package net.eightlives.friendlyssl.listener;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.sql.Date;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import net.eightlives.friendlyssl.exception.FriendlySSLException;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCS12SafeBagBuilder;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.shredzone.acme4j.util.KeyPairUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.SpringApplicationRunListener;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.env.ConfigurableEnvironment;

/* loaded from: input_file:net/eightlives/friendlyssl/listener/KeystoreCheckListener.class */
public class KeystoreCheckListener implements SpringApplicationRunListener {
    private static final Logger LOG = LoggerFactory.getLogger(KeystoreCheckListener.class);
    private static final String KEYSTORE_TYPE = "PKCS12";

    public KeystoreCheckListener(SpringApplication springApplication, String[] strArr) {
    }

    public void starting() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void environmentPrepared(ConfigurableEnvironment configurableEnvironment) {
        String property = configurableEnvironment.getProperty("friendly-ssl.keystore-file");
        String property2 = configurableEnvironment.getProperty("friendly-ssl.certificate-key-alias");
        String property3 = configurableEnvironment.getProperty("friendly-ssl.domain");
        if (property == null || property2 == null || property3 == null) {
            return;
        }
        createSelfSignedIfKeystoreInvalid(property, property2, property3);
    }

    private void createSelfSignedIfKeystoreInvalid(String str, String str2, String str3) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            Path of = Path.of(str, new String[0]);
            Certificate certificate = null;
            try {
                if (of.getParent() != null) {
                    Files.createDirectories(of.getParent(), new FileAttribute[0]);
                }
                Files.createFile(of, new FileAttribute[0]);
                LOG.info("Keystore file " + str + " created.");
            } catch (FileAlreadyExistsException e) {
                keyStore.load(new FileInputStream(of.toFile()), "".toCharArray());
                LOG.info("Existing keystore file " + str + " loaded.");
                certificate = keyStore.getCertificate(str2);
                LOG.info("Existing keystore file " + str + " contains certificate named " + str2 + ": " + (certificate != null));
            }
            if (certificate == null) {
                FileOutputStream fileOutputStream = new FileOutputStream(of.toFile());
                try {
                    fileOutputStream.write(generateSelfSignedCertificateKeystore(str2, str3));
                    LOG.info("Self-signed certificate named " + str2);
                    fileOutputStream.close();
                } finally {
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            if (e2.getCause() instanceof UnrecoverableKeyException) {
                LOG.error("Cannot load keystore file " + str + " - likely due to keystore having a password, which is unsupported.");
            } else {
                LOG.error("Error while validating certificate on startup", e2);
            }
        }
    }

    private byte[] generateSelfSignedCertificateKeystore(String str, String str2) {
        try {
            KeyPair createKeyPair = KeyPairUtils.createKeyPair(2048);
            X500Name x500Name = new X500Name("CN=" + str2 + ",DC=FRIENDLYSSL,DC=EIGHTLIVES,DC=NET");
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WITHRSA");
            PKCS12SafeBagBuilder pKCS12SafeBagBuilder = new PKCS12SafeBagBuilder(new X509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), Date.from(Instant.now()), Date.from(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.DAYS)), x500Name, SubjectPublicKeyInfo.getInstance(createKeyPair.getPublic().getEncoded())).build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(createKeyPair.getPrivate().getEncoded()))).toASN1Structure());
            pKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
            PKCS12SafeBag[] pKCS12SafeBagArr = {pKCS12SafeBagBuilder.build()};
            JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder(createKeyPair.getPrivate(), new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).setIterationCount(2048).build("".toCharArray()));
            jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(str));
            PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
            pKCS12PfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).setIterationCount(2048).build("".toCharArray()), pKCS12SafeBagArr);
            pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder.build());
            BcPKCS12MacCalculatorBuilder bcPKCS12MacCalculatorBuilder = new BcPKCS12MacCalculatorBuilder();
            bcPKCS12MacCalculatorBuilder.setIterationCount(2048);
            return pKCS12PfxPduBuilder.build(bcPKCS12MacCalculatorBuilder, "".toCharArray()).getEncoded("DL");
        } catch (IOException | PKCSException | OperatorCreationException e) {
            LOG.error("Error while generating self-signed certificate", e);
            throw new FriendlySSLException(e);
        }
    }

    public void contextPrepared(ConfigurableApplicationContext configurableApplicationContext) {
    }

    public void contextLoaded(ConfigurableApplicationContext configurableApplicationContext) {
    }

    public void started(ConfigurableApplicationContext configurableApplicationContext) {
    }

    public void running(ConfigurableApplicationContext configurableApplicationContext) {
    }

    public void failed(ConfigurableApplicationContext configurableApplicationContext, Throwable th) {
    }
}
