package com.browserup.bup.mitm;

import com.browserup.bup.mitm.keys.KeyGenerator;
import com.browserup.bup.mitm.keys.RSAKeyGenerator;
import com.browserup.bup.mitm.tools.DefaultSecurityProviderTool;
import com.browserup.bup.mitm.tools.SecurityProviderTool;
import com.browserup.bup.mitm.util.EncryptionUtil;
import com.browserup.bup.mitm.util.MitmConstants;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import java.io.File;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.SimpleDateFormat;
import java.time.ZonedDateTime;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/browserup/bup/mitm/RootCertificateGenerator.class */
public class RootCertificateGenerator implements CertificateAndKeySource {
    private static final Logger log = LoggerFactory.getLogger(RootCertificateGenerator.class);
    private final CertificateInfo rootCertificateInfo;
    private final String messageDigest;
    private final KeyGenerator keyGenerator;
    private final SecurityProviderTool securityProviderTool;
    private static final String DEFAULT_PEM_ENCRYPTION_ALGORITHM = "AES-128-CBC";
    private final Supplier<CertificateAndKey> generatedCertificateAndKey = Suppliers.memoize(this::generateRootCertificate);

    /* loaded from: input_file:com/browserup/bup/mitm/RootCertificateGenerator$Builder.class */
    public static class Builder {
        private CertificateInfo certificateInfo = new CertificateInfo().commonName(RootCertificateGenerator.getDefaultCommonName()).organization("CA dynamically generated by LittleProxy").notBefore(ZonedDateTime.now().minusYears(1).toInstant()).notAfter(ZonedDateTime.now().plusYears(1).toInstant());
        private KeyGenerator keyGenerator = new RSAKeyGenerator();
        private String messageDigest = MitmConstants.DEFAULT_MESSAGE_DIGEST;
        private SecurityProviderTool securityProviderTool = new DefaultSecurityProviderTool();

        public Builder certificateInfo(CertificateInfo certificateInfo) {
            this.certificateInfo = certificateInfo;
            return this;
        }

        public Builder keyGenerator(KeyGenerator keyGenerator) {
            this.keyGenerator = keyGenerator;
            return this;
        }

        public Builder messageDigest(String str) {
            this.messageDigest = str;
            return this;
        }

        public Builder certificateTool(SecurityProviderTool securityProviderTool) {
            this.securityProviderTool = securityProviderTool;
            return this;
        }

        public RootCertificateGenerator build() {
            return new RootCertificateGenerator(this.certificateInfo, this.messageDigest, this.keyGenerator, this.securityProviderTool);
        }
    }

    public RootCertificateGenerator(CertificateInfo certificateInfo, String str, KeyGenerator keyGenerator, SecurityProviderTool securityProviderTool) {
        if (certificateInfo == null) {
            throw new IllegalArgumentException("CA root certificate cannot be null");
        }
        if (str == null) {
            throw new IllegalArgumentException("Message digest cannot be null");
        }
        if (keyGenerator == null) {
            throw new IllegalArgumentException("Key generator cannot be null");
        }
        if (securityProviderTool == null) {
            throw new IllegalArgumentException("Certificate tool cannot be null");
        }
        this.rootCertificateInfo = certificateInfo;
        this.messageDigest = str;
        this.keyGenerator = keyGenerator;
        this.securityProviderTool = securityProviderTool;
    }

    @Override // com.browserup.bup.mitm.CertificateAndKeySource
    public CertificateAndKey load() {
        return (CertificateAndKey) this.generatedCertificateAndKey.get();
    }

    private CertificateAndKey generateRootCertificate() {
        long currentTimeMillis = System.currentTimeMillis();
        CertificateAndKey createCARootCertificate = this.securityProviderTool.createCARootCertificate(this.rootCertificateInfo, this.keyGenerator.generate(), this.messageDigest);
        log.info("Generated CA root certificate and private key in {}ms. Key generator: {}. Signature algorithm: {}.", new Object[]{Long.valueOf(System.currentTimeMillis() - currentTimeMillis), this.keyGenerator, this.messageDigest});
        return createCARootCertificate;
    }

    public String encodeRootCertificateAsPem() {
        return this.securityProviderTool.encodeCertificateAsPem(((CertificateAndKey) this.generatedCertificateAndKey.get()).getCertificate());
    }

    public String encodePrivateKeyAsPem(String str) {
        return this.securityProviderTool.encodePrivateKeyAsPem(((CertificateAndKey) this.generatedCertificateAndKey.get()).getPrivateKey(), str, DEFAULT_PEM_ENCRYPTION_ALGORITHM);
    }

    public void saveRootCertificateAsPemFile(File file) {
        EncryptionUtil.writePemStringToFile(file, this.securityProviderTool.encodeCertificateAsPem(((CertificateAndKey) this.generatedCertificateAndKey.get()).getCertificate()));
    }

    public void savePrivateKeyAsPemFile(File file, String str) {
        EncryptionUtil.writePemStringToFile(file, this.securityProviderTool.encodePrivateKeyAsPem(((CertificateAndKey) this.generatedCertificateAndKey.get()).getPrivateKey(), str, DEFAULT_PEM_ENCRYPTION_ALGORITHM));
    }

    public void saveRootCertificateAndKey(String str, File file, String str2, String str3) {
        this.securityProviderTool.saveKeyStore(file, this.securityProviderTool.createRootCertificateKeyStore(str, (CertificateAndKey) this.generatedCertificateAndKey.get(), str2, str3), str3);
    }

    public static Builder builder() {
        return new Builder();
    }

    private static String getDefaultCommonName() {
        String str;
        try {
            str = InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            str = "localhost";
        }
        String str2 = "Generated CA (" + str + ") " + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss zzz").format(new Date());
        return str2.length() <= 64 ? str2 : str2.substring(0, 63);
    }
}
