package org.overlord.commons.karaf.commands.saml;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import org.overlord.commons.karaf.commands.CommandConstants;
import org.overlord.commons.karaf.commands.i18n.Messages;

/* loaded from: input_file:org/overlord/commons/karaf/commands/saml/GenerateSamlKeystoreUtil.class */
public class GenerateSamlKeystoreUtil {
    private static final int validity = 90;
    private String storetype;
    private String alias;
    private String dname;
    private String keyAlgName;
    private int keysize;
    private char[] keyPass = null;
    private char[] storePass = null;
    private final String providerName = null;
    private KeyStore keyStore = null;
    private String srcstoretype = null;
    private final String startDate = null;

    public GenerateSamlKeystoreUtil() {
        this.storetype = null;
        this.alias = null;
        this.dname = null;
        this.keyAlgName = null;
        this.keysize = -1;
        this.storetype = "jks";
        this.alias = CommandConstants.OverlordProperties.OVERLORD_SAML_ALIAS_VALUE;
        this.dname = "CN=Picketbox vault, OU=picketbox, O=Jboss, L=Westford, ST=Mass, C=US";
        this.keysize = 2048;
        this.keyAlgName = "RSA";
    }

    public boolean generate(String str, File file) throws Exception {
        this.storePass = str.toCharArray();
        this.keyPass = str.toCharArray();
        if (this.storetype == null) {
            this.storetype = KeyStore.getDefaultType();
        }
        if (this.srcstoretype == null) {
            this.srcstoretype = KeyStore.getDefaultType();
        }
        if (this.providerName == null) {
            this.keyStore = KeyStore.getInstance(this.storetype);
        } else {
            this.keyStore = KeyStore.getInstance(this.storetype, this.providerName);
        }
        this.keyStore.load(null, this.storePass);
        doGenKeyPair(this.alias, this.dname, this.keyAlgName, this.keysize, null);
        char[] cArr = this.storePass;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.keyStore.store(byteArrayOutputStream, cArr);
        if (!file.exists()) {
            file.createNewFile();
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            fileOutputStream.write(byteArrayOutputStream.toByteArray());
            fileOutputStream.close();
            return true;
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    private void doGenKeyPair(String str, String str2, String str3, int i, String str4) throws Exception {
        if (i == -1) {
            i = "EC".equalsIgnoreCase(str3) ? 256 : "RSA".equalsIgnoreCase(str3) ? 2048 : 1024;
        }
        if (this.keyStore.containsAlias(str)) {
            throw new Exception(Messages.getString("Key.pair.not.generated.alias.alias.already.exists"));
        }
        if (str4 == null) {
            getCompatibleSigAlgName(str3);
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3);
        keyPairGenerator.initialize(i);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Date startDate = getStartDate(this.startDate);
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(startDate);
        calendar.add(6, validity);
        Date time = calendar.getTime();
        BigInteger bigInteger = new BigInteger("10");
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal(str2);
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setIssuerDN(x500Principal);
        x509V3CertificateGenerator.setNotBefore(startDate);
        x509V3CertificateGenerator.setNotAfter(time);
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256withRSA");
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(generateKeyPair.getPublic()));
        this.keyStore.setKeyEntry(str, privateKey, this.keyPass, new X509Certificate[]{x509V3CertificateGenerator.generate(generateKeyPair.getPrivate(), this.providerName)});
    }

    private static String getCompatibleSigAlgName(String str) throws Exception {
        if ("DSA".equalsIgnoreCase(str)) {
            return "SHA1WithDSA";
        }
        if ("RSA".equalsIgnoreCase(str)) {
            return "SHA256WithRSA";
        }
        if ("EC".equalsIgnoreCase(str)) {
            return "SHA256withECDSA";
        }
        throw new Exception(Messages.getString("Cannot.derive.signature.algorithm"));
    }

    private static Date getStartDate(String str) throws IOException {
        return new GregorianCalendar().getTime();
    }
}
