package org.graylog.security.certutil.ca;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.time.Duration;
import org.graylog.security.certutil.CertConstants;
import org.graylog.security.certutil.CertRequest;
import org.graylog.security.certutil.CertificateGenerator;
import org.graylog.security.certutil.KeyPair;
import org.graylog.security.certutil.ca.exceptions.CACreationException;

/* loaded from: input_file:org/graylog/security/certutil/ca/CACreator.class */
public class CACreator {
    public KeyStore createCA(char[] cArr, Duration duration) throws CACreationException {
        try {
            KeyPair generate = CertificateGenerator.generate(CertRequest.selfSigned("root").isCA(true).validity(duration));
            KeyPair generate2 = CertificateGenerator.generate(CertRequest.signed("ca", generate).isCA(true).validity(duration));
            KeyStore keyStore = KeyStore.getInstance(CertConstants.PKCS12);
            keyStore.load(null, null);
            keyStore.setKeyEntry("root", generate.privateKey(), cArr, new X509Certificate[]{generate.certificate()});
            keyStore.setKeyEntry("ca", generate2.privateKey(), cArr, new X509Certificate[]{generate2.certificate(), generate.certificate()});
            return keyStore;
        } catch (Exception e) {
            throw new CACreationException("Failed to create a Certificate Authority", e);
        }
    }
}
