package de.petendi.seccoco;

import de.petendi.commons.crypto.AsymmetricCrypto;
import de.petendi.commons.crypto.Certificates;
import de.petendi.commons.crypto.connector.CryptoException;
import de.petendi.seccoco.argument.ArgumentList;
import de.petendi.seccoco.connector.BCConnector;
import de.petendi.seccoco.model.Identity;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.security.cert.CertificateEncodingException;
import java.util.Properties;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:lib/seccoco-java-2.0.0.jar:de/petendi/seccoco/SeccocoFactory.class */
public class SeccocoFactory {
    private final ArgumentList argumentList;
    private final String componentName;
    private final OutputWriter outputWriter;
    private BCConnector securityProviderConnector;

    /* loaded from: input_file:lib/seccoco-java-2.0.0.jar:de/petendi/seccoco/SeccocoFactory$OutputWriter.class */
    public interface OutputWriter {
        void println(String str);
    }

    public SeccocoFactory(String str, ArgumentList argumentList) {
        this(str, argumentList, new OutputWriter() { // from class: de.petendi.seccoco.SeccocoFactory.1
            @Override // de.petendi.seccoco.SeccocoFactory.OutputWriter
            public void println(String str2) {
                System.out.println(str2);
            }
        });
    }

    public SeccocoFactory(String str, ArgumentList argumentList, OutputWriter outputWriter) {
        this.securityProviderConnector = new BCConnector();
        this.componentName = str;
        this.argumentList = argumentList;
        this.outputWriter = outputWriter;
    }

    public Seccoco create() {
        File token = this.argumentList.getToken();
        File workingDirectory = this.argumentList.getWorkingDirectory();
        if (workingDirectory == null) {
            workingDirectory = new File(this.argumentList.getUserDirectory());
            if (!workingDirectory.isDirectory()) {
                throw new InitializationException("userdirectory not a directory - set proper user.dir environment or a valid workingdirectory");
            }
        }
        if (!workingDirectory.canWrite()) {
            throw new InitializationException("workingdirectory is not writable");
        }
        File file = new File(workingDirectory, this.componentName);
        if (!file.exists() && !file.mkdirs()) {
            throw new InitializationException("Creating of working directory failed");
        }
        this.argumentList.setWorkingDirectory(file);
        out("Using workingdirectory " + file.getAbsolutePath());
        boolean z = !new File(file, "public.pem").exists();
        char[] tokenPassword = this.argumentList.getTokenPassword();
        if (token == null) {
            out("No certfile given as argument, looking it up");
            File file2 = new File(file, "cert.p12");
            if (file2.exists()) {
                out("Found certificate under defaultpath " + file2.getAbsolutePath());
                token = file2;
            } else {
                out("No certificate found under defaultpath " + file2.getAbsolutePath());
                if (!z) {
                    throw new InitializationException("public key available, but no private key");
                }
                if (tokenPassword.length == 0) {
                    out("No password given as argument, creating a random password");
                    String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
                    out("IMPORTANT: remember this password well! Without that password you will not be able to start the application again!");
                    out("----------");
                    out("Application password: " + randomAlphanumeric);
                    out("----------");
                    tokenPassword = randomAlphanumeric.toCharArray();
                }
                if (!createSelfSignedCertificate(file, tokenPassword, file2)) {
                    throw new InitializationException("error creating selfsigned certificate");
                }
                token = file2;
            }
        }
        File file3 = new File(file, "public.pem");
        if (!file3.exists()) {
            throw new InitializationException("no public key available");
        }
        if (tokenPassword.length == 0) {
            throw new InitializationException("No password given as argument");
        }
        try {
            String iOUtils = IOUtils.toString(new FileInputStream(file3));
            byte[] byteArray = IOUtils.toByteArray(new FileInputStream(token));
            if (!checkValidity(iOUtils, byteArray, tokenPassword)) {
                throw new InitializationException("public and private key don't fit together");
            }
            out("Validity check succeeded");
            SeccocoImpl seccocoImpl = new SeccocoImpl();
            Identity identity = new Identity(iOUtils, DefaultIdentities.extractFingerPrint(this.securityProviderConnector.extractCertificate(new StringReader(iOUtils))));
            File file4 = new File(file, "seccoco.props");
            char[] readAppPassword = file4.exists() ? readAppPassword("dat1", file4, byteArray, tokenPassword) : storeAppPassword("dat1", file4, identity);
            DefaultIdentities defaultIdentities = new DefaultIdentities(new File(this.argumentList.getWorkingDirectory(), "certs"), identity);
            DefaultCrypto defaultCrypto = new DefaultCrypto(tokenPassword, byteArray, defaultIdentities, readAppPassword, identity);
            seccocoImpl.setDefaultIO(new DefaultIO(defaultIdentities, defaultCrypto, readAppPassword));
            seccocoImpl.setIdentities(defaultIdentities);
            seccocoImpl.setCrypto(defaultCrypto);
            return seccocoImpl;
        } catch (CryptoException e) {
            throw new InitializationException("could not extract certificate");
        } catch (IOException e2) {
            throw new InitializationException("could not read certificate");
        } catch (CertificateEncodingException e3) {
            throw new InitializationException("could not extract certificate - wrong encoding");
        }
    }

    private boolean createSelfSignedCertificate(File file, char[] cArr, File file2) {
        out("Creating selfsigned certificate");
        Certificates certificates = new Certificates(this.securityProviderConnector);
        StringWriter stringWriter = new StringWriter();
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            certificates.create(this.componentName, cArr, stringWriter, fileOutputStream);
            fileOutputStream.flush();
            fileOutputStream.close();
            out("The private key of the server is located here; " + file2.getAbsolutePath());
            out("This is  the public key of the server:");
            String stringWriter2 = stringWriter.toString();
            out(stringWriter2);
            File file3 = new File(file, "public.pem");
            FileWriter fileWriter = new FileWriter(file3);
            IOUtils.write(stringWriter2, (Writer) fileWriter);
            fileWriter.flush();
            fileWriter.close();
            out("The publickey is located here: " + file3.getAbsolutePath());
            return true;
        } catch (IOException e) {
            throw new InitializationException("could not create token: " + e.toString());
        }
    }

    private boolean checkValidity(String str, byte[] bArr, char[] cArr) {
        AsymmetricCrypto asymmetricCrypto = new AsymmetricCrypto(this.securityProviderConnector);
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(15);
        if (asymmetricCrypto.containsPrivateKey(cArr, new ByteArrayInputStream(bArr))) {
            return randomAlphanumeric.equals(new String(asymmetricCrypto.decrypt(asymmetricCrypto.encrypt(randomAlphanumeric.getBytes(), new StringReader(str)), cArr, new ByteArrayInputStream(bArr))));
        }
        throw new InitializationException("Wrong password or corrupt P12");
    }

    private char[] readAppPassword(String str, File file, byte[] bArr, char[] cArr) {
        Properties properties = new Properties();
        try {
            properties.load(new FileReader(file));
            return new String(Base64.encode(new AsymmetricCrypto(this.securityProviderConnector).decrypt(Base64.decode(properties.getProperty(str)), cArr, new ByteArrayInputStream(bArr)))).toCharArray();
        } catch (IOException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private char[] storeAppPassword(String str, File file, Identity identity) {
        Properties properties = new Properties();
        AsymmetricCrypto asymmetricCrypto = new AsymmetricCrypto(new BCConnector());
        byte[] encoded = new BCConnector().generateSecretKey().getEncoded();
        char[] charArray = Base64.toBase64String(encoded).toCharArray();
        properties.put(str, new String(Base64.encode(asymmetricCrypto.encrypt(encoded, new StringReader(identity.getCertificate())))));
        try {
            properties.store(new FileWriter(file), "Data");
            return charArray;
        } catch (IOException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private void out(String str) {
        this.outputWriter.println(str);
    }
}
