package org.neo4j.test.ssl;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/neo4j/test/ssl/SelfSignedCertificateFactory.class */
public class SelfSignedCertificateFactory {
    private static final String DEFAULT_ENCRYPTION = "RSA";
    private final SecureRandom random;
    private static final String DEFAULT_KEY_FILE_NAME = "private.key";
    private static final String DEFAULT_CERT_FILE_NAME = "public.crt";
    private static final String DEFAULT_HOST_NAME = "localhost";
    private static final boolean useInsecureCertificateGeneration = Boolean.getBoolean("org.neo4j.useInsecureCertificateGeneration");
    private static final Date NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    private static final Date NOT_AFTER = new Date(253402300799000L);
    private static final Provider PROVIDER = new BouncyCastleProvider();
    private static volatile boolean cleanupRequired = true;

    public static void create(File file) {
        create(file, DEFAULT_KEY_FILE_NAME, DEFAULT_CERT_FILE_NAME);
    }

    public static void create(File file, String str, String str2) {
        SelfSignedCertificateFactory selfSignedCertificateFactory = new SelfSignedCertificateFactory();
        File file2 = new File(file, str);
        File file3 = new File(file, str2);
        if (file2.exists() || file3.exists()) {
            return;
        }
        try {
            selfSignedCertificateFactory.createSelfSignedCertificate(file3, file2, DEFAULT_HOST_NAME);
        } catch (Exception e) {
            throw new RuntimeException("Failed to generate private key and certificate", e);
        }
    }

    public SelfSignedCertificateFactory() {
        this.random = useInsecureCertificateGeneration ? new InsecureRandom() : new SecureRandom();
    }

    public void createSelfSignedCertificate(File file, File file2, String str) throws GeneralSecurityException, IOException, OperatorCreationException {
        installCleanupHook(file, file2);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DEFAULT_ENCRYPTION);
        keyPairGenerator.initialize(2048, this.random);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X500Name x500Name = new X500Name("CN=" + str);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, this.random), NOT_BEFORE, NOT_AFTER, x500Name, generateKeyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(2, str)));
        PrivateKey privateKey = generateKeyPair.getPrivate();
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(PROVIDER).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA512WithRSAEncryption").build(privateKey)));
        certificate.verify(generateKeyPair.getPublic());
        writePem("CERTIFICATE", certificate.getEncoded(), file);
        writePem("PRIVATE KEY", privateKey.getEncoded(), file2);
        cleanupRequired = false;
    }

    private static void installCleanupHook(File file, File file2) {
        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
            if (cleanupRequired) {
                System.err.println("Cleaning up partially generated self-signed certificate...");
                if (file.exists()) {
                    file.delete();
                }
                if (file2.exists()) {
                    file2.delete();
                }
            }
        }));
    }

    private void writePem(String str, byte[] bArr, File file) throws IOException {
        file.getParentFile().mkdirs();
        PemWriter pemWriter = new PemWriter(new FileWriter(file));
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.flush();
            pemWriter.close();
            file.setReadable(false, false);
            file.setWritable(false, false);
            file.setReadable(true);
            file.setWritable(true);
        } catch (Throwable th) {
            try {
                pemWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        Security.addProvider(PROVIDER);
    }
}
