package dev.dsf.tools.generator;

import com.google.common.collect.Streams;
import de.rwh.utils.crypto.CertificateAuthority;
import de.rwh.utils.crypto.CertificateHelper;
import de.rwh.utils.crypto.CertificationRequestBuilder;
import de.rwh.utils.crypto.io.CsrIo;
import de.rwh.utils.crypto.io.PemIo;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/tools/generator/CertificateGenerator.class */
public class CertificateGenerator {
    private static final Logger logger = LoggerFactory.getLogger(CertificateGenerator.class);
    private static final char[] CERT_PASSWORD = "password".toCharArray();
    private static final String[] SERVER_COMMON_NAMES = {"localhost", "keycloak"};
    private static final String[] CLIENT_COMMON_NAMES = {"ttp-client", "dic1-client", "dic2-client", "dic3-client", "test-client", "Webbrowser Test User"};
    private static final Map<String, List<String>> DNS_NAMES = Map.of("localhost", Arrays.asList("localhost", "host.docker.internal", "fhir", "bpe", "ttp", "dic1", "dic2", "dic3"));
    private static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider();
    private CertificateAuthority ca;
    private Map<String, CertificateFiles> serverCertificateFilesByCommonName;
    private Map<String, CertificateFiles> clientCertificateFilesByCommonName;

    /* loaded from: input_file:dev/dsf/tools/generator/CertificateGenerator$CertificateFiles.class */
    public static final class CertificateFiles {
        private final String commonName;
        private final KeyPair keyPair;
        private final X509Certificate certificate;
        private final byte[] certificateSha512Thumbprint;

        CertificateFiles(String str, KeyPair keyPair, X509Certificate x509Certificate, byte[] bArr) {
            this.commonName = str;
            this.keyPair = keyPair;
            this.certificate = x509Certificate;
            this.certificateSha512Thumbprint = bArr;
        }

        public String getCommonName() {
            return this.commonName;
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public String getCertificateSha512ThumbprintHex() {
            return Hex.encodeHexString(this.certificateSha512Thumbprint);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dev/dsf/tools/generator/CertificateGenerator$CertificateType.class */
    public enum CertificateType {
        CLIENT,
        SERVER
    }

    public void generateCertificates() {
        this.ca = initCA();
        this.serverCertificateFilesByCommonName = (Map) Arrays.stream(SERVER_COMMON_NAMES).map(str -> {
            return createCert(CertificateType.SERVER, str, DNS_NAMES.getOrDefault(str, Collections.singletonList(str)));
        }).collect(Collectors.toMap((v0) -> {
            return v0.getCommonName();
        }, Function.identity()));
        this.clientCertificateFilesByCommonName = (Map) Arrays.stream(CLIENT_COMMON_NAMES).map(str2 -> {
            return createCert(CertificateType.CLIENT, str2, Collections.emptyList());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getCommonName();
        }, Function.identity()));
        writeThumbprints();
    }

    public Map<String, CertificateFiles> getServerCertificateFilesByCommonName() {
        return this.serverCertificateFilesByCommonName != null ? Collections.unmodifiableMap(this.serverCertificateFilesByCommonName) : Collections.emptyMap();
    }

    public Map<String, CertificateFiles> getClientCertificateFilesByCommonName() {
        return this.clientCertificateFilesByCommonName != null ? Collections.unmodifiableMap(this.clientCertificateFilesByCommonName) : Collections.emptyMap();
    }

    public CertificateAuthority initCA() {
        Path createFolderIfNotExists = createFolderIfNotExists(Paths.get("cert/ca/testca_certificate.pem", new String[0]));
        Path createFolderIfNotExists2 = createFolderIfNotExists(Paths.get("cert/ca/testca_private-key.pem", new String[0]));
        if (Files.isReadable(createFolderIfNotExists) && Files.isReadable(createFolderIfNotExists2)) {
            logger.info("Initializing CA from cert file: {}, private key {}", createFolderIfNotExists.toString(), createFolderIfNotExists2.toString());
            return CertificateAuthority.CertificateAuthorityBuilder.create(readCertificate(createFolderIfNotExists), readPrivatekey(createFolderIfNotExists2)).initialize();
        }
        logger.info("Initializing CA with new cert file: {}, private key {}", createFolderIfNotExists.toString(), createFolderIfNotExists2.toString());
        CertificateAuthority initialize = CertificateAuthority.CertificateAuthorityBuilder.create("DE", (String) null, (String) null, (String) null, (String) null, "Test").initialize();
        writeCertificate(createFolderIfNotExists, initialize.getCertificate());
        writePrivateKeyEncrypted(createFolderIfNotExists2, initialize.getCaKeyPair().getPrivate());
        return initialize;
    }

    private void writePrivateKeyEncrypted(Path path, PrivateKey privateKey) {
        try {
            PemIo.writeAes128EncryptedPrivateKeyToPkcs8(PROVIDER, path, privateKey, CERT_PASSWORD);
        } catch (IOException | OperatorCreationException e) {
            logger.error("Error while writing encrypted private-key to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private void writePrivateKeyNotEncrypted(Path path, PrivateKey privateKey) {
        try {
            PemIo.writeNotEncryptedPrivateKeyToPkcs8(PROVIDER, path, privateKey);
        } catch (IOException | OperatorCreationException e) {
            logger.error("Error while writing not-encrypted private-key to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private void writeCertificate(Path path, X509Certificate x509Certificate) {
        try {
            PemIo.writeX509CertificateToPem(x509Certificate, path);
        } catch (IOException | IllegalStateException | CertificateEncodingException e) {
            logger.error("Error while writing certificate to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private PrivateKey readPrivatekey(Path path) {
        try {
            return PemIo.readPrivateKeyFromPem(PROVIDER, path, CERT_PASSWORD);
        } catch (IOException | PKCSException e) {
            logger.error("Error while reading private-key from {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private X509Certificate readCertificate(Path path) {
        try {
            return PemIo.readX509CertificateFromPem(path);
        } catch (IOException | CertificateException e) {
            logger.error("Error while reading certificate from {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    public void writeThumbprints() {
        Path path = Paths.get("cert", "thumbprints.txt");
        Stream map = Streams.concat(new Stream[]{this.serverCertificateFilesByCommonName.values().stream(), this.clientCertificateFilesByCommonName.values().stream()}).sorted(Comparator.comparing((v0) -> {
            return v0.getCommonName();
        })).map(certificateFiles -> {
            return certificateFiles.commonName + "\n\t" + certificateFiles.getCertificateSha512ThumbprintHex() + " (SHA-512)\n";
        });
        try {
            logger.info("Writing certificate thumbprints file to {}", path.toString());
            Files.write(path, () -> {
                return map.iterator();
            }, StandardCharsets.UTF_8, new OpenOption[0]);
        } catch (IOException e) {
            logger.error("Error while writing certificate thumbprints file to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    public CertificateFiles createCert(CertificateType certificateType, String str, List<String> list) {
        KeyPair createOrReadKeyPair = createOrReadKeyPair(createFolderIfNotExists(getPrivateKeyPath(str)), str);
        X509Certificate signOrReadCertificate = signOrReadCertificate(createFolderIfNotExists(getCertPemPath(str)), createOrReadCertificateRequest(createFolderIfNotExists(getCertReqPath(str)), certificateType, createOrReadKeyPair, str, list), str, certificateType);
        return new CertificateFiles(str, createOrReadKeyPair, signOrReadCertificate, calculateSha512CertificateThumbprint(signOrReadCertificate));
    }

    private X509Certificate signOrReadCertificate(Path path, JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, String str, CertificateType certificateType) {
        if (Files.isReadable(path)) {
            logger.info("Reading certificate (pem) from {} [{}]", path.toString(), str);
            return readCertificate(path);
        }
        logger.info("Signing {} certificate [{}]", certificateType.toString().toLowerCase(), str);
        X509Certificate signCertificateRequest = signCertificateRequest(jcaPKCS10CertificationRequest, certificateType);
        logger.info("Saving certificate (pem) to {} [{}]", path.toString(), str);
        writeCertificate(path, signCertificateRequest);
        return signCertificateRequest;
    }

    private X509Certificate signCertificateRequest(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, CertificateType certificateType) {
        try {
            switch (certificateType) {
                case CLIENT:
                    return this.ca.signWebClientCertificate(jcaPKCS10CertificationRequest);
                case SERVER:
                    return this.ca.signWebServerCertificate(jcaPKCS10CertificationRequest);
                default:
                    throw new IncompatibleClassChangeError();
            }
        } catch (IOException | IllegalStateException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | OperatorCreationException | CertificateException e) {
            logger.error("Error while signing {} certificate", certificateType.toString().toLowerCase(), e);
            throw new RuntimeException(e);
        }
    }

    private JcaPKCS10CertificationRequest createOrReadCertificateRequest(Path path, CertificateType certificateType, KeyPair keyPair, String str, List<String> list) {
        if (!list.contains(str) && CertificateType.SERVER.equals(certificateType)) {
            throw new IllegalArgumentException("dnsNames must contain commonName if certificateType is SERVER");
        }
        if (Files.isReadable(path)) {
            logger.info("Reading certificate request (csr) from {} [{}]", path.toString(), str);
            return readCertificateRequest(path);
        }
        JcaPKCS10CertificationRequest createCertificateRequest = createCertificateRequest(certificateType, CertificationRequestBuilder.createSubject("DE", (String) null, (String) null, (String) null, (String) null, str), keyPair, list);
        logger.info("Saving certificate request (csr) to {} [{}]", path.toString(), str);
        writeCertificateRequest(path, createCertificateRequest);
        return createCertificateRequest;
    }

    private JcaPKCS10CertificationRequest createCertificateRequest(CertificateType certificateType, X500Name x500Name, KeyPair keyPair, List<String> list) {
        try {
            switch (certificateType) {
                case CLIENT:
                    return CertificationRequestBuilder.createClientCertificationRequest(x500Name, keyPair);
                case SERVER:
                    return CertificationRequestBuilder.createServerCertificationRequest(x500Name, keyPair, (String) null, list);
                default:
                    throw new IncompatibleClassChangeError();
            }
        } catch (NoSuchAlgorithmException | OperatorCreationException | IOException | IllegalStateException e) {
            logger.error("Error while creating certificate-request", e);
            throw new RuntimeException(e);
        }
    }

    private void writeCertificateRequest(Path path, JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest) {
        try {
            CsrIo.writeJcaPKCS10CertificationRequestToCsr(jcaPKCS10CertificationRequest, path);
        } catch (IOException e) {
            logger.error("Error while reading certificate-request from {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private JcaPKCS10CertificationRequest readCertificateRequest(Path path) {
        try {
            return CsrIo.readJcaPKCS10CertificationRequestFromCsr(path);
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            logger.error("Error while reading certificate-request from {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private KeyPair createOrReadKeyPair(Path path, String str) {
        if (Files.isReadable(path)) {
            logger.info("Reading private-key from {} [{}]", path.toString(), str);
            PrivateKey readPrivatekey = readPrivatekey(path);
            return new KeyPair(createPublicKey(readPrivatekey, path, str), readPrivatekey);
        }
        logger.info("Generating 4096 bit key pair [{}]", str);
        KeyPair createKeyPair = createKeyPair();
        logger.info("Saving private-key to {} [{}]", path.toString(), str);
        writePrivateKeyEncrypted(path, createKeyPair.getPrivate());
        return createKeyPair;
    }

    private PublicKey createPublicKey(PrivateKey privateKey, Path path, String str) {
        logger.debug("Generating public-key from private-key [{}]", str);
        if (!"RSA".equals(privateKey.getAlgorithm()) || !(privateKey instanceof RSAPrivateCrtKey)) {
            throw new RuntimeException("Error while generating public key: private key for " + str + " at " + String.valueOf(path) + " not a RSA private crt key");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException("Error while generating public key from private key modules and public exponent", e);
        }
    }

    private KeyPair createKeyPair() {
        try {
            return CertificationRequestBuilder.createRsaKeyPair4096Bit();
        } catch (NoSuchAlgorithmException e) {
            logger.error("Error while creating RSA key pair", e);
            throw new RuntimeException(e);
        }
    }

    private Path createFolderIfNotExists(Path path) {
        try {
            Files.createDirectories(path.getParent(), new FileAttribute[0]);
            return path;
        } catch (IOException e) {
            logger.error("Error while creating directories {}", path.getParent().toString(), e);
            throw new RuntimeException(e);
        }
    }

    private Path getCertReqPath(String str) {
        String replaceAll = str.replaceAll("\\s+", "_");
        return Paths.get("cert", replaceAll, replaceAll + "_certificate.csr");
    }

    private Path getCertP12Path(String str) {
        String replaceAll = str.replaceAll("\\s+", "_");
        return Paths.get("cert", replaceAll, replaceAll + "_certificate.p12");
    }

    private Path getCertPemPath(String str) {
        String replaceAll = str.replaceAll("\\s+", "_");
        return Paths.get("cert", replaceAll, replaceAll + "_certificate.pem");
    }

    private Path getPrivateKeyPath(String str) {
        String replaceAll = str.replaceAll("\\s+", "_");
        return Paths.get("cert", replaceAll, replaceAll + "_private-key.pem");
    }

    private byte[] calculateSha512CertificateThumbprint(X509Certificate x509Certificate) {
        try {
            return MessageDigest.getInstance("SHA-512").digest(x509Certificate.getEncoded());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            logger.error("Error while calculating SHA-512 certificate thumbprint", e);
            throw new RuntimeException(e);
        }
    }

    public void copyJavaTestCertificates() {
        X509Certificate certificate = this.ca.getCertificate();
        Path path = Paths.get("../../dsf-bpe/dsf-bpe-server-jetty/target/testca_certificate.pem", new String[0]);
        logger.info("Copying Test CA certificate file to {}", path.toString());
        writeCertificate(path, certificate);
        Path path2 = Paths.get("../../dsf-fhir/dsf-fhir-server-jetty/target/testca_certificate.pem", new String[0]);
        logger.info("Copying Test CA certificate file to {}", path2.toString());
        writeCertificate(path2, certificate);
        CertificateFiles certificateFiles = this.serverCertificateFilesByCommonName.get("localhost");
        Path path3 = Paths.get("../../dsf-bpe/dsf-bpe-server-jetty/target/localhost_certificate.pem", new String[0]);
        logger.info("Copying localhost certificate file to {}", path3.toString());
        writeCertificate(path3, certificateFiles.certificate);
        Path path4 = Paths.get("../../dsf-bpe/dsf-bpe-server-jetty/target/localhost_private-key.pem", new String[0]);
        logger.info("Copying localhost certificate private-key file to {}", path3.toString());
        writePrivateKeyEncrypted(path4, certificateFiles.keyPair.getPrivate());
        Path path5 = Paths.get("../../dsf-fhir/dsf-fhir-server-jetty/target/localhost_certificate.pem", new String[0]);
        logger.info("Copying localhost certificate file to {}", path5.toString());
        writeCertificate(path5, certificateFiles.certificate);
        Path path6 = Paths.get("../../dsf-fhir/dsf-fhir-server-jetty/target/localhost_private-key.pem", new String[0]);
        logger.info("Copying localhost certificate private-key file to {}", path5.toString());
        writePrivateKeyEncrypted(path6, certificateFiles.keyPair.getPrivate());
        CertificateFiles certificateFiles2 = this.clientCertificateFilesByCommonName.get("test-client");
        Path path7 = Paths.get("../../dsf-bpe/dsf-bpe-server-jetty/target/test-client_certificate.pem", new String[0]);
        logger.info("Copying test-client certificate file to {}", path7);
        writeCertificate(path7, certificateFiles2.certificate);
        Path path8 = Paths.get("../../dsf-bpe/dsf-bpe-server-jetty/target/test-client_private-key.pem", new String[0]);
        logger.info("Copying test-client certificate private-key file to {}", path8);
        writePrivateKeyEncrypted(path8, certificateFiles2.keyPair.getPrivate());
        Path path9 = Paths.get("../../dsf-fhir/dsf-fhir-server-jetty/target/test-client_certificate.pem", new String[0]);
        logger.info("Copying test-client certificate file to {}", path9);
        writeCertificate(path9, certificateFiles2.certificate);
        Path path10 = Paths.get("../../dsf-fhir/dsf-fhir-server-jetty/target/test-client_private-key.pem", new String[0]);
        logger.info("Copying test-client certificate private-key file to {}", path10);
        writePrivateKeyEncrypted(path10, certificateFiles2.keyPair.getPrivate());
    }

    public void copyDockerTestCertificates() {
        copyProxyFiles("dsf-docker-test-setup", "localhost");
        copyClientCertFiles("../../dsf-docker-test-setup/bpe/secrets/", "../../dsf-docker-test-setup/fhir/secrets/", "test-client");
    }

    private void copyProxyFiles(String str, String str2) {
        X509Certificate certificate = this.ca.getCertificate();
        CertificateFiles certificateFiles = this.serverCertificateFilesByCommonName.get(str2);
        Path path = Paths.get("../../", str);
        Path resolve = path.resolve("bpe/secrets/server_certificate.pem");
        logger.info("Copying {} certificate pem file to {}", str2, resolve);
        writeCertificate(resolve, certificateFiles.getCertificate());
        Path resolve2 = path.resolve("bpe/secrets/server_certificate_private_key.pem");
        logger.info("Copying {} private-key file to {}", str2, resolve2);
        writePrivateKeyNotEncrypted(resolve2, certificateFiles.keyPair.getPrivate());
        Path resolve3 = path.resolve("bpe/secrets/testca_certificate.pem");
        logger.info("Copying Test CA certificate file to {}", resolve3.toString());
        writeCertificate(resolve3, certificate);
        Path resolve4 = path.resolve("fhir/secrets/server_certificate.pem");
        logger.info("Copying {} certificate pem file to {}", str2, resolve4);
        writeCertificate(resolve4, certificateFiles.getCertificate());
        Path resolve5 = path.resolve("fhir/secrets/server_certificate_private_key.pem");
        logger.info("Copying {} private-key file to {}", str2, resolve5);
        writePrivateKeyNotEncrypted(resolve5, certificateFiles.keyPair.getPrivate());
        Path resolve6 = path.resolve("fhir/secrets/testca_certificate.pem");
        logger.info("Copying Test CA certificate file to {}", resolve6.toString());
        writeCertificate(resolve6, certificate);
    }

    private void copyClientCertFiles(String str, String str2, String str3) {
        CertificateFiles certificateFiles = this.clientCertificateFilesByCommonName.get(str3);
        Path path = Paths.get(str, "client_certificate.pem");
        logger.info("Copying {} certificate certificate file to {}", str3, path);
        writeCertificate(path, certificateFiles.certificate);
        Path path2 = Paths.get(str, "client_certificate_private_key.pem");
        logger.info("Copying {} certificate private-key file to {}", str3, path2);
        writePrivateKeyEncrypted(path2, certificateFiles.keyPair.getPrivate());
        Path path3 = Paths.get(str2, "client_certificate.pem");
        logger.info("Copying {} certificate certificate file to {}", str3, path3);
        writeCertificate(path3, certificateFiles.certificate);
        Path path4 = Paths.get(str2, "client_certificate_private_key.pem");
        logger.info("Copying {} certificate private-key file to {}", str3, path4);
        writePrivateKeyEncrypted(path4, certificateFiles.keyPair.getPrivate());
    }

    public void copyDockerTest3DicTtpCertificates() {
        Path path = Paths.get("../../dsf-docker-test-setup-3dic-ttp/secrets/", new String[0]);
        X509Certificate certificate = this.ca.getCertificate();
        Path resolve = path.resolve("proxy_trusted_client_cas.pem");
        logger.info("Copying Test CA certificate file to {}", resolve.toString());
        writeCertificate(resolve, certificate);
        CertificateFiles certificateFiles = this.serverCertificateFilesByCommonName.get("localhost");
        Path resolve2 = path.resolve("proxy_certificate_and_int_cas.pem");
        logger.info("Writing localhost certificate and CA certificate to {}", resolve.toString());
        writeCertificates(resolve2, certificateFiles.getCertificate());
        Path resolve3 = path.resolve("proxy_certificate_private_key.pem");
        logger.info("Copying localhost private-key file to {}", resolve3);
        writePrivateKeyNotEncrypted(resolve3, certificateFiles.keyPair.getPrivate());
        Arrays.asList("dic1", "dic2", "dic3", "ttp").forEach(str -> {
            copyDockerTest3DicTtpClientCertFiles("../../dsf-docker-test-setup-3dic-ttp/secrets/", str + "-client");
        });
        Path resolve4 = path.resolve("app_testca_certificate.pem");
        logger.info("Copying Test CA certificate file to {}", resolve4.toString());
        writeCertificate(resolve4, certificate);
        CertificateFiles certificateFiles2 = this.serverCertificateFilesByCommonName.get("keycloak");
        Path resolve5 = path.resolve("keycloak_certificate_and_int_cas.pem");
        logger.info("Writing keycloak certificate and CA certificate to {}", resolve.toString());
        writeCertificates(resolve5, certificateFiles2.getCertificate());
        Path resolve6 = path.resolve("keycloak_certificate_private_key.pem");
        logger.info("Copying keycloak private-key file to {}", resolve6);
        writePrivateKeyNotEncrypted(resolve6, certificateFiles2.keyPair.getPrivate());
        Path resolve7 = path.resolve("keycloak_trust_store.jks");
        logger.info("Copying Test CA certificate as trust store file to {}", resolve7.toString());
        writeKeyStore(resolve7, createJksKeyStore(getCommonName(this.ca.getCertificate()), certificate));
    }

    private String getCommonName(X509Certificate x509Certificate) {
        try {
            return IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue());
        } catch (CertificateEncodingException e) {
            logger.error("Error unable to extract common-name from certificate", e);
            throw new RuntimeException(e);
        }
    }

    private void copyDockerTest3DicTtpClientCertFiles(String str, String str2) {
        CertificateFiles certificateFiles = this.clientCertificateFilesByCommonName.get(str2);
        Path path = Paths.get(str, "app_" + str2 + "_certificate.pem");
        logger.info("Copying {} certificate certificate file to {}", str2, path);
        writeCertificate(path, certificateFiles.certificate);
        Path path2 = Paths.get(str, "app_" + str2 + "_private-key.pem");
        logger.info("Copying {} certificate private-key file to {}", str2, path2);
        writePrivateKeyEncrypted(path2, certificateFiles.keyPair.getPrivate());
    }

    private void writeCertificates(Path path, X509Certificate... x509CertificateArr) {
        try {
            StringBuilder sb = new StringBuilder();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                sb.append("subject= ");
                sb.append(x509Certificate.getSubjectX500Principal().getName());
                sb.append("\n");
                sb.append(PemIo.writeX509Certificate(x509Certificate));
            }
            Files.writeString(path, sb.toString(), new OpenOption[0]);
        } catch (IOException | IllegalStateException | CertificateEncodingException e) {
            logger.error("Error while writing certificate to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    private KeyStore createJksKeyStore(String str, X509Certificate x509Certificate) {
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(null, null);
            keyStore.setCertificateEntry(str, x509Certificate);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error while creating jks key-store", e);
            throw new RuntimeException(e);
        }
    }

    private KeyStore createP12KeyStore(PrivateKey privateKey, String str, X509Certificate x509Certificate) {
        try {
            return CertificateHelper.toPkcs12KeyStore(privateKey, new Certificate[]{x509Certificate, this.ca.getCertificate()}, str, CERT_PASSWORD);
        } catch (IOException | IllegalStateException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error while creating P12 key-store", e);
            throw new RuntimeException(e);
        }
    }

    private void writeKeyStore(Path path, KeyStore keyStore) {
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
            try {
                keyStore.store(newOutputStream, CERT_PASSWORD);
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.error("Error while writing keystore file to {}", path.toString(), e);
            throw new RuntimeException(e);
        }
    }

    public Path createP12(CertificateFiles certificateFiles) {
        Path certP12Path = getCertP12Path(certificateFiles.commonName);
        logger.info("Saving certificate (p21) to {}, password '{}' [{}]", new Object[]{certP12Path.toString(), String.valueOf(CERT_PASSWORD), certificateFiles.commonName});
        writeKeyStore(certP12Path, createP12KeyStore(certificateFiles.keyPair.getPrivate(), certificateFiles.commonName, certificateFiles.certificate));
        return certP12Path;
    }

    public static void main(String[] strArr) {
        CertificateAuthority.registerBouncyCastleProvider();
        new CertificateGenerator().generateCertificates();
    }
}
