package org.mockserver.socket;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Random;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.IPAddress;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.file.FileReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-5.0.0.jar:org/mockserver/socket/KeyAndCertificateFactory.class */
public class KeyAndCertificateFactory {
    private static final String PROVIDER_NAME = "BC";
    private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
    private static final String KEY_GENERATION_ALGORITHM = "RSA";
    private static final int ROOT_KEYSIZE = 2048;
    private static final int FAKE_KEYSIZE = 1024;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) KeyAndCertificateFactory.class);
    private static final Date NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    private static final Date NOT_AFTER = new Date(System.currentTimeMillis() + 3153600000000L);
    private static final KeyAndCertificateFactory KEY_AND_CERTIFICATE_FACTORY = new KeyAndCertificateFactory();

    private KeyAndCertificateFactory() {
    }

    public static KeyAndCertificateFactory keyAndCertificateFactory() {
        return KEY_AND_CERTIFICATE_FACTORY;
    }

    public static void addSubjectAlternativeName(String str) {
        if (str != null) {
            String substringBefore = StringUtils.substringBefore(str, ":");
            if (ConfigurationProperties.containsSslSubjectAlternativeName(substringBefore)) {
                return;
            }
            try {
                for (InetAddress inetAddress : InetAddress.getAllByName(substringBefore)) {
                    ConfigurationProperties.addSslSubjectAlternativeNameIps(inetAddress.getHostAddress());
                    ConfigurationProperties.addSslSubjectAlternativeNameDomains(inetAddress.getHostName());
                    ConfigurationProperties.addSslSubjectAlternativeNameDomains(inetAddress.getCanonicalHostName());
                }
            } catch (UnknownHostException e) {
                ConfigurationProperties.addSslSubjectAlternativeNameDomains(substringBefore);
            }
        }
    }

    private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
        Throwable th = null;
        try {
            SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()));
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            return createSubjectKeyIdentifier;
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (0 != 0) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privateKey)));
    }

    public static void main(String[] strArr) throws Exception {
        keyAndCertificateFactory().buildAndSaveCertificateAuthorityCertificates();
    }

    KeyPair generateKeyPair(int i) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM, "BC");
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    private X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
        X500Name x500Name = new X500Name("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE)), NOT_BEFORE, NOT_AFTER, x500Name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(182));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(publicKey);
        return signCertificate;
    }

    private X509Certificate createCASignedCert(PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey2, String str, String[] strArr, String[] strArr2) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X509CertificateHolder(x509Certificate.getEncoded()).getSubject(), BigInteger.valueOf(new Random().nextInt(Integer.MAX_VALUE)), NOT_BEFORE, NOT_AFTER, new X500Name("CN=" + str + ", O=MockServer, L=London, ST=England, C=UK"), publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false));
        ArrayList arrayList = new ArrayList();
        if (strArr != null) {
            arrayList.add(new GeneralName(2, str));
            for (String str2 : strArr) {
                arrayList.add(new GeneralName(2, str2));
            }
        }
        if (strArr2 != null) {
            for (String str3 : strArr2) {
                if (IPAddress.isValidIPv6WithNetmask(str3) || IPAddress.isValidIPv6(str3) || IPAddress.isValidIPv4WithNetmask(str3) || IPAddress.isValidIPv4(str3)) {
                    arrayList.add(new GeneralName(7, str3));
                }
            }
        }
        if (arrayList.size() > 0) {
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new DERSequence((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[arrayList.size()])));
        }
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(publicKey2);
        return signCertificate;
    }

    synchronized KeyAndCertificateFactory buildAndSaveCertificateAuthorityCertificates() throws Exception {
        KeyPair generateKeyPair = generateKeyPair(2048);
        saveCertificateAsPEMFile(createCACert(generateKeyPair.getPublic(), generateKeyPair.getPrivate()), "CertificateAuthorityCertificate.pem", false);
        saveCertificateAsPEMFile(generateKeyPair.getPublic(), "CertificateAuthorityPublicKey.pem", false);
        saveCertificateAsPEMFile(generateKeyPair.getPrivate(), "CertificateAuthorityPrivateKey.pem", false);
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized KeyAndCertificateFactory buildAndSaveCertificates() {
        try {
            KeyPair generateKeyPair = generateKeyPair(1024);
            PrivateKey privateKey = generateKeyPair.getPrivate();
            PublicKey publicKey = generateKeyPair.getPublic();
            RSAPrivateKey loadPrivateKeyFromPEMFile = loadPrivateKeyFromPEMFile("org/mockserver/socket/CertificateAuthorityPrivateKey.pem");
            X509Certificate loadX509FromPEMFile = loadX509FromPEMFile("org/mockserver/socket/CertificateAuthorityCertificate.pem");
            saveCertificateAsPEMFile(createCASignedCert(publicKey, loadX509FromPEMFile, loadPrivateKeyFromPEMFile, loadX509FromPEMFile.getPublicKey(), ConfigurationProperties.sslCertificateDomainName(), ConfigurationProperties.sslSubjectAlternativeNameDomains(), ConfigurationProperties.sslSubjectAlternativeNameIps()), "MockServerCertificate.pem", true);
            saveCertificateAsPEMFile(publicKey, "MockServerPublicKey.pem", true);
            saveCertificateAsPEMFile(privateKey, "MockServerPrivateKey.pem", true);
        } catch (Exception e) {
            logger.error("Error while refreshing certificates", (Throwable) e);
        }
        return this;
    }

    private void saveCertificateAsPEMFile(Object obj, String str, boolean z) throws IOException {
        File file = new File(str);
        FileWriter fileWriter = new FileWriter(file);
        Throwable th = null;
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
            Throwable th2 = null;
            try {
                try {
                    jcaPEMWriter.writeObject(obj);
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    if (z) {
                        file.deleteOnExit();
                    }
                } catch (Throwable th4) {
                    th2 = th4;
                    throw th4;
                }
            } catch (Throwable th5) {
                if (jcaPEMWriter != null) {
                    if (th2 != null) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                throw th5;
            }
        } finally {
            if (fileWriter != null) {
                if (0 != 0) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th7) {
                        th.addSuppressed(th7);
                    }
                } else {
                    fileWriter.close();
                }
            }
        }
    }

    public PrivateKey mockServerPrivateKey() {
        return loadPrivateKeyFromPEMFile("MockServerPrivateKey.pem");
    }

    public X509Certificate mockServerX509Certificate() {
        return loadX509FromPEMFile("MockServerCertificate.pem");
    }

    public X509Certificate mockServerCertificateAuthorityX509Certificate() {
        return loadX509FromPEMFile("org/mockserver/socket/CertificateAuthorityCertificate.pem");
    }

    private RSAPrivateKey loadPrivateKeyFromPEMFile(String str) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(DatatypeConverter.parseBase64Binary(FileReader.readFileFromClassPathOrPath(str).replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", ""))));
        } catch (Exception e) {
            throw new RuntimeException("Exception reading private key from PEM file", e);
        }
    }

    private X509Certificate loadX509FromPEMFile(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(FileReader.openStreamToFileFromClassPathOrPath(str));
        } catch (Exception e) {
            throw new RuntimeException("Exception reading X509 from PEM file", e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
