package io.netty.handler.ssl.util;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import io.netty.util.CharsetUtil;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SystemPropertyUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;

@Deprecated
/* loaded from: input_file:BOOT-INF/lib/netty-handler-4.2.1.Final.jar:io/netty/handler/ssl/util/SelfSignedCertificate.class */
public final class SelfSignedCertificate {
    private static final InternalLogger logger = InternalLoggerFactory.getInstance((Class<?>) SelfSignedCertificate.class);
    private static final Date DEFAULT_NOT_BEFORE = new Date(SystemPropertyUtil.getLong("io.netty.selfSignedCertificate.defaultNotBefore", System.currentTimeMillis() - 31536000000L));
    private static final Date DEFAULT_NOT_AFTER = new Date(SystemPropertyUtil.getLong("io.netty.selfSignedCertificate.defaultNotAfter", 253402300799000L));
    private static final int DEFAULT_KEY_LENGTH_BITS = SystemPropertyUtil.getInt("io.netty.handler.ssl.util.selfSignedKeyStrength", 2048);
    private final File certificate;
    private final File privateKey;
    private final X509Certificate cert;
    private final PrivateKey key;

    /* loaded from: input_file:BOOT-INF/lib/netty-handler-4.2.1.Final.jar:io/netty/handler/ssl/util/SelfSignedCertificate$Builder.class */
    public static final class Builder {
        String fqdn;
        SecureRandom random;
        int bits;
        Date notBefore;
        Date notAfter;
        String algorithm;
        Throwable failure;
        KeyPair keypair;
        PrivateKey privateKey;
        String[] paths;

        private Builder() {
            this.fqdn = "localhost";
            this.bits = SelfSignedCertificate.DEFAULT_KEY_LENGTH_BITS;
            this.notBefore = SelfSignedCertificate.DEFAULT_NOT_BEFORE;
            this.notAfter = SelfSignedCertificate.DEFAULT_NOT_AFTER;
            this.algorithm = "RSA";
        }

        public Builder fqdn(String str) {
            this.fqdn = (String) ObjectUtil.checkNotNullWithIAE(str, "fqdn");
            return this;
        }

        public Builder random(SecureRandom secureRandom) {
            this.random = secureRandom;
            return this;
        }

        public Builder bits(int i) {
            this.bits = i;
            return this;
        }

        public Builder notBefore(Date date) {
            this.notBefore = (Date) ObjectUtil.checkNotNullWithIAE(date, "notBefore");
            return this;
        }

        public Builder notAfter(Date date) {
            this.notAfter = (Date) ObjectUtil.checkNotNullWithIAE(date, "notAfter");
            return this;
        }

        public Builder algorithm(String str) {
            if ("EC".equalsIgnoreCase(str)) {
                this.algorithm = "EC";
            } else {
                if (!"RSA".equalsIgnoreCase(str)) {
                    throw new IllegalArgumentException("Algorithm not valid: " + str);
                }
                this.algorithm = "RSA";
            }
            return this;
        }

        private SecureRandom randomOrDefault() {
            return this.random == null ? ThreadLocalInsecureRandom.current() : this.random;
        }

        private void generateKeyPairLocally() {
            if (this.keypair != null) {
                return;
            }
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.algorithm);
                keyPairGenerator.initialize(this.bits, randomOrDefault());
                this.keypair = keyPairGenerator.generateKeyPair();
                this.privateKey = this.keypair.getPrivate();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }

        private void addFailure(Throwable th) {
            if (this.failure != null) {
                th.addSuppressed(this.failure);
            }
            this.failure = th;
        }

        boolean generateBc() {
            if (!SelfSignedCertificate.access$400()) {
                SelfSignedCertificate.logger.debug("Failed to generate a self-signed X.509 certificate because BouncyCastle PKIX is not available in classpath");
                return false;
            }
            generateKeyPairLocally();
            try {
                this.paths = BouncyCastleSelfSignedCertGenerator.generate(this.fqdn, this.keypair, randomOrDefault(), this.notBefore, this.notAfter, this.algorithm);
                return true;
            } catch (Throwable th) {
                SelfSignedCertificate.logger.debug("Failed to generate a self-signed X.509 certificate using Bouncy Castle:", th);
                addFailure(th);
                return false;
            }
        }

        boolean generateKeytool() {
            if (!KeytoolSelfSignedCertGenerator.isAvailable()) {
                SelfSignedCertificate.logger.debug("Not attempting to generate certificate with keytool because keytool is missing");
                return false;
            }
            if (this.random != null) {
                SelfSignedCertificate.logger.debug("Not attempting to generate certificate with keytool because of explicitly set SecureRandom");
                return false;
            }
            try {
                KeytoolSelfSignedCertGenerator.generate(this);
                return true;
            } catch (Throwable th) {
                SelfSignedCertificate.logger.debug("Failed to generate a self-signed X.509 certificate using keytool:", th);
                addFailure(th);
                return false;
            }
        }

        boolean generateCertificateBuilder() {
            if (!CertificateBuilderCertGenerator.isAvailable()) {
                SelfSignedCertificate.logger.debug("Not attempting to generate a certificate with CertificateBuilder because it's not available on the classpath");
                return false;
            }
            try {
                CertificateBuilderCertGenerator.generate(this);
                return true;
            } catch (CertificateException e) {
                SelfSignedCertificate.logger.debug(e);
                addFailure(e);
                return false;
            } catch (Exception e2) {
                SelfSignedCertificate.logger.debug("Failed to generate a self-signed X.509 certificate using CertificateBuilder:", (Throwable) e2);
                addFailure(new CertificateException("Failed to generate a self-signed X.509 certificate using CertificateBuilder:", e2));
                return false;
            }
        }

        boolean generateSunMiscSecurity() {
            generateKeyPairLocally();
            try {
                this.paths = OpenJdkSelfSignedCertGenerator.generate(this.fqdn, this.keypair, randomOrDefault(), this.notBefore, this.notAfter, this.algorithm);
                return true;
            } catch (Throwable th) {
                SelfSignedCertificate.logger.debug("Failed to generate a self-signed X.509 certificate using sun.security.x509:", th);
                addFailure(new CertificateException("No provider succeeded to generate a self-signed certificate. See debug log for the root cause.", th));
                return false;
            }
        }

        public SelfSignedCertificate build() throws CertificateException {
            return new SelfSignedCertificate(this);
        }
    }

    public SelfSignedCertificate() throws CertificateException {
        this(new Builder());
    }

    public SelfSignedCertificate(Date date, Date date2) throws CertificateException {
        this(new Builder().notBefore(date).notAfter(date2));
    }

    public SelfSignedCertificate(Date date, Date date2, String str, int i) throws CertificateException {
        this(new Builder().notBefore(date).notAfter(date2).algorithm(str).bits(i));
    }

    public SelfSignedCertificate(String str) throws CertificateException {
        this(new Builder().fqdn(str));
    }

    public SelfSignedCertificate(String str, String str2, int i) throws CertificateException {
        this(new Builder().fqdn(str).algorithm(str2).bits(i));
    }

    public SelfSignedCertificate(String str, Date date, Date date2) throws CertificateException {
        this(new Builder().fqdn(str).notBefore(date).notAfter(date2));
    }

    public SelfSignedCertificate(String str, Date date, Date date2, String str2, int i) throws CertificateException {
        this(new Builder().fqdn(str).notBefore(date).notAfter(date2).algorithm(str2).bits(i));
    }

    public SelfSignedCertificate(String str, SecureRandom secureRandom, int i) throws CertificateException {
        this(new Builder().fqdn(str).random(secureRandom).bits(i));
    }

    public SelfSignedCertificate(String str, SecureRandom secureRandom, String str2, int i) throws CertificateException {
        this(new Builder().fqdn(str).random(secureRandom).algorithm(str2).bits(i));
    }

    public SelfSignedCertificate(String str, SecureRandom secureRandom, int i, Date date, Date date2) throws CertificateException {
        this(new Builder().fqdn(str).notBefore(date).notAfter(date2).random(secureRandom).bits(i));
    }

    public SelfSignedCertificate(String str, SecureRandom secureRandom, int i, Date date, Date date2, String str2) throws CertificateException {
        this(new Builder().fqdn(str).random(secureRandom).algorithm(str2).bits(i).notBefore(date).notAfter(date2));
    }

    private SelfSignedCertificate(Builder builder) throws CertificateException {
        if (!builder.generateCertificateBuilder() && !builder.generateBc() && !builder.generateKeytool() && !builder.generateSunMiscSecurity()) {
            throw ((CertificateException) builder.failure);
        }
        this.certificate = new File(builder.paths[0]);
        this.privateKey = new File(builder.paths[1]);
        this.key = builder.privateKey;
        try {
            FileInputStream fileInputStream = new FileInputStream(this.certificate);
            try {
                this.cert = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
                fileInputStream.close();
            } finally {
            }
        } catch (Exception e) {
            throw new CertificateEncodingException(e);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    public File certificate() {
        return this.certificate;
    }

    public File privateKey() {
        return this.privateKey;
    }

    public X509Certificate cert() {
        return this.cert;
    }

    public PrivateKey key() {
        return this.key;
    }

    public void delete() {
        safeDelete(this.certificate);
        safeDelete(this.privateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public static String[] newSelfSignedCertificate(String str, PrivateKey privateKey, X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        try {
            ByteBuf encode = Base64.encode(Unpooled.wrappedBuffer(privateKey.getEncoded()), true);
            try {
                String str2 = "-----BEGIN PRIVATE KEY-----\n" + encode.toString(CharsetUtil.US_ASCII) + "\n-----END PRIVATE KEY-----\n";
                encode.release();
                String replaceAll = str.replaceAll("[^\\w.-]", "x");
                File createTempFile = PlatformDependent.createTempFile("keyutil_" + replaceAll + '_', ".key", null);
                createTempFile.deleteOnExit();
                FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                try {
                    fileOutputStream.write(str2.getBytes(CharsetUtil.US_ASCII));
                    fileOutputStream.close();
                    fileOutputStream = null;
                    if (0 != 0) {
                        safeClose(createTempFile, null);
                        safeDelete(createTempFile);
                    }
                    ByteBuf wrappedBuffer = Unpooled.wrappedBuffer(x509Certificate.getEncoded());
                    try {
                        encode = Base64.encode(wrappedBuffer, true);
                        try {
                            String str3 = "-----BEGIN CERTIFICATE-----\n" + encode.toString(CharsetUtil.US_ASCII) + "\n-----END CERTIFICATE-----\n";
                            encode.release();
                            wrappedBuffer.release();
                            File createTempFile2 = PlatformDependent.createTempFile("keyutil_" + replaceAll + '_', ".crt", null);
                            createTempFile2.deleteOnExit();
                            FileOutputStream fileOutputStream2 = new FileOutputStream(createTempFile2);
                            try {
                                fileOutputStream2.write(str3.getBytes(CharsetUtil.US_ASCII));
                                fileOutputStream2.close();
                                fileOutputStream2 = null;
                                if (0 != 0) {
                                    safeClose(createTempFile2, null);
                                    safeDelete(createTempFile2);
                                    safeDelete(createTempFile);
                                }
                                return new String[]{createTempFile2.getPath(), createTempFile.getPath()};
                            } catch (Throwable th) {
                                if (fileOutputStream2 != null) {
                                    safeClose(createTempFile2, fileOutputStream2);
                                    safeDelete(createTempFile2);
                                    safeDelete(createTempFile);
                                }
                                throw th;
                            }
                        } finally {
                        }
                    } finally {
                        wrappedBuffer.release();
                    }
                } catch (Throwable th2) {
                    if (fileOutputStream != null) {
                        safeClose(createTempFile, fileOutputStream);
                        safeDelete(createTempFile);
                    }
                    throw th2;
                }
            } finally {
            }
        } finally {
        }
    }

    private static void safeDelete(File file) {
        if (file.delete() || !logger.isWarnEnabled()) {
            return;
        }
        logger.warn("Failed to delete a file: " + file);
    }

    private static void safeClose(File file, OutputStream outputStream) {
        try {
            outputStream.close();
        } catch (IOException e) {
            if (logger.isWarnEnabled()) {
                logger.warn("Failed to close a file: " + file, (Throwable) e);
            }
        }
    }

    private static boolean isBouncyCastleAvailable() {
        try {
            Class.forName("org.bouncycastle.cert.X509v3CertificateBuilder");
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    static /* synthetic */ boolean access$400() {
        return isBouncyCastleAvailable();
    }
}
