package org.overlord.commons.karaf.commands.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.overlord.commons.karaf.commands.CommandConstants;
import org.overlord.commons.karaf.commands.i18n.Messages;

/* loaded from: input_file:org/overlord/commons/karaf/commands/saml/GenerateSamlKeystoreUtil.class */
public class GenerateSamlKeystoreUtil {
    private static final int validity = 90;
    private String storetype;
    private String alias;
    private String dname;
    private String keyAlgName;
    private int keysize;
    private char[] keyPass = null;
    private char[] storePass = null;
    private final String providerName = null;
    private KeyStore keyStore = null;
    private String srcstoretype = null;
    private final String startDate = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/overlord/commons/karaf/commands/saml/GenerateSamlKeystoreUtil$JCESigner.class */
    public static class JCESigner implements ContentSigner {
        private static final AlgorithmIdentifier PKCS1_SHA256_WITH_RSA_OID = new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
        private Signature signature;
        private ByteArrayOutputStream outputStream;

        public JCESigner(PrivateKey privateKey, String str) {
            if (!"SHA256withRSA".equals(str)) {
                throw new IllegalArgumentException(Messages.format("Signature algorithm \"{0}\" not yet supported.", str));
            }
            try {
                this.outputStream = new ByteArrayOutputStream();
                this.signature = Signature.getInstance(str);
                this.signature.initSign(privateKey);
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        }

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            if (this.signature.getAlgorithm().equals("SHA256withRSA")) {
                return PKCS1_SHA256_WITH_RSA_OID;
            }
            return null;
        }

        public OutputStream getOutputStream() {
            return this.outputStream;
        }

        public byte[] getSignature() {
            try {
                this.signature.update(this.outputStream.toByteArray());
                return this.signature.sign();
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
                return null;
            }
        }
    }

    public GenerateSamlKeystoreUtil() {
        this.storetype = null;
        this.alias = null;
        this.dname = null;
        this.keyAlgName = null;
        this.keysize = -1;
        this.storetype = "jks";
        this.alias = CommandConstants.OverlordProperties.OVERLORD_SAML_ALIAS_VALUE;
        this.dname = "CN=Picketbox vault, OU=picketbox, O=Jboss, L=Westford, ST=Mass, C=US";
        this.keysize = 2048;
        this.keyAlgName = "RSA";
    }

    public boolean generate(String str, File file) throws Exception {
        this.storePass = str.toCharArray();
        this.keyPass = str.toCharArray();
        if (this.storetype == null) {
            this.storetype = KeyStore.getDefaultType();
        }
        if (this.srcstoretype == null) {
            this.srcstoretype = KeyStore.getDefaultType();
        }
        if (this.providerName == null) {
            this.keyStore = KeyStore.getInstance(this.storetype);
        } else {
            this.keyStore = KeyStore.getInstance(this.storetype, this.providerName);
        }
        this.keyStore.load(null, this.storePass);
        doGenKeyPair(this.alias, this.dname, this.keyAlgName, this.keysize, null);
        char[] cArr = this.storePass;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.keyStore.store(byteArrayOutputStream, cArr);
        if (!file.exists()) {
            file.createNewFile();
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            fileOutputStream.write(byteArrayOutputStream.toByteArray());
            fileOutputStream.close();
            return true;
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    private void doGenKeyPair(String str, String str2, String str3, int i, String str4) throws Exception {
        if (i == -1) {
            i = "EC".equalsIgnoreCase(str3) ? 256 : "RSA".equalsIgnoreCase(str3) ? 2048 : 1024;
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(Messages.getString("Key.pair.not.generated.alias.alias.already.exists"));
        }
        if (str4 == null) {
            getCompatibleSigAlgName(str3);
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Date startDate = getStartDate(this.startDate);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(startDate);
        calendar.add(6, validity);
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass, new X509Certificate[]{(X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(new X500Name(str2), new BigInteger("1"), startDate, calendar.getTime(), new X500Name(str2), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(new JCESigner(privateKey, "SHA256withRSA")).getEncoded()))});
    }

    private static String getCompatibleSigAlgName(String str) throws Exception {
        if ("DSA".equalsIgnoreCase(str)) {
            return "SHA1WithDSA";
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return "SHA256WithRSA";
        }
        if ("EC".equalsIgnoreCase(str)) {
            return "SHA256withECDSA";
        }
        throw new Exception(Messages.getString("Cannot.derive.signature.algorithm"));
    }

    private static Date getStartDate(String str) throws IOException {
        return new GregorianCalendar().getTime();
    }
}
