package org.graylog.security.certutil;

import com.github.rvesse.airline.annotations.Command;
import com.github.rvesse.airline.annotations.Option;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.graylog.security.certutil.console.CommandLineConsole;
import org.graylog.security.certutil.console.SystemConsole;
import org.graylog.security.certutil.csr.CsrSigner;
import org.graylog.security.certutil.csr.storage.CsrFileStorage;
import org.graylog.security.certutil.csr.storage.CsrStorage;
import org.graylog2.bootstrap.CliCommand;

@Command(name = "csrsign", description = "Signs a CSR using the given CA", groupNames = {"certutil"})
/* loaded from: input_file:org/graylog/security/certutil/CertutilCsrSign.class */
public class CertutilCsrSign implements CliCommand {

    @Option(name = {"--ca"}, description = "Filename for the CA keystore")
    protected String caKeystoreFilename;

    @Option(name = {"--csrFile"}, description = "The CSR to sign")
    protected String csrFilename;

    @Option(name = {"--certFile"}, description = "Filename for the signed certificate")
    protected String certFilename;
    private final CommandLineConsole console;
    private final CsrStorage csrStorage;
    public static final CommandLineConsole.Prompt PROMPT_ENTER_CA_PASSWORD = CommandLineConsole.prompt("Enter CA password: ");
    public static final CommandLineConsole.Prompt PROMPT_ENTER_CERTIFICATE_VALIDITY_IN_DAYS = CommandLineConsole.prompt("Enter certificate validity in days: ");

    public CertutilCsrSign() {
        this.caKeystoreFilename = "datanode-ca.p12";
        this.csrFilename = "csr.csr";
        this.certFilename = "datanode-cert.p12";
        this.console = new SystemConsole();
        this.csrStorage = new CsrFileStorage(this.csrFilename);
    }

    public CertutilCsrSign(String str, String str2, String str3, CommandLineConsole commandLineConsole) {
        this.caKeystoreFilename = "datanode-ca.p12";
        this.csrFilename = "csr.csr";
        this.certFilename = "datanode-cert.p12";
        this.caKeystoreFilename = str;
        this.certFilename = str3;
        this.csrStorage = new CsrFileStorage(str2);
        this.console = commandLineConsole;
    }

    @Override // java.lang.Runnable
    public void run() {
        this.console.printLine("This tool will generate a data-node certificate for HTTP communication (REST API)");
        this.console.printLine("Generating a HTTP certificate signed by the datanode CA");
        this.console.printLine("Using certificate authority " + Path.of(this.caKeystoreFilename, new String[0]).toAbsolutePath());
        try {
            char[] readPassword = this.console.readPassword(PROMPT_ENTER_CA_PASSWORD);
            KeyStore keyStore = KeyStore.getInstance(CertConstants.PKCS12);
            keyStore.load(new FileInputStream(this.caKeystoreFilename), readPassword);
            X509Certificate sign = new CsrSigner().sign((PrivateKey) keyStore.getKey(CertConstants.CA_KEY_ALIAS, readPassword), (X509Certificate) keyStore.getCertificate(CertConstants.CA_KEY_ALIAS), this.csrStorage.readCsr(), this.console.readInt(PROMPT_ENTER_CERTIFICATE_VALIDITY_IN_DAYS));
            Path of = Path.of(this.certFilename, new String[0]);
            writePem(of, sign);
            this.console.printLine("Certificate written to file " + of.toAbsolutePath());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new RuntimeException(e);
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private static void writePem(Path path, Object obj) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(path.toFile(), StandardCharsets.UTF_8));
        jcaPEMWriter.writeObject(obj);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
    }
}
