package io.github.mike10004.vhs.bmp;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Base64;
import java.util.Date;
import java.util.Objects;
import java.util.Random;
import javax.annotation.Nullable;
import net.lightbody.bmp.mitm.CertificateAndKey;
import net.lightbody.bmp.mitm.CertificateInfo;
import net.lightbody.bmp.mitm.RootCertificateGenerator;
import net.lightbody.bmp.mitm.exception.KeyStoreAccessException;
import net.lightbody.bmp.mitm.util.KeyStoreUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/github/mike10004/vhs/bmp/JreKeystoreGenerator.class */
public class JreKeystoreGenerator implements KeystoreGenerator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JreKeystoreGenerator.class);
    private static final int KEYSTORE_BUFFER_LEN = 16384;
    static final String KEYSTORE_PRIVATE_KEY_ALIAS = "key";
    private final Random random;
    private final KeystoreType keystoreType;
    private static final int PASSWORD_GENERATION_BYTE_LENGTH = 32;

    public JreKeystoreGenerator(KeystoreType keystoreType, Random random) {
        this.random = (Random) Objects.requireNonNull(random);
        this.keystoreType = (KeystoreType) Objects.requireNonNull(keystoreType);
    }

    public JreKeystoreGenerator(KeystoreType keystoreType) {
        this(keystoreType, new SecureRandom());
    }

    protected static void saveKeyStore(OutputStream outputStream, KeyStore keyStore, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        keyStore.store(outputStream, cArr);
    }

    private static KeyStore _createRootCertificateKeyStore(String str, X509Certificate x509Certificate, String str2, PrivateKey privateKey, char[] cArr, @Nullable String str3) {
        if (cArr == null) {
            throw new IllegalArgumentException("Must specify a KeyStore password");
        }
        KeyStore createEmptyKeyStore = KeyStoreUtil.createEmptyKeyStore(str, str3);
        try {
            createEmptyKeyStore.setKeyEntry(str2, privateKey, cArr, new Certificate[]{x509Certificate});
            return createEmptyKeyStore;
        } catch (KeyStoreException e) {
            throw new KeyStoreAccessException("Unable to store certificate and private key in KeyStore", e);
        }
    }

    protected static KeyStore createRootCertificateKeyStore(KeystoreType keystoreType, CertificateAndKey certificateAndKey, String str, char[] cArr) {
        return _createRootCertificateKeyStore(keystoreType.name(), certificateAndKey.getCertificate(), str, certificateAndKey.getPrivateKey(), cArr, null);
    }

    @Override // io.github.mike10004.vhs.bmp.KeystoreGenerator
    public KeystoreData generate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        return generate(null);
    }

    @VisibleForTesting
    static char[] asciiBytesToChars(byte[] bArr) {
        char[] cArr = new char[bArr.length];
        for (int i = 0; i < cArr.length; i++) {
            Preconditions.checkArgument(bArr[i] >= 0 && bArr[i] < 128, "char at index %s is not ascii: %s", i, (int) bArr[i]);
            cArr[i] = (char) bArr[i];
        }
        return cArr;
    }

    @Override // io.github.mike10004.vhs.bmp.KeystoreGenerator
    public KeystoreData generate(@Nullable String str) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        byte[] encode = Base64.getEncoder().encode(bArr);
        Arrays.fill(bArr, (byte) 0);
        char[] asciiBytesToChars = asciiBytesToChars(encode);
        Arrays.fill(encode, (byte) 0);
        return new KeystoreData(this.keystoreType, doGenerate(KEYSTORE_PRIVATE_KEY_ALIAS, asciiBytesToChars, str), KEYSTORE_PRIVATE_KEY_ALIAS, asciiBytesToChars);
    }

    protected RootCertificateGenerator buildCertificateGenerator(@Nullable String str) {
        if (str == null) {
            str = getDefaultCommonName();
        }
        long currentTimeMillis = System.currentTimeMillis();
        return RootCertificateGenerator.builder().certificateInfo(new CertificateInfo().commonName(str).organization("CA dynamically generated by KeystoreGenerator").notBefore(new Date(currentTimeMillis - 31536000000L)).notAfter(new Date(currentTimeMillis + 31536000000L))).build();
    }

    private static String getDefaultCommonName() {
        String str;
        try {
            str = InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            str = "localhost";
        }
        String str2 = "Generated CA (" + str + ") " + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss zzz").format(new Date());
        return str2.length() <= 64 ? str2 : str2.substring(0, 63);
    }

    protected byte[] doGenerate(String str, char[] cArr, @Nullable String str2) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        byte[] saveRootCertificateAndKey = saveRootCertificateAndKey(buildCertificateGenerator(str2).load(), str, cArr);
        log.debug("saved keystore to {}-byte array", Integer.valueOf(saveRootCertificateAndKey.length));
        return saveRootCertificateAndKey;
    }

    private byte[] saveRootCertificateAndKey(CertificateAndKey certificateAndKey, String str, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        KeyStore createRootCertificateKeyStore = createRootCertificateKeyStore(this.keystoreType, certificateAndKey, str, cArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(16384);
        saveKeyStore(byteArrayOutputStream, createRootCertificateKeyStore, cArr);
        byteArrayOutputStream.flush();
        return byteArrayOutputStream.toByteArray();
    }
}
