package org.ejbca.util.keystore;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.log4j.Logger;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.cesecore.util.CryptoProviderTools;
import org.ejbca.config.ScepConfiguration;
import org.ejbca.core.model.hardtoken.HardTokenConstants;

/* loaded from: input_file:org/ejbca/util/keystore/P12toPEM.class */
public class P12toPEM {
    private static Logger log = Logger.getLogger(P12toPEM.class);
    String exportpath;
    String p12File;
    String password;
    KeyStore ks;
    boolean overwrite;
    byte[] beginCertificate;
    byte[] endCertificate;
    byte[] beginPrivateKey;
    byte[] endPrivateKey;
    byte[] NL;

    public static void main(String[] strArr) {
        CryptoProviderTools.installBCProvider();
        P12toPEM p12toPEM = null;
        try {
            if (strArr.length > 2) {
                boolean z = false;
                if (strArr[2].equalsIgnoreCase("true")) {
                    z = true;
                }
                p12toPEM = new P12toPEM(strArr[0], strArr[1], z);
            } else if (strArr.length > 1) {
                p12toPEM = new P12toPEM(strArr[0], strArr[1]);
            } else {
                System.out.println("Usage: P12toPEM <p12file> <p12password> [overwrite (true/false)(default false)]");
                System.exit(0);
            }
            p12toPEM.createPEM();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public P12toPEM(String str, String str2) {
        this.exportpath = "./p12/pem/";
        this.ks = null;
        this.overwrite = false;
        this.beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes();
        this.endCertificate = "-----END CERTIFICATE-----".getBytes();
        this.beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes();
        this.endPrivateKey = "-----END PRIVATE KEY-----".getBytes();
        this.NL = "\n".getBytes();
        this.p12File = str;
        this.password = str2;
    }

    public P12toPEM(KeyStore keyStore, String str, boolean z) {
        this.exportpath = "./p12/pem/";
        this.ks = null;
        this.overwrite = false;
        this.beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes();
        this.endCertificate = "-----END CERTIFICATE-----".getBytes();
        this.beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes();
        this.endPrivateKey = "-----END PRIVATE KEY-----".getBytes();
        this.NL = "\n".getBytes();
        this.password = str;
        this.ks = keyStore;
        this.overwrite = z;
    }

    public void setExportPath(String str) {
        this.exportpath = str;
    }

    public P12toPEM(String str, String str2, boolean z) {
        this.exportpath = "./p12/pem/";
        this.ks = null;
        this.overwrite = false;
        this.beginCertificate = "-----BEGIN CERTIFICATE-----".getBytes();
        this.endCertificate = "-----END CERTIFICATE-----".getBytes();
        this.beginPrivateKey = "-----BEGIN PRIVATE KEY-----".getBytes();
        this.endPrivateKey = "-----END PRIVATE KEY-----".getBytes();
        this.NL = "\n".getBytes();
        this.p12File = str;
        this.password = str2;
        this.overwrite = z;
    }

    public void createPEM() throws KeyStoreException, FileNotFoundException, IOException, NoSuchProviderException, NoSuchAlgorithmException, CertificateEncodingException, CertificateException, UnrecoverableKeyException {
        if (this.ks == null) {
            this.ks = KeyStore.getInstance(HardTokenConstants.TOKENTYPE_PKCS12, "BC");
            FileInputStream fileInputStream = new FileInputStream(this.p12File);
            this.ks.load(fileInputStream, this.password.toCharArray());
            fileInputStream.close();
        }
        Enumeration<String> aliases = this.ks.aliases();
        String str = null;
        PrivateKey privateKey = null;
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            str = aliases.nextElement();
            if ((str instanceof String) && this.ks.isKeyEntry(str)) {
                PrivateKey privateKey2 = (PrivateKey) this.ks.getKey(str, this.password.toCharArray());
                privateKey = privateKey2;
                if (privateKey2 != null) {
                    log.debug("Aliases " + ((Object) str) + " is KeyEntry.");
                    break;
                }
            }
        }
        log.debug(new StringBuilder().append("Private key encode: ").append(privateKey).toString() == null ? null : privateKey.getFormat());
        byte[] bytes = "".getBytes();
        if (privateKey != null) {
            bytes = privateKey.getEncoded();
        }
        Certificate[] certChain = KeyTools.getCertChain(this.ks, str);
        log.debug("Loaded certificate chain with length " + certChain.length + " from keystore.");
        X509Certificate x509Certificate = (X509Certificate) certChain[0];
        byte[] encoded = x509Certificate.getEncoded();
        String partFromDN = CertTools.getPartFromDN(CertTools.getSubjectDN(x509Certificate), ScepConfiguration.DEFAULT_RA_NAME_GENERATION_PARAMETERS);
        File file = new File(this.exportpath);
        file.mkdir();
        File file2 = new File(file, partFromDN + ".pem");
        if (!this.overwrite && file2.exists()) {
            log.error("File '" + file2 + "' already exists, don't overwrite.");
            return;
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        fileOutputStream.write(this.beginCertificate);
        fileOutputStream.write(this.NL);
        fileOutputStream.write(Base64.encode(encoded));
        fileOutputStream.write(this.NL);
        fileOutputStream.write(this.endCertificate);
        fileOutputStream.close();
        File file3 = new File(file, partFromDN + "-Key.pem");
        if (!this.overwrite && file3.exists()) {
            log.error("File '" + file3 + "' already exists, don't overwrite.");
            return;
        }
        FileOutputStream fileOutputStream2 = new FileOutputStream(file3);
        fileOutputStream2.write(this.beginPrivateKey);
        fileOutputStream2.write(this.NL);
        fileOutputStream2.write(Base64.encode(bytes));
        fileOutputStream2.write(this.NL);
        fileOutputStream2.write(this.endPrivateKey);
        fileOutputStream2.close();
        File file4 = new File(file, partFromDN + "-CA.pem");
        if (!this.overwrite && file4.exists()) {
            log.error("File '" + file4 + "' already exists, don't overwrite.");
            return;
        }
        if (CertTools.isSelfSigned(x509Certificate)) {
            log.info("User certificate is selfsigned, this is a RootCA, no CA certificates written.");
            return;
        }
        FileOutputStream fileOutputStream3 = new FileOutputStream(file4);
        for (int i = 1; i < certChain.length; i++) {
            byte[] encoded2 = ((X509Certificate) certChain[i]).getEncoded();
            fileOutputStream3.write(this.beginCertificate);
            fileOutputStream3.write(this.NL);
            fileOutputStream3.write(Base64.encode(encoded2));
            fileOutputStream3.write(this.NL);
            fileOutputStream3.write(this.endCertificate);
            fileOutputStream3.write(this.NL);
        }
        fileOutputStream3.close();
    }
}
