package org.mockserver.socket;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Random;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.IPAddress;
import org.mockserver.configuration.ConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mockserver/socket/KeyStoreFactory.class */
public class KeyStoreFactory {
    private static final Logger logger = LoggerFactory.getLogger(SSLFactory.class);
    private static final String PROVIDER_NAME = "BC";
    private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
    private static final String KEY_GENERATION_ALGORITHM = "RSA";
    private static final boolean REGENERATE_FRESH_CA_CERTIFICATE = false;
    private static final int ROOT_KEYSIZE = 2048;
    private static final int FAKE_KEYSIZE = 1024;
    private static final Date NOT_BEFORE;
    private static final Date NOT_AFTER;

    public static KeyPair generateKeyPair(int i) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM, PROVIDER_NAME);
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
        ASN1InputStream aSN1InputStream = REGENERATE_FRESH_CA_CERTIFICATE;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
            SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(new SubjectPublicKeyInfo(aSN1InputStream.readObject()));
            IOUtils.closeQuietly(aSN1InputStream);
            return createSubjectKeyIdentifier;
        } catch (Throwable th) {
            IOUtils.closeQuietly(aSN1InputStream);
            throw th;
        }
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().setProvider(PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER_NAME).build(privateKey)));
    }

    public X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
        X500Name x500Name = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(new Random().nextInt()), NOT_BEFORE, NOT_AFTER, x500Name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(182));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(publicKey);
        return signCertificate;
    }

    public X509Certificate createClientCert(PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey2, String str, String[] strArr, String[] strArr2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X509CertificateHolder(x509Certificate.getEncoded()).getSubject(), BigInteger.valueOf(new Random().nextInt()), NOT_BEFORE, NOT_AFTER, new X500Name("CN=" + str + ", O=MockServer, L=London, ST=England, C=UK"), publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        ArrayList arrayList = new ArrayList();
        if (strArr != null) {
            arrayList.add(new GeneralName(2, str));
            int length = strArr.length;
            for (int i = REGENERATE_FRESH_CA_CERTIFICATE; i < length; i++) {
                arrayList.add(new GeneralName(2, strArr[i]));
            }
        }
        if (strArr2 != null) {
            int length2 = strArr2.length;
            for (int i2 = REGENERATE_FRESH_CA_CERTIFICATE; i2 < length2; i2++) {
                String str2 = strArr2[i2];
                if (IPAddress.isValidIPv6WithNetmask(str2) || IPAddress.isValidIPv6(str2) || IPAddress.isValidIPv4WithNetmask(str2) || IPAddress.isValidIPv4(str2)) {
                    arrayList.add(new GeneralName(7, str2));
                }
            }
        }
        if (arrayList.size() > 0) {
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[arrayList.size()])));
        }
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(publicKey2);
        return signCertificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore generateCertificate(KeyStore keyStore, String str, String str2, char[] cArr, String str3, String[] strArr, String[] strArr2) throws Exception {
        KeyPair generateKeyPair = generateKeyPair(FAKE_KEYSIZE);
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        RSAPrivateKey loadPrivateKeyFromPEMFile = loadPrivateKeyFromPEMFile("org/mockserver/socket/CertificateAuthorityPrivateKey.pem");
        X509Certificate x509Certificate = (X509Certificate) loadCertificateFromKeyStore("org/mockserver/socket/CertificateAuthorityKeyStore.jks", str2, cArr);
        return saveCertificateAsKeyStore(keyStore, ConfigurationProperties.deleteGeneratedKeyStoreOnExit(), ConfigurationProperties.javaKeyStoreFilePath(), str, privateKey, cArr, new X509Certificate[]{createClientCert(publicKey, x509Certificate, loadPrivateKeyFromPEMFile, x509Certificate.getPublicKey(), str3, strArr, strArr2), x509Certificate}, x509Certificate);
    }

    public void saveCertificateAsPEMFile(Object obj, String str) throws IOException {
        FileWriter fileWriter = new FileWriter(str);
        JcaPEMWriter jcaPEMWriter = REGENERATE_FRESH_CA_CERTIFICATE;
        try {
            jcaPEMWriter = new JcaPEMWriter(fileWriter);
            jcaPEMWriter.writeObject(obj);
            IOUtils.closeQuietly(jcaPEMWriter);
            IOUtils.closeQuietly(fileWriter);
        } catch (Throwable th) {
            IOUtils.closeQuietly(jcaPEMWriter);
            IOUtils.closeQuietly(fileWriter);
            throw th;
        }
    }

    private KeyStore saveCertificateAsKeyStore(KeyStore keyStore, boolean z, String str, String str2, Key key, char[] cArr, Certificate[] certificateArr, X509Certificate x509Certificate) {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            try {
                keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore2.load(null, cArr);
            } catch (Exception e) {
                throw new RuntimeException("Exception while saving KeyStore", e);
            }
        }
        try {
            keyStore2.deleteEntry(str2);
        } catch (KeyStoreException e2) {
        }
        keyStore2.setKeyEntry(str2, key, cArr, certificateArr);
        try {
            keyStore2.deleteEntry(SSLFactory.KEY_STORE_CA_ALIAS);
        } catch (KeyStoreException e3) {
        }
        keyStore2.setCertificateEntry(SSLFactory.KEY_STORE_CA_ALIAS, x509Certificate);
        File file = new File(str);
        FileOutputStream fileOutputStream = REGENERATE_FRESH_CA_CERTIFICATE;
        try {
            fileOutputStream = new FileOutputStream(file);
            keyStore2.store(fileOutputStream, cArr);
            logger.trace("Saving key store to file [" + str + "]");
            IOUtils.closeQuietly(fileOutputStream);
            if (z) {
                file.deleteOnExit();
            }
            return keyStore2;
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileOutputStream);
            throw th;
        }
    }

    private RSAPrivateKey loadPrivateKeyFromPEMFile(String str) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(IOUtils.toString(new InputStreamReader(KeyStoreFactory.class.getClassLoader().getResourceAsStream(str))).replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", ""))));
        } catch (Exception e) {
            throw new RuntimeException("Exception reading private key from PEM file", e);
        }
    }

    private Certificate loadCertificateFromKeyStore(String str, String str2, char[] cArr) {
        try {
            InputStream readFileFromClassPathOrPath = readFileFromClassPathOrPath(str);
            try {
                logger.trace("Loading key store from file [" + str + "]");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(readFileFromClassPathOrPath, cArr);
                Certificate certificate = keyStore.getCertificate(str2);
                IOUtils.closeQuietly(readFileFromClassPathOrPath);
                return certificate;
            } catch (Throwable th) {
                IOUtils.closeQuietly(readFileFromClassPathOrPath);
                throw th;
            }
        } catch (Exception e) {
            throw new RuntimeException("Exception while loading KeyStore from " + str, e);
        }
    }

    private InputStream readFileFromClassPathOrPath(String str) throws FileNotFoundException {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            resourceAsStream = new FileInputStream(str);
        }
        return resourceAsStream;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
        NOT_AFTER = new Date(System.currentTimeMillis() + 3153600000000L);
    }
}
