package com.floragunn.searchguard.tools.tlstool.tasks;

import com.floragunn.searchguard.tools.tlstool.Config;
import com.floragunn.searchguard.tools.tlstool.Context;
import com.floragunn.searchguard.tools.tlstool.ToolException;
import java.io.File;
import java.io.IOException;
import java.security.KeyPair;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.BERTags;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlstool/tasks/CreateClientCsr.class */
public class CreateClientCsr extends CreateClientCertificateBase {
    private static int generatedCsrCount = 0;
    private static boolean passwordAutoGenerated = false;

    public CreateClientCsr(Context context, Config.Client client) {
        super(context, client);
    }

    @Override // com.floragunn.searchguard.tools.tlstool.tasks.Task
    public void run() throws ToolException {
        try {
            File file = new File(this.ctx.getTargetDirectory(), getClientFileName(this.clientConfig) + ".key");
            File file2 = new File(this.ctx.getTargetDirectory(), getClientFileName(this.clientConfig) + ".csr");
            File file3 = new File(this.ctx.getTargetDirectory(), "client-csr.readme");
            if (checkFileOverwrite("csr", this.clientConfig.getDn(), file, file2)) {
                KeyPair generateKeyPair = generateKeyPair(this.clientConfig);
                JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(createDn(this.clientConfig.getDn(), "client"), generateKeyPair.getPublic());
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(BERTags.FLAGS));
                extensionsGenerator.addExtension(Extension.extendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth}));
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
                PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(this.ctx.getConfig().getDefaults().getSignatureAlgorithm()).build(generateKeyPair.getPrivate()));
                String password = getPassword(this.clientConfig.getPkPassword());
                addEncryptedOutputFile(file, password, generateKeyPair.getPrivate());
                addOutputFile(file2, build);
                if (isPasswordAutoGenerationEnabled(this.clientConfig.getPkPassword())) {
                    appendOutputFile(file3, createPasswordInfo(file, password));
                    passwordAutoGenerated = true;
                }
                generatedCsrCount++;
            }
        } catch (IOException | OperatorCreationException e) {
            throw new ToolException("Error while composing certificate", e);
        }
    }

    public static int getGeneratedCsrCount() {
        return generatedCsrCount;
    }

    public static boolean isPasswordAutoGenerated() {
        return passwordAutoGenerated;
    }
}
