package org.openhab.io.jetty.certificate.internal;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openhab/io/jetty/certificate/internal/CertificateGenerator.class */
public class CertificateGenerator implements BundleActivator {
    private static final String JETTY_KEYSTORE_PATH_PROPERTY = "jetty.keystore.path";
    private static final String KEYSTORE_PASSWORD = "openhab";
    private static final String KEYSTORE_ENTRY_ALIAS = "mykey";
    private static final String KEYSTORE_JKS_TYPE = "JKS";
    private static final String CURVE_NAME = "prime256v1";
    private static final String KEY_PAIR_GENERATOR_TYPE = "EC";
    private static final String KEY_FACTORY_TYPE = "EC";
    private static final String CONTENT_SIGNER_ALGORITHM = "SHA256withECDSA";
    private static final String CERTIFICATE_X509_TYPE = "X.509";
    private static final String X500_NAME = "CN=openhab.org, OU=None, O=None, L=None, C=None";
    private Logger logger;
    private File keystoreFile;

    public void start(BundleContext bundleContext) throws Exception {
        this.logger = LoggerFactory.getLogger(CertificateGenerator.class);
        try {
            KeyStore ensureKeystore = ensureKeystore();
            if (isCertificateInKeystore(ensureKeystore)) {
                this.logger.debug("{} alias found. Do nothing.", KEYSTORE_ENTRY_ALIAS);
            } else {
                this.logger.debug("{} alias not found. Generating a new certificate.", KEYSTORE_ENTRY_ALIAS);
                generateCertificate(ensureKeystore);
            }
        } catch (KeyStoreException | CertificateException e) {
            this.logger.error("Failed to generate a new SSL Certificate.", e);
        }
    }

    public void stop(BundleContext bundleContext) throws Exception {
    }

    private KeyStore ensureKeystore() throws KeyStoreException {
        this.keystoreFile = new File(System.getProperty(JETTY_KEYSTORE_PATH_PROPERTY));
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_JKS_TYPE);
        if (this.keystoreFile.exists()) {
            Throwable th = null;
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(this.keystoreFile);
                    try {
                        this.logger.debug("Keystore found. Trying to load {}", this.keystoreFile.getAbsolutePath());
                        keyStore.load(fileInputStream, KEYSTORE_PASSWORD.toCharArray());
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                    } catch (Throwable th2) {
                        if (fileInputStream != null) {
                            fileInputStream.close();
                        }
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                throw new KeyStoreException("Failed to load the keystore " + this.keystoreFile.getAbsolutePath(), e);
            }
        } else {
            try {
                this.logger.debug("No keystore found. Creation of {}", this.keystoreFile.getAbsolutePath());
                if (!this.keystoreFile.createNewFile()) {
                    throw new IOException("Keystore file creation failed.");
                }
                keyStore.load(null, null);
            } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                throw new KeyStoreException("Failed to create the keystore " + this.keystoreFile.getAbsolutePath(), e2);
            }
        }
        return keyStore;
    }

    private boolean isCertificateInKeystore(KeyStore keyStore) throws KeyStoreException {
        return keyStore.getCertificate(KEYSTORE_ENTRY_ALIAS) != null;
    }

    private void generateCertificate(KeyStore keyStore) throws CertificateException, KeyStoreException {
        try {
            long currentTimeMillis = System.currentTimeMillis();
            ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE_NAME);
            ECParameterSpec eCParameterSpec = new ECParameterSpec(new EllipticCurve(new ECFieldFp(parameterSpec.getCurve().getField().getCharacteristic()), parameterSpec.getCurve().getA().toBigInteger(), parameterSpec.getCurve().getB().toBigInteger()), new ECPoint(parameterSpec.getG().getXCoord().toBigInteger(), parameterSpec.getG().getYCoord().toBigInteger()), parameterSpec.getN(), parameterSpec.getH().intValue());
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(eCParameterSpec, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            ECPrivateKeySpec eCPrivateKeySpec = new ECPrivateKeySpec(((ECPrivateKey) generateKeyPair.getPrivate()).getS(), eCParameterSpec);
            ECPublicKeySpec eCPublicKeySpec = new ECPublicKeySpec(((ECPublicKey) generateKeyPair.getPublic()).getW(), eCParameterSpec);
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            PrivateKey generatePrivate = keyFactory.generatePrivate(eCPrivateKeySpec);
            PublicKey generatePublic = keyFactory.generatePublic(eCPublicKeySpec);
            this.logger.debug("Keys generated in {} ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            Certificate generateCertificate = CertificateFactory.getInstance(CERTIFICATE_X509_TYPE).generateCertificate(new ByteArrayInputStream(ByteBuffer.wrap(new X509v3CertificateBuilder(new X500Name(X500_NAME), BigInteger.valueOf(Integer.valueOf(new Random().nextInt()).intValue() >= 0 ? r0.intValue() : r0.intValue() * (-1)), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 315360000000L), new X500Name(X500_NAME), new SubjectPublicKeyInfo((ASN1Sequence) ASN1Primitive.fromByteArray(generatePublic.getEncoded()))).build(new JcaContentSignerBuilder(CONTENT_SIGNER_ALGORITHM).build(generateKeyPair.getPrivate())).toASN1Structure().getEncoded()).array()));
            this.logger.debug("Total certificate generation time: {} ms.", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            keyStore.setKeyEntry(KEYSTORE_ENTRY_ALIAS, generatePrivate, KEYSTORE_PASSWORD.toCharArray(), new Certificate[]{generateCertificate});
            this.logger.debug("Save the keystore into {}.", this.keystoreFile.getAbsolutePath());
            keyStore.store(new FileOutputStream(this.keystoreFile), KEYSTORE_PASSWORD.toCharArray());
        } catch (IOException | InvalidAlgorithmParameterException | NoSuchAlgorithmException | InvalidKeySpecException | OperatorCreationException e) {
            throw new CertificateException("Failed to generate the new certificate.", e);
        }
    }
}
