package io.kroxylicious.proxy.tls;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:io/kroxylicious/proxy/tls/CertificateGenerator.class */
public class CertificateGenerator {
    public static final String PKCS_12 = "PKCS12";
    public static final String JKS = "JKS";
    public static final String ALIAS = "alias";

    /* loaded from: input_file:io/kroxylicious/proxy/tls/CertificateGenerator$KeyStore.class */
    public static final class KeyStore extends Record {

        @NonNull
        private final Path path;

        @NonNull
        private final String type;

        @Nullable
        private final String storePassword;

        @Nullable
        private final Path storePasswordFile;

        @Nullable
        private final String keyPassword;

        @Nullable
        private final Path keyPasswordFile;

        public KeyStore(@NonNull Path path, @NonNull String str, @Nullable String str2, @Nullable Path path2, @Nullable String str3, @Nullable Path path3) {
            this.path = path;
            this.type = str;
            this.storePassword = str2;
            this.storePasswordFile = path2;
            this.keyPassword = str3;
            this.keyPasswordFile = path3;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, KeyStore.class), KeyStore.class, "path;type;storePassword;storePasswordFile;keyPassword;keyPasswordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePasswordFile:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPasswordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, KeyStore.class), KeyStore.class, "path;type;storePassword;storePasswordFile;keyPassword;keyPasswordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePasswordFile:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPasswordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, KeyStore.class, Object.class), KeyStore.class, "path;type;storePassword;storePasswordFile;keyPassword;keyPasswordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->storePasswordFile:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPassword:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;->keyPasswordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NonNull
        public Path path() {
            return this.path;
        }

        @NonNull
        public String type() {
            return this.type;
        }

        @Nullable
        public String storePassword() {
            return this.storePassword;
        }

        @Nullable
        public Path storePasswordFile() {
            return this.storePasswordFile;
        }

        @Nullable
        public String keyPassword() {
            return this.keyPassword;
        }

        @Nullable
        public Path keyPasswordFile() {
            return this.keyPasswordFile;
        }
    }

    /* loaded from: input_file:io/kroxylicious/proxy/tls/CertificateGenerator$Keys.class */
    public static final class Keys extends Record {
        private final KeyPair serverKey;
        private final Path privateKeyPem;
        private final Path selfSignedCertificatePem;
        private final TrustStore pkcs12ClientTruststore;
        private final TrustStore jksClientTruststore;
        private final TrustStore pkcs12NoPasswordClientTruststore;
        private final KeyStore jksServerKeystore;

        public Keys(KeyPair keyPair, Path path, Path path2, TrustStore trustStore, TrustStore trustStore2, TrustStore trustStore3, KeyStore keyStore) {
            this.serverKey = keyPair;
            this.privateKeyPem = path;
            this.selfSignedCertificatePem = path2;
            this.pkcs12ClientTruststore = trustStore;
            this.jksClientTruststore = trustStore2;
            this.pkcs12NoPasswordClientTruststore = trustStore3;
            this.jksServerKeystore = keyStore;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Keys.class), Keys.class, "serverKey;privateKeyPem;selfSignedCertificatePem;pkcs12ClientTruststore;jksClientTruststore;pkcs12NoPasswordClientTruststore;jksServerKeystore", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->serverKey:Ljava/security/KeyPair;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->privateKeyPem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->selfSignedCertificatePem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12ClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12NoPasswordClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksServerKeystore:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Keys.class), Keys.class, "serverKey;privateKeyPem;selfSignedCertificatePem;pkcs12ClientTruststore;jksClientTruststore;pkcs12NoPasswordClientTruststore;jksServerKeystore", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->serverKey:Ljava/security/KeyPair;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->privateKeyPem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->selfSignedCertificatePem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12ClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12NoPasswordClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksServerKeystore:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Keys.class, Object.class), Keys.class, "serverKey;privateKeyPem;selfSignedCertificatePem;pkcs12ClientTruststore;jksClientTruststore;pkcs12NoPasswordClientTruststore;jksServerKeystore", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->serverKey:Ljava/security/KeyPair;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->privateKeyPem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->selfSignedCertificatePem:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12ClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->pkcs12NoPasswordClientTruststore:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$Keys;->jksServerKeystore:Lio/kroxylicious/proxy/tls/CertificateGenerator$KeyStore;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public KeyPair serverKey() {
            return this.serverKey;
        }

        public Path privateKeyPem() {
            return this.privateKeyPem;
        }

        public Path selfSignedCertificatePem() {
            return this.selfSignedCertificatePem;
        }

        public TrustStore pkcs12ClientTruststore() {
            return this.pkcs12ClientTruststore;
        }

        public TrustStore jksClientTruststore() {
            return this.jksClientTruststore;
        }

        public TrustStore pkcs12NoPasswordClientTruststore() {
            return this.pkcs12NoPasswordClientTruststore;
        }

        public KeyStore jksServerKeystore() {
            return this.jksServerKeystore;
        }
    }

    /* loaded from: input_file:io/kroxylicious/proxy/tls/CertificateGenerator$TrustStore.class */
    public static final class TrustStore extends Record {

        @NonNull
        private final Path path;

        @NonNull
        private final String type;

        @Nullable
        private final String password;

        @Nullable
        private final Path passwordFile;

        public TrustStore(@NonNull Path path, @NonNull String str, @Nullable String str2, @Nullable Path path2) {
            this.path = path;
            this.type = str;
            this.password = str2;
            this.passwordFile = path2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, TrustStore.class), TrustStore.class, "path;type;password;passwordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->password:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->passwordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, TrustStore.class), TrustStore.class, "path;type;password;passwordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->password:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->passwordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, TrustStore.class, Object.class), TrustStore.class, "path;type;password;passwordFile", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->path:Ljava/nio/file/Path;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->type:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->password:Ljava/lang/String;", "FIELD:Lio/kroxylicious/proxy/tls/CertificateGenerator$TrustStore;->passwordFile:Ljava/nio/file/Path;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @NonNull
        public Path path() {
            return this.path;
        }

        @NonNull
        public String type() {
            return this.type;
        }

        @Nullable
        public String password() {
            return this.password;
        }

        @Nullable
        public Path passwordFile() {
            return this.passwordFile;
        }
    }

    public static KeyPair generateRsaKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static Path writeRsaPrivateKeyPem(KeyPair keyPair) {
        try {
            return writeToPem(keyPair.getPrivate(), createTempFile("rsakey", ".pem"));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @NonNull
    private static Path writeToPem(Object obj, File file) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter(file));
        try {
            jcaPEMWriter.writeObject(obj);
            jcaPEMWriter.close();
            return file.toPath();
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @NonNull
    private static File createTempFile(String str, String str2) {
        try {
            File createTempFile = File.createTempFile(str, str2);
            createTempFile.deleteOnExit();
            return createTempFile;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public static Path generateCertPem(X509Certificate x509Certificate) {
        try {
            return writeToPem(x509Certificate, createTempFile("cert", ".pem"));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair) {
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
            Instant now = Instant.now();
            return new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(new X500Name("CN=localhost"), BigInteger.ONE, Date.from(now), Date.from(now.plus((TemporalAmount) Duration.ofDays(9999L))), new X500Name("CN=localhost"), subjectPublicKeyInfo).build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate())));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static Path buildPkcs12TrustStore(X509Certificate x509Certificate, String str) {
        return buildTrustStore(x509Certificate, str, ".p12", PKCS_12);
    }

    private static Path buildJksTrustStore(X509Certificate x509Certificate, String str) {
        return buildTrustStore(x509Certificate, str, ".jks", JKS);
    }

    @NonNull
    private static Path buildTrustStore(X509Certificate x509Certificate, String str, String str2, String str3) {
        try {
            File createTempFile = createTempFile("trust", str2);
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance(str3);
            keyStore.load(null, null);
            keyStore.setCertificateEntry(ALIAS, x509Certificate);
            keyStore.store(new FileOutputStream(createTempFile), str != null ? str.toCharArray() : null);
            return createTempFile.toPath();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static Keys generate() {
        KeyPair generateRsaKeyPair = generateRsaKeyPair();
        Path writeRsaPrivateKeyPem = writeRsaPrivateKeyPem(generateRsaKeyPair);
        X509Certificate generateSelfSignedX509Certificate = generateSelfSignedX509Certificate(generateRsaKeyPair);
        KeyStore createJksKeystore = createJksKeystore(generateRsaKeyPair, generateSelfSignedX509Certificate, "changeit", "keypass");
        Path generateCertPem = generateCertPem(generateSelfSignedX509Certificate);
        Path buildPkcs12TrustStore = buildPkcs12TrustStore(generateSelfSignedX509Certificate, "changeit");
        Path buildPkcs12TrustStore2 = buildPkcs12TrustStore(generateSelfSignedX509Certificate, null);
        Path buildJksTrustStore = buildJksTrustStore(generateSelfSignedX509Certificate, "changeit");
        Path writeToTempFile = writeToTempFile("changeit");
        return new Keys(generateRsaKeyPair, writeRsaPrivateKeyPem, generateCertPem, new TrustStore(buildPkcs12TrustStore, PKCS_12, "changeit", writeToTempFile), new TrustStore(buildJksTrustStore, JKS, "changeit", writeToTempFile), new TrustStore(buildPkcs12TrustStore2, PKCS_12, null, null), createJksKeystore);
    }

    public static KeyStore createJksKeystore(KeyPair keyPair, X509Certificate x509Certificate, String str, String str2) {
        try {
            File createTempFile = createTempFile("keystore", "jks");
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance(JKS);
            keyStore.load(null);
            keyStore.setKeyEntry(ALIAS, keyPair.getPrivate(), str2.toCharArray(), new Certificate[]{x509Certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            try {
                keyStore.store(fileOutputStream, str.toCharArray());
                fileOutputStream.close();
                return new KeyStore(createTempFile.toPath(), JKS, str, writeToTempFile(str), str2, writeToTempFile(str2));
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static Path writeToTempFile(String str) {
        try {
            Path path = createTempFile("pass", "raw").toPath();
            Files.writeString(path, str, StandardCharsets.UTF_8, new OpenOption[0]);
            return path;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
