package io.quarkus.tls.cli;

import io.quarkus.tls.cli.letsencrypt.LetsEncryptConstants;
import io.smallrye.certs.CertificateGenerator;
import io.smallrye.certs.CertificateRequest;
import io.smallrye.certs.Format;
import io.smallrye.common.os.OS;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.lang.System;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.List;
import java.util.concurrent.Callable;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import picocli.CommandLine;

@CommandLine.Command(name = "generate-certificate", mixinStandardHelpOptions = true, description = {"Generate a TLS certificate with the Quarkus Dev CA if available."})
/* loaded from: input_file:io/quarkus/tls/cli/GenerateCertificateCommand.class */
public class GenerateCertificateCommand implements Callable<Integer> {

    @CommandLine.Option(names = {"-n", "--name"}, description = {"Name of the certificate. It will be used as file name and alias in the keystore"}, required = true)
    String name;

    @CommandLine.Option(names = {"-p", "--password"}, description = {"The password of the keystore. Default is 'password'"}, defaultValue = "password", required = false)
    String password;

    @CommandLine.Option(names = {"-c", "--cn"}, description = {"The common name of the certificate. Default is 'localhost'"}, defaultValue = "localhost", required = false)
    String cn;

    @CommandLine.Option(names = {"-d", "--directory"}, description = {"The directory in which the certificates will be created. Default is `.certs`"}, defaultValue = ".certs")
    Path directory;

    @CommandLine.Option(names = {"-r", "--renew"}, description = {"Whether existing certificates will need to be replaced"}, defaultValue = "false")
    boolean renew;

    @CommandLine.Option(names = {"--self-signed"}, description = {"Generate a self-signed certificate"}, defaultValue = "false", hidden = true)
    boolean selfSigned;
    static System.Logger LOGGER;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Integer call() throws Exception {
        LOGGER.log(System.Logger.Level.INFO, "�� Looking for the Quarkus Dev CA certificate...");
        if (!Constants.CA_FILE.exists() || !Constants.PK_FILE.exists() || this.selfSigned) {
            LOGGER.log(System.Logger.Level.INFO, "�� Quarkus Dev CA certificate not found. Generating a self-signed certificate...");
            generateSelfSignedCertificate();
            return 0;
        }
        LOGGER.log(System.Logger.Level.INFO, "�� Quarkus Dev CA certificate found at {0}", new Object[]{Constants.CA_FILE.getAbsolutePath()});
        createSignedCertificate(loadRootCertificate(Constants.CA_FILE), loadPrivateKey());
        LOGGER.log(System.Logger.Level.INFO, "✅ Signed Certificate generated successfully and exported into `{0}-keystore.p12`", new Object[]{this.name});
        printConfig(this.directory.resolve(this.name + "-keystore.p12"), this.password);
        return 0;
    }

    private void generateSelfSignedCertificate() throws Exception {
        if (!Files.exists(this.directory, new LinkOption[0])) {
            Files.createDirectories(this.directory, new FileAttribute[0]);
        }
        new CertificateGenerator(this.directory, this.renew).generate(new CertificateRequest().withName(this.name).withCN(this.cn).withPassword(this.password).withDuration(Duration.ofDays(365L)).withFormat(Format.PKCS12));
        LOGGER.log(System.Logger.Level.INFO, "✅ Self-signed certificate generated successfully and exported into `{0}-keystore.p12`", new Object[]{this.name});
        printConfig(this.directory.resolve(this.name + "-keystore.p12"), this.password);
    }

    private void printConfig(Path path, String str) {
        String path2 = path.toString();
        if (OS.WINDOWS.isCurrent()) {
            path2 = path2.replace("\\", "\\\\");
        }
        try {
            List<String> readDotEnvFile = DotEnvHelper.readDotEnvFile();
            DotEnvHelper.addOrReplaceProperty(readDotEnvFile, "%dev.quarkus.tls.key-store.p12.path", path2);
            DotEnvHelper.addOrReplaceProperty(readDotEnvFile, "%dev.quarkus.tls.key-store.p12.password", str);
            Files.write(LetsEncryptConstants.DOT_ENV_FILE.toPath(), readDotEnvFile, new OpenOption[0]);
        } catch (IOException e) {
            LOGGER.log(System.Logger.Level.ERROR, "Failed to read .env file", e);
        }
        LOGGER.log(System.Logger.Level.INFO, "✅ Required configuration added to the `.env` file:\n%dev.quarkus.tls.key-store.p12.path={0}\n%dev.quarkus.tls.key-store.p12.password={1}\n", new Object[]{path2, str});
    }

    private X509Certificate loadRootCertificate(File file) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private PrivateKey loadPrivateKey() throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(Constants.PK_FILE));
        try {
            PEMParser pEMParser = new PEMParser(bufferedReader);
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof KeyPair) {
                    PrivateKey privateKey = ((KeyPair) readObject).getPrivate();
                    pEMParser.close();
                    bufferedReader.close();
                    return privateKey;
                }
                if (!(readObject instanceof PrivateKeyInfo)) {
                    throw new IllegalStateException("The file " + Constants.PK_FILE.getAbsolutePath() + " does not contain a private key " + readObject.getClass().getName());
                }
                PrivateKey privateKey2 = new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) readObject);
                pEMParser.close();
                bufferedReader.close();
                return privateKey2;
            } finally {
            }
        } catch (Throwable th) {
            try {
                bufferedReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void createSignedCertificate(X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
        if (!Files.exists(this.directory, new LinkOption[0])) {
            Files.createDirectories(this.directory, new FileAttribute[0]);
        }
        new CertificateGenerator(this.directory, this.renew).generate(new CertificateRequest().withName(this.name).withCN(this.cn).withPassword(this.password).withDuration(Duration.ofDays(365L)).withFormat(Format.PKCS12).signedWith(x509Certificate, privateKey));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        LOGGER = System.getLogger("generate-certificate");
    }
}
