package com.github.puhiayang.utils;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/github/puhiayang/utils/HttpsSupport.class */
public class HttpsSupport {
    private SslContext clientSslCtx;
    private String issuer;
    private Date caNotBefore;
    private Date caNotAfter;
    private PrivateKey caPriKey;
    private PrivateKey serverPriKey;
    private PublicKey serverPubKey;
    private Map<String, X509Certificate> certCache = new HashMap();
    private KeyFactory keyFactory = null;
    private static HttpsSupport httpsSupport;

    private HttpsSupport() {
        initHttpsConfig();
    }

    public static HttpsSupport getInstance() {
        if (httpsSupport == null) {
            httpsSupport = new HttpsSupport();
        }
        return httpsSupport;
    }

    private void initHttpsConfig() {
        try {
            this.keyFactory = KeyFactory.getInstance("RSA");
            setClientSslCtx(SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build());
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            X509Certificate loadCert = loadCert(contextClassLoader.getResourceAsStream("ca.crt"));
            setCaPriKey(loadPriKey(contextClassLoader.getResourceAsStream("ca_private.der")));
            setIssuer(getSubjectByCert(loadCert));
            setCaNotBefore(loadCert.getNotBefore());
            setCaNotAfter(loadCert.getNotAfter());
            KeyPair genKeyPair = genKeyPair();
            setServerPriKey(genKeyPair.getPrivate());
            setServerPubKey(genKeyPair.getPublic());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private KeyPair genKeyPair() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.genKeyPair();
    }

    private String getSubjectByCert(X509Certificate x509Certificate) {
        List asList = Arrays.asList(x509Certificate.getIssuerDN().toString().split(", "));
        return (String) IntStream.rangeClosed(0, asList.size() - 1).mapToObj(i -> {
            return (String) asList.get((asList.size() - i) - 1);
        }).collect(Collectors.joining(", "));
    }

    private PrivateKey loadPriKey(InputStream inputStream) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read == -1) {
                inputStream.close();
                byteArrayOutputStream.close();
                return loadPriKey(byteArrayOutputStream.toByteArray());
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private PrivateKey loadPriKey(byte[] bArr) throws Exception {
        return this.keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private X509Certificate loadCert(InputStream inputStream) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
    }

    public SslContext getClientSslCtx() {
        return this.clientSslCtx;
    }

    public void setClientSslCtx(SslContext sslContext) {
        this.clientSslCtx = sslContext;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public Date getCaNotBefore() {
        return this.caNotBefore;
    }

    public void setCaNotBefore(Date date) {
        this.caNotBefore = date;
    }

    public Date getCaNotAfter() {
        return this.caNotAfter;
    }

    public void setCaNotAfter(Date date) {
        this.caNotAfter = date;
    }

    public PrivateKey getCaPriKey() {
        return this.caPriKey;
    }

    public void setCaPriKey(PrivateKey privateKey) {
        this.caPriKey = privateKey;
    }

    public PrivateKey getServerPriKey() {
        return this.serverPriKey;
    }

    public void setServerPriKey(PrivateKey privateKey) {
        this.serverPriKey = privateKey;
    }

    public PublicKey getServerPubKey() {
        return this.serverPubKey;
    }

    public void setServerPubKey(PublicKey publicKey) {
        this.serverPubKey = publicKey;
    }

    public X509Certificate getCert(String str) throws Exception {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        X509Certificate x509Certificate = this.certCache.get(str);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        String lowerCase = str.trim().toLowerCase();
        this.certCache.put(lowerCase, genCert(getIssuer(), getCaPriKey(), getCaNotBefore(), getCaNotAfter(), getServerPubKey(), lowerCase.trim().toLowerCase()));
        return this.certCache.get(lowerCase);
    }

    public static X509Certificate genCert(String str, PrivateKey privateKey, Date date, Date date2, PublicKey publicKey, String... strArr) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis() + ((long) (Math.random() * 10000.0d)) + 1000), date, date2, new X500Name("C=CN, ST=SC, L=CD, O=hai, OU=study, CN=" + strArr[0]), publicKey);
        GeneralName[] generalNameArr = new GeneralName[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            generalNameArr[i] = new GeneralName(2, strArr[i]);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
        return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(privateKey)));
    }
}
