package org.apache.geode.cache.ssl;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:org/apache/geode/cache/ssl/TestSSLUtils.class */
public class TestSSLUtils {

    /* loaded from: input_file:org/apache/geode/cache/ssl/TestSSLUtils$CertificateBuilder.class */
    public static class CertificateBuilder {
        private final int days;
        private final String algorithm;
        private String name;
        private List<String> dnsNames;
        private List<InetAddress> ipAddresses;

        public CertificateBuilder() {
            this(30, "SHA1withRSA");
        }

        public CertificateBuilder(int i, String str) {
            this.days = i;
            this.algorithm = str;
            this.dnsNames = new ArrayList();
            this.ipAddresses = new ArrayList();
        }

        private static GeneralName dnsGeneralName(String str) {
            return new GeneralName(2, str);
        }

        private static GeneralName ipGeneralName(InetAddress inetAddress) {
            return new GeneralName(7, new DEROctetString(inetAddress.getAddress()));
        }

        public CertificateBuilder commonName(String str) {
            this.name = "CN=" + str + ", O=Geode";
            return this;
        }

        public CertificateBuilder sanDnsName(String str) {
            this.dnsNames.add(str);
            return this;
        }

        public CertificateBuilder sanIpAddress(InetAddress inetAddress) {
            this.ipAddresses.add(inetAddress);
            return this;
        }

        private byte[] san() throws IOException {
            List list = (List) this.dnsNames.stream().map(CertificateBuilder::dnsGeneralName).collect(Collectors.toList());
            list.addAll((Collection) this.ipAddresses.stream().map(CertificateBuilder::ipGeneralName).collect(Collectors.toList()));
            if (list.isEmpty()) {
                return null;
            }
            return new GeneralNames((GeneralName[]) list.toArray(new GeneralName[0])).getEncoded();
        }

        public X509Certificate generate(KeyPair keyPair) throws CertificateException {
            return generate(this.name, keyPair);
        }

        public X509Certificate generate(String str, KeyPair keyPair) throws CertificateException {
            try {
                Security.addProvider(new BouncyCastleProvider());
                AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(this.algorithm);
                AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
                AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
                SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
                ContentSigner build = new BcRSAContentSignerBuilder(find, find2).build(createKey);
                X500Name x500Name = new X500Name(str);
                Date date = new Date();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), date, new Date(date.getTime() + (this.days * 86400000)), x500Name, subjectPublicKeyInfo);
                byte[] san = san();
                if (san != null) {
                    x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, san);
                }
                return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(build));
            } catch (CertificateException e) {
                throw e;
            } catch (Exception e2) {
                throw new CertificateException(e2);
            }
        }
    }

    public static KeyPair generateKeyPair(String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.genKeyPair();
    }

    private static KeyStore createEmptyKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    public static void createKeyStore(String str, String str2, String str3, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str3, key, str2.toCharArray(), new Certificate[]{certificate});
        OutputStream newOutputStream = Files.newOutputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                createEmptyKeyStore.store(newOutputStream, str2.toCharArray());
                if (newOutputStream != null) {
                    if (0 == 0) {
                        newOutputStream.close();
                        return;
                    }
                    try {
                        newOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th4;
        }
    }

    public static <T extends Certificate> void createTrustStore(String str, String str2, Map<String, T> map) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    keyStore.load(newInputStream, str2.toCharArray());
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (EOFException e) {
            keyStore = createEmptyKeyStore();
        }
        for (Map.Entry<String, T> entry : map.entrySet()) {
            keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
        }
        OutputStream newOutputStream = Files.newOutputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th4 = null;
        try {
            try {
                keyStore.store(newOutputStream, str2.toCharArray());
                if (newOutputStream != null) {
                    if (0 == 0) {
                        newOutputStream.close();
                        return;
                    }
                    try {
                        newOutputStream.close();
                    } catch (Throwable th5) {
                        th4.addSuppressed(th5);
                    }
                }
            } catch (Throwable th6) {
                th4 = th6;
                throw th6;
            }
        } catch (Throwable th7) {
            if (newOutputStream != null) {
                if (th4 != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th8) {
                        th4.addSuppressed(th8);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th7;
        }
    }
}
