package org.neo4j.driver.util;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.neo4j.driver.internal.InternalPair;
import org.neo4j.driver.internal.util.CertificateTool;

/* loaded from: input_file:org/neo4j/driver/util/CertificateToolUtil.class */
public class CertificateToolUtil {

    /* loaded from: input_file:org/neo4j/driver/util/CertificateToolUtil$CertificateKeyPair.class */
    public static class CertificateKeyPair<C, K> {
        private final Pair<C, K> pair;
        private final SelfSignedCertificateGenerator certGenerator;

        public CertificateKeyPair(C c, K k) {
            this(c, k, null);
        }

        public CertificateKeyPair(C c, K k, SelfSignedCertificateGenerator selfSignedCertificateGenerator) {
            this.pair = InternalPair.of(c, k);
            this.certGenerator = selfSignedCertificateGenerator;
        }

        public K key() {
            return (K) this.pair.value();
        }

        public C cert() {
            return (C) this.pair.key();
        }

        public SelfSignedCertificateGenerator certGenerator() {
            return this.certGenerator;
        }

        public String toString() {
            return this.pair.toString();
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.pair.equals(((CertificateKeyPair) obj).pair);
        }

        public int hashCode() {
            return this.pair.hashCode();
        }
    }

    /* loaded from: input_file:org/neo4j/driver/util/CertificateToolUtil$CertificateSigningRequestGenerator.class */
    public static class CertificateSigningRequestGenerator {
        private final KeyPair keyPair;
        private final PKCS10CertificationRequest csr;

        public CertificateSigningRequestGenerator() throws NoSuchAlgorithmException, OperatorCreationException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, new SecureRandom());
            this.keyPair = keyPairGenerator.generateKeyPair();
            X500Principal x500Principal = new X500Principal("CN=NEO4j_JAVA_DRIVER_TEST_SERVER");
            this.csr = new JcaPKCS10CertificationRequestBuilder(x500Principal, this.keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA512WithRSAEncryption").build(this.keyPair.getPrivate()));
        }

        public PrivateKey privateKey() {
            return this.keyPair.getPrivate();
        }

        public PublicKey publicKey() {
            return this.keyPair.getPublic();
        }

        public PKCS10CertificationRequest certificateSigningRequest() {
            return this.csr;
        }

        public void savePrivateKey(File file) throws IOException {
            CertificateToolUtil.writePem("PRIVATE KEY", this.keyPair.getPrivate().getEncoded(), file);
        }
    }

    /* loaded from: input_file:org/neo4j/driver/util/CertificateToolUtil$SelfSignedCertificateGenerator.class */
    public static class SelfSignedCertificateGenerator {
        private final KeyPair keyPair = CertificateToolUtil.access$000();
        private final X509Certificate certificate = CertificateToolUtil.generateCert(new X500Name("CN=NEO4J_JAVA_DRIVER_TEST_ROOT"), new X500Name("CN=NEO4J_JAVA_DRIVER_TEST_ROOT"), this.keyPair, this.keyPair.getPublic());

        public void savePrivateKey(File file) throws IOException {
            CertificateToolUtil.writePem("PRIVATE KEY", this.keyPair.getPrivate().getEncoded(), file);
        }

        public void saveSelfSignedCertificate(File file) throws CertificateEncodingException, IOException {
            CertificateToolUtil.writePem("CERTIFICATE", this.certificate.getEncoded(), file);
        }

        public X509Certificate sign(PKCS10CertificationRequest pKCS10CertificationRequest, PublicKey publicKey) throws GeneralSecurityException, IOException, OperatorCreationException {
            return CertificateToolUtil.generateCert(X500Name.getInstance(this.certificate.getSubjectX500Principal().getEncoded()), pKCS10CertificationRequest.getSubject(), this.keyPair, publicKey);
        }
    }

    private static KeyPair generateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate generateCert(X500Name x500Name, X500Name x500Name2, KeyPair keyPair, PublicKey publicKey) throws GeneralSecurityException, IOException, OperatorCreationException {
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 31536000000L), x500Name2, publicKey).build(new JcaContentSignerBuilder("SHA512WithRSAEncryption").build(keyPair.getPrivate())));
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    public static X509Certificate generateSelfSignedCertificate() throws GeneralSecurityException, IOException, OperatorCreationException {
        return new SelfSignedCertificateGenerator().certificate;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void writePem(String str, byte[] bArr, File file) throws IOException {
        if (file.getParentFile() != null && file.getParentFile().exists()) {
            file.getParentFile().mkdirs();
        }
        PemWriter pemWriter = new PemWriter(new FileWriter(file));
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new PemObject(str, bArr));
                pemWriter.flush();
                if (pemWriter != null) {
                    if (0 == 0) {
                        pemWriter.close();
                        return;
                    }
                    try {
                        pemWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th4;
        }
    }

    public static CertificateKeyPair<File, File> createNewCertificateAndKeySignedBy(CertificateKeyPair<File, File> certificateKeyPair) throws Throwable {
        Objects.requireNonNull(((CertificateKeyPair) certificateKeyPair).certGenerator);
        File tempFile = FileTools.tempFile("driver", ".cert");
        File tempFile2 = FileTools.tempFile("driver", ".key");
        CertificateSigningRequestGenerator certificateSigningRequestGenerator = new CertificateSigningRequestGenerator();
        X509Certificate sign = ((CertificateKeyPair) certificateKeyPair).certGenerator.sign(certificateSigningRequestGenerator.certificateSigningRequest(), certificateSigningRequestGenerator.publicKey());
        certificateSigningRequestGenerator.savePrivateKey(tempFile2);
        CertificateTool.saveX509Cert(sign, tempFile);
        return new CertificateKeyPair<>(tempFile, tempFile2);
    }

    public static CertificateKeyPair<File, File> createNewCertificateAndKey() throws Throwable {
        File tempFile = FileTools.tempFile("driver", ".cert");
        File tempFile2 = FileTools.tempFile("driver", ".key");
        SelfSignedCertificateGenerator selfSignedCertificateGenerator = new SelfSignedCertificateGenerator();
        selfSignedCertificateGenerator.saveSelfSignedCertificate(tempFile);
        selfSignedCertificateGenerator.savePrivateKey(tempFile2);
        return new CertificateKeyPair<>(tempFile, tempFile2, selfSignedCertificateGenerator);
    }

    static /* synthetic */ KeyPair access$000() throws NoSuchProviderException, NoSuchAlgorithmException {
        return generateKeyPair();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
