package org.graylog2.shared.security.tls;

import com.google.common.base.Strings;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Objects;
import org.graylog2.inputs.InputImpl;
import org.graylog2.users.UserImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/graylog2/shared/security/tls/SelfSignedCertificate.class */
public final class SelfSignedCertificate {
    private static final Logger LOG = LoggerFactory.getLogger(SelfSignedCertificate.class);
    static final Date NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    static final Date NOT_AFTER = new Date(253402300799000L);
    private final Certificate certificate;
    private final PrivateKey privateKey;
    private final KeyStore keyStore;

    private SelfSignedCertificate(PrivateKey privateKey, Certificate certificate, KeyStore keyStore) throws CertificateException {
        this.privateKey = (PrivateKey) Objects.requireNonNull(privateKey);
        this.certificate = (Certificate) Objects.requireNonNull(certificate);
        this.keyStore = (KeyStore) Objects.requireNonNull(keyStore);
    }

    public Certificate certificate() {
        return this.certificate;
    }

    public PrivateKey privateKey() {
        return this.privateKey;
    }

    public KeyStore keyStore() {
        return this.keyStore;
    }

    public static SelfSignedCertificate create() throws GeneralSecurityException, IOException {
        return create("example.com", UserImpl.PASSWORD);
    }

    public static SelfSignedCertificate create(String str, String str2) throws GeneralSecurityException, IOException {
        return create(str, ThreadLocalInsecureRandom.current(), 1024, str2);
    }

    public static SelfSignedCertificate create(String str, SecureRandom secureRandom, int i, String str2) throws GeneralSecurityException, IOException {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("FQDN must not be empty");
        }
        if (Strings.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Key store password must not be empty");
        }
        KeyPair generateKeyPair = generateKeyPair(secureRandom, i);
        PrivateKey privateKey = generateKeyPair.getPrivate();
        try {
            X509Certificate generateCertificate = generateCertificate(str, generateKeyPair, secureRandom);
            return new SelfSignedCertificate(privateKey, generateCertificate, generateKeyStore(str, privateKey, generateCertificate, str2));
        } catch (Throwable th) {
            LOG.debug("Failed to generate a self-signed X.509 certificate using sun.security.x509:", th);
            throw new CertificateException("No provider succeeded to generate a self-signed certificate. See debug log for the root cause.");
        }
    }

    private static KeyPair generateKeyPair(SecureRandom secureRandom, int i) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(i, secureRandom);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }

    private static X509Certificate generateCertificate(String str, KeyPair keyPair, SecureRandom secureRandom) throws Exception {
        PrivateKey privateKey = keyPair.getPrivate();
        X509CertInfo x509CertInfo = new X509CertInfo();
        X500Name x500Name = new X500Name("CN=" + str);
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new BigInteger(64, secureRandom)));
        try {
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
        } catch (CertificateException e) {
            x509CertInfo.set("subject", x500Name);
        }
        try {
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
        } catch (CertificateException e2) {
            x509CertInfo.set("issuer", x500Name);
        }
        x509CertInfo.set("validity", new CertificateValidity(NOT_BEFORE, NOT_AFTER));
        x509CertInfo.set(InputImpl.FIELD_STATIC_FIELD_KEY, new CertificateX509Key(keyPair.getPublic()));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid)));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, "SHA1withRSA");
        x509CertInfo.set("algorithmID.algorithm", x509CertImpl.get("x509.algorithm"));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, "SHA1withRSA");
        x509CertImpl2.verify(keyPair.getPublic());
        return x509CertImpl2;
    }

    private static KeyStore generateKeyStore(String str, PrivateKey privateKey, Certificate certificate, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, str2.toCharArray());
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), new Certificate[]{certificate});
        return keyStore;
    }
}
