package com.atlassian.bamboo.security;

import com.atlassian.bamboo.crypto.BouncyCastleProviderUtils;
import com.atlassian.bamboo.util.BambooObjectUtils;
import com.atlassian.bamboo.utils.BambooLogUtils;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.security.random.SecureRandomFactory;
import com.atlassian.utils.process.IOUtils;
import com.google.common.base.Stopwatch;
import io.atlassian.util.concurrent.Lazy;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Date;
import java.util.function.Supplier;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/security/BCKeyStoreFactory.class */
public class BCKeyStoreFactory implements KeyStoreFactory {
    private static final String KEY_ALGORITH_NAME = "RSA";
    private static final String SIGNATURE_ALGORITHM_NAME = "SHA256WITHRSAENCRYPTION";
    private static final int CERTIFICATE_VALIDITY_YEARS = 20;
    private final Supplier<KeyPairGenerator> KEY_PAIR_GENERATOR = Lazy.supplier(new Supplier<KeyPairGenerator>() { // from class: com.atlassian.bamboo.security.BCKeyStoreFactory.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public KeyPairGenerator get() {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(BCKeyStoreFactory.KEY_ALGORITH_NAME, BouncyCastleProviderUtils.getProvider());
                keyPairGenerator.initialize(BCKeyStoreFactory.KEY_SIZE, SecureRandomFactory.newInstance());
                return keyPairGenerator;
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }
    });
    private static final Logger log = Logger.getLogger(BCKeyStoreFactory.class);
    private static final int KEY_SIZE = (int) SystemProperty.EC2_TUNNEL_KEY_LENGTH.getTypedValue();

    @Override // com.atlassian.bamboo.security.KeyStoreFactory
    @NotNull
    public KeyStore generateKeyStore(String str, @NotNull String str2, @Nullable char[] cArr, @NotNull char[] cArr2) throws KeyStoreException, CertificateException {
        KeyStore newKeyStore = newKeyStore(cArr);
        KeyPairGenerator keyPairGenerator = this.KEY_PAIR_GENERATOR.get();
        Stopwatch createStarted = Stopwatch.createStarted();
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        BambooLogUtils.logOperationTime(log, createStarted, 1, 5, 30, "Key pair generation");
        newKeyStore.setKeyEntry(str, generateKeyPair.getPrivate(), cArr2, new Certificate[]{createCertificate(str2, generateKeyPair)});
        return newKeyStore;
    }

    @Override // com.atlassian.bamboo.security.KeyStoreFactory
    @NotNull
    public KeyStore loadKeyStore(@NotNull File file, @NotNull char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            keyStore.load(fileInputStream, cArr);
            IOUtils.closeQuietly(fileInputStream);
            return keyStore;
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    @NotNull
    private KeyStore newKeyStore(char[] cArr) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, cArr);
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException("Cannot initialise keystore", e);
        }
    }

    private static Certificate createCertificate(String str, KeyPair keyPair) throws CertificateException {
        X500Name cn = getCn(str);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(cn, getSerialNumber(), new Date(), DateUtils.addYears(new Date(), CERTIFICATE_VALIDITY_YEARS), cn, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(SIGNATURE_ALGORITHM_NAME);
        AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
        try {
            AsymmetricKeyParameter keyParameters = BouncyCastleProviderUtils.getKeyParameters(keyPair.getPrivate());
            return toCertificate(x509v3CertificateBuilder.build(keyParameters instanceof RSAKeyParameters ? new BcRSAContentSignerBuilder(find, find2).build(keyParameters) : new BcDSAContentSignerBuilder(find, find2).build(keyParameters)));
        } catch (OperatorCreationException e) {
            throw new IllegalArgumentException("Invalid digest algorithm", e);
        }
    }

    private static X500Name getCn(String str) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = BCStyle.CN;
        return new X500Name(new RDN[]{new RDN(aSN1ObjectIdentifier, BCStyle.INSTANCE.stringToValue(aSN1ObjectIdentifier, str))});
    }

    private static BigInteger getSerialNumber() {
        return BigInteger.valueOf(System.nanoTime());
    }

    private static CertificateFactory getX509CertificateFactory() throws CertificateException {
        return CertificateFactory.getInstance("X.509", BouncyCastleProviderUtils.getProvider());
    }

    private static Certificate toCertificate(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        try {
            return getX509CertificateFactory().generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
        } catch (IOException e) {
            throw BambooObjectUtils.asRuntimeException(e);
        }
    }
}
