package org.shredzone.acme4j.util;

import jakarta.annotation.ParametersAreNonnullByDefault;
import jakarta.annotation.WillClose;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.InetAddress;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.interfaces.ECKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.shredzone.acme4j.Identifier;
import org.shredzone.acme4j.toolbox.AcmeUtils;

@ParametersAreNonnullByDefault
/* loaded from: input_file:org/shredzone/acme4j/util/CSRBuilder.class */
public class CSRBuilder {
    private static final String SIGNATURE_ALG = "SHA256withRSA";
    private static final String EC_SIGNATURE_ALG = "SHA256withECDSA";
    private final X500NameBuilder namebuilder = new X500NameBuilder(X500Name.getDefaultStyle());
    private final List<String> namelist = new ArrayList();
    private final List<InetAddress> iplist = new ArrayList();
    private PKCS10CertificationRequest csr = null;

    public void addDomain(String str) {
        String ace = AcmeUtils.toAce((String) Objects.requireNonNull(str));
        if (this.namelist.isEmpty()) {
            this.namebuilder.addRDN(BCStyle.CN, ace);
        }
        this.namelist.add(ace);
    }

    public void addDomains(Collection<String> collection) {
        collection.forEach(this::addDomain);
    }

    public void addDomains(String... strArr) {
        Arrays.stream(strArr).forEach(this::addDomain);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void addIP(InetAddress inetAddress) {
        this.iplist.add(Objects.requireNonNull(inetAddress));
    }

    public void addIPs(Collection<InetAddress> collection) {
        collection.forEach(this::addIP);
    }

    public void addIPs(InetAddress... inetAddressArr) {
        Arrays.stream(inetAddressArr).forEach(this::addIP);
    }

    public void addIdentifier(Identifier identifier) {
        Objects.requireNonNull(identifier);
        if (Identifier.TYPE_DNS.equals(identifier.getType())) {
            addDomain(identifier.getDomain());
        } else {
            if (!Identifier.TYPE_IP.equals(identifier.getType())) {
                throw new IllegalArgumentException("Unknown identifier type: " + identifier.getType());
            }
            addIP(identifier.getIP());
        }
    }

    public void addIdentifiers(Collection<Identifier> collection) {
        collection.forEach(this::addIdentifier);
    }

    public void addIdentifiers(Identifier... identifierArr) {
        Arrays.stream(identifierArr).forEach(this::addIdentifier);
    }

    public void setOrganization(String str) {
        this.namebuilder.addRDN(BCStyle.O, (String) Objects.requireNonNull(str));
    }

    public void setOrganizationalUnit(String str) {
        this.namebuilder.addRDN(BCStyle.OU, (String) Objects.requireNonNull(str));
    }

    public void setLocality(String str) {
        this.namebuilder.addRDN(BCStyle.L, (String) Objects.requireNonNull(str));
    }

    public void setState(String str) {
        this.namebuilder.addRDN(BCStyle.ST, (String) Objects.requireNonNull(str));
    }

    public void setCountry(String str) {
        this.namebuilder.addRDN(BCStyle.C, (String) Objects.requireNonNull(str));
    }

    public void sign(KeyPair keyPair) throws IOException {
        Objects.requireNonNull(keyPair, "keypair");
        if (this.namelist.isEmpty() && this.iplist.isEmpty()) {
            throw new IllegalStateException("No domain or IP address was set");
        }
        try {
            int i = 0;
            GeneralName[] generalNameArr = new GeneralName[this.namelist.size() + this.iplist.size()];
            Iterator<String> it = this.namelist.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                generalNameArr[i2] = new GeneralName(2, it.next());
            }
            Iterator<InetAddress> it2 = this.iplist.iterator();
            while (it2.hasNext()) {
                int i3 = i;
                i++;
                generalNameArr[i3] = new GeneralName(7, it2.next().getHostAddress());
            }
            GeneralNames generalNames = new GeneralNames(generalNameArr);
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(this.namebuilder.build(), keyPair.getPublic());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            PrivateKey privateKey = keyPair.getPrivate();
            this.csr = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(privateKey instanceof ECKey ? EC_SIGNATURE_ALG : SIGNATURE_ALG).build(privateKey));
        } catch (OperatorCreationException e) {
            throw new IOException("Could not generate CSR", e);
        }
    }

    public PKCS10CertificationRequest getCSR() {
        if (this.csr == null) {
            throw new IllegalStateException("sign CSR first");
        }
        return this.csr;
    }

    public byte[] getEncoded() throws IOException {
        return getCSR().getEncoded();
    }

    public void write(@WillClose Writer writer) throws IOException {
        if (this.csr == null) {
            throw new IllegalStateException("sign CSR first");
        }
        PemWriter pemWriter = new PemWriter(writer);
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new PemObject(PEMParser.TYPE_CERTIFICATE_REQUEST, getEncoded()));
                if (pemWriter != null) {
                    if (0 == 0) {
                        pemWriter.close();
                        return;
                    }
                    try {
                        pemWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th4;
        }
    }

    public void write(@WillClose OutputStream outputStream) throws IOException {
        write(new OutputStreamWriter(outputStream, "utf-8"));
    }

    public String toString() {
        return this.namebuilder.build() + ((String) this.namelist.stream().collect(Collectors.joining(",DNS=", ",DNS=", ""))) + ((String) this.iplist.stream().map((v0) -> {
            return v0.getHostAddress();
        }).collect(Collectors.joining(",IP=", ",IP=", "")));
    }
}
