package io.javaoperatorsdk.jenvtest.cert;

import io.javaoperatorsdk.jenvtest.JenvtestException;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.concurrent.locks.ReentrantLock;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/javaoperatorsdk/jenvtest/cert/CertManager.class */
public class CertManager {
    public static final String API_SERVER_KEY_NAME = "apiserver.key";
    public static final String API_SERVER_CERT_NAME = "apiserver.crt";
    public static final String CLIENT_KEY_NAME = "client.key";
    public static final String CLIENT_CERT_NAME = "client.crt";
    private String jenvtestDir;
    private static final Logger log = LoggerFactory.getLogger(CertManager.class);
    private static final ReentrantLock generatorLock = new ReentrantLock();

    public CertManager(String str) {
        this.jenvtestDir = str;
    }

    public void createCertificatesIfNeeded() {
        if (certFilesPresent()) {
            return;
        }
        generatorLock.lock();
        try {
            if (certFilesPresent()) {
                generatorLock.unlock();
                return;
            }
            generateAPIServerCertificates();
            generateUserCertificates();
            generatorLock.unlock();
        } catch (Throwable th) {
            generatorLock.unlock();
            throw th;
        }
    }

    private boolean certFilesPresent() {
        return new File(this.jenvtestDir, API_SERVER_CERT_NAME).exists() && new File(this.jenvtestDir, API_SERVER_KEY_NAME).exists() && new File(this.jenvtestDir, CLIENT_CERT_NAME).exists() && new File(this.jenvtestDir, CLIENT_KEY_NAME).exists();
    }

    private void generateAPIServerCertificates() {
        log.info("Generating API Server certificates");
        generateKeyAndCertificate("CN=example.org", new File(this.jenvtestDir, API_SERVER_KEY_NAME), new File(this.jenvtestDir, API_SERVER_CERT_NAME), new GeneralName(7, "127.0.0.1"), dns("kubernetes"), dns("kubernetes.default"), dns("kubernetes.default.svc"), dns("kubernetes.default.svc.cluster"), dns("kubernetes.default.svc.cluster.local"));
    }

    private GeneralName dns(String str) {
        return new GeneralName(2, str);
    }

    private void generateUserCertificates() {
        log.info("Generating Client certificates");
        generateKeyAndCertificate("O=system:masters,CN=jenvtest", new File(this.jenvtestDir, CLIENT_KEY_NAME), new File(this.jenvtestDir, CLIENT_CERT_NAME), new GeneralName[0]);
    }

    public static void generateKeyAndCertificate(String str, File file, File file2, GeneralName... generalNameArr) {
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
            X500Name x500Name = new X500Name(str);
            BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
            Instant now = Instant.now();
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, valueOf, Date.from(now), Date.from(now.plus(365L, (TemporalUnit) ChronoUnit.DAYS)), x500Name, generateKeyPair.getPublic());
            if (generalNameArr.length > 0) {
                jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
            }
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").build(generateKeyPair.getPrivate())));
            FileWriter fileWriter = new FileWriter(file2);
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
                try {
                    FileWriter fileWriter2 = new FileWriter(file);
                    try {
                        jcaPEMWriter = new JcaPEMWriter(fileWriter2);
                        try {
                            jcaPEMWriter.writeObject(certificate);
                            jcaPEMWriter.writeObject(generateKeyPair.getPrivate());
                            jcaPEMWriter.close();
                            fileWriter2.close();
                            jcaPEMWriter.close();
                            fileWriter.close();
                        } finally {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th) {
                                th.addSuppressed(th);
                            }
                        }
                    } catch (Throwable th2) {
                        try {
                            fileWriter2.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                        throw th2;
                    }
                } catch (Throwable th4) {
                    throw th4;
                }
            } finally {
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException | OperatorCreationException e) {
            throw new JenvtestException(e);
        }
    }

    public String getClientCertPath() {
        return new File(this.jenvtestDir, CLIENT_CERT_NAME).getAbsolutePath();
    }

    public String getClientKeyPath() {
        return new File(this.jenvtestDir, CLIENT_KEY_NAME).getAbsolutePath();
    }

    public String getAPIServerKeyPath() {
        return new File(this.jenvtestDir, API_SERVER_KEY_NAME).getAbsolutePath();
    }

    public String getAPIServerCertPath() {
        return new File(this.jenvtestDir, API_SERVER_CERT_NAME).getAbsolutePath();
    }
}
