package org.apache.directory.server.core.security;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-core-1.5.5.jar:org/apache/directory/server/core/security/TlsKeyGenerator.class */
public class TlsKeyGenerator {
    private static final Logger LOG = LoggerFactory.getLogger(TlsKeyGenerator.class);
    public static final String TLS_KEY_INFO_OC = "tlsKeyInfo";
    public static final String PRIVATE_KEY_AT = "privateKey";
    public static final String PUBLIC_KEY_AT = "publicKey";
    public static final String KEY_ALGORITHM_AT = "keyAlgorithm";
    public static final String PRIVATE_KEY_FORMAT_AT = "privateKeyFormat";
    public static final String PUBLIC_KEY_FORMAT_AT = "publicKeyFormat";
    public static final String USER_CERTIFICATE_AT = "userCertificate";
    public static final String CERTIFICATE_PRINCIPAL_DN = "CN=ApacheDS, OU=Directory, O=ASF, C=US";
    private static final String ALGORITHM = "RSA";
    private static final int KEY_SIZE = 512;
    private static final long YEAR_MILLIS = 31536000000L;

    public static X509Certificate getCertificate(ServerEntry serverEntry) throws NamingException {
        try {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(serverEntry.get(USER_CERTIFICATE_AT).getBytes()));
            } catch (CertificateException e) {
                NamingException namingException = new NamingException("Bad certificate format.");
                namingException.setRootCause(e);
                throw namingException;
            }
        } catch (Exception e2) {
            NamingException namingException2 = new NamingException("Failed to get BC Certificate factory for algorithm: X.509");
            namingException2.setRootCause(e2);
            throw namingException2;
        }
    }

    public static KeyPair getKeyPair(ServerEntry serverEntry) throws NamingException {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
            try {
                try {
                    return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(serverEntry.get(PUBLIC_KEY_AT).getBytes())), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(serverEntry.get(PRIVATE_KEY_AT).getBytes())));
                } catch (InvalidKeySpecException e) {
                    NamingException namingException = new NamingException("Bad public key format.");
                    namingException.setRootCause(e);
                    throw namingException;
                }
            } catch (Exception e2) {
                NamingException namingException2 = new NamingException("Bad private key format.");
                namingException2.setRootCause(e2);
                throw namingException2;
            }
        } catch (Exception e3) {
            NamingException namingException3 = new NamingException("Failed to get key factory for algorithm: RSA");
            namingException3.setRootCause(e3);
            throw namingException3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v11, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v21, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v6, types: [byte[], byte[][]] */
    public static void addKeyPair(ServerEntry serverEntry) throws NamingException {
        EntryAttribute entryAttribute = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute == null) {
            serverEntry.put(SchemaConstants.OBJECT_CLASS_AT, TLS_KEY_INFO_OC, SchemaConstants.INET_ORG_PERSON_OC);
        } else {
            entryAttribute.add(TLS_KEY_INFO_OC, SchemaConstants.INET_ORG_PERSON_OC);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
            keyPairGenerator.initialize(512);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            serverEntry.put(KEY_ALGORITHM_AT, ALGORITHM);
            PrivateKey privateKey = genKeyPair.getPrivate();
            serverEntry.put(PRIVATE_KEY_AT, (byte[][]) new byte[]{privateKey.getEncoded()});
            serverEntry.put(PRIVATE_KEY_FORMAT_AT, privateKey.getFormat());
            LOG.debug("PrivateKey: {}", privateKey);
            PublicKey publicKey = genKeyPair.getPublic();
            serverEntry.put(PUBLIC_KEY_AT, (byte[][]) new byte[]{publicKey.getEncoded()});
            serverEntry.put(PUBLIC_KEY_FORMAT_AT, publicKey.getFormat());
            LOG.debug("PublicKey: {}", publicKey);
            Date date = new Date();
            Date date2 = new Date(System.currentTimeMillis() + YEAR_MILLIS);
            BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
            X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
            X500Principal x500Principal = new X500Principal(CERTIFICATE_PRINCIPAL_DN);
            x509V1CertificateGenerator.setSerialNumber(valueOf);
            x509V1CertificateGenerator.setIssuerDN(x500Principal);
            x509V1CertificateGenerator.setNotBefore(date);
            x509V1CertificateGenerator.setNotAfter(date2);
            x509V1CertificateGenerator.setSubjectDN(x500Principal);
            x509V1CertificateGenerator.setPublicKey(publicKey);
            x509V1CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
            try {
                X509Certificate generate = x509V1CertificateGenerator.generate(privateKey, "BC");
                serverEntry.put(USER_CERTIFICATE_AT, (byte[][]) new byte[]{generate.getEncoded()});
                LOG.debug("X509 Certificate: {}", generate);
                LOG.info("Keys and self signed certificate successfully generated.");
            } catch (Exception e) {
                NamingException namingException = new NamingException("Cannot generate self signed certificate.");
                namingException.setRootCause(e);
                throw namingException;
            }
        } catch (NoSuchAlgorithmException e2) {
            NamingException namingException2 = new NamingException("Cannot generate key pair for TLS");
            namingException2.setRootCause(e2);
            throw namingException2;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v11, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v25, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v6, types: [byte[], byte[][]] */
    public static void addKeyPair(ServerEntry serverEntry, String str, String str2, String str3) throws NamingException {
        EntryAttribute entryAttribute = serverEntry.get(SchemaConstants.OBJECT_CLASS_AT);
        if (entryAttribute == null) {
            serverEntry.put(SchemaConstants.OBJECT_CLASS_AT, TLS_KEY_INFO_OC, SchemaConstants.INET_ORG_PERSON_OC);
        } else {
            entryAttribute.add(TLS_KEY_INFO_OC, SchemaConstants.INET_ORG_PERSON_OC);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3);
            keyPairGenerator.initialize(512);
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            serverEntry.put(KEY_ALGORITHM_AT, str3);
            PrivateKey privateKey = genKeyPair.getPrivate();
            serverEntry.put(PRIVATE_KEY_AT, (byte[][]) new byte[]{privateKey.getEncoded()});
            serverEntry.put(PRIVATE_KEY_FORMAT_AT, privateKey.getFormat());
            LOG.debug("PrivateKey: {}", privateKey);
            PublicKey publicKey = genKeyPair.getPublic();
            serverEntry.put(PUBLIC_KEY_AT, (byte[][]) new byte[]{publicKey.getEncoded()});
            serverEntry.put(PUBLIC_KEY_FORMAT_AT, publicKey.getFormat());
            LOG.debug("PublicKey: {}", publicKey);
            Date date = new Date();
            Date date2 = new Date(System.currentTimeMillis() + YEAR_MILLIS);
            BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
            X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
            X500Principal x500Principal = new X500Principal(str);
            X500Principal x500Principal2 = new X500Principal(str2);
            x509V1CertificateGenerator.setSerialNumber(valueOf);
            x509V1CertificateGenerator.setIssuerDN(x500Principal);
            x509V1CertificateGenerator.setNotBefore(date);
            x509V1CertificateGenerator.setNotAfter(date2);
            x509V1CertificateGenerator.setSubjectDN(x500Principal2);
            x509V1CertificateGenerator.setPublicKey(publicKey);
            x509V1CertificateGenerator.setSignatureAlgorithm("SHA1With" + str3);
            try {
                X509Certificate generate = x509V1CertificateGenerator.generate(privateKey, "BC");
                serverEntry.put(USER_CERTIFICATE_AT, (byte[][]) new byte[]{generate.getEncoded()});
                LOG.debug("X509 Certificate: {}", generate);
                LOG.info("Keys and self signed certificate successfully generated.");
            } catch (Exception e) {
                NamingException namingException = new NamingException("Cannot generate self signed certificate.");
                namingException.setRootCause(e);
                throw namingException;
            }
        } catch (NoSuchAlgorithmException e2) {
            NamingException namingException2 = new NamingException("Cannot generate key pair for TLS");
            namingException2.setRootCause(e2);
            throw namingException2;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
