package com.peterphi.std.crypto.keygen.ca;

import com.peterphi.std.crypto.keygen.CaHelper;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.io.Writer;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: input_file:com/peterphi/std/crypto/keygen/ca/IssuedCertificate.class */
public class IssuedCertificate {
    public KeyPair keypair;
    public X509Certificate mycert;
    public X509Certificate cacert;

    public IssuedCertificate(X509Certificate x509Certificate, KeyPair keyPair, X509Certificate x509Certificate2) {
        this.cacert = x509Certificate;
        this.keypair = keyPair;
        this.mycert = x509Certificate2;
    }

    public void saveP12(File file) throws Exception {
        saveP12(file, new char[0]);
    }

    public void saveP12(File file, char[] cArr) throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        saveP12(fileOutputStream, cArr);
        fileOutputStream.close();
    }

    public void saveP12(OutputStream outputStream, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12", CertificateAuthority.PROVIDER);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("", this.cacert);
        keyStore.setCertificateEntry("", this.mycert);
        keyStore.setKeyEntry("", this.keypair.getPrivate(), new char[0], new Certificate[]{this.mycert, this.cacert});
        keyStore.store(outputStream, cArr);
    }

    public void saveJKS(File file) throws Exception {
        saveJKS(new FileOutputStream(file));
    }

    public void saveJKS(OutputStream outputStream) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setKeyEntry("me", this.keypair.getPrivate(), new char[0], new Certificate[]{this.mycert, this.cacert});
        keyStore.store(outputStream, new char[0]);
    }

    public void saveCertPEM(File file) throws Exception {
        saveCertPEM(new FileWriter(file));
    }

    public void saveCertPEM(Writer writer) throws Exception {
        PEMWriter pEMWriter = new PEMWriter(writer);
        writePemHeader(pEMWriter);
        pEMWriter.writeObject(this.mycert);
        pEMWriter.close();
    }

    public void saveKeyPEM(File file) throws Exception {
        saveKeyPEM(new FileWriter(file));
    }

    public void saveKeyPEM(Writer writer) throws Exception {
        PEMWriter pEMWriter = new PEMWriter(writer);
        writePemHeader(pEMWriter);
        pEMWriter.writeObject(this.keypair.getPrivate());
        pEMWriter.close();
    }

    private void writePemHeader(Writer writer) throws IOException {
        writer.write("Certificate: " + this.mycert.getSubjectDN().getName() + "\n");
        writer.write("\tIssuer:" + this.mycert.getIssuerDN().getName() + "\n");
        writer.write("\tSerial number:" + this.mycert.getSerialNumber().toString(16) + "\n");
        writer.write("\tNot Before:" + this.mycert.getNotBefore() + "\n");
        writer.write("\tNot After:" + this.mycert.getNotAfter() + "\n");
        writer.write("\tOpenSSL Hash:" + getHash() + "\n");
        writer.write("\tOpenSSL CA Hash:" + getCAHash() + "\n");
        writer.write("\tNot After:" + this.mycert.getNotAfter() + "\n");
        writer.write("\tFile written: " + new Date() + "\n");
    }

    public String getHash() {
        return CaHelper.opensslHash(this.mycert);
    }

    public String getCAHash() {
        return CaHelper.opensslHash(this.cacert);
    }

    public static IssuedCertificate generateUserCert(CertificateAuthority certificateAuthority, String str, int i) throws Exception {
        if (i < 1024) {
            i = 1024;
        }
        KeyPair generateKeyPair = CaHelper.generateKeyPair(i);
        return new IssuedCertificate(certificateAuthority.getCACertificate(), generateKeyPair, certificateAuthority.issueUser(generateKeyPair.getPublic(), str));
    }

    public static IssuedCertificate generateServerCert(CertificateAuthority certificateAuthority, String str, int i) throws Exception {
        if (i < 1024) {
            i = 1024;
        }
        KeyPair generateKeyPair = CaHelper.generateKeyPair(i);
        return new IssuedCertificate(certificateAuthority.getCACertificate(), generateKeyPair, certificateAuthority.issueServer(generateKeyPair.getPublic(), str));
    }
}
