package io.opentelemetry.testing.internal.armeria.internal.common.util;

import io.opentelemetry.testing.internal.armeria.common.util.Exceptions;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.asn1.x500.X500Name;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.asn1.x509.Extension;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.asn1.x509.GeneralName;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.asn1.x509.GeneralNames;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import io.opentelemetry.testing.internal.armeria.internal.shaded.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import io.opentelemetry.testing.internal.io.netty.buffer.ByteBuf;
import io.opentelemetry.testing.internal.io.netty.buffer.Unpooled;
import io.opentelemetry.testing.internal.io.netty.handler.codec.base64.Base64;
import io.opentelemetry.testing.internal.io.netty.util.CharsetUtil;
import io.opentelemetry.testing.internal.io.netty.util.NetUtil;
import io.opentelemetry.testing.internal.io.netty.util.internal.PlatformDependent;
import io.opentelemetry.testing.internal.io.netty.util.internal.SystemPropertyUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/opentelemetry/testing/internal/armeria/internal/common/util/SelfSignedCertificate.class */
public final class SelfSignedCertificate {
    private static final Logger logger = LoggerFactory.getLogger(SelfSignedCertificate.class);
    private static final Provider bouncyCastleProvider = new MinifiedBouncyCastleProvider();
    private static final Date DEFAULT_NOT_BEFORE = new Date(SystemPropertyUtil.getLong("io.opentelemetry.testing.internal.io.netty.selfSignedCertificate.defaultNotBefore", System.currentTimeMillis() - 31536000000L));
    private static final Date DEFAULT_NOT_AFTER = new Date(SystemPropertyUtil.getLong("io.opentelemetry.testing.internal.io.netty.selfSignedCertificate.defaultNotAfter", 253402300799000L));
    private static final int DEFAULT_KEY_LENGTH_BITS = SystemPropertyUtil.getInt("io.opentelemetry.testing.internal.io.netty.handler.ssl.util.selfSignedKeyStrength", 2048);
    private final File certificate;
    private final File privateKey;
    private final X509Certificate cert;
    private final PrivateKey key;

    public SelfSignedCertificate() throws CertificateException {
        this(DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, "RSA", DEFAULT_KEY_LENGTH_BITS);
    }

    public SelfSignedCertificate(Date date, Date date2) throws CertificateException {
        this("localhost", date, date2, "RSA", DEFAULT_KEY_LENGTH_BITS);
    }

    public SelfSignedCertificate(Date date, Date date2, String str, int i) throws CertificateException {
        this("localhost", date, date2, str, i);
    }

    public SelfSignedCertificate(String str) throws CertificateException {
        this(str, DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, "RSA", DEFAULT_KEY_LENGTH_BITS);
    }

    public SelfSignedCertificate(String str, String str2, int i) throws CertificateException {
        this(str, DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, str2, i);
    }

    public SelfSignedCertificate(String str, Date date, Date date2) throws CertificateException {
        this(str, ThreadLocalRandom.current(), DEFAULT_KEY_LENGTH_BITS, date, date2, "RSA");
    }

    public SelfSignedCertificate(String str, Date date, Date date2, String str2, int i) throws CertificateException {
        this(str, ThreadLocalRandom.current(), i, date, date2, str2);
    }

    public SelfSignedCertificate(String str, Random random, int i) throws CertificateException {
        this(str, random, i, DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, "RSA");
    }

    public SelfSignedCertificate(String str, Random random, String str2, int i) throws CertificateException {
        this(str, random, i, DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, str2);
    }

    public SelfSignedCertificate(String str, Random random, int i, Date date, Date date2) throws CertificateException {
        this(str, random, i, date, date2, "RSA");
    }

    public SelfSignedCertificate(String str, Random random, int i, Date date, Date date2, String str2) throws CertificateException {
        if (!"EC".equalsIgnoreCase(str2) && !"RSA".equalsIgnoreCase(str2)) {
            throw new IllegalArgumentException("Algorithm not valid: " + str2);
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2);
            keyPairGenerator.initialize(i, toSecureRandom(random));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            String[] strArr = (String[]) MinifiedBouncyCastleProvider.call(() -> {
                try {
                    return generate(str, generateKeyPair, random, date, date2, str2);
                } catch (Throwable th) {
                    return (String[]) Exceptions.throwUnsafely(new CertificateException("Failed to generate a self-signed X.509 certificate: " + th, th));
                }
            });
            this.certificate = new File(strArr[0]);
            this.privateKey = new File(strArr[1]);
            this.key = generateKeyPair.getPrivate();
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(this.certificate);
                    this.cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            if (logger.isWarnEnabled()) {
                                logger.warn("Failed to close a file: {}", this.certificate, e);
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e2) {
                            if (logger.isWarnEnabled()) {
                                logger.warn("Failed to close a file: {}", this.certificate, e2);
                            }
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                throw new CertificateEncodingException(e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new Error(e4);
        }
    }

    public File certificate() {
        return this.certificate;
    }

    public File privateKey() {
        return this.privateKey;
    }

    public X509Certificate cert() {
        return this.cert;
    }

    public PrivateKey key() {
        return this.key;
    }

    public void delete() {
        safeDelete(this.certificate);
        safeDelete(this.privateKey);
    }

    /* JADX WARN: Finally extract failed */
    private static String[] generate(String str, KeyPair keyPair, Random random, Date date, Date date2, String str2) throws Exception {
        PrivateKey privateKey = keyPair.getPrivate();
        X500Name x500Name = new X500Name("CN=" + str);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, random), date, date2, x500Name, keyPair.getPublic());
        ArrayList arrayList = new ArrayList();
        if (NetUtil.isValidIpV4Address(str) || NetUtil.isValidIpV6Address(str)) {
            arrayList.add(new GeneralName(7, str));
        } else {
            arrayList.add(new GeneralName(2, str));
        }
        if ("localhost".equals(str)) {
            arrayList.add(new GeneralName(7, "127.0.0.1"));
            arrayList.add(new GeneralName(7, "::1"));
        } else if ("127.0.0.1".equals(str)) {
            arrayList.add(new GeneralName(2, "localhost"));
            arrayList.add(new GeneralName(7, "::1"));
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("EC".equalsIgnoreCase(str2) ? "SHA256withECDSA" : "SHA256WithRSAEncryption").build(privateKey)));
        certificate.verify(keyPair.getPublic());
        try {
            ByteBuf encode = Base64.encode(Unpooled.wrappedBuffer(privateKey.getEncoded()), true);
            try {
                String str3 = "-----BEGIN PRIVATE KEY-----\n" + encode.toString(CharsetUtil.US_ASCII) + "\n-----END PRIVATE KEY-----\n";
                encode.release();
                String replaceAll = str.replaceAll("[^\\w.-]", "x");
                File createTempFile = PlatformDependent.createTempFile("keyutil_" + replaceAll + '_', ".key", null);
                createTempFile.deleteOnExit();
                FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    fileOutputStream.write(str3.getBytes(CharsetUtil.US_ASCII));
                    fileOutputStream.close();
                    fileOutputStream = null;
                    if (0 != 0) {
                        safeClose(createTempFile, null);
                        safeDelete(createTempFile);
                    }
                    ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(certificate.getEncoded());
                    try {
                        encode = Base64.encode(wrappedBuffer, true);
                        try {
                            String str4 = "-----BEGIN CERTIFICATE-----\n" + encode.toString(CharsetUtil.US_ASCII) + "\n-----END CERTIFICATE-----\n";
                            encode.release();
                            wrappedBuffer.release();
                            File createTempFile2 = PlatformDependent.createTempFile("keyutil_" + replaceAll + '_', ".crt", null);
                            createTempFile2.deleteOnExit();
                            FileOutputStream fileOutputStream2 = new FileOutputStream(createTempFile2);
                            try {
                                fileOutputStream2.write(str4.getBytes(CharsetUtil.US_ASCII));
                                fileOutputStream2.close();
                                fileOutputStream2 = null;
                                if (0 != 0) {
                                    safeClose(createTempFile2, null);
                                    safeDelete(createTempFile2);
                                    safeDelete(createTempFile);
                                }
                                return new String[]{createTempFile2.getPath(), createTempFile.getPath()};
                            } catch (Throwable th) {
                                if (fileOutputStream2 != null) {
                                    safeClose(createTempFile2, fileOutputStream2);
                                    safeDelete(createTempFile2);
                                    safeDelete(createTempFile);
                                }
                                throw th;
                            }
                        } finally {
                        }
                    } finally {
                        wrappedBuffer.release();
                    }
                } catch (Throwable th2) {
                    if (fileOutputStream != null) {
                        safeClose(createTempFile, fileOutputStream);
                        safeDelete(createTempFile);
                    }
                    throw th2;
                }
            } finally {
            }
        } finally {
        }
    }

    private static void safeDelete(File file) {
        if (file.delete() || !logger.isWarnEnabled()) {
            return;
        }
        logger.warn("Failed to delete a file: " + file);
    }

    private static void safeClose(File file, OutputStream outputStream) {
        try {
            outputStream.close();
        } catch (IOException e) {
            if (logger.isWarnEnabled()) {
                logger.warn("Failed to close a file: " + file, e);
            }
        }
    }

    private static SecureRandom toSecureRandom(final Random random) {
        return random instanceof SecureRandom ? (SecureRandom) random : new SecureRandom() { // from class: io.opentelemetry.testing.internal.armeria.internal.common.util.SelfSignedCertificate.1
            private static final long serialVersionUID = -4101939112170161136L;

            @Override // java.security.SecureRandom
            public String getAlgorithm() {
                return "unknown";
            }

            @Override // java.security.SecureRandom
            public void setSeed(byte[] bArr) {
            }

            @Override // java.security.SecureRandom, java.util.Random
            public void setSeed(long j) {
            }

            @Override // java.security.SecureRandom, java.util.Random
            public void nextBytes(byte[] bArr) {
                random.nextBytes(bArr);
            }

            @Override // java.security.SecureRandom
            public byte[] generateSeed(int i) {
                byte[] bArr = new byte[i];
                random.nextBytes(bArr);
                return bArr;
            }

            @Override // java.util.Random
            public int nextInt() {
                return random.nextInt();
            }

            @Override // java.util.Random
            public int nextInt(int i) {
                return random.nextInt(i);
            }

            @Override // java.util.Random
            public boolean nextBoolean() {
                return random.nextBoolean();
            }

            @Override // java.util.Random
            public long nextLong() {
                return random.nextLong();
            }

            @Override // java.util.Random
            public float nextFloat() {
                return random.nextFloat();
            }

            @Override // java.util.Random
            public double nextDouble() {
                return random.nextDouble();
            }

            @Override // java.util.Random
            public double nextGaussian() {
                return random.nextGaussian();
            }
        };
    }
}
