package org.eclipse.milo.opcua.stack.core.util;

import io.netty.util.internal.StringUtil;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Permission;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/milo/opcua/stack/core/util/CertificateGenerator.class */
public class CertificateGenerator {
    private static final String KEY_TOOL_CLASS_NAME = "sun.security.tools.keytool.Main";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final String keyStorePath;
    private final String keyStorePassword;
    private final String keyStoreType;
    private final String certificateAlias;
    private final String certificatePassword;
    private static final SecurityManager SYSTEM_SECURITY_MANAGER = System.getSecurityManager();

    /* loaded from: input_file:org/eclipse/milo/opcua/stack/core/util/CertificateGenerator$ExitTrappedException.class */
    private static class ExitTrappedException extends SecurityException {
        private ExitTrappedException() {
        }
    }

    public CertificateGenerator(String str, String str2, String str3, String str4, String str5) {
        this.keyStorePath = str;
        this.keyStorePassword = str2;
        this.keyStoreType = str3;
        this.certificateAlias = str4;
        this.certificatePassword = str5;
    }

    public X509Certificate generateSelfSignedCertificate(String str, String str2, String str3, String str4, String str5, String str6, List<String> list, List<String> list2) throws Exception {
        return generateSelfSignedCertificate(str, StringUtil.EMPTY_STRING, str2, str3, str4, str5, 365, str6, list, list2);
    }

    public X509Certificate generateSelfSignedCertificate(String str, String str2, String str3, String str4, String str5, String str6, int i, String str7, List<String> list, List<String> list2) throws Exception {
        invokeKeyTool((String[]) buildKeyToolArgs(String.format("cn=%s, ou=%s, o=%s, l=%s, st=%s, c=%s", str, str2, str3, str4, str5, str6), i, str7, list, list2).toArray(new String[0]));
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        FileInputStream fileInputStream = new FileInputStream(new File(this.keyStorePath));
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, this.keyStorePassword.toCharArray());
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(this.certificateAlias);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    private List<String> buildKeyToolArgs(String str, int i, String str2, List<String> list, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("-selfcert");
        arrayList.add("-genkey");
        arrayList.add("-validity");
        arrayList.add(String.valueOf(i));
        arrayList.add("-ext");
        arrayList.add("BC=ca:false");
        arrayList.add("-ext");
        arrayList.add("KeyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyCertSign");
        arrayList.add("-ext");
        arrayList.add("ExtendedKeyUsage=clientAuth,serverAuth");
        arrayList.add("-ext");
        StringBuilder sb = new StringBuilder();
        sb.append("SubjectAlternativeName=URI:").append(str2);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(",DNS:").append(it.next());
        }
        Iterator<String> it2 = list2.iterator();
        while (it2.hasNext()) {
            sb.append(",IP:").append(it2.next());
        }
        arrayList.add(sb.toString());
        arrayList.add("-keystore");
        arrayList.add(String.format("%s", this.keyStorePath));
        arrayList.add("-storetype");
        arrayList.add(this.keyStoreType);
        arrayList.add("-storepass");
        arrayList.add(String.format("%s", this.keyStorePassword));
        arrayList.add("-keyalg");
        arrayList.add("RSA");
        arrayList.add("-keysize");
        arrayList.add("2048");
        arrayList.add("-alias");
        arrayList.add(String.format("%s", this.certificateAlias));
        arrayList.add("-keypass");
        arrayList.add(String.format("%s", this.certificatePassword));
        arrayList.add("-dname");
        arrayList.add(String.format("%s", str));
        return arrayList;
    }

    private void invokeKeyTool(String[] strArr) throws Exception {
        Exception exc;
        try {
            try {
                this.logger.debug("keytool args: {}", Arrays.toString(strArr));
                disableSystemExitCall();
                Class.forName(KEY_TOOL_CLASS_NAME).getMethod("main", String[].class).invoke(null, strArr);
            } finally {
            }
        } finally {
            enableSystemExitCall();
        }
    }

    private static synchronized void disableSystemExitCall() {
        System.setSecurityManager(new SecurityManager() { // from class: org.eclipse.milo.opcua.stack.core.util.CertificateGenerator.1
            @Override // java.lang.SecurityManager
            public void checkPermission(Permission permission) {
                if (permission.getName().startsWith("exitVM")) {
                    throw new ExitTrappedException();
                }
            }
        });
    }

    private static synchronized void enableSystemExitCall() {
        System.setSecurityManager(SYSTEM_SECURITY_MANAGER);
    }
}
