package edu.internet2.middleware.ant.pki;

import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Task;
import org.apache.tools.ant.types.EnumeratedAttribute;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:edu/internet2/middleware/ant/pki/SelfSignedCertificate.class */
public class SelfSignedCertificate extends Task {
    private String keyType = "RSA";
    private int keysize = 2048;
    private int certificateLifetime = 20;
    private String hostname;
    private String[] dnsSubjectAltNames;
    private String[] uriSubjectAltNames;
    private File privateKeyFile;
    private File certificateFile;
    private File keystoreFile;
    private String keystorePassword;

    /* loaded from: input_file:edu/internet2/middleware/ant/pki/SelfSignedCertificate$KeyType.class */
    public static class KeyType extends EnumeratedAttribute {
        public String[] getValues() {
            return new String[]{"DSA", "RSA"};
        }
    }

    public void execute() throws BuildException {
        validate();
        KeyPair generateKeyPair = generateKeyPair();
        X509Certificate generateCertificate = generateCertificate(generateKeyPair);
        if (this.privateKeyFile != null) {
            try {
                this.privateKeyFile.createNewFile();
                PEMWriter pEMWriter = new PEMWriter(new FileWriter(this.privateKeyFile));
                pEMWriter.writeObject(generateKeyPair.getPrivate());
                pEMWriter.flush();
                pEMWriter.close();
            } catch (Exception e) {
                throw new BuildException("Unable to create private key file.", e);
            }
        }
        if (this.certificateFile != null) {
            try {
                this.certificateFile.createNewFile();
                PEMWriter pEMWriter2 = new PEMWriter(new FileWriter(this.certificateFile));
                pEMWriter2.writeObject(generateCertificate);
                pEMWriter2.flush();
                pEMWriter2.close();
            } catch (Exception e2) {
                throw new BuildException("Unable to create private key file.", e2);
            }
        }
        if (this.keystoreFile != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                keyStore.setKeyEntry(this.hostname, generateKeyPair.getPrivate(), this.keystorePassword.toCharArray(), new X509Certificate[]{generateCertificate});
                FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreFile);
                keyStore.store(fileOutputStream, this.keystorePassword.toCharArray());
                fileOutputStream.flush();
                fileOutputStream.close();
            } catch (Exception e3) {
                throw new BuildException(e3);
            }
        }
    }

    public void setKeyType(KeyType keyType) {
        this.keyType = keyType.getValue();
    }

    public void setKeysize(int i) {
        this.keysize = i;
    }

    public void setCertificateLifetime(int i) {
        this.certificateLifetime = i;
    }

    public void setHostName(String str) {
        this.hostname = str;
    }

    public void setPrivateKeyFile(File file) {
        this.privateKeyFile = file;
    }

    public void setCertificateFile(File file) {
        this.certificateFile = file;
    }

    public void setKeystoreFile(File file) {
        this.keystoreFile = file;
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    public void setDnsSubjectAltNames(String str) {
        this.dnsSubjectAltNames = str.split(" ");
    }

    public void setUriSubjectAltNames(String str) {
        this.uriSubjectAltNames = str.split(" ");
    }

    protected void validate() throws BuildException {
        if (this.keysize > 2048) {
            log("Key size is greater than 2048, this may cause problems with some JVMs", 1);
        }
        if (this.hostname == null || this.hostname.length() == 0) {
            throw new BuildException("The hostname attribute is required and may not contain an empty value");
        }
        if (this.keystoreFile != null) {
            if (this.keystorePassword == null || this.keystorePassword.length() == 0) {
                throw new BuildException("Keystore password may not be null if a keystore file is given");
            }
        }
    }

    protected KeyPair generateKeyPair() throws BuildException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyType);
            keyPairGenerator.initialize(this.keysize);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new BuildException("The " + this.keyType + " key type is not supported by this JVM");
        }
    }

    protected X509Certificate generateCertificate(KeyPair keyPair) throws BuildException {
        try {
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
            X509Name x509Name = new X509Name(false, new StringBuffer("CN=").append(this.hostname).toString(), new RdnConverter());
            x509V3CertificateGenerator.setIssuerDN(x509Name);
            x509V3CertificateGenerator.setSubjectDN(x509Name);
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
            gregorianCalendar.set(1, gregorianCalendar.get(1) + this.certificateLifetime);
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
            x509V3CertificateGenerator.setSerialNumber(new BigInteger(160, new SecureRandom()));
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new DERSequence(buildSubjectAltNames())));
            x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
            return x509V3CertificateGenerator.generate(keyPair.getPrivate());
        } catch (Exception e) {
            log(e.toString(), 0);
            throw new BuildException("Unable to generate self-signed certificate", e);
        }
    }

    protected ASN1Encodable[] buildSubjectAltNames() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GeneralName(2, this.hostname));
        if (this.dnsSubjectAltNames != null) {
            for (String str : this.dnsSubjectAltNames) {
                arrayList.add(new GeneralName(2, str));
            }
        }
        if (this.uriSubjectAltNames != null) {
            for (String str2 : this.uriSubjectAltNames) {
                arrayList.add(new GeneralName(6, str2));
            }
        }
        return (ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[0]);
    }
}
