package org.globus.tools;

import java.io.File;
import java.io.FileOutputStream;
import java.io.PrintStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import org.apache.jena.atlas.json.io.JSWriter;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.util.encoders.Base64;
import org.globus.common.CoGProperties;
import org.globus.common.Version;
import org.globus.gsi.CertUtil;
import org.globus.gsi.bc.BouncyCastleOpenSSLKey;
import org.globus.gsi.bc.X509NameHelper;
import org.globus.gsi.gssapi.KeyPairCache;
import org.globus.util.ConfigUtil;
import org.globus.util.PEMUtils;
import org.globus.util.Util;

/* loaded from: input_file:org/globus/tools/GridCertRequest.class */
public final class GridCertRequest {
    private static final String MESSAGE = "A certificate request and private key will be created.\nYou will be asked to enter a PEM pass phrase.\nThis pass phrase is akin to your account password,\nand is used to protect your key file.\nIf you forget your pass phrase, you will need to\nobtain a new certificate.\n";
    public static final String USAGE = "\n\ngrid-cert-request [-help] [ options ...]\n\n  Example Usage:\n\n    Creating a user certifcate:\n      grid-cert-request\n\n    Creating a host or gatekeeper certifcate:\n      grid-cert-request -host [my.host.fqdn]\n\n    Creating a LDAP server certificate:\n      grid-cert-request -service ldap -host [my.host.fqdn]\n\n  Options:\n\n    -version           : Display version\n    -?, -h, -help,     : Display usage\n    -usage\n    -cn <name>,        : Common name of the user\n    -commonname <name>\n    -service <service> : Create certificate for a service. Requires\n                         the -host option and implies that the generated\n                         key will not be password protected (ie implies -nopw).\n    -host <FQDN>       : Create certificate for a host named <FQDN>\n    -dir <directory>   : Changes the directory the private key and certificate\n                         request will be placed in. By default user certificates\n                         are placed in " + System.getProperty("user.home") + File.separator + ".globus\n                         directory. On Unix machines, host certificates are\n                         placed in /etc/grid-security directory and service\n                         certificates are placed in /etc/grid-security/<service>.\n                         On Windows machines they are placed in the same\n                         location as the user certificates.\n    -prefix <prefix>   : Causes the generated files to be named\n                         <prefix>cert.pem, <prefix>key.pem and\n                         <prefix>cert_request.pem\n    -nopw,             : Create certificate without a password\n    -nodes,\n    -nopassphrase,\n    -verbose           : Don't clear the screen <<Not used>>\n    -int[eractive]     : Prompt user for each component of the DN\n    -force             : Overwrites preexisting certifictes\n    -caEmail <address> : CA email address, if request is to be mailed to CA\n    -orgBaseDN <dn>    : The base DN of this organization (in LDAP format)";
    private static String caEmail = null;
    private static String cn = null;
    private static boolean interactive = false;
    private static boolean verbose = false;
    private static boolean noPswd = false;
    private static String dir = null;
    private static boolean force = false;
    private static String prefix = null;
    private static boolean debug = false;

    public static void main(String[] strArr) {
        parseCmdLine(strArr);
        File file = new File(dir);
        if (!file.exists() && !file.mkdirs()) {
            exit("Unable to create " + file + " directory.", 1);
        }
        if (!file.isDirectory()) {
            exit("The directory " + file + " specified is not a directory.", 2);
        }
        if (!file.canWrite()) {
            exit("Can't write to " + file, 3);
        }
        File file2 = new File(file, prefix + "cert.pem");
        File file3 = new File(file, prefix + "key.pem");
        File file4 = new File(file, prefix + "cert_request.pem");
        if (!force) {
            boolean z = false;
            if (file3.exists()) {
                System.err.println(file3 + " exists");
                z = true;
            }
            if (file2.exists()) {
                System.err.println(file2 + " exists");
                z = true;
            }
            if (file4.exists()) {
                System.err.println(file4 + " exists");
                z = true;
            }
            if (z) {
                exit("If you wish to overwrite, run the script again with -force.", 4);
            }
        }
        String str = null;
        if (!noPswd) {
            int i = 0;
            boolean z2 = false;
            System.out.println(MESSAGE);
            while (true) {
                if (i >= 3) {
                    break;
                }
                str = Util.getPrivateInput("Enter PEM pass phrase: ");
                if (str.length() < 4) {
                    System.out.println("Phrase is too short, needs to be at least 4 chars");
                    i++;
                } else if (str.compareTo(Util.getPrivateInput("Verifying password - Enter PEM pass phrase: ")) == 0) {
                    z2 = true;
                    break;
                } else {
                    System.out.println("Verify failure");
                    i++;
                }
            }
            if (!z2) {
                exit("Too many attempts", 5);
            }
        }
        try {
            genCertificateRequest(cn, caEmail, str, file3, file2, file4);
        } catch (Exception e) {
            System.err.println("Error generating cert request: " + e.getMessage());
            if (debug) {
                e.printStackTrace();
            }
            System.exit(6);
        }
    }

    private static void exit(String str, int i) {
        System.err.println("Error: " + str);
        System.exit(i);
    }

    private static void exit(String str) {
        exit(str, 1);
    }

    protected static void parseCmdLine(String[] strArr) {
        String str = null;
        String str2 = null;
        String str3 = null;
        String property = System.getProperty("user.name");
        int i = 0;
        while (i < strArr.length) {
            if (strArr[i].equalsIgnoreCase("-version")) {
                System.err.println(Version.getVersion());
                System.exit(1);
            } else if (strArr[i].equalsIgnoreCase("-help") || strArr[i].equalsIgnoreCase("-h") || strArr[i].equalsIgnoreCase("-?")) {
                exit(USAGE, 0);
            } else if (strArr[i].equalsIgnoreCase("-cn") || strArr[i].equalsIgnoreCase("-commonname")) {
                i++;
                if (i == strArr.length) {
                    exit("-cn requires an argument");
                } else {
                    property = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-service")) {
                i++;
                if (i == strArr.length) {
                    exit("-service requires an argument");
                } else {
                    str2 = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-host")) {
                i++;
                if (i == strArr.length) {
                    exit("-host requires an argument");
                } else {
                    str = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-dir")) {
                i++;
                if (i == strArr.length) {
                    exit("-dir requires an argument");
                } else {
                    dir = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-prefix")) {
                i++;
                if (i == strArr.length) {
                    exit("-prefix requires an argument");
                } else {
                    prefix = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-nopw") || strArr[i].equalsIgnoreCase("-nodes") || strArr[i].equalsIgnoreCase("-nopassphrase")) {
                noPswd = true;
            } else if (strArr[i].equalsIgnoreCase("-verbose")) {
                verbose = true;
            } else if (strArr[i].equalsIgnoreCase("-int") || strArr[i].equalsIgnoreCase("-interactive")) {
                interactive = true;
            } else if (strArr[i].equalsIgnoreCase("-force")) {
                force = true;
            } else if (strArr[i].equalsIgnoreCase("-debug")) {
                debug = true;
            } else if (strArr[i].equalsIgnoreCase("-caEmail")) {
                i++;
                if (i == strArr.length) {
                    exit("-caEmail requires an argument");
                } else {
                    caEmail = strArr[i];
                }
            } else if (strArr[i].equalsIgnoreCase("-orgBaseDN")) {
                i++;
                if (i == strArr.length) {
                    exit("-orgBaseDN requires an argument");
                } else {
                    str3 = strArr[i];
                }
            } else {
                exit("argument #" + (i + 1) + "(" + strArr[i] + ") : unknown");
            }
            i++;
        }
        if (str3 == null) {
            str3 = CoGProperties.getDefault().getProperty("orgBaseDN");
            if (str3 == null) {
                str3 = interactive ? getOrgName() : "O=Grid";
            }
        }
        if (str2 != null) {
            if (str == null) {
                exit("-host required");
            } else {
                cn = str3 + ", CN=" + str2 + "/" + str;
                noPswd = true;
                if (prefix == null) {
                    prefix = str2;
                }
                if (dir == null && ConfigUtil.getOS() == 1) {
                    dir = "/etc/grid-security/" + str2;
                }
            }
        } else if (str != null) {
            cn = str3 + ", CN=host/" + str;
            noPswd = true;
            if (prefix == null) {
                prefix = "host";
            }
            if (dir == null && ConfigUtil.getOS() == 1) {
                dir = "/etc/grid-security";
            }
        } else {
            cn = str3 + ", CN=" + property;
            if (prefix == null) {
                prefix = "user";
            }
        }
        if (dir == null) {
            dir = System.getProperty("user.home") + File.separator + ".globus";
        }
    }

    public static void genCertificateRequest(String str, String str2, String str3, File file, File file2, File file3) throws Exception {
        CertUtil.init();
        X509Name x509Name = new X509Name(str);
        String x509NameHelper = X509NameHelper.toString(x509Name);
        System.out.println("Generating a 1024 bit RSA private key");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KeyPairCache.DEFAULT_ALGORITHM);
        keyPairGenerator.initialize(1024);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PrivateKey privateKey = genKeyPair.getPrivate();
        byte[] encode = Base64.encode(new PKCS10CertificationRequest("MD5WithRSA", x509Name, genKeyPair.getPublic(), new DERSet(), privateKey).getEncoded());
        PrintStream printStream = null;
        try {
            printStream = new PrintStream(new FileOutputStream(file3));
            boolean z = false;
            if (str2 == null || str2.length() <= 0) {
                printStream.print("\n\nPlease send the following certificate request to the Certificate Authority (CA). Refer to CA instructions for details on to send the request.");
            } else {
                z = true;
                printStream.print("\n\nPlease mail the following certificate request to " + str2);
            }
            printStream.print("\n\n==================================================================\n\nCertificate Subject:\n\n" + x509NameHelper + "\n\nThe above string is known as your user certificate subject, and it \nuniquely identifies this user.\n\nTo install this user certificate, please save this e-mail message\ninto the following file.\n\n\n" + file3.getAbsolutePath() + "\n\n\n      You need not edit this message in any way. Simply \n      save this e-mail message to the file.\n\n\nIf you have any questions about the certificate contact\nthe Certificate Authority");
            if (z) {
                printStream.print("at " + str2);
            }
            printStream.print("\n\n");
            PEMUtils.writeBase64(printStream, "-----BEGIN CERTIFICATE REQUEST-----", encode, "-----END CERTIFICATE REQUEST-----");
            if (printStream != null) {
                printStream.close();
            }
            BouncyCastleOpenSSLKey bouncyCastleOpenSSLKey = new BouncyCastleOpenSSLKey(privateKey);
            if (str3 != null) {
                bouncyCastleOpenSSLKey.encrypt(str3);
            }
            bouncyCastleOpenSSLKey.writeTo(file.getAbsolutePath());
            file2.createNewFile();
            System.out.println("A private key and a certificate request has been generated with the subject:");
            System.out.println();
            System.out.println(x509NameHelper);
            System.out.println();
            System.out.println("The private key is stored in " + file.getAbsolutePath());
            System.out.println("The request is stored in " + file3.getAbsolutePath());
        } catch (Throwable th) {
            if (printStream != null) {
                printStream.close();
            }
            throw th;
        }
    }

    private static String getOrgName() {
        System.out.println("-----");
        System.out.println("You are about to be asked to enter information that will be incorporated");
        System.out.println("into your certificate request.");
        System.out.println("What you are about to enter is what is called a Distinguished Name or a DN.");
        System.out.println("Enter organization DN by entering individual component names and their values.");
        System.out.println("The component name can be one of: " + X509Name.DefaultLookUp.keySet());
        System.out.println("-----");
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String component = getComponent();
            if (component == null) {
                break;
            }
            if (stringBuffer.length() != 0) {
                stringBuffer.append(JSWriter.ArraySep);
            }
            stringBuffer.append(component);
        }
        if (stringBuffer.length() == 0) {
            exit("Invalid organization DN");
        }
        return stringBuffer.toString();
    }

    private static String getComponent() {
        while (true) {
            String input = Util.getInput("Enter name component: ");
            if (input == null || input.trim().length() == 0) {
                return null;
            }
            String trim = input.trim();
            if (X509Name.DefaultLookUp.get(trim.toLowerCase()) != null) {
                String upperCase = trim.toUpperCase();
                String input2 = Util.getInput("Enter '" + upperCase + "' value: ");
                if (input2 == null || input2.trim().length() == 0) {
                    return null;
                }
                return upperCase + "=" + input2.trim();
            }
            System.out.println("Invalid component name");
        }
    }
}
