package io.vertx.config.vault.tests.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Date;
import org.apache.commons.io.FileUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:io/vertx/config/vault/tests/utils/Certificates.class */
public class Certificates {
    private static File SSL_DIRECTORY = new File("target/vault/config/ssl");
    private static final File CERT_PEMFILE = new File(SSL_DIRECTORY, "cert.pem");
    private static final File PRIVATE_KEY_PEMFILE = new File(SSL_DIRECTORY, "privatekey.pem");
    private static final File CLIENT_CERT_PEMFILE = new File(SSL_DIRECTORY, "client-cert.pem");
    private static final File CLIENT_PRIVATE_KEY_PEMFILE = new File(SSL_DIRECTORY, "client-privatekey.pem");
    private static final File CLIENT_KEYSTORE = new File(SSL_DIRECTORY, "keystore.jks");
    private static final File CLIENT_TRUSTSTORE = new File(SSL_DIRECTORY, "truststore.jks");
    private static X509Certificate vaultCertificate;

    public static void createVaultCertAndKey() throws Exception {
        if (!SSL_DIRECTORY.isDirectory() || !CERT_PEMFILE.isFile()) {
            SSL_DIRECTORY.mkdirs();
            KeyPair generateKeyPair = generateKeyPair();
            vaultCertificate = generateCert(generateKeyPair, "C=AU, O=The Legion of the Bouncy Castle, OU=Vault Server Certificate, CN=localhost");
            writeCertToPem(vaultCertificate, CERT_PEMFILE);
            writePrivateKeyToPem(generateKeyPair.getPrivate(), PRIVATE_KEY_PEMFILE);
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(CERT_PEMFILE);
        try {
            vaultCertificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void createClientCertAndKey() throws Exception {
        if (SSL_DIRECTORY.isDirectory() && CLIENT_CERT_PEMFILE.isFile()) {
            return;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert", vaultCertificate);
        FileOutputStream fileOutputStream = new FileOutputStream(CLIENT_TRUSTSTORE);
        try {
            keyStore.store(fileOutputStream, "password".toCharArray());
            fileOutputStream.close();
            KeyPair generateKeyPair = generateKeyPair();
            X509Certificate generateCert = generateCert(generateKeyPair, "C=AU, O=The Legion of the Bouncy Castle, OU=Client Certificate, CN=localhost");
            KeyStore keyStore2 = KeyStore.getInstance("jks");
            keyStore2.load(null);
            keyStore2.setKeyEntry("privatekey", generateKeyPair.getPrivate(), "password".toCharArray(), new Certificate[]{generateCert});
            keyStore2.setCertificateEntry("cert", generateCert);
            fileOutputStream = new FileOutputStream(CLIENT_KEYSTORE);
            try {
                keyStore2.store(fileOutputStream, "password".toCharArray());
                fileOutputStream.close();
                writeCertToPem(generateCert, CLIENT_CERT_PEMFILE);
                writePrivateKeyToPem(generateKeyPair.getPrivate(), CLIENT_PRIVATE_KEY_PEMFILE);
            } finally {
            }
        } finally {
        }
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", (Provider) new BouncyCastleProvider());
        keyPairGenerator.initialize(4096);
        return keyPairGenerator.genKeyPair();
    }

    private static X509Certificate generateCert(KeyPair keyPair, String str) throws IOException, OperatorCreationException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.ONE, new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 2592000000L), new X500Name(str), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(7, "127.0.0.1")));
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WithRSAEncryption");
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()))));
        certificate.checkValidity(new Date());
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    private static void writeCertToPem(X509Certificate x509Certificate, File file) throws CertificateEncodingException, IOException {
        FileUtils.write(file, "-----BEGIN CERTIFICATE-----\n" + new String(Base64.getEncoder().encode(x509Certificate.getEncoded())) + "\n-----END CERTIFICATE-----");
    }

    private static void writePrivateKeyToPem(PrivateKey privateKey, File file) throws IOException {
        FileUtils.write(file, "-----BEGIN PRIVATE KEY-----\n" + new String(Base64.getEncoder().encode(privateKey.getEncoded())) + "\n-----END PRIVATE KEY-----");
    }
}
