package org.graylog.security.certutil.csr;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.graylog.security.certutil.CertConstants;
import org.graylog.security.certutil.csr.exceptions.CSRGenerationException;
import org.graylog.security.certutil.privatekey.PrivateKeyEncryptedStorage;

/* loaded from: input_file:org/graylog/security/certutil/csr/CsrGenerator.class */
public class CsrGenerator {
    public PKCS10CertificationRequest generateCSR(char[] cArr, String str, List<String> list, PrivateKeyEncryptedStorage privateKeyEncryptedStorage) throws CSRGenerationException {
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance(CertConstants.KEY_GENERATION_ALGORITHM).generateKeyPair();
            privateKeyEncryptedStorage.writeEncryptedKey(cArr, generateKeyPair.getPrivate());
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + str), generateKeyPair.getPublic());
            ArrayList arrayList = new ArrayList(List.of(str));
            if (list != null) {
                arrayList.addAll(list);
            }
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(new Extension(Extension.subjectAlternativeName, false, new DEROctetString(new GeneralNames((GeneralName[]) arrayList.stream().map(str2 -> {
                return new GeneralName(2, str2);
            }).toArray(i -> {
                return new GeneralName[i];
            }))))));
            return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(CertConstants.SIGNING_ALGORITHM).build(generateKeyPair.getPrivate()));
        } catch (Exception e) {
            throw new CSRGenerationException("Failed to generate Certificate Signing Request", e);
        }
    }
}
