package net.krotscheck.kangaroo.server.keystore;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/krotscheck/kangaroo/server/keystore/GeneratedKeystoreProvider.class */
public final class GeneratedKeystoreProvider implements IKeystoreProvider {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) GeneratedKeystoreProvider.class);
    private static final X500Name X_500_NAME = new X500Name("C=US,ST=Washington,L=Seattle,O=Kangaroo,OU=Kangaroo,CN=localhost");
    private static final BigInteger SERIAL = BigInteger.valueOf(new SecureRandom().nextInt());
    private static final Date NOT_BEFORE = new Date(System.currentTimeMillis() - 2592000000L);
    private static final Date NOT_AFTER = new Date(System.currentTimeMillis() + 315360000000L);
    private final String keystorePass;
    private final String certificatePass;
    private final String alias;
    private KeyPair keyPair;
    private X509v3CertificateBuilder certificateBuilder;
    private ContentSigner certificateSigner;
    private Certificate[] chain;
    private KeyStore keyStore;

    public GeneratedKeystoreProvider() {
        this("kangaroo", "kangaroo", "kangaroo");
    }

    public GeneratedKeystoreProvider(String str, String str2, String str3) {
        this.keystorePass = str;
        this.certificatePass = str2;
        this.alias = str3;
    }

    public KeyPair getKeyPair() throws NoSuchAlgorithmException {
        if (this.keyPair == null) {
            logger.info("Generating Keypair");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            this.keyPair = keyPairGenerator.generateKeyPair();
        }
        return this.keyPair;
    }

    public X509v3CertificateBuilder getCertificateBuilder() throws NoSuchAlgorithmException {
        if (this.certificateBuilder == null) {
            logger.info("Generating Certificate Builder");
            this.certificateBuilder = new X509v3CertificateBuilder(X_500_NAME, SERIAL, NOT_BEFORE, NOT_AFTER, X_500_NAME, SubjectPublicKeyInfo.getInstance(getKeyPair().getPublic().getEncoded()));
        }
        return this.certificateBuilder;
    }

    public ContentSigner getCertificateSigner() throws NoSuchAlgorithmException, IOException, OperatorCreationException {
        if (this.certificateSigner == null) {
            logger.info("Generating Certificate Signer");
            byte[] encoded = getKeyPair().getPrivate().getEncoded();
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
            this.certificateSigner = new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(encoded));
        }
        return this.certificateSigner;
    }

    public Certificate[] getCertificates() throws IOException, NoSuchAlgorithmException, OperatorCreationException, CertificateException {
        if (this.chain == null) {
            logger.info("Generating x509 Certificate");
            this.chain = new Certificate[]{new JcaX509CertificateConverter().getCertificate(getCertificateBuilder().build(getCertificateSigner()))};
        }
        return this.chain;
    }

    public PrivateKey getKey() throws NoSuchAlgorithmException {
        return getKeyPair().getPrivate();
    }

    @Override // net.krotscheck.kangaroo.server.keystore.IKeystoreProvider
    public KeyStore getKeyStore() {
        if (this.keyStore == null) {
            try {
                this.keyStore = KeyStore.getInstance("PKCS12");
                this.keyStore.load(null, this.keystorePass.toCharArray());
                this.keyStore.setKeyEntry(this.alias, getKey(), this.certificatePass.toCharArray(), getCertificates());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return this.keyStore;
    }

    @Override // net.krotscheck.kangaroo.server.keystore.IKeystoreProvider
    public void writeTo(OutputStream outputStream) {
        try {
            getKeyStore().store(outputStream, this.keystorePass.toCharArray());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
