package net.unit8.bouncr.api.component;

import enkan.component.ComponentLifecycle;
import enkan.component.SystemComponent;
import enkan.exception.MisconfigurationException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Date;
import javax.security.auth.x500.X500PrivateCredential;
import net.unit8.bouncr.component.BouncrConfiguration;
import net.unit8.bouncr.component.Flake;
import net.unit8.bouncr.util.KeyUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:net/unit8/bouncr/api/component/CertificateProvider.class */
public class CertificateProvider extends SystemComponent<CertificateProvider> {
    private BouncrConfiguration config;
    private Flake flake;
    private X500PrivateCredential ca;
    private Duration expiry;

    public X500PrivateCredential generateClientCertificate(String str) {
        X500Name x500Name = new X500Name(this.ca.getCertificate().getSubjectX500Principal().getName());
        X500Name x500Name2 = new X500Name(str);
        KeyPair generate = KeyUtils.generate(this.config.getCertConfiguration().getKeyLength(), this.config.getSecureRandom());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, this.flake.generateId(), new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + (this.expiry.getSeconds() * 1000)), x500Name2, generate.getPublic());
        try {
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(156));
            jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, true, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(this.ca.getCertificate().getPublicKey()));
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(new ASN1Encodable[]{new GeneralName(2, "localhost"), new GeneralName(2, "127.0.0.1")}));
            return new X500PrivateCredential(signCertificate(jcaX509v3CertificateBuilder), generate.getPrivate());
        } catch (OperatorCreationException e) {
            throw new MisconfigurationException("", new Object[]{e});
        } catch (CertIOException e2) {
            throw new MisconfigurationException("", new Object[]{e2});
        } catch (NoSuchAlgorithmException e3) {
            throw new MisconfigurationException("", new Object[]{e3});
        } catch (CertificateException e4) {
            throw new MisconfigurationException("", new Object[]{e4});
        }
    }

    public X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.config.getCertConfiguration().getSignAlgorithm()).setProvider("BC").build(this.ca.getPrivateKey())));
    }

    protected ComponentLifecycle lifecycle() {
        return new ComponentLifecycle<CertificateProvider>() { // from class: net.unit8.bouncr.api.component.CertificateProvider.1
            public void start(CertificateProvider certificateProvider) {
                CertificateProvider.this.config = CertificateProvider.this.getDependency(BouncrConfiguration.class);
                CertificateProvider.this.expiry = CertificateProvider.this.config.getCertConfiguration().getDefaultExpiry();
                CertificateProvider.this.flake = CertificateProvider.this.getDependency(Flake.class);
            }

            public void stop(CertificateProvider certificateProvider) {
            }
        };
    }

    public void setCA(X500PrivateCredential x500PrivateCredential) {
        this.ca = x500PrivateCredential;
    }
}
