProtectionParameter());
            } catch (OperatorCreationException e) {
                throw new GeneralSecurityException((Throwable) e);
            }
        } finally {
            currentTracer.wayout();
        }
    }

    void addCertificate() throws IOException {
        AbstractTracer currentTracer = getCurrentTracer();
        currentTracer.entry("void", this, "addCertificate()");
        try {
            String readString = this.console.readString("https://[A-Za-z-\\./]{5,30}", "URL");
            String readString2 = this.console.readString("[A-Za-z0-9-]{5,25}", "Alias");
            try {
                HttpClient.newBuilder().version(HttpClient.Version.HTTP_2).followRedirects(HttpClient.Redirect.NEVER).connectTimeout(Duration.ofSeconds(30L)).build().send(HttpRequest.newBuilder().uri(URI.create(readString)).GET().build(), HttpResponse.BodyHandlers.discarding()).sslSession().ifPresentOrElse(sSLSession -> {
                    try {
                        Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                        currentTracer.out().printfIndentln("certificates.length = %d", new Object[]{Integer.valueOf(peerCertificates.length)});
                        for (int i = 0; i < peerCertificates.length; i++) {
                            this.keyStore.setCertificateEntry(readString2 + i, peerCertificates[i]);
                        }
                    } catch (KeyStoreException | SSLPeerUnverifiedException e) {
                        currentTracer.logException(LogLevel.ERROR, e, getClass(), "addCertificate()");
                    }
                }, () -> {
                    currentTracer.logMessage(LogLevel.WARNING, "No ssl session available.", getClass(), "addCertificate()");
                });
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        } finally {
            currentTracer.wayout();
        }
    }

    @Override // de.christofreichardt.jca.shamirsdemo.Menu
    public boolean isExit() {
        return false;
    }
}
