package org.logevents.observers.web;

import com.sun.mail.imap.IMAPStore;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.Writer;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Date;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/logevents/observers/web/HostKeyStore.class */
public class HostKeyStore {
    private final KeyStore keyStore = KeyStore.getInstance("pkcs12");
    private final File file;
    private String hostName;
    private String keyPassword;
    private char[] storePassword;

    public HostKeyStore(File file, String str) throws GeneralSecurityException, IOException {
        this.file = file;
        this.storePassword = str.toCharArray();
        if (this.file.exists()) {
            this.keyStore.load(new FileInputStream(this.file), this.storePassword);
        } else {
            this.keyStore.load(null, this.storePassword);
        }
    }

    public void setHostName(String str) {
        this.hostName = str;
    }

    public void setKeyPassword(String str) {
        this.keyPassword = str;
    }

    public boolean isKeyPresent() throws KeyStoreException {
        return this.keyStore.isKeyEntry("key-" + this.hostName);
    }

    public void generateKey() throws IOException, GeneralSecurityException {
        generateCertificateAndKey();
        this.keyStore.store(new FileOutputStream(this.file), this.storePassword);
    }

    private void generateCertificateAndKey() throws GeneralSecurityException, IOException {
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        this.keyStore.setKeyEntry("key-" + this.hostName, generateKeyPair.getPrivate(), ((String) Optional.ofNullable(this.keyPassword).orElseThrow(() -> {
            return new IllegalArgumentException("Call setKeyPassword() before generating certicate");
        })).toCharArray(), new Certificate[]{generatedSignedCertificate(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), (String) Optional.ofNullable(this.hostName).orElseThrow(() -> {
            return new IllegalStateException("Call setHostName() before generating certicate");
        }))});
    }

    private X509Certificate generatedSignedCertificate(PublicKey publicKey, PrivateKey privateKey, String str) throws GeneralSecurityException, IOException {
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set(IMAPStore.ID_VERSION, new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new BigInteger(64, new SecureRandom())));
        Date date = new Date();
        x509CertInfo.set("validity", new CertificateValidity(date, new Date(date.getTime() + (90 * 86400000))));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha512WithRSAEncryption_oid)));
        x509CertInfo.set("key", new CertificateX509Key(publicKey));
        x509CertInfo.set("issuer", new X500Name("CN=" + str));
        x509CertInfo.set("subject", new X500Name("CN=" + str));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
        keyUsageExtension.set("key_certsign", true);
        keyUsageExtension.set("crl_sign", true);
        certificateExtensions.set("KeyUsage", keyUsageExtension);
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new DNSName(str)));
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        x509CertInfo.set("extensions", certificateExtensions);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, "SHA512withRSA");
        return x509CertImpl;
    }

    public void writeCertificate(File file) throws IOException, GeneralSecurityException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            writeCertificate(fileWriter);
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public void writeCertificate(Writer writer) throws KeyStoreException, IOException, CertificateEncodingException {
        X509Certificate certificate = getCertificate();
        writer.write("-----BEGIN CERTIFICATE-----\n");
        writer.write(Base64.getEncoder().encodeToString(certificate.getEncoded()));
        writer.write("\n-----END CERTIFICATE-----");
    }

    public X509Certificate getCertificate() throws KeyStoreException {
        return (X509Certificate) this.keyStore.getCertificate("key-" + this.hostName);
    }

    public KeyManager[] getKeyManagers() throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(this.keyStore, this.keyPassword.toCharArray());
        return keyManagerFactory.getKeyManagers();
    }
}
