package org.eclipse.basyx.vab.protocol.opcua;

import java.net.InetAddress;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CopyOnWriteArraySet;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
import org.keycloak.representations.account.DeviceRepresentation;

/* loaded from: input_file:jars/basyx.sdk-1.3.0.jar:org/eclipse/basyx/vab/protocol/opcua/CertificateHelper.class */
public class CertificateHelper {
    private KeyPair keyPair;
    private X509Certificate certificate;
    private String commonName;
    private String organization;
    private String organizationalUnit;
    private String locality;
    private String state;
    private String countryCode;
    private String applicationUri;
    private boolean buildDefault = true;
    private Set<InetAddress> ipAddresses = new HashSet();
    private Set<String> dnsNames = new CopyOnWriteArraySet();

    public CertificateHelper() {
        try {
            this.keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError("Every Java implementation is required to implement 2048 bit RSA", e);
        }
    }

    public KeyPair getKeyPair() {
        if (this.certificate == null) {
            throw new IllegalStateException("Must build certificate first.");
        }
        return this.keyPair;
    }

    public X509Certificate getCertificate() {
        if (this.certificate == null) {
            throw new IllegalStateException("Must build certificate first.");
        }
        return this.certificate;
    }

    public CertificateHelper setCommonName(String str) {
        this.buildDefault = false;
        this.commonName = str;
        return this;
    }

    public CertificateHelper setOrganization(String str) {
        this.buildDefault = false;
        this.organization = str;
        return this;
    }

    public CertificateHelper setOrganizationalUnit(String str) {
        this.buildDefault = false;
        this.organizationalUnit = str;
        return this;
    }

    public CertificateHelper setLocality(String str) {
        this.buildDefault = false;
        this.locality = str;
        return this;
    }

    public CertificateHelper setState(String str) {
        this.buildDefault = false;
        this.state = str;
        return this;
    }

    public CertificateHelper setCountryCode(String str) {
        this.buildDefault = false;
        this.countryCode = str;
        return this;
    }

    public CertificateHelper setApplicationUri(String str) {
        this.buildDefault = false;
        this.applicationUri = str;
        return this;
    }

    public CertificateHelper addDnsName(String str) {
        this.buildDefault = false;
        this.dnsNames.add(str);
        return this;
    }

    public CertificateHelper addIpAddress(InetAddress inetAddress, boolean z) {
        this.buildDefault = false;
        this.ipAddresses.add(inetAddress);
        if (z) {
            Objects.requireNonNull(inetAddress);
            CompletableFuture.supplyAsync(inetAddress::getHostName).thenAccept(str -> {
                this.dnsNames.add(str);
            });
        }
        return this;
    }

    public void build() throws CertificateException {
        try {
            this.certificate = (this.buildDefault ? configureDefaultBuilder() : configureBuilderWithInfo()).build();
        } catch (Exception e) {
            throw new CertificateException("Failed to create self-signed certificate.", e);
        }
    }

    private SelfSignedCertificateBuilder configureDefaultBuilder() {
        return new SelfSignedCertificateBuilder(this.keyPair).setCommonName(DeviceRepresentation.UNKNOWN);
    }

    private SelfSignedCertificateBuilder configureBuilderWithInfo() {
        SelfSignedCertificateBuilder applicationUri = new SelfSignedCertificateBuilder(this.keyPair).setCommonName(this.commonName).setOrganization(this.organization).setOrganizationalUnit(this.organizationalUnit).setLocalityName(this.locality).setStateName(this.state).setCountryCode(this.countryCode).setApplicationUri(this.applicationUri);
        this.ipAddresses.forEach(inetAddress -> {
            applicationUri.addIpAddress(inetAddress.getHostName());
        });
        Set<String> set = this.dnsNames;
        Objects.requireNonNull(applicationUri);
        set.forEach(applicationUri::addDnsName);
        return applicationUri;
    }
}
