package org.apache.nifi.security.util;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Objects;
import java.util.UUID;
import org.apache.nifi.security.configuration.KeyStoreConfiguration;

/* loaded from: input_file:org/apache/nifi/security/util/TemporaryKeyStoreBuilder.class */
public class TemporaryKeyStoreBuilder {
    private static final String KEY_PAIR_ALGORITHM = "RSA";
    private static final int KEY_SIZE = 2048;
    private static final int RANDOM_BYTES_LENGTH = 16;
    private static final String SIGNING_ALGORITHM = "SHA256withRSA";
    private static final String DISTINGUISHED_NAME_FORMAT = "CN=%s";
    private static final int CERTIFICATE_VALID_DAYS = 1;
    private static final String KEY_STORE_EXTENSION = ".p12";
    private static final String KEY_STORE_PREFIX = "TemporaryKeyStore-";
    private static final String DEFAULT_HOSTNAME = "localhost";
    private String hostname = DEFAULT_HOSTNAME;
    private String trustStorePassword = generateSecureRandomPassword();
    private String trustStoreType = KEYSTORE_TYPE.getType();
    private static final Base64.Encoder ENCODER = Base64.getEncoder().withoutPadding();
    private static final KeystoreType KEYSTORE_TYPE = KeystoreType.PKCS12;

    public TemporaryKeyStoreBuilder hostname(String str) {
        this.hostname = (String) Objects.requireNonNull(str, "Hostname required");
        return this;
    }

    public TemporaryKeyStoreBuilder trustStorePassword(String str) {
        this.trustStorePassword = (String) Objects.requireNonNull(str, "TrustStore Password required");
        return this;
    }

    public TemporaryKeyStoreBuilder trustStoreType(String str) {
        this.trustStoreType = (String) Objects.requireNonNull(str, "TrustStore Type required");
        return this;
    }

    public TlsConfiguration build() {
        KeyPair generateKeyPair = generateKeyPair();
        X509Certificate generateCertificate = generateCertificate(this.hostname, generateKeyPair);
        KeyStoreConfiguration keyStore = setKeyStore(generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreConfiguration trustStore = setTrustStore(generateCertificate);
        return new StandardTlsConfiguration(keyStore.getLocation(), keyStore.getPassword(), keyStore.getPassword(), keyStore.getKeyStoreType(), trustStore.getLocation(), trustStore.getPassword(), trustStore.getKeyStoreType(), TlsPlatform.getLatestProtocol());
    }

    private KeyStoreConfiguration setKeyStore(PrivateKey privateKey, X509Certificate x509Certificate) {
        KeyStore newKeyStore = getNewKeyStore(KEYSTORE_TYPE.getType());
        String generateSecureRandomPassword = generateSecureRandomPassword();
        try {
            newKeyStore.setKeyEntry(UUID.randomUUID().toString(), privateKey, generateSecureRandomPassword.toCharArray(), new Certificate[]{x509Certificate});
            return new KeyStoreConfiguration(storeKeyStore(newKeyStore, generateSecureRandomPassword.toCharArray()).getAbsolutePath(), generateSecureRandomPassword, KEYSTORE_TYPE.getType());
        } catch (KeyStoreException e) {
            throw new RuntimeException("Set Key Entry Failed", e);
        }
    }

    private KeyStoreConfiguration setTrustStore(X509Certificate x509Certificate) {
        KeyStore newKeyStore = getNewKeyStore(this.trustStoreType);
        try {
            newKeyStore.setCertificateEntry(UUID.randomUUID().toString(), x509Certificate);
            return new KeyStoreConfiguration(storeKeyStore(newKeyStore, this.trustStorePassword.toCharArray()).getAbsolutePath(), this.trustStorePassword, this.trustStoreType);
        } catch (KeyStoreException e) {
            throw new RuntimeException("Set Certificate Entry Failed", e);
        }
    }

    private File storeKeyStore(KeyStore keyStore, char[] cArr) {
        try {
            File createTempFile = File.createTempFile(KEY_STORE_PREFIX, KEY_STORE_EXTENSION);
            createTempFile.deleteOnExit();
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            Throwable th = null;
            try {
                try {
                    keyStore.store(fileOutputStream, cArr);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    return createTempFile;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Store KeyStore Failed", e);
        }
    }

    private KeyStore getNewKeyStore(String str) {
        try {
            KeyStore keyStore = KeyStoreUtils.getKeyStore(str);
            keyStore.load(null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(String.format("Create KeyStore [%s] Failed", KEYSTORE_TYPE), e);
        }
    }

    private X509Certificate generateCertificate(String str, KeyPair keyPair) {
        try {
            return CertificateUtils.generateSelfSignedX509Certificate(keyPair, String.format(DISTINGUISHED_NAME_FORMAT, str), SIGNING_ALGORITHM, CERTIFICATE_VALID_DAYS, new String[]{str});
        } catch (CertificateException e) {
            throw new RuntimeException("Certificate Generated Failed", e);
        }
    }

    private KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM);
            keyPairGenerator.initialize(KEY_SIZE);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(String.format("[%s] Algorithm not found", KEY_PAIR_ALGORITHM), e);
        }
    }

    private String generateSecureRandomPassword() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[RANDOM_BYTES_LENGTH];
        secureRandom.nextBytes(bArr);
        return ENCODER.encodeToString(bArr);
    }
}
