package org.apache.iotdb.db.pipe.connector.protocol.opcua;

import com.google.common.collect.Sets;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.UUID;
import java.util.regex.Pattern;
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/pipe/connector/protocol/opcua/OpcUaKeyStoreLoader.class */
class OpcUaKeyStoreLoader {
    private static final Logger LOGGER = LoggerFactory.getLogger(OpcUaKeyStoreLoader.class);
    private static final Pattern IP_ADDR_PATTERN = Pattern.compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");
    private static final String SERVER_ALIAS = "server-ai";
    private X509Certificate serverCertificate;
    private KeyPair serverKeyPair;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpcUaKeyStoreLoader load(Path path, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        File file = path.resolve("iotdb-server.pfx").toFile();
        LOGGER.info("Loading KeyStore at {}", file);
        if (file.exists()) {
            keyStore.load(new FileInputStream(file), cArr);
        } else {
            keyStore.load(null, cArr);
            KeyPair generateRsaKeyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
            SelfSignedCertificateBuilder applicationUri = new SelfSignedCertificateBuilder(generateRsaKeyPair).setCommonName("Apache IoTDB OPC UA server").setOrganization("Apache").setOrganizationalUnit("dev").setLocalityName("Beijing").setStateName("China").setCountryCode("CN").setApplicationUri("urn:apache:iotdb:opc-ua-server:" + UUID.randomUUID());
            for (String str : Sets.union(Sets.newHashSet(new String[]{HostnameUtil.getHostname()}), HostnameUtil.getHostnames("0.0.0.0", false))) {
                if (IP_ADDR_PATTERN.matcher(str).matches()) {
                    applicationUri.addIpAddress(str);
                } else {
                    applicationUri.addDnsName(str);
                }
            }
            keyStore.setKeyEntry(SERVER_ALIAS, generateRsaKeyPair.getPrivate(), cArr, new X509Certificate[]{applicationUri.build()});
            keyStore.store(new FileOutputStream(file), cArr);
        }
        Key key = keyStore.getKey(SERVER_ALIAS, cArr);
        if (key instanceof PrivateKey) {
            this.serverCertificate = (X509Certificate) keyStore.getCertificate(SERVER_ALIAS);
            this.serverKeyPair = new KeyPair(this.serverCertificate.getPublicKey(), (PrivateKey) key);
        }
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getServerCertificate() {
        return this.serverCertificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyPair getServerKeyPair() {
        return this.serverKeyPair;
    }
}
