package io.quarkus.tls.cli;

import io.smallrye.certs.ca.CaGenerator;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.System;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.Callable;
import picocli.CommandLine;

@CommandLine.Command(name = "generate-quarkus-ca", mixinStandardHelpOptions = true, description = {"Generate Quarkus Dev CA certificate and private key."})
/* loaded from: input_file:io/quarkus/tls/cli/GenerateCACommand.class */
public class GenerateCACommand implements Callable<Integer> {

    @CommandLine.Option(names = {"-i", "--install"}, description = {"Install the generated CA into the system keychain."}, defaultValue = "false")
    boolean install;

    @CommandLine.Option(names = {"-t", "--truststore"}, description = {"Generate a PKCS12 (`.p12`) truststore containing the generated CA."}, defaultValue = "false")
    boolean truststore;

    @CommandLine.Option(names = {"-r", "--renew"}, description = {"Update certificate if already created."}, defaultValue = "false")
    boolean renew;
    static System.Logger LOGGER = System.getLogger("generate-quarkus-ca");

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Integer call() throws Exception {
        LOGGER.log(System.Logger.Level.INFO, "�� Generating Quarkus Dev CA certificate...");
        if (!Constants.BASE_DIR.exists()) {
            Constants.BASE_DIR.mkdirs();
        }
        if (Constants.CA_FILE.exists() && !this.renew && !hasExpired()) {
            LOGGER.log(System.Logger.Level.INFO, "✅ Quarkus Dev CA certificate already exists and has not yet expired. Use --renew to update.");
            return 0;
        }
        String property = System.getProperty("user.name", "");
        CaGenerator caGenerator = new CaGenerator(Constants.CA_FILE, Constants.PK_FILE, Constants.KEYSTORE_FILE, "quarkus");
        caGenerator.generate("quarkus-dev-root-ca", "Quarkus Development (" + property + ")", "Quarkus Development", "home", "world", "universe");
        if (this.install) {
            LOGGER.log(System.Logger.Level.INFO, "�� Installing the CA certificate in the system truststore...");
            caGenerator.installToSystem();
        }
        if (this.truststore) {
            LOGGER.log(System.Logger.Level.INFO, "�� Generating p12 truststore...");
            caGenerator.generateTrustStore(new File("quarkus-ca-truststore.p12"));
            LOGGER.log(System.Logger.Level.INFO, "✅ Truststore generated successfully.");
        }
        LOGGER.log(System.Logger.Level.INFO, "✅ Quarkus Dev CA certificate generated and installed");
        return 0;
    }

    private boolean hasExpired() throws Exception {
        try {
            getCertificateFromPKCS12().checkValidity();
            return false;
        } catch (Exception e) {
            LOGGER.log(System.Logger.Level.INFO, "�� Certificate has expired. Renewing...");
            return true;
        }
    }

    private static X509Certificate getCertificateFromPKCS12() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = new FileInputStream(Constants.KEYSTORE_FILE);
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(fileInputStream, "quarkus".toCharArray());
            Certificate certificate = keyStore.getCertificate(CaGenerator.KEYSTORE_CERT_ENTRY);
            if (certificate == null) {
                throw new KeyStoreException("No certificate found with alias: ca");
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            fileInputStream.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
