package io.debezium.testing.system.tools.certificateutil;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/debezium/testing/system/tools/certificateutil/CertificateGenerator.class */
public class CertificateGenerator {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateGenerator.class);
    private static final String SIGNATURE_ALGORITHM = "SHA384WITHRSA";
    private final List<CertificateWrapperBuilder> certSpecs;
    private CertificateWrapper ca;
    private final X500Name caSubject = new X500Name("cn=RootCA");
    private final List<CertificateWrapper> generatedCerts = new LinkedList();
    private final int PRIVATE_KEY_SIZE = 3072;
    private final String PRIVATE_KEY_ALGORITHM = "RSA";

    public CertificateGenerator(List<CertificateWrapperBuilder> list) {
        this.certSpecs = list;
    }

    public void generate() throws Exception {
        this.ca = generateCa();
        this.certSpecs.forEach(certificateWrapperBuilder -> {
            try {
                this.generatedCerts.add(genLeafCert(certificateWrapperBuilder));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    public KeyStore generateKeyStore(String str) throws Exception {
        CertificateWrapper leafCertificateWrapper = getLeafCertificateWrapper(str);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setKeyEntry(str, leafCertificateWrapper.getKeyPair().getPrivate(), CertUtil.KEYSTORE_PASSWORD.toCharArray(), new X509Certificate[]{holderToCert(leafCertificateWrapper.getHolder()), holderToCert(this.ca.getHolder())});
        return keyStore;
    }

    public CertificateWrapper getLeafCertificateWrapper(String str) {
        List list = (List) this.generatedCerts.stream().filter(certificateWrapper -> {
            return certificateWrapper.getName().equals(str);
        }).collect(Collectors.toList());
        if (list.size() != 1) {
            throw new IllegalArgumentException("Certificate not found in generated certs list");
        }
        return (CertificateWrapper) list.get(0);
    }

    public CertificateWrapper getCa() {
        return this.ca;
    }

    private CertificateWrapper generateCa() throws IOException, NoSuchAlgorithmException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPair generateKeyPair = generateKeyPair();
        long currentTimeMillis = System.currentTimeMillis();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.caSubject, BigInteger.ONE, new Date(currentTimeMillis), new Date(currentTimeMillis + 31536000000L), this.caSubject, generateKeyPair.getPublic());
        List<CertificateExtensionWrapper> of = List.of(new CertificateExtensionWrapper(Extension.basicConstraints, true, new BasicConstraints(true)), new CertificateExtensionWrapper(Extension.keyUsage, true, new KeyUsage(4)));
        try {
            of.forEach(certificateExtensionWrapper -> {
                try {
                    jcaX509v3CertificateBuilder.addExtension(certificateExtensionWrapper.getIdentifier(), certificateExtensionWrapper.isCritical(), certificateExtensionWrapper.getValue());
                } catch (CertIOException e) {
                    throw new RuntimeException((Throwable) e);
                }
            });
            return CertificateWrapper.builder().withKeyPair(generateKeyPair).withExtensions(of).withSubject(new String(this.caSubject.getEncoded())).withHolder(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(generateKeyPair.getPrivate()))).build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private CertificateWrapper genLeafCert(CertificateWrapperBuilder certificateWrapperBuilder) throws OperatorCreationException, NoSuchAlgorithmException {
        KeyPair generateKeyPair = generateKeyPair();
        long currentTimeMillis = System.currentTimeMillis();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.caSubject, new BigInteger(String.valueOf(System.currentTimeMillis())), new Date(currentTimeMillis), new Date(currentTimeMillis + 31536000000L), new X500Name(certificateWrapperBuilder.getSubject()), generateKeyPair.getPublic());
        certificateWrapperBuilder.getExtensions().forEach(certificateExtensionWrapper -> {
            try {
                jcaX509v3CertificateBuilder.addExtension(certificateExtensionWrapper.getIdentifier(), certificateExtensionWrapper.isCritical(), certificateExtensionWrapper.getValue());
            } catch (CertIOException e) {
                throw new RuntimeException((Throwable) e);
            }
        });
        return certificateWrapperBuilder.withKeyPair(generateKeyPair).withHolder(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(this.ca.getKeyPair().getPrivate()))).build();
    }

    private X509Certificate holderToCert(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider(new BouncyCastleProvider());
        return jcaX509CertificateConverter.getCertificate(x509CertificateHolder);
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(3072, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }
}
