package dev.dsf.maven.dev;

import de.hsheilbronn.mi.utils.crypto.io.KeyStoreWriter;
import de.hsheilbronn.mi.utils.crypto.io.PemWriter;
import de.hsheilbronn.mi.utils.crypto.keystore.KeyStoreCreator;
import dev.dsf.maven.dev.CertificateGenerator;
import java.io.IOException;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/maven/dev/CertificateWriter.class */
public class CertificateWriter extends AbstractIo {
    private static final Logger logger = LoggerFactory.getLogger(CertificateWriter.class);
    private final Path projectBasedir;
    private final CertificateGenerator generator;
    private final char[] privateKeyPassword;

    public CertificateWriter(Path path, CertificateGenerator certificateGenerator, char[] cArr) {
        this.projectBasedir = (Path) Objects.requireNonNull(path, "projectBasedir");
        this.generator = (CertificateGenerator) Objects.requireNonNull(certificateGenerator, "generator");
        this.privateKeyPassword = (char[]) Objects.requireNonNull(cArr, "privateKeyPassword");
    }

    public void write(List<Cert> list) {
        if (list != null) {
            list.forEach(this::write);
        }
    }

    private void write(Cert cert) {
        this.generator.getCertificateAndPrivateKey(cert.getCn()).ifPresent(certificateAndPrivateKey -> {
            cert.getTargets().stream().map((v0) -> {
                return v0.toPath();
            }).forEach(path -> {
                if (path.getFileName().toString().endsWith(".chain.crt")) {
                    toRuntimeException(() -> {
                        writeCertificateChain(cert.getCn(), certificateAndPrivateKey, path);
                    });
                    return;
                }
                if (path.getFileName().toString().endsWith(CertificateGenerator.POSTFIX_CERTIFICATE)) {
                    toRuntimeException(() -> {
                        writeCertificate(cert.getCn(), certificateAndPrivateKey, path);
                    });
                    return;
                }
                if (path.getFileName().toString().endsWith(CertificateGenerator.POSTFIX_PRIVATE_KEY)) {
                    toRuntimeException(() -> {
                        writePrivateKey(cert.getCn(), certificateAndPrivateKey, path);
                    });
                    return;
                }
                if (path.getFileName().toString().endsWith(".key.plain")) {
                    toRuntimeException(() -> {
                        writePrivateKeyPlain(cert.getCn(), certificateAndPrivateKey, path);
                    });
                } else if (path.getFileName().toString().endsWith(".p12")) {
                    toRuntimeException(() -> {
                        writePkcs12(cert.getCn(), certificateAndPrivateKey, path);
                    });
                } else {
                    logger.warn("Cert (cn: {}) target filetype not supported: {}", cert.getCn(), path.getFileName());
                }
            });
        });
    }

    public void write(RootCa rootCa) {
        if (rootCa == null) {
            return;
        }
        rootCa.getTargets().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.toPath();
        }).forEach(path -> {
            if (path.getFileName().toString().endsWith(CertificateGenerator.POSTFIX_CERTIFICATE)) {
                toRuntimeException(() -> {
                    writeRootCa(path);
                });
            } else if (path.getFileName().toString().endsWith(".jks")) {
                toRuntimeException(() -> {
                    writeRootCaJks(path);
                });
            } else {
                logger.warn("RootCa target filetype not supported: {}", path.getFileName());
            }
        });
    }

    public void write(IssuingCa issuingCa) {
        if (issuingCa == null) {
            return;
        }
        issuingCa.getTargets().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.toPath();
        }).forEach(path -> {
            if (path.getFileName().toString().endsWith(CertificateGenerator.POSTFIX_CERTIFICATE)) {
                toRuntimeException(() -> {
                    writeIssuingCa(path);
                });
            } else if (path.getFileName().toString().endsWith(".jks")) {
                toRuntimeException(() -> {
                    writeIssuingCaJks(path);
                });
            } else {
                logger.warn("IssuingCa target filetype not supported: {}", path.getFileName());
            }
        });
    }

    public void write(CaChain caChain) {
        if (caChain == null) {
            return;
        }
        caChain.getTargets().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.toPath();
        }).forEach(path -> {
            if (path.getFileName().toString().endsWith(CertificateGenerator.POSTFIX_CERTIFICATE)) {
                toRuntimeException(() -> {
                    writeCaChain(path);
                });
            } else if (path.getFileName().toString().endsWith(".jks")) {
                toRuntimeException(() -> {
                    writeCaChainJks(path);
                });
            } else {
                logger.warn("CaChain target filetype not supported: {}", path.getFileName());
            }
        });
    }

    private void writeCertificate(String str, CertificateGenerator.CertificateAndPrivateKey certificateAndPrivateKey, Path path) throws IOException {
        logger.info("Writing certificate (cn: {}) to {}", str, this.projectBasedir.relativize(path));
        PemWriter.writeCertificate(certificateAndPrivateKey.certificate(), path);
    }

    private void writeCertificateChain(String str, CertificateGenerator.CertificateAndPrivateKey certificateAndPrivateKey, Path path) throws IOException {
        logger.info("Writing certificate (cn: {}) and issuingCa to {}", str, this.projectBasedir.relativize(path));
        PemWriter.writeCertificates(List.of(certificateAndPrivateKey.certificate(), this.generator.getIssuingCaCertificate()), true, path);
    }

    private void writePrivateKey(String str, CertificateGenerator.CertificateAndPrivateKey certificateAndPrivateKey, Path path) throws IOException {
        logger.info("Writing private-key encrypted (cn: {}) to {}", str, this.projectBasedir.relativize(path));
        PemWriter.writePrivateKey(certificateAndPrivateKey.privateKey()).asPkcs8().encryptedAes128(this.privateKeyPassword).toFile(path);
    }

    private void writePrivateKeyPlain(String str, CertificateGenerator.CertificateAndPrivateKey certificateAndPrivateKey, Path path) throws IOException {
        logger.info("Writing private-key unencrypted (cn: {}) to {}", str, this.projectBasedir.relativize(path));
        PemWriter.writePrivateKey(certificateAndPrivateKey.privateKey()).asPkcs8().notEncrypted().toFile(path);
    }

    private void writePkcs12(String str, CertificateGenerator.CertificateAndPrivateKey certificateAndPrivateKey, Path path) throws IOException {
        logger.info("Writing pkcs12 key-store (cn: {}) to {}", str, this.projectBasedir.relativize(path));
        KeyStoreWriter.write(KeyStoreCreator.pkcs12ForPrivateKeyAndCertificateChain(certificateAndPrivateKey.privateKey(), this.privateKeyPassword, new X509Certificate[]{certificateAndPrivateKey.certificate(), this.generator.getIssuingCaCertificate(), this.generator.getRootCaCertificate()}), this.privateKeyPassword, path);
    }

    private void writeRootCa(Path path) throws IOException {
        logger.info("Writing rootCa to {}", this.projectBasedir.relativize(path));
        PemWriter.writeCertificate(this.generator.getRootCaCertificate(), path);
    }

    private void writeIssuingCa(Path path) throws IOException {
        logger.info("Writing issuingCa to {}", this.projectBasedir.relativize(path));
        PemWriter.writeCertificate(this.generator.getIssuingCaCertificate(), path);
    }

    private void writeCaChain(Path path) throws IOException {
        logger.info("Writing caChain to {}", this.projectBasedir.relativize(path));
        PemWriter.writeCertificates(List.of(this.generator.getIssuingCaCertificate(), this.generator.getRootCaCertificate()), true, path);
    }

    private void writeRootCaJks(Path path) throws IOException {
        KeyStore jksForTrustedCertificates = KeyStoreCreator.jksForTrustedCertificates(new X509Certificate[]{this.generator.getRootCaCertificate()});
        logger.info("Writing rootCa to {}", this.projectBasedir.relativize(path));
        KeyStoreWriter.write(jksForTrustedCertificates, this.privateKeyPassword, path);
    }

    private void writeIssuingCaJks(Path path) throws IOException {
        KeyStore jksForTrustedCertificates = KeyStoreCreator.jksForTrustedCertificates(new X509Certificate[]{this.generator.getIssuingCaCertificate()});
        logger.info("Writing issuingCa to {}", this.projectBasedir.relativize(path));
        KeyStoreWriter.write(jksForTrustedCertificates, this.privateKeyPassword, path);
    }

    private void writeCaChainJks(Path path) throws IOException {
        KeyStore jksForTrustedCertificates = KeyStoreCreator.jksForTrustedCertificates(new X509Certificate[]{this.generator.getIssuingCaCertificate(), this.generator.getRootCaCertificate()});
        logger.info("Writing caChain to {}", this.projectBasedir.relativize(path));
        KeyStoreWriter.write(jksForTrustedCertificates, this.privateKeyPassword, path);
    }
}
