package org.jboss.resteasy.bootstrap.test;

import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.wildfly.security.ssl.SSLContextBuilder;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;

/* loaded from: input_file:org/jboss/resteasy/bootstrap/test/TestSslUtil.class */
public class TestSslUtil {
    private static final AtomicBoolean SETUP = new AtomicBoolean(false);
    private static final String WORK_DIR = "./target/test-classes/";
    private static final Path SERVER_KEYSTORE_FILE = Path.of(WORK_DIR, "server.keystore");
    private static final Path SERVER_TRUSTSTORE_FILE = Path.of(WORK_DIR, "server.truststore");
    private static final Path CLIENT_KEYSTORE_FILE = Path.of(WORK_DIR, "client.keystore");
    private static final Path CLIENT_TRUSTSTORE_FILE = Path.of(WORK_DIR, "client.truststore");
    private static final String ALIAS = "self-signed";
    private static final String CLIENT_DNS_STRING = "CN=localhost, OU=Test, L=Test, ST=Test, C=Test";
    private static final String SERVER_DNS_STRING = "CN=localhost, OU=Unknown, L=Unknown, ST=Unknown, C=Unknown";
    private static final String KEYSTORE_PASSWORD = "change.it.12345";

    public static SSLContext createServerSslContext() throws Exception {
        setupOnce();
        return (SSLContext) new SSLContextBuilder().setClientMode(false).setKeyManager(getKeyManager(SERVER_KEYSTORE_FILE)).setTrustManager(getTrustManager()).build().create();
    }

    public static SSLContext createClientSslContext() throws Exception {
        setupOnce();
        return (SSLContext) new SSLContextBuilder().setClientMode(true).setKeyManager(getKeyManager(CLIENT_KEYSTORE_FILE)).setTrustManager(getTrustManager()).build().create();
    }

    private static void setupOnce() throws Exception {
        if (SETUP.compareAndSet(false, true)) {
            KeyStore loadKeyStore = loadKeyStore();
            KeyStore loadKeyStore2 = loadKeyStore();
            KeyStore loadKeyStore3 = loadKeyStore();
            KeyStore loadKeyStore4 = loadKeyStore();
            createKeyStoreTrustStore(loadKeyStore, loadKeyStore4, CLIENT_DNS_STRING);
            createKeyStoreTrustStore(loadKeyStore3, loadKeyStore2, SERVER_DNS_STRING);
            createTemporaryKeyStoreFile(loadKeyStore, CLIENT_KEYSTORE_FILE);
            createTemporaryKeyStoreFile(loadKeyStore2, CLIENT_TRUSTSTORE_FILE);
            createTemporaryKeyStoreFile(loadKeyStore3, SERVER_KEYSTORE_FILE);
            createTemporaryKeyStoreFile(loadKeyStore4, SERVER_TRUSTSTORE_FILE);
        }
    }

    private static X509ExtendedKeyManager getKeyManager(Path path) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeyStore(path), KEYSTORE_PASSWORD.toCharArray());
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager.");
    }

    private static X509TrustManager getTrustManager() throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadKeyStore(CLIENT_TRUSTSTORE_FILE));
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("Unable to obtain X509TrustManager.");
    }

    private static KeyStore loadKeyStore(Path path) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            keyStore.load(newInputStream, KEYSTORE_PASSWORD.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void createKeyStoreTrustStore(KeyStore keyStore, KeyStore keyStore2, String str) throws Exception {
        SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setKeyAlgorithmName("RSA").setSignatureAlgorithmName("SHA256withRSA").setDn(new X500Principal(str)).setKeySize(2048).build();
        X509Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        keyStore.setKeyEntry(ALIAS, build.getSigningKey(), KEYSTORE_PASSWORD.toCharArray(), new X509Certificate[]{selfSignedCertificate});
        keyStore2.setCertificateEntry(ALIAS, selfSignedCertificate);
    }

    private static KeyStore loadKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    private static void createTemporaryKeyStoreFile(KeyStore keyStore, Path path) throws Exception {
        OutputStream newOutputStream = Files.newOutputStream(path, StandardOpenOption.CREATE);
        try {
            keyStore.store(newOutputStream, KEYSTORE_PASSWORD.toCharArray());
            if (newOutputStream != null) {
                newOutputStream.close();
            }
        } catch (Throwable th) {
            if (newOutputStream != null) {
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
