package me.escoffier.certs.ca;

import io.smallrye.common.os.OS;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.lang.System;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Date;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:me/escoffier/certs/ca/CaGenerator.class */
public class CaGenerator {
    static System.Logger LOGGER = System.getLogger(CaGenerator.class.getName());
    public static final String KEYSTORE_KEY_ENTRY = "key";
    public static final String KEYSTORE_CERT_ENTRY = "ca";
    private final File ca;
    private final File key;
    private final File ks;
    private final String password;
    private volatile X509Certificate generatedCA;
    private String cn;

    public CaGenerator(File file, File file2, File file3, String str) {
        Security.addProvider(new BouncyCastleProvider());
        this.ca = file;
        this.key = file2;
        this.ks = file3;
        this.password = str;
    }

    public X509Certificate generate(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        String str7 = "CN=" + str;
        if (str2 != null) {
            str7 = str7 + ",O=" + str2;
        }
        String str8 = str7;
        if (str3 != null) {
            str8 = str8 + ",OU=" + str3;
        }
        if (str4 != null) {
            str8 = str8 + ",L=" + str4;
        }
        if (str5 != null) {
            str8 = str8 + ",ST=" + str5;
        }
        if (str6 != null) {
            str8 = str8 + ",C=" + str6;
        }
        X500Name x500Name = new X500Name(str7);
        X500Name x500Name2 = new X500Name(str8);
        Date date = new Date(System.currentTimeMillis() - 86400000);
        Date date2 = new Date(System.currentTimeMillis() + 31536000000L);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(generateKeyPair.getPublic().getEncoded())));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(4));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(generateKeyPair.getPublic()));
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(generateKeyPair.getPrivate())));
        FileWriter fileWriter = new FileWriter(this.ca);
        try {
            BufferedWriter bufferedWriter = new BufferedWriter(fileWriter);
            try {
                bufferedWriter.write("-----BEGIN CERTIFICATE-----\n");
                bufferedWriter.write(Base64.getEncoder().encodeToString(certificate.getEncoded()));
                bufferedWriter.write("\n-----END CERTIFICATE-----\n\n");
                bufferedWriter.close();
                fileWriter.close();
                fileWriter = new FileWriter(this.key);
                try {
                    bufferedWriter = new BufferedWriter(fileWriter);
                    try {
                        bufferedWriter.write("-----BEGIN PRIVATE KEY-----\n");
                        bufferedWriter.write(Base64.getEncoder().encodeToString(generateKeyPair.getPrivate().getEncoded()));
                        bufferedWriter.write("\n-----END PRIVATE KEY-----\n\n");
                        bufferedWriter.close();
                        fileWriter.close();
                        KeyStore keyStore = KeyStore.getInstance("PKCS12");
                        keyStore.load(null, null);
                        keyStore.setKeyEntry(KEYSTORE_KEY_ENTRY, generateKeyPair.getPrivate(), this.password.toCharArray(), new Certificate[]{certificate});
                        keyStore.setCertificateEntry(KEYSTORE_CERT_ENTRY, certificate);
                        keyStore.store(new FileOutputStream(this.ks), this.password.toCharArray());
                        if (OS.MAC.isCurrent() || OS.LINUX.isCurrent()) {
                            Set<PosixFilePermission> fromString = PosixFilePermissions.fromString("rw-r--r--");
                            Set<PosixFilePermission> fromString2 = PosixFilePermissions.fromString("rw-------");
                            Files.setPosixFilePermissions(this.ca.toPath(), fromString);
                            Files.setPosixFilePermissions(this.key.toPath(), fromString2);
                            Files.setPosixFilePermissions(this.ks.toPath(), fromString2);
                        }
                        LOGGER.log(System.Logger.Level.INFO, "�� Root CA certificate generated successfully!");
                        this.generatedCA = certificate;
                        this.cn = str;
                        return certificate;
                    } finally {
                        try {
                            bufferedWriter.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    public void generateTrustStore(File file) throws Exception {
        if (!this.ks.isFile() || this.generatedCA == null) {
            throw new IllegalStateException("The keystore has not been generated yet, call `generate` first");
        }
        LOGGER.log(System.Logger.Level.INFO, "�� Generating p12 truststore...");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setCertificateEntry(KEYSTORE_CERT_ENTRY, this.generatedCA);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        keyStore.store(fileOutputStream, this.password.toCharArray());
        fileOutputStream.close();
        LOGGER.log(System.Logger.Level.INFO, "�� Truststore generated successfully: {0}.", new Object[]{file.getAbsolutePath()});
    }

    public void installToSystem() throws Exception {
        if (!this.ks.isFile() || this.generatedCA == null) {
            throw new IllegalStateException("The keystore has not been generated yet, call `generate` first");
        }
        LOGGER.log(System.Logger.Level.INFO, "�� Installing the CA certificate in the system truststore...");
        if (OS.MAC.isCurrent()) {
            MacCAInstaller.installCAOnMac(this.cn, this.ca);
            return;
        }
        if (OS.WINDOWS.isCurrent()) {
            WindowsCAInstaller.installCAOnWindows(this.cn, this.ca);
        } else if (OS.LINUX.isCurrent()) {
            LinuxCAInstaller.installCAOnLinux(this.cn, this.ca);
        } else {
            LOGGER.log(System.Logger.Level.WARNING, "❌ Unsupported operating system: {0}", new Object[]{OS.current()});
        }
    }
}
