package tigase.cert;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.System;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;

/* loaded from: input_file:tigase/cert/KeytoolCertificateGenerator.class */
public class KeytoolCertificateGenerator implements CertificateGenerator {
    private static final System.Logger log = System.getLogger(KeytoolCertificateGenerator.class.getCanonicalName());

    private static void appendName(StringBuilder sb, String str, String str2) {
        log.log(System.Logger.Level.DEBUG, "appending value: {0} with prefix: {1} to sb: {2}", new Object[]{str2, str, sb.toString()});
        if (str2 != null) {
            if (sb.length() > 0) {
                sb.append(", ");
            }
            sb.append(str).append('=').append(str2);
        }
    }

    @Override // tigase.cert.CertificateGenerator
    public boolean canGenerateWildcardSAN() {
        return Runtime.version().feature() >= 17;
    }

    @Override // tigase.cert.CertificateGenerator
    public X509Certificate generateSelfSignedCertificate(String str, String str2, String str3, String str4, String str5, String str6, String str7, KeyPair keyPair) throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        throw new UnsupportedOperationException("Generating self-signed certificate only is not supported by this implementaiton");
    }

    @Override // tigase.cert.CertificateGenerator
    public CertificateEntry generateSelfSignedCertificateEntry(String str, String str2, String str3, String str4, String str5, String str6, String str7, KeyPair keyPair, boolean z) throws GeneralSecurityException, IOException {
        UUID randomUUID = UUID.randomUUID();
        if (Files.notExists(Paths.get("certs", new String[0]), new LinkOption[0])) {
            Files.createDirectory(Paths.get("certs", new String[0]), new FileAttribute[0]);
        }
        Path path = Paths.get("certs", str2 + "_" + String.valueOf(randomUUID) + ".jks");
        KeyStore keyStore = KeyStore.getInstance("JKS");
        if (path.toFile().exists()) {
            keyStore.load(new FileInputStream(path.toFile()), "123456".toCharArray());
            if (keyStore.containsAlias(str2)) {
                keyStore.deleteEntry(str2);
                keyStore.store(new FileOutputStream(path.toFile()), "123456".toCharArray());
            }
        }
        ArrayList arrayList = new ArrayList(List.of("keytool", "-genkey"));
        arrayList.addAll(List.of("-alias", str2));
        arrayList.addAll(List.of("-keyalg", "RSA"));
        arrayList.addAll(List.of("-keysize", "2048"));
        arrayList.addAll(List.of("-sigalg", "SHA256withRSA"));
        arrayList.addAll(List.of("-storetype", "JKS"));
        arrayList.addAll(List.of("-keystore", path.toString()));
        arrayList.addAll(List.of("-storepass", "123456"));
        arrayList.addAll(List.of("-keypass", "123456"));
        arrayList.addAll(List.of("-dname", getDomainName(str, str2, str3, str4, str5, str6, str7)));
        arrayList.addAll(List.of("-validity", "365"));
        arrayList.addAll(List.of("-deststoretype", "pkcs12"));
        arrayList.addAll(List.of("-storetype", "JKS"));
        if (z && canGenerateWildcardSAN() && !isWildcardDomain(str2)) {
            arrayList.addAll(getSAN(str2));
        }
        Process start = new ProcessBuilder(new String[0]).command(arrayList).start();
        try {
            start.waitFor();
            log.log(System.Logger.Level.TRACE, () -> {
                return "Generating certificate using `keytool` using command: " + String.valueOf(start.info()) + ", parameters: " + String.valueOf(arrayList);
            });
            if (start.exitValue() > 0) {
                String str8 = (String) new BufferedReader(new InputStreamReader(start.getErrorStream())).lines().collect(Collectors.joining(" \\ "));
                String str9 = (String) new BufferedReader(new InputStreamReader(start.getInputStream())).lines().collect(Collectors.joining(" \\ "));
                log.log(System.Logger.Level.WARNING, "Error generating certificate, error output: " + str8 + ", normal output: " + str9 + ", commandline parameters: " + String.valueOf(arrayList));
                throw new IOException("Keytool execution error: '" + str8 + "', output: '" + str9 + "', commandline parameters: " + String.valueOf(arrayList));
            }
            keyStore.load(new FileInputStream(path.toFile()), "123456".toCharArray());
            CertificateEntry certificateEntry = new CertificateEntry(keyStore.getCertificateChain(str2), ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str2, new KeyStore.PasswordProtection("123456".toCharArray()))).getPrivateKey());
            Files.deleteIfExists(path);
            return certificateEntry;
        } catch (InterruptedException e) {
            throw new IOException("Keytool execution error");
        }
    }

    private boolean isWildcardDomain(String str) {
        return str.startsWith("*.");
    }

    private String getDomainName(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        return "CN=" + str2 + ", OU=" + str3 + ", O=" + str4 + ", L=" + str5 + ", ST=" + str6 + ", C=" + str7 + ", EMAILADDRESS=" + str;
    }

    private List<String> getSAN(String str) {
        try {
            InetAddress byName = InetAddress.getByName(str);
            if (byName != null && str.equals(byName.getHostAddress())) {
                return List.of("-ext", "SAN=dns:" + str);
            }
        } catch (UnknownHostException e) {
        }
        return List.of("-ext", "SAN=dns:*." + str);
    }
}
