package org.mockserver.echo.tls;

import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509KeyManager;
import org.apache.tomcat.util.net.Constants;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.socket.tls.PEMToFile;
import org.mockserver.socket.tls.jdk.CertificateSigningRequest;
import org.mockserver.socket.tls.jdk.X509AndPrivateKey;
import org.mockserver.socket.tls.jdk.X509Generator;
import org.slf4j.event.Level;

/* loaded from: input_file:BOOT-INF/lib/mockserver-core-5.11.6.jar:org/mockserver/echo/tls/UniqueCertificateChainSSLContextBuilder.class */
public class UniqueCertificateChainSSLContextBuilder {

    /* loaded from: input_file:BOOT-INF/lib/mockserver-core-5.11.6.jar:org/mockserver/echo/tls/UniqueCertificateChainSSLContextBuilder$UniqueCertificateChainX509KeyManager.class */
    private static class UniqueCertificateChainX509KeyManager implements X509KeyManager {
        private static final String CLIENT_ALIAS = "client_alias";
        private static final String SERVER_ALIAS = "server_alias";
        private X509AndPrivateKey certificateAuthorityX509AndPrivateKey;
        private X509AndPrivateKey x509AndPrivateKey;

        private UniqueCertificateChainX509KeyManager() {
            MockServerLogger mockServerLogger = new MockServerLogger();
            try {
                X509Generator x509Generator = new X509Generator(mockServerLogger);
                this.certificateAuthorityX509AndPrivateKey = x509Generator.generateRootX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm("RSA").setSigningAlgorithm("SHA256withRSA").setCommonName(CertificateSigningRequest.ROOT_COMMON_NAME).setKeyPairSize(2048));
                this.x509AndPrivateKey = x509Generator.generateLeafX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm("RSA").setSigningAlgorithm("SHA256withRSA").setCommonName(CertificateSigningRequest.ROOT_COMMON_NAME).setCommonName(ConfigurationProperties.sslCertificateDomainName()).addSubjectAlternativeNames(ConfigurationProperties.sslSubjectAlternativeNameDomains()).addSubjectAlternativeNames(ConfigurationProperties.sslSubjectAlternativeNameIps()).setKeyPairSize(2048), CertificateSigningRequest.buildDistinguishedName(CertificateSigningRequest.ROOT_COMMON_NAME), this.certificateAuthorityX509AndPrivateKey.getPrivateKey(), PEMToFile.x509FromPEM(this.certificateAuthorityX509AndPrivateKey.getCert()));
            } catch (Throwable th) {
                mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception create fake certificates and private keys").setThrowable(th));
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{CLIENT_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return CLIENT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{SERVER_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return SERVER_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return new X509Certificate[]{PEMToFile.x509FromPEM(this.x509AndPrivateKey.getCert()), PEMToFile.x509FromPEM(this.certificateAuthorityX509AndPrivateKey.getCert())};
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return PEMToFile.privateKeyFromPEM(this.x509AndPrivateKey.getPrivateKey());
        }
    }

    public static SSLContext uniqueCertificateChainSSLContext() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(Constants.SSL_PROTO_TLSv1_2);
        sSLContext.init(new KeyManager[]{new UniqueCertificateChainX509KeyManager()}, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
        return sSLContext;
    }
}
