package com.floragunn.searchguard.test.helper.certificate;

import com.floragunn.searchguard.test.helper.certificate.asymmetricscryptography.AsymmetricCryptographyAlgorithm;
import com.floragunn.searchguard.test.helper.certificate.asymmetricscryptography.ECDSAAsymmetricCryptographyAlgorithm;
import com.floragunn.searchguard.test.helper.certificate.asymmetricscryptography.RSAAsymmetricCryptographyAlgorithm;
import com.floragunn.searchguard.test.helper.certificate.utils.CertificateSerialNumberGenerator;
import com.floragunn.searchguard.test.helper.certificate.utils.DnGenerator;
import com.floragunn.searchguard.test.helper.certificate.utils.SubjectAlternativesNameGenerator;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/certificate/TestCertificateFactory.class */
public class TestCertificateFactory {
    private static final Logger log = LogManager.getLogger(TestCertificateFactory.class);
    private static final Provider DEFAULT_SECURITY_PROVIDER = new BouncyCastleProvider();
    private final Provider securityProvider;
    private final AsymmetricCryptographyAlgorithm asymmetricCryptographyAlgorithm;
    private final JcaX509ExtensionUtils extUtils = getExtUtils();

    public static TestCertificateFactory rsaBaseCertificateFactory() {
        return rsaBaseCertificateFactory(null);
    }

    public static TestCertificateFactory rsaBaseCertificateFactory(Provider provider) {
        Provider provider2 = (Provider) Optional.ofNullable(provider).orElse(DEFAULT_SECURITY_PROVIDER);
        return new TestCertificateFactory(provider2, new RSAAsymmetricCryptographyAlgorithm(provider2, 2048));
    }

    public static TestCertificateFactory ecdsaBaseCertificatesFactory() {
        return ecdsaBaseCertificatesFactory(null);
    }

    public static TestCertificateFactory ecdsaBaseCertificatesFactory(Provider provider) {
        Provider provider2 = (Provider) Optional.ofNullable(provider).orElse(DEFAULT_SECURITY_PROVIDER);
        return new TestCertificateFactory(provider2, new ECDSAAsymmetricCryptographyAlgorithm(provider2, "P-384"));
    }

    private TestCertificateFactory(Provider provider, AsymmetricCryptographyAlgorithm asymmetricCryptographyAlgorithm) {
        this.securityProvider = provider;
        this.asymmetricCryptographyAlgorithm = asymmetricCryptographyAlgorithm;
    }

    public CertificateWithKeyPair createCaCertificate(String str, int i) {
        Date date = new Date(System.currentTimeMillis());
        return getCertificateWithKeyPair(str, date, getEndDate(date, i));
    }

    public CertificateWithKeyPair createCaCertificate(String str, Date date, Date date2) {
        return getCertificateWithKeyPair(str, date, date2);
    }

    private CertificateWithKeyPair getCertificateWithKeyPair(String str, Date date, Date date2) {
        try {
            KeyPair generateKeyPair = this.asymmetricCryptographyAlgorithm.generateKeyPair();
            X500Name apply = DnGenerator.rootDn.apply(str);
            return new CertificateWithKeyPair(new X509v3CertificateBuilder(apply, BigInteger.valueOf(1L), date, date2, apply, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).addExtension(Extension.basicConstraints, true, new BasicConstraints(true)).addExtension(Extension.authorityKeyIdentifier, false, this.extUtils.createAuthorityKeyIdentifier(generateKeyPair.getPublic())).addExtension(Extension.subjectKeyIdentifier, false, this.extUtils.createSubjectKeyIdentifier(generateKeyPair.getPublic())).addExtension(Extension.keyUsage, true, new KeyUsage(134)).build(new JcaContentSignerBuilder(this.asymmetricCryptographyAlgorithm.getSignatureAlgorithmName()).setProvider(this.securityProvider).build(generateKeyPair.getPrivate())), generateKeyPair);
        } catch (OperatorCreationException | CertIOException e) {
            log.error("Error while generating CA certificate", e);
            throw new RuntimeException("Error while generating CA certificate", e);
        }
    }

    public CertificateWithKeyPair createClientCertificate(String str, int i, X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) {
        try {
            KeyPair generateKeyPair = this.asymmetricCryptographyAlgorithm.generateKeyPair();
            X500Name apply = DnGenerator.clientDn.apply(str);
            ContentSigner build = new JcaContentSignerBuilder(this.asymmetricCryptographyAlgorithm.getSignatureAlgorithmName()).setProvider(this.securityProvider).build(privateKey);
            Date date = new Date(System.currentTimeMillis());
            return new CertificateWithKeyPair(new X509v3CertificateBuilder(x509CertificateHolder.getSubject(), CertificateSerialNumberGenerator.generateNextCertificateSerialNumber(), date, getEndDate(date, i), apply, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).addExtension(Extension.authorityKeyIdentifier, false, this.extUtils.createAuthorityKeyIdentifier(x509CertificateHolder)).addExtension(Extension.subjectKeyIdentifier, false, this.extUtils.createSubjectKeyIdentifier(generateKeyPair.getPublic())).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(224)).build(build), generateKeyPair);
        } catch (OperatorCreationException | CertIOException e) {
            log.error("Error while generating client certificate", e);
            throw new RuntimeException("Error while generating client certificate", e);
        }
    }

    public CertificateWithKeyPair createNodeCertificate(String str, int i, String str2, List<String> list, List<String> list2, X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) {
        try {
            KeyPair generateKeyPair = this.asymmetricCryptographyAlgorithm.generateKeyPair();
            X500Name apply = DnGenerator.nodeDn.apply(str);
            ContentSigner build = new JcaContentSignerBuilder(this.asymmetricCryptographyAlgorithm.getSignatureAlgorithmName()).setProvider(this.securityProvider).build(privateKey);
            Date date = new Date(System.currentTimeMillis());
            return new CertificateWithKeyPair(new X509v3CertificateBuilder(x509CertificateHolder.getSubject(), CertificateSerialNumberGenerator.generateNextCertificateSerialNumber(), date, getEndDate(date, i), apply, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).addExtension(Extension.authorityKeyIdentifier, false, this.extUtils.createAuthorityKeyIdentifier(x509CertificateHolder)).addExtension(Extension.subjectKeyIdentifier, false, this.extUtils.createSubjectKeyIdentifier(generateKeyPair.getPublic())).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(224)).addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth})).addExtension(Extension.subjectAlternativeName, false, SubjectAlternativesNameGenerator.createSubjectAlternativeNameList(str2, list, list2)).build(build), generateKeyPair);
        } catch (OperatorCreationException | CertIOException e) {
            log.error("Error while generating node certificate", e);
            throw new RuntimeException("Error while generating node certificate", e);
        }
    }

    private Date getEndDate(Date date, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, i);
        return calendar.getTime();
    }

    private static JcaX509ExtensionUtils getExtUtils() {
        try {
            return new JcaX509ExtensionUtils();
        } catch (NoSuchAlgorithmException e) {
            log.error("Getting ext utils failed", e);
            throw new RuntimeException(e);
        }
    }
}
