package com.floragunn.searchguard.tools.tlstool.tasks;

import com.floragunn.searchguard.tools.tlstool.Config;
import com.floragunn.searchguard.tools.tlstool.Context;
import com.floragunn.searchguard.tools.tlstool.ToolException;
import com.google.common.base.Strings;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Objects;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import net.bytebuddy.jar.asm.Opcodes;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.text.CharacterPredicates;
import org.apache.commons.text.RandomStringGenerator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlstool/tasks/Task.class */
public abstract class Task {
    private static final Logger log = LogManager.getLogger((Class<?>) Task.class);
    protected final Context ctx;

    /* JADX INFO: Access modifiers changed from: protected */
    public Task(Context context) {
        this.ctx = context;
    }

    public abstract void run() throws ToolException;

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPair generateKeyPair(Config.KeyGenParameters keyGenParameters) throws ToolException {
        KeyPairGenerator keyPairGenerator;
        try {
            if (this.ctx.getConfig().getDefaults().isUseEllipticCurves()) {
                log.debug("Create {} with EC ({})", keyGenParameters.getClass().getSimpleName(), keyGenParameters.getEllipticCurve());
                keyPairGenerator = KeyPairGenerator.getInstance("EC", this.ctx.getSecurityProvider());
                keyPairGenerator.initialize(new ECGenParameterSpec(keyGenParameters.getEllipticCurve()));
            } else {
                log.debug("Create {} with RSA ({})", keyGenParameters.getClass().getSimpleName(), keyGenParameters.getKeysize());
                keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.ctx.getSecurityProvider());
                keyPairGenerator.initialize(keyGenParameters.getKeysize().intValue());
            }
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    protected void addOutputFile(String str, Object... objArr) {
        this.ctx.getFileOutput().add(str, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addOutputFile(File file, Object... objArr) {
        this.ctx.getFileOutput().add(file, objArr);
    }

    protected void addEncryptedOutputFile(String str, String str2, Object... objArr) {
        this.ctx.getFileOutput().addEncrypted(str, str2, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addEncryptedOutputFile(File file, String str, Object... objArr) {
        this.ctx.getFileOutput().addEncrypted(file, str, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void appendOutputFile(File file, Object... objArr) {
        this.ctx.getFileOutput().append(file, objArr);
    }

    protected void appendEnryptedOutputFile(File file, String str, Object... objArr) {
        this.ctx.getFileOutput().appendEncrypted(file, str, objArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkFileOverwrite(String str, String str2, File... fileArr) {
        for (File file : fileArr) {
            if (file.exists()) {
                if (!this.ctx.isOverwrite()) {
                    log.info(file + " does already exist. Skipping creation of " + str + " for " + str2);
                    return false;
                }
                log.debug("Overwriting " + file);
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPassword(String str) {
        if (Strings.isNullOrEmpty(str) || "none".equalsIgnoreCase(str)) {
            return null;
        }
        return isPasswordAutoGenerationEnabled(str) ? getAutoGeneratedPassword() : str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isPasswordAutoGenerationEnabled(String str) {
        return "auto".equalsIgnoreCase(str);
    }

    private String getAutoGeneratedPassword() {
        RandomStringGenerator.Builder filteredBy = new RandomStringGenerator.Builder().withinRange(48, Opcodes.ISHR).filteredBy(CharacterPredicates.LETTERS, CharacterPredicates.DIGITS);
        SecureRandom secureRandom = this.ctx.getSecureRandom();
        Objects.requireNonNull(secureRandom);
        return filteredBy.usingRandom(secureRandom::nextInt).build().generate(this.ctx.getConfig().getDefaults().getGeneratedPasswordLength());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JcaX509ExtensionUtils getExtUtils() {
        try {
            return new JcaX509ExtensionUtils();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X500Name createDn(String str, String str2) throws ToolException {
        if (Strings.isNullOrEmpty(str)) {
            throw new ToolException("No DN specified for " + str2 + " certificate");
        }
        try {
            return new X500Name(RFC4519Style.INSTANCE, str);
        } catch (IllegalArgumentException e) {
            throw new ToolException("Invalid DN specified for " + str2 + " certificate: " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String sanitizeDn(String str, String str2) throws ToolException {
        if (Strings.isNullOrEmpty(str)) {
            throw new ToolException("No DN specified for " + str2 + " certificate");
        }
        try {
            return new LdapName(new LdapName(str).getRdns()).toString();
        } catch (InvalidNameException e) {
            throw new ToolException("Invalid DN specified for " + str2 + " certificate: " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Date getEndDate(Date date, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, i);
        return calendar.getTime();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <E> E readObjectFromPem(File file, Class<E> cls) throws ToolException {
        try {
            return (E) readObjectFromPem(file, new FileReader(file), cls);
        } catch (FileNotFoundException e) {
            throw new ToolException("File does not exist: " + file);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <E> E readObjectFromPem(File file, Class<E> cls, String str) throws ToolException {
        try {
            if ("auto".equalsIgnoreCase(str) || "none".equalsIgnoreCase(str)) {
                str = null;
            }
            return (E) readObjectFromPem(file, new FileReader(file), cls, str);
        } catch (FileNotFoundException e) {
            throw new ToolException("File does not exist: " + file);
        }
    }

    protected <E> E readObjectFromPem(File file, Reader reader, Class<E> cls) throws ToolException {
        return (E) readObjectFromPem(file, reader, cls, null);
    }

    protected <E> E readObjectFromPem(File file, Reader reader, Class<E> cls, String str) throws ToolException {
        try {
            PEMParser pEMParser = new PEMParser(reader);
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw new ToolException("No object found in file " + file);
                }
                if (!cls.isAssignableFrom(readObject.getClass())) {
                    readObject = tryConvertObjectToExpectedType(file, readObject, cls, str);
                }
                if (!cls.isAssignableFrom(readObject.getClass())) {
                    throw new ToolException("Object in file " + file + " is not of type " + cls + "; Actually: " + readObject.getClass());
                }
                E cast = cls.cast(readObject);
                pEMParser.close();
                return cast;
            } catch (Throwable th) {
                try {
                    pEMParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | OperatorCreationException | PKCSException e) {
            throw new ToolException("Error while reading " + file + ": " + e.getMessage(), e);
        }
    }

    private Object tryConvertObjectToExpectedType(File file, Object obj, Class<?> cls, String str) throws IOException, OperatorCreationException, PKCSException, ToolException {
        if (cls.equals(PrivateKey.class)) {
            if (obj instanceof PEMEncryptedKeyPair) {
                if (Strings.isNullOrEmpty(str)) {
                    throw new ToolException("File " + file + " is encrypted but no password is given. Please specify a password in the configuration file.");
                }
                try {
                    return privateKeyInfoToPrivateKey(((PEMEncryptedKeyPair) obj).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())).getPrivateKeyInfo());
                } catch (Exception e) {
                    throw new ToolException("Error reading encrypted file " + file + "; bad password?", e);
                }
            }
            if (obj instanceof PEMKeyPair) {
                return privateKeyInfoToPrivateKey(((PEMKeyPair) obj).getPrivateKeyInfo());
            }
            if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
                if (Strings.isNullOrEmpty(str)) {
                    throw new ToolException("File " + file + " is encrypted but no password is given. Please specify a password in the configuration file.");
                }
                try {
                    return privateKeyInfoToPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
                } catch (Exception e2) {
                    throw new ToolException("Error reading encrypted file " + file + "; bad password?", e2);
                }
            }
            if (obj instanceof PrivateKeyInfo) {
                return privateKeyInfoToPrivateKey((PrivateKeyInfo) obj);
            }
        }
        return obj;
    }

    private PrivateKey privateKeyInfoToPrivateKey(PrivateKeyInfo privateKeyInfo) throws PEMException {
        return new JcaPEMKeyConverter().setProvider(this.ctx.getSecurityProvider()).getPrivateKey(privateKeyInfo);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public File getConfiguredFile(String str, String str2, String str3) {
        return str == null ? new File(this.ctx.getTargetDirectory(), str2) : new File(this.ctx.getTargetDirectory(), FilenameUtils.removeExtension(str) + "." + str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSimpleNameFromDn(String str) {
        try {
            RDN[] rDNs = new X500Name(str).getRDNs();
            if (rDNs == null || rDNs.length <= 0) {
                return null;
            }
            return rDNs[0].getFirst().getValue().toString();
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getClientFileName(Config.Client client) {
        String simpleNameFromDn;
        return client.getName() != null ? client.getName() : (client.getDn() == null || (simpleNameFromDn = getSimpleNameFromDn(client.getDn())) == null) ? "client" + (this.ctx.getConfig().getClients().indexOf(client) + 1) : simpleNameFromDn;
    }
}
