package eu.contrail.security;

import com.mysql.jdbc.MysqlErrorNumbers;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: input_file:WEB-INF/lib/security-commons-1.0-SNAPSHOT.jar:eu/contrail/security/CreateHostCert.class */
public class CreateHostCert {
    private static String caIssuer;
    private static String caSubject;
    private static X500Name issuerOrderedX500Name;
    private static X500Principal issuerOrderedX500P;
    private static KeyPair caKeyPair;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static X509Certificate createCACertificate() {
        X509Certificate x509Certificate = null;
        caIssuer = "O=Science and Technology Facilities Council,OU=Contrail Test Federation,OU=RAL-FBU,CN=Contrail Test Online CA";
        caSubject = caIssuer;
        try {
            if (caKeyPair == null) {
                System.err.println("CA KeyPair is NULL");
            } else if (caKeyPair.getPublic() == null) {
                System.err.println("CA PubKey is NULL");
            }
            x509Certificate = SecurityUtils.createCertificate(caKeyPair.getPublic(), caSubject, 1, caIssuer, caKeyPair, "SHA256withRSA", true, MysqlErrorNumbers.ER_FK_INCORRECT_OPTION, 0, 0);
        } catch (InvalidKeyException e) {
            System.err.println(e);
        } catch (CertificateException e2) {
            System.err.println(e2);
        } catch (OperatorCreationException e3) {
            System.err.println(e3);
        }
        String name = x509Certificate.getIssuerDN().getName();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        String reverse = SecurityUtils.reverse(issuerX500Principal.toString(), ",");
        issuerOrderedX500Name = new X500Name(reverse);
        issuerOrderedX500P = new X500Principal(reverse);
        System.out.printf("%nX500Principal = %s.%n", issuerX500Principal);
        System.out.printf("Ordered X500Principal String = %s.%n", reverse);
        System.out.printf("%nissuerOrderedX500Name = %s.%n", issuerOrderedX500Name);
        System.out.printf("%nissuerOrderedX500P = %s.%n", issuerOrderedX500P);
        String name2 = x509Certificate.getSubjectDN().getName();
        if (!$assertionsDisabled && name != name2) {
            throw new AssertionError();
        }
        try {
            SecurityUtils.getExtensionValueAsOctetString(x509Certificate, XMLX509SKI.SKI_OID);
            SecurityUtils.getExtensionValueAsOctetString(x509Certificate, "2.5.29.35");
        } catch (IOException e4) {
            System.err.println(e4);
        }
        try {
            System.out.println("CA Root Cert:%n");
            SecurityUtils.writeCertificate(System.out, x509Certificate);
            System.out.println("CA Keypair%n");
            SecurityUtils.writeKey(System.out, caKeyPair.getPrivate());
        } catch (IOException e5) {
            System.err.println(e5);
        }
        try {
            x509Certificate.verify(caKeyPair.getPublic());
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage != null) {
                for (int i = 0; i < keyUsage.length; i++) {
                }
            }
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage != null) {
                for (String str : extendedKeyUsage) {
                }
            }
        } catch (InvalidKeyException e6) {
            System.err.println(e6);
        } catch (NoSuchAlgorithmException e7) {
            System.err.println(e7);
        } catch (NoSuchProviderException e8) {
            System.err.println(e8);
        } catch (SignatureException e9) {
            System.err.println(e9);
        } catch (CertificateException e10) {
            System.err.println(e10);
        }
        return x509Certificate;
    }

    public static void printUsage() {
        System.err.printf("Usage: gen-host-cert caKey caCert hostname [lifetime_days]", new Object[0]);
    }

    public static void main(String[] strArr) {
        if (strArr.length != 3 && strArr.length != 4) {
            printUsage();
            System.exit(-1);
        }
        Security.addProvider(new BouncyCastleProvider());
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        int i = 30;
        if (strArr.length == 4) {
            try {
                i = Integer.valueOf(strArr[3]).intValue();
            } catch (NumberFormatException e) {
                System.err.println(e);
                printUsage();
                System.exit(-1);
            }
        }
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        try {
            PrivateKey readPrivateKey = SecurityUtils.readPrivateKey(str, null);
            X509Certificate certFromStream = SecurityUtils.getCertFromStream(new FileInputStream(str2));
            KeyPair generateKeyPair = SecurityUtils.generateKeyPair("RSA", 2048);
            X509Certificate createHostCertificate = SecurityUtils.createHostCertificate(generateKeyPair.getPublic(), str3, valueOf, certFromStream, readPrivateKey, "SHA256withRSA", null, i, 0, 0);
            String str4 = str3 + "-key.pem";
            String str5 = str3 + "-cert.pem";
            SecurityUtils.writeKey(new FileOutputStream(new File(str4)), generateKeyPair.getPrivate());
            System.err.printf("Write private key to %s.%n", str4);
            SecurityUtils.writeCertificate(new FileOutputStream(new File(str5)), createHostCertificate);
            System.err.printf("Write cert to %s.%n", str5);
        } catch (FileNotFoundException e2) {
            Logger.getLogger(CreateHostCert.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e2);
            System.exit(-1);
        } catch (IOException e3) {
            Logger.getLogger(CreateHostCert.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e3);
            System.exit(-1);
        } catch (InvalidKeyException e4) {
            System.err.println(e4);
            System.exit(-1);
        } catch (NoSuchAlgorithmException e5) {
            Logger.getLogger(CreateHostCert.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e5);
            System.exit(-1);
        } catch (CertificateException e6) {
            System.err.print(e6);
            System.exit(-1);
        } catch (OperatorCreationException e7) {
            System.err.println(e7);
            System.exit(-1);
        }
    }

    static {
        $assertionsDisabled = !CreateHostCert.class.desiredAssertionStatus();
    }
}
