package ifs.fnd.connect.security;

import ifs.fnd.base.IfsException;
import ifs.fnd.base.SystemException;
import ifs.fnd.record.FndAbstractRecord;
import ifs.fnd.record.FndArray;
import ifs.fnd.record.FndDate;
import ifs.fnd.record.FndRecord;
import ifs.fnd.record.FndText;
import ifs.fnd.services.plsqlserver.FndAbstractPlsqlWrapper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Date;
import java.util.Enumeration;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:ifs/fnd/connect/security/ConnectSecurityManager.class */
public final class ConnectSecurityManager {
    private final int generatedSeed = new Random(1089).nextInt();
    private final String generatedPassword = new String(Base64.getEncoder().encode(getRandomBytes(20, this.generatedSeed)));
    private static final String DBID_STMT = "select App_Message_Processing_API.Get_Dbid() from dual";
    private static final String USER_NAME_STMT = "SELECT NAME FROM PERSON_INFO WHERE USER_ID = ?";
    private static final String FND_USER_DESC_STMT = "SELECT DESCRIPTION FROM FND_USER WHERE IDENTITY = ?";

    public static ConnectSecurityManager newInstance() throws IfsException {
        return new ConnectSecurityManager();
    }

    private ConnectSecurityManager() {
    }

    public byte[] processPfx(byte[] bArr, String str, FndDate fndDate, FndText fndText) throws SystemException {
        try {
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(new ByteArrayInputStream(bArr), str.toCharArray());
            fndDate.setValue(((X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement())).getNotAfter());
            KeyStore convertKeystore = convertKeystore(keyStore, str, fndText);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
            convertKeystore.store(byteArrayOutputStream, getInstallationPassword().toCharArray());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | IfsException e) {
            Throwable cause = e.getCause();
            if (cause == null || !"Failed PKCS12 integrity checking".equals(cause.getMessage())) {
                throw new SystemException(e, "Decryption error: &1", new String[]{e.getMessage()});
            }
            throw new SystemException("Could not open Certificate File. Password Incorrect!", new String[0]);
        }
    }

    public byte[] processPem(byte[] bArr, FndDate fndDate, FndText fndText, String str, String str2) throws SystemException {
        try {
            KeyStore convertToPfxKeystore = convertToPfxKeystore(bArr, fndText, str, str2);
            String fndText2 = fndText.toString();
            if ("Other".equals(fndText2) || "PrivateKey".equals(fndText2) || "Certificate".equals(fndText2)) {
                return bArr;
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
            fndDate.setValue(((X509Certificate) convertToPfxKeystore.getCertificate(convertToPfxKeystore.aliases().nextElement())).getNotAfter());
            convertToPfxKeystore.store(byteArrayOutputStream, getInstallationPassword().toCharArray());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | IfsException e) {
            throw new SystemException(e, "PEM Processing Error: &1", new String[]{e.getMessage()});
        }
    }

    public void verifyCertificate(byte[] bArr, FndDate fndDate) throws SystemException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                x509Certificate.checkValidity();
                fndDate.setValue(x509Certificate.getNotAfter());
            }
        } catch (CertificateException e) {
            throw new SystemException(e, "Certificate Error: &1", new String[]{e.getMessage()});
        }
    }

    public byte[] generateSelfSignedKeystore(String str, FndDate fndDate) throws SystemException {
        try {
            FndAbstractPlsqlWrapper fndAbstractPlsqlWrapper = new FndAbstractPlsqlWrapper() { // from class: ifs.fnd.connect.security.ConnectSecurityManager.1
            };
            FndRecord fndRecord = new FndRecord();
            fndRecord.add("USER_NAME", str, "IN");
            FndArray fndArray = new FndArray();
            fndAbstractPlsqlWrapper.executePLSQLSelect(USER_NAME_STMT, fndRecord, fndArray);
            if (fndArray.size() > 0) {
                str = fndArray.firstElement().getAttribute(0).getValue();
            } else {
                fndAbstractPlsqlWrapper.executePLSQLSelect(FND_USER_DESC_STMT, fndRecord, fndArray);
                if (fndArray.size() > 0) {
                    str = fndArray.firstElement().getAttribute(0).getValue();
                }
            }
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(null, null);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(512);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            keyStore.setKeyEntry("SelfSignedEntry", genKeyPair.getPrivate(), getInstallationPassword().toCharArray(), new X509Certificate[]{createSelfSignedUserCertificate(genKeyPair, str)});
            fndDate.setValue(((X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement())).getNotAfter());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, getInstallationPassword().toCharArray());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | IfsException e) {
            throw new SystemException(e, "Could not create certificate: &1", new String[]{e.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getInstallationPassword() throws IfsException {
        FndAbstractPlsqlWrapper fndAbstractPlsqlWrapper = new FndAbstractPlsqlWrapper() { // from class: ifs.fnd.connect.security.ConnectSecurityManager.2
        };
        FndArray fndArray = new FndArray();
        fndAbstractPlsqlWrapper.executePLSQLSelect(DBID_STMT, (FndAbstractRecord) null, fndArray);
        if (fndArray.size() <= 0) {
            throw new SystemException("Could not verify database id.", new String[0]);
        }
        long longValue = fndArray.firstElement().getAttribute(0).getValue().longValue();
        while (true) {
            long j = longValue;
            if (j <= 2147483647L) {
                return dsEncrypt(this.generatedPassword, (int) j);
            }
            longValue = j / 2;
        }
    }

    private String dsEncrypt(String str, int i) {
        int length = str.length();
        byte[] bArr = new byte[length];
        byte[] randomBytes = getRandomBytes(length, i);
        byte[] randomBytes2 = getRandomBytes(length, i + randomBytes[1]);
        for (int i2 = 0; i2 < length; i2++) {
            bArr[i2] = (byte) (str.charAt(i2) ^ randomBytes[i2]);
        }
        for (int i3 = 0; i3 < length; i3++) {
            bArr[i3] = (byte) (bArr[i3] ^ randomBytes2[(length - i3) - 1]);
        }
        return new String(Base64.getEncoder().encode(bArr));
    }

    private String dsDecrypt(String str, int i) {
        byte[] decode = Base64.getDecoder().decode(str);
        int length = decode.length;
        char[] cArr = new char[length];
        byte[] randomBytes = getRandomBytes(length, i);
        byte[] randomBytes2 = getRandomBytes(length, i + randomBytes[1]);
        for (int i2 = 0; i2 < length; i2++) {
            cArr[i2] = (char) (decode[i2] ^ randomBytes2[(length - i2) - 1]);
        }
        for (int i3 = 0; i3 < length; i3++) {
            cArr[i3] = (char) (cArr[i3] ^ randomBytes[i3]);
        }
        return String.valueOf(cArr);
    }

    private String scramble(String str) throws SystemException {
        return encryptWithAES(str, new String(getRandomBytes(16, this.generatedSeed)));
    }

    private String descramble(String str) throws SystemException {
        return decryptWithAES(str, new String(getRandomBytes(16, this.generatedSeed)));
    }

    private SecretKey createAESKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), getRandomBytes(16, this.generatedSeed), 65536, 128)).getEncoded(), "AES");
    }

    private String encryptWithAES(String str, String str2) throws SystemException {
        try {
            SecretKey createAESKey = createAESKey(str2);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, createAESKey, new IvParameterSpec(getRandomBytes(16, this.generatedSeed)));
            return new String(Base64.getEncoder().encode(cipher.doFinal(str.getBytes())));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SystemException(e, "Encryption error: $1", new String[]{e.getMessage()});
        }
    }

    private String decryptWithAES(String str, String str2) throws SystemException {
        try {
            SecretKey createAESKey = createAESKey(str2);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, createAESKey, new IvParameterSpec(getRandomBytes(16, this.generatedSeed)));
            return new String(cipher.doFinal(Base64.getDecoder().decode(str)));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SystemException(e, "Decryption error: &1", new String[]{e.getMessage()});
        }
    }

    private byte[] getRandomBytes(int i, int i2) {
        byte[] bArr = new byte[i];
        new Random(i2 == 0 ? new Random().nextInt() : i2).nextBytes(bArr);
        return bArr;
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0119, code lost:
    
        if (r14 == null) goto L29;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x011c, code lost:
    
        r0 = "PrivateKey";
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x0132, code lost:
    
        r11.setValue(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x013c, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x0128, code lost:
    
        if (r0.isEmpty() != false) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x012b, code lost:
    
        r0 = "Certificate";
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0130, code lost:
    
        r0 = "Other";
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.KeyStore convertToPfxKeystore(byte[] r10, ifs.fnd.record.FndText r11, java.lang.String r12, java.lang.String r13) throws ifs.fnd.base.SystemException {
        /*
            Method dump skipped, instructions count: 395
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ifs.fnd.connect.security.ConnectSecurityManager.convertToPfxKeystore(byte[], ifs.fnd.record.FndText, java.lang.String, java.lang.String):java.security.KeyStore");
    }

    private KeyStore convertKeystore(KeyStore keyStore, String str, FndText fndText) throws SystemException {
        try {
            KeyStore keyStore2 = KeyStore.getInstance(keyStore.getType());
            keyStore2.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    keyStore2.setCertificateEntry(nextElement, keyStore.getCertificate(nextElement));
                    fndText.setValue("Certificate");
                }
                if (keyStore.isKeyEntry(nextElement)) {
                    keyStore2.setKeyEntry(nextElement, keyStore.getKey(nextElement, str.toCharArray()), getInstallationPassword().toCharArray(), keyStore.getCertificateChain(nextElement));
                    fndText.setValue("Keystore");
                }
            }
            return keyStore2;
        } catch (IfsException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new SystemException(e, "Decryption error: &1", new String[]{e.getMessage()});
        }
    }

    private X509Certificate createSelfSignedUserCertificate(KeyPair keyPair, String str) throws SystemException {
        try {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.CN, str);
            X500Name build = x500NameBuilder.build();
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(build, BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + 63072000000L), build, keyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(182));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
            aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
            aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
            jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())).getEncoded()));
        } catch (IllegalStateException | OperatorCreationException | IOException | CertificateException e) {
            throw new SystemException(e, "Could not create certificate: &1", new String[]{e.getMessage()});
        }
    }
}
