package org.apache.geode.cache.ssl;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.IPAddressName;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.SubjectKeyIdentifierExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/apache/geode/cache/ssl/CertificateBuilder.class */
public class CertificateBuilder {
    private final int days;
    private final String algorithm;
    private X500Name name;
    private final List<String> dnsNames;
    private final List<InetAddress> ipAddresses;
    private boolean isCA;
    private CertificateMaterial issuer;

    public CertificateBuilder() {
        this(30, "SHA256withRSA");
    }

    public CertificateBuilder(int i, String str) {
        this.days = i;
        this.algorithm = str;
        this.dnsNames = new ArrayList();
        this.ipAddresses = new ArrayList();
    }

    private static GeneralName dnsGeneralName(String str) {
        try {
            return new GeneralName(new DNSName(str));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static GeneralName ipGeneralName(InetAddress inetAddress) {
        try {
            return new GeneralName(new IPAddressName(inetAddress.getAddress()));
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public CertificateBuilder commonName(String str) {
        try {
            this.name = new X500Name("O=Geode, CN=" + str);
            return this;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public CertificateBuilder sanDnsName(String str) {
        this.dnsNames.add(str);
        return this;
    }

    public CertificateBuilder sanIpAddress(InetAddress inetAddress) {
        this.ipAddresses.add(inetAddress);
        return this;
    }

    public CertificateBuilder sanIpAddress(String str) {
        try {
            this.ipAddresses.add(InetAddress.getByName(str));
            return this;
        } catch (UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    public CertificateBuilder isCA() {
        this.isCA = true;
        return this;
    }

    public CertificateBuilder issuedBy(CertificateMaterial certificateMaterial) {
        this.issuer = certificateMaterial;
        return this;
    }

    private GeneralNames san() throws IOException {
        GeneralNames generalNames = new GeneralNames();
        Iterator<String> it = this.dnsNames.iterator();
        while (it.hasNext()) {
            generalNames.add(dnsGeneralName(it.next()));
        }
        Iterator<InetAddress> it2 = this.ipAddresses.iterator();
        while (it2.hasNext()) {
            generalNames.add(ipGeneralName(it2.next()));
        }
        return generalNames;
    }

    public CertificateMaterial generate() {
        KeyPair generateKeyPair = generateKeyPair("RSA");
        X509Certificate x509Certificate = null;
        X509Certificate generate = generate(generateKeyPair.getPublic(), this.issuer == null ? generateKeyPair.getPrivate() : this.issuer.getPrivateKey());
        if (this.issuer != null) {
            x509Certificate = this.issuer.getCertificate();
        }
        return new CertificateMaterial(generate, generateKeyPair, x509Certificate);
    }

    private X509Certificate generate(PublicKey publicKey, PrivateKey privateKey) {
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + (this.days * 86400000)));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X509CertInfo x509CertInfo = new X509CertInfo();
        try {
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
            x509CertInfo.set("subject", this.name);
            x509CertInfo.set("key", new CertificateX509Key(publicKey));
            x509CertInfo.set("version", new CertificateVersion(2));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get("MD5withRSA")));
            if (this.issuer == null) {
                x509CertInfo.set("issuer", this.name);
            } else {
                x509CertInfo.set("issuer", this.issuer.getCertificate().getSubjectDN());
            }
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
            GeneralNames san = san();
            if (!san.isEmpty()) {
                certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(san));
            }
            if (this.isCA) {
                KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
                keyUsageExtension.set("key_certsign", true);
                certificateExtensions.set("KeyUsage", keyUsageExtension);
                certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, 0));
            }
            if (!certificateExtensions.getAllExtensions().isEmpty()) {
                x509CertInfo.set("extensions", certificateExtensions);
            }
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(privateKey, this.algorithm);
            x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get("x509.algorithm"));
            X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
            x509CertImpl2.sign(privateKey, this.algorithm);
            return x509CertImpl2;
        } catch (Exception e) {
            throw new RuntimeException("Unable to create certificate", e);
        }
    }

    private KeyPair generateKeyPair(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.genKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to generate " + str + " keypair");
        }
    }
}
