package org.graylog.security.certutil;

import com.github.rvesse.airline.annotations.Command;
import com.github.rvesse.airline.annotations.Option;
import java.nio.file.Path;
import java.security.KeyStore;
import java.time.Duration;
import org.graylog.security.certutil.ca.CAKeyPair;
import org.graylog.security.certutil.console.CommandLineConsole;
import org.graylog.security.certutil.console.SystemConsole;
import org.graylog.security.certutil.keystore.storage.KeystoreFileStorage;
import org.graylog.security.certutil.keystore.storage.SinglePasswordKeystoreContentMover;
import org.graylog.security.certutil.keystore.storage.location.KeystoreFileLocation;
import org.graylog2.bootstrap.CliCommand;

@Command(name = CertConstants.CA_KEY_ALIAS, description = "Manage certificate authority for data-node", groupNames = {"certutil"})
/* loaded from: input_file:org/graylog/security/certutil/CertutilCa.class */
public class CertutilCa implements CliCommand {
    public static final String DEFAULT_ORGANIZATION_NAME = "Graylog CA";

    @Option(name = {"--filename"}, description = "Filename for the CA keystore")
    protected String keystoreFilename;
    private final CommandLineConsole console;
    private final KeystoreFileStorage caKeystoreStorage;
    public static final CommandLineConsole.Prompt PROMPT_ENTER_CA_PASSWORD = CommandLineConsole.prompt("Enter CA password: ");

    public CertutilCa() {
        this.keystoreFilename = "datanode-ca.p12";
        this.console = new SystemConsole();
        this.caKeystoreStorage = new KeystoreFileStorage(new SinglePasswordKeystoreContentMover());
    }

    public CertutilCa(String str, CommandLineConsole commandLineConsole) {
        this.keystoreFilename = "datanode-ca.p12";
        this.keystoreFilename = str;
        this.console = commandLineConsole;
        this.caKeystoreStorage = new KeystoreFileStorage(new SinglePasswordKeystoreContentMover());
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            this.console.printLine("This tool will generate a self-signed certificate authority for datanode");
            char[] readPassword = this.console.readPassword(PROMPT_ENTER_CA_PASSWORD);
            this.console.printLine("Generating datanode CA");
            KeyStore keyStore = CAKeyPair.create(DEFAULT_ORGANIZATION_NAME, readPassword, Duration.ofDays(3650L)).toKeyStore();
            this.console.printLine("Private keys and certificates for root and intermediate CA generated");
            Path of = Path.of(this.keystoreFilename, new String[0]);
            this.caKeystoreStorage.writeKeyStore(new KeystoreFileLocation(of), keyStore, readPassword, (char[]) null);
            this.console.printLine("Keys and certificates stored in " + of.toAbsolutePath());
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate CA certificate", e);
        }
    }
}
