package cz.xtf.keystore;

import cz.xtf.TestConfiguration;
import cz.xtf.io.IOUtils;
import java.io.FileWriter;
import java.io.IOException;
import java.lang.ProcessBuilder;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;

/* loaded from: input_file:cz/xtf/keystore/ProcessKeystoreGenerator.class */
public class ProcessKeystoreGenerator {
    private static Path caDir;
    private static Path truststore;

    /* loaded from: input_file:cz/xtf/keystore/ProcessKeystoreGenerator$CertPaths.class */
    public static class CertPaths {
        public Path caPem;
        public Path truststore;
        public Path keystore;
        public Path keyPem;
        public Path certPem;

        public CertPaths(Path path, Path path2, Path path3, Path path4, Path path5) {
            this.caPem = path;
            this.truststore = path2;
            this.keystore = path3;
            this.keyPem = path4;
            this.certPem = path5;
        }
    }

    public static Path generateKeystore(String str) {
        return generateKeystore(str, null, str, false);
    }

    public static Path generateKeystore(String str, String str2) {
        return generateKeystore(str, null, str2, false);
    }

    public static Path generateKeystore(String str, String str2, boolean z) {
        return generateKeystore(str, null, str2, z);
    }

    public static Path generateKeystore(String str, String[] strArr) {
        return generateKeystore(str, strArr, str, false);
    }

    public static Path generateKeystore(String str, String[] strArr, String str2, boolean z) {
        String str3 = str + ".keystore";
        if (caDir.resolve(str3).toFile().exists()) {
            return caDir.resolve(str3);
        }
        processCall(caDir, "keytool", "-genkeypair", "-keyalg", "RSA", "-noprompt", "-alias", str2, "-dname", "CN=" + str + ", OU=TF, O=XTF, L=Brno, S=CZ, C=CZ", "-keystore", str3, "-storepass", XTFKeyStore.SIGNER_PASSWORD, "-keypass", XTFKeyStore.SIGNER_PASSWORD, "-deststoretype", "pkcs12");
        processCall(caDir, "keytool", "-keystore", str3, "-certreq", "-alias", str2, "--keyalg", "rsa", "-file", str + ".csr", "-storepass", XTFKeyStore.SIGNER_PASSWORD);
        if (strArr == null || strArr.length <= 0) {
            processCall(caDir, "openssl", "x509", "-req", "-CA", "ca-certificate.pem", "-CAkey", "ca-key.pem", "-in", str + ".csr", "-out", str + ".cer", "-days", "365", "-CAcreateserial", "-passin", "pass:password");
        } else {
            try {
                FileWriter fileWriter = new FileWriter(caDir.resolve(str2 + ".extensions").toFile());
                fileWriter.write("[ req_ext ]\n");
                fileWriter.write("subjectAltName = @alt_names\n");
                fileWriter.write("\n");
                fileWriter.write("[ alt_names ]\n");
                fileWriter.write("DNS.1 = " + str + "\n");
                for (int i = 0; i < strArr.length; i++) {
                    fileWriter.write("DNS." + (i + 2) + " = " + strArr[i] + "\n");
                }
                fileWriter.flush();
                fileWriter.close();
                processCall(caDir, "openssl", "x509", "-req", "-CA", "ca-certificate.pem", "-CAkey", "ca-key.pem", "-in", str + ".csr", "-out", str + ".cer", "-days", "365", "-CAcreateserial", "-passin", "pass:password", "-extfile", str2 + ".extensions", "-extensions", "req_ext");
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        processCall(caDir, "keytool", "-import", "-noprompt", "-keystore", str3, "-file", "ca-certificate.pem", "-alias", XTFKeyStore.SIGNER_CERTIFICATE, "-storepass", XTFKeyStore.SIGNER_PASSWORD);
        processCall(caDir, "keytool", "-import", "-keystore", str3, "-file", str + ".cer", "-alias", str2, "-storepass", XTFKeyStore.SIGNER_PASSWORD);
        if (z) {
            processCall(caDir, "keytool", "-delete", "-noprompt", "-alias", XTFKeyStore.SIGNER_CERTIFICATE, "-keystore", str3, "-storepass", XTFKeyStore.SIGNER_PASSWORD);
        }
        return caDir.resolve(str3);
    }

    public static CertPaths generateCerts(String str) {
        return generateCerts(str, null);
    }

    public static CertPaths generateCerts(String str, String[] strArr) {
        String str2 = str + ".keystore";
        generateKeystore(str, strArr);
        processCall(caDir, "keytool", "-exportcert", "-rfc", "-keystore", str2, "-alias", str, "-storepass", XTFKeyStore.SIGNER_PASSWORD, "-file", str2 + ".pem");
        processCall(caDir, "openssl", "pkcs12", "-in", str2, "-nodes", "-nocerts", "-out", str2 + ".keywithattrs.pem", "-passin", "pass:password");
        processCall(caDir, "openssl", "rsa", "-in", str2 + ".keywithattrs.pem", "-out", str2 + ".key.pem");
        return new CertPaths(caDir.resolve("ca-certificate.pem"), caDir.resolve("truststore"), caDir.resolve(str2), caDir.resolve(str2 + ".key.pem"), caDir.resolve(str2 + ".pem"));
    }

    private static void processCall(Path path, String... strArr) {
        ProcessBuilder processBuilder = new ProcessBuilder(strArr);
        processBuilder.directory(path.toFile());
        processBuilder.redirectOutput(ProcessBuilder.Redirect.INHERIT);
        processBuilder.redirectError(ProcessBuilder.Redirect.INHERIT);
        try {
            if (processBuilder.start().waitFor() != 0) {
                throw new IllegalStateException("Failed executing " + String.join(" ", strArr));
            }
        } catch (IOException | InterruptedException e) {
            throw new IllegalStateException("Failed executing " + String.join(" ", strArr));
        }
    }

    public static Path getCaDir() {
        return caDir;
    }

    public static Path getTruststore() {
        return truststore;
    }

    static {
        try {
            IOUtils.TMP_DIRECTORY.toFile().mkdirs();
            caDir = Files.createTempDirectory(IOUtils.TMP_DIRECTORY, "ca", new FileAttribute[0]);
            processCall(caDir, "openssl", "req", "-new", "-newkey", "rsa:4096", "-x509", "-keyout", "ca-key.pem", "-out", "ca-certificate.pem", "-days", "365", "-passout", "pass:password", "-subj", "/C=CZ/ST=CZ/L=Brno/O=QE/CN=xtf.ca");
            processCall(caDir, "keytool", "-import", "-noprompt", "-keystore", "truststore", "-file", "ca-certificate.pem", "-alias", XTFKeyStore.SIGNER_CERTIFICATE, "-storepass", XTFKeyStore.SIGNER_PASSWORD);
            String replaceFirst = TestConfiguration.masterUrl().replaceFirst("https://", "");
            processCall(caDir, "/bin/sh", "-c", "echo \"Q\" | openssl s_client -connect " + (replaceFirst.contains(":") ? replaceFirst : replaceFirst + ":443") + " -showcerts 2>/dev/null > serversOpenSslResponse");
            processCall(caDir, "/bin/sh", "-c", (System.getProperty("os.name").toLowerCase().startsWith("mac") ? "gcsplit" : "csplit") + " -f serverCert -s serversOpenSslResponse '/^-----BEGIN CERTIFICATE-----$/' '{*}'");
            processCall(caDir, "/bin/sh", "-c", "find . -type f -not -name \"serverCert00\" -name \"serverCert[0-9][0-9]\" -exec openssl x509 -in {} -out {}.pem \\;");
            processCall(caDir, "/bin/sh", "-c", "find . -type f -name \"serverCert[0-9][0-9].pem\" -exec keytool -import -noprompt -keystore truststore -file {} -alias {} -storepass password \\;");
            truststore = caDir.resolve("truststore");
        } catch (IOException e) {
            throw new IllegalStateException("Failed to initialize ca", e);
        }
    }
}
