package org.apereo.cas.support.saml.idp.metadata.writer;

import java.io.Writer;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import lombok.Generated;
import org.apereo.cas.util.RandomUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-saml-idp-core-6.5.3.jar:org/apereo/cas/support/saml/idp/metadata/writer/DefaultSamlIdPCertificateAndKeyWriter.class */
public class DefaultSamlIdPCertificateAndKeyWriter implements SamlIdPCertificateAndKeyWriter {
    private static final int X509_CERT_BITS_SIZE = 160;
    private String hostname;
    private List<String> uriSubjectAltNames;
    private int keySize = 2048;
    private String keyType = "RSA";
    private String certificateAlgorithm = JCAConstants.SIGNATURE_RSA_SHA256;
    private int certificateLifetimeInYears = 20;

    @Override // org.apereo.cas.support.saml.idp.metadata.writer.SamlIdPCertificateAndKeyWriter
    public void writeCertificateAndKey(Writer writer, Writer writer2) {
        KeyPair generateKeyPair = generateKeyPair();
        X509Certificate generateCertificate = generateCertificate(generateKeyPair);
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        try {
            jcaPEMWriter.writeObject(generateKeyPair.getPrivate());
            jcaPEMWriter.flush();
            jcaPEMWriter.close();
            jcaPEMWriter = new JcaPEMWriter(writer2);
            try {
                jcaPEMWriter.writeObject(generateCertificate);
                jcaPEMWriter.flush();
                jcaPEMWriter.close();
            } finally {
            }
        } finally {
        }
    }

    private KeyPair generateKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyType);
        keyPairGenerator.initialize(this.keySize);
        return keyPairGenerator.generateKeyPair();
    }

    private X509Certificate generateCertificate(KeyPair keyPair) throws Exception {
        X500Name x500Name = new X500Name("CN=" + this.hostname);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.set(1, gregorianCalendar2.get(1) + this.certificateLifetimeInYears);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(160, RandomUtils.getNativeInstance()), gregorianCalendar.getTime(), gregorianCalendar2.getTime(), x500Name, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) GeneralNames.getInstance(new DERSequence(buildSubjectAltNames())));
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.certificateAlgorithm).build(keyPair.getPrivate())));
        certificate.checkValidity(new Date());
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    private ASN1Encodable[] buildSubjectAltNames() {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new GeneralName(2, this.hostname));
        if (this.uriSubjectAltNames != null) {
            this.uriSubjectAltNames.forEach(str -> {
                arrayList.add(new GeneralName(6, str));
            });
        }
        return (ASN1Encodable[]) arrayList.toArray(i -> {
            return new ASN1Encodable[i];
        });
    }

    @Generated
    public DefaultSamlIdPCertificateAndKeyWriter() {
    }

    @Generated
    public void setKeySize(int i) {
        this.keySize = i;
    }

    @Generated
    public void setHostname(String str) {
        this.hostname = str;
    }

    @Generated
    public void setKeyType(String str) {
        this.keyType = str;
    }

    @Generated
    public void setCertificateAlgorithm(String str) {
        this.certificateAlgorithm = str;
    }

    @Generated
    public void setCertificateLifetimeInYears(int i) {
        this.certificateLifetimeInYears = i;
    }

    @Generated
    public void setUriSubjectAltNames(List<String> list) {
        this.uriSubjectAltNames = list;
    }
}
