package com.gitblit;

import com.beust.jcommander.JCommander;
import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParameterException;
import com.beust.jcommander.Parameters;
import com.gitblit.Keys;
import com.gitblit.utils.FileUtils;
import com.gitblit.utils.TimeUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:gitblit.jar:com/gitblit/MakeCertificate.class */
public class MakeCertificate {
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;

    @Parameters(separators = " ")
    /* loaded from: input_file:gitblit.jar:com/gitblit/MakeCertificate$Params.class */
    private static class Params {
        private static final FileSettings FILESETTINGS = new FileSettings(Constants.PROPERTIES_FILE);

        @Parameter(names = {"--hostname"}, description = "Server Hostname", required = true)
        public String hostname;

        @Parameter(names = {"--subject"}, description = "Certificate subject", required = true)
        public String subject;

        @Parameter(names = {"--storePassword"}, description = "Password for SSL (https) keystore.")
        public String storePassword;

        private Params() {
            this.storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");
        }
    }

    public static void main(String... strArr) {
        Params params = new Params();
        JCommander jCommander = new JCommander(params);
        try {
            jCommander.parse(strArr);
        } catch (ParameterException e) {
            System.err.println(e.getMessage());
            jCommander.usage();
        }
        generateSelfSignedCertificate(params.hostname, new File("keystore"), params.storePassword, params.subject);
    }

    public static void generateSelfSignedCertificate(String str, File file, String str2) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(FileUtils.KB, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.OU, Constants.NAME);
            x500NameBuilder.addRDN(BCStyle.O, Constants.NAME);
            x500NameBuilder.addRDN(BCStyle.CN, str);
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - TimeUtils.ONEDAY), new Date(System.currentTimeMillis() + 315360000000L), x500NameBuilder.build(), generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(generateKeyPair.getPrivate())));
            certificate.checkValidity(new Date());
            certificate.verify(certificate.getPublicKey());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                keyStore.load(fileInputStream, str2.toCharArray());
                fileInputStream.close();
            } else {
                keyStore.load(null);
            }
            keyStore.setKeyEntry(str, generateKeyPair.getPrivate(), str2.toCharArray(), new Certificate[]{certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            th.printStackTrace();
            throw new RuntimeException("Failed to generate self-signed certificate!", th);
        }
    }

    public static void generateSelfSignedCertificate(String str, File file, String str2, String str3) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(FileUtils.KB, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X500Principal x500Principal = new X500Principal(str3);
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v3CertificateBuilder(x500Principal, BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - TimeUtils.ONEDAY), new Date(System.currentTimeMillis() + 315360000000L), x500Principal, generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(generateKeyPair.getPrivate())));
            certificate.checkValidity(new Date());
            certificate.verify(certificate.getPublicKey());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                keyStore.load(fileInputStream, str2.toCharArray());
                fileInputStream.close();
            } else {
                keyStore.load(null);
            }
            keyStore.setKeyEntry(str, generateKeyPair.getPrivate(), str2.toCharArray(), new Certificate[]{certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            th.printStackTrace();
            throw new RuntimeException("Failed to generate self-signed certificate!", th);
        }
    }
}
