package org.infinispan.server.security;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.List;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.wildfly.security.provider.util.ProviderUtil;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.cert.SubjectAlternativeNamesExtension;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

/* loaded from: input_file:org/infinispan/server/security/KeyStoreUtils.class */
public class KeyStoreUtils {
    public static void generateSelfSignedCertificate(String str, String str2, char[] cArr, char[] cArr2, String str3, String str4) throws IOException, GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = str2 != null ? KeyPairGenerator.getInstance("RSA", str2) : KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        X509CertificateBuilder x509CertificateBuilder = new X509CertificateBuilder();
        Date date = new Date();
        Date date2 = new Date(date.getTime() + 315360000000L);
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        x509CertificateBuilder.setNotValidAfter(ZonedDateTime.ofInstant(Instant.ofEpochMilli(date2.getTime()), TimeZone.getDefault().toZoneId()));
        x509CertificateBuilder.setNotValidBefore(ZonedDateTime.ofInstant(Instant.ofEpochMilli(date.getTime()), TimeZone.getDefault().toZoneId()));
        x509CertificateBuilder.setSerialNumber(bigInteger);
        X500Principal x500Principal = new X500Principal("CN=" + str4);
        x509CertificateBuilder.setSubjectDn(x500Principal);
        x509CertificateBuilder.setIssuerDn(x500Principal);
        x509CertificateBuilder.setPublicKey(generateKeyPair.getPublic());
        x509CertificateBuilder.setVersion(3);
        x509CertificateBuilder.setSignatureAlgorithmName("SHA256withRSA");
        x509CertificateBuilder.setSigningKey(privateKey);
        x509CertificateBuilder.addExtension(new SubjectAlternativeNamesExtension(false, List.of(new GeneralName.DNSName(str4))));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str3, generateKeyPair.getPrivate(), cArr2 != null ? cArr2 : cArr, new X509Certificate[]{x509CertificateBuilder.build()});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void generateEmptyKeyStore(String str, char[] cArr) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static KeyStore buildFilelessKeyStore(Provider[] providerArr, String str, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(str2, ProviderUtil.findProvider(providerArr, str, KeyStore.class, str2));
        keyStore.load(null, null);
        return keyStore;
    }
}
