package io.netty.pkitesting;

import io.netty.util.internal.EmptyArrays;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/netty/pkitesting/X509Bundle.class */
public final class X509Bundle {
    private final X509Certificate[] certPath;
    private final X509Certificate root;
    private final KeyPair keyPair;

    private X509Bundle(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, KeyPair keyPair) {
        Objects.requireNonNull(x509Certificate, "root");
        Objects.requireNonNull(keyPair, "keyPair");
        if (x509CertificateArr.length <= 1 || !x509CertificateArr[x509CertificateArr.length - 1].equals(x509Certificate)) {
            this.certPath = (X509Certificate[]) x509CertificateArr.clone();
        } else {
            this.certPath = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length - 1);
        }
        this.root = x509Certificate;
        this.keyPair = keyPair;
    }

    public static X509Bundle fromRootCertificateAuthority(X509Certificate x509Certificate, KeyPair keyPair) {
        Objects.requireNonNull(x509Certificate, "root");
        Objects.requireNonNull(keyPair, "keyPair");
        X509Bundle x509Bundle = new X509Bundle(new X509Certificate[]{x509Certificate}, x509Certificate, keyPair);
        if (x509Bundle.isCertificateAuthority() && x509Bundle.isSelfSigned()) {
            return x509Bundle;
        }
        throw new IllegalArgumentException("Given certificate is not a root CA certificate: " + x509Certificate.getSubjectX500Principal() + ", issued by " + x509Certificate.getIssuerX500Principal());
    }

    public static X509Bundle fromCertificatePath(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate, KeyPair keyPair) {
        return new X509Bundle(x509CertificateArr, x509Certificate, keyPair);
    }

    public X509Certificate getCertificate() {
        return this.certPath[0];
    }

    public String getCertificatePEM() {
        return toCertPem(this.certPath[0]);
    }

    public X509Certificate[] getCertificatePath() {
        return (X509Certificate[]) this.certPath.clone();
    }

    public X509Certificate[] getCertificatePathWithRoot() {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(this.certPath, this.certPath.length + 1);
        x509CertificateArr[x509CertificateArr.length - 1] = this.root;
        return x509CertificateArr;
    }

    public List<X509Certificate> getCertificatePathList() {
        return Arrays.asList(this.certPath);
    }

    public String getCertificatePathPEM() {
        return toCertPem(this.certPath);
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    public X509Certificate getRootCertificate() {
        return this.root;
    }

    public String getRootCertificatePEM() {
        return toCertPem(this.root);
    }

    private static String toCertPem(X509Certificate... x509CertificateArr) {
        Base64.Encoder mimeEncoder = getMimeEncoder();
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb.append("-----BEGIN CERTIFICATE-----\r\n");
            try {
                sb.append(mimeEncoder.encodeToString(x509Certificate.getEncoded()));
                sb.append("\r\n-----END CERTIFICATE-----\r\n");
            } catch (CertificateEncodingException e) {
                throw new IllegalStateException(e);
            }
        }
        return sb.toString();
    }

    public String getPrivateKeyPEM() {
        return "-----BEGIN PRIVATE KEY-----\r\n" + getMimeEncoder().encodeToString(this.keyPair.getPrivate().getEncoded()) + "\r\n-----END PRIVATE KEY-----\r\n";
    }

    private static Base64.Encoder getMimeEncoder() {
        return Base64.getMimeEncoder(64, new byte[]{13, 10});
    }

    public TrustAnchor getTrustAnchor() {
        return new TrustAnchor(this.root, this.root.getExtensionValue("2.5.29.30"));
    }

    public boolean isCertificateAuthority() {
        return this.certPath[0].getBasicConstraints() != -1;
    }

    public boolean isSelfSigned() {
        X509Certificate x509Certificate = this.certPath[0];
        return this.certPath.length == 1 && x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal()) && Arrays.equals(x509Certificate.getSubjectUniqueID(), x509Certificate.getIssuerUniqueID());
    }

    public TrustManager toTrustManager() {
        return toTrustManagerFactory().getTrustManagers()[0];
    }

    public TrustManagerFactory toTrustManagerFactory() {
        return toTrustManagerFactory(TrustManagerFactory.getDefaultAlgorithm());
    }

    public TrustManagerFactory toTrustManagerFactory(String str) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(toKeyStore(EmptyArrays.EMPTY_CHARS));
            return trustManagerFactory;
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Failed to initialize TrustManagerFactory with KeyStore.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError("Default TrustManagerFactory algorithm was not available.", e2);
        }
    }

    public KeyStore toKeyStore(char[] cArr) throws KeyStoreException {
        return toKeyStore("PKCS12", cArr);
    }

    public KeyStore toKeyStore(String str, char[] cArr) throws KeyStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("1", this.root);
            if (this.keyPair.getPrivate() != null) {
                keyStore.setKeyEntry("2", MLDSASeedPrivateKey.unwrap(this.keyPair.getPrivate()), cArr, this.certPath);
            }
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreException("Failed to initialize '" + str + "' KeyStore.", e);
        }
    }

    public File toTempKeyStoreFile(char[] cArr) throws Exception {
        return toTempKeyStoreFile(cArr, cArr);
    }

    public File toTempKeyStoreFile(char[] cArr, char[] cArr2) throws Exception {
        KeyStore keyStore = toKeyStore(cArr2);
        Path createTempFile = Files.createTempFile("ks", ".p12", new FileAttribute[0]);
        OutputStream newOutputStream = Files.newOutputStream(createTempFile, StandardOpenOption.WRITE);
        Throwable th = null;
        try {
            try {
                keyStore.store(newOutputStream, cArr);
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                File file = createTempFile.toFile();
                file.deleteOnExit();
                return file;
            } finally {
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public File toTempRootCertPem() throws IOException {
        return createTempPemFile(getRootCertificatePEM(), "ca");
    }

    public File toTempCertChainPem() throws IOException {
        return createTempPemFile(getCertificatePathPEM(), "chain");
    }

    public File toTempPrivateKeyPem() throws IOException {
        return createTempPemFile(getPrivateKeyPEM(), "key");
    }

    private static File createTempPemFile(String str, String str2) throws IOException {
        Path createTempFile = Files.createTempFile(str2, ".pem", new FileAttribute[0]);
        OutputStream newOutputStream = Files.newOutputStream(createTempFile, StandardOpenOption.WRITE);
        Throwable th = null;
        try {
            try {
                newOutputStream.write(str.getBytes(StandardCharsets.ISO_8859_1));
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                File file = createTempFile.toFile();
                file.deleteOnExit();
                return file;
            } finally {
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public KeyManagerFactory toKeyManagerFactory() throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        return toKeyManagerFactory(KeyManagerFactory.getDefaultAlgorithm());
    }

    public KeyManagerFactory toKeyManagerFactory(String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            keyManagerFactory.init(toKeyStore(EmptyArrays.EMPTY_CHARS), EmptyArrays.EMPTY_CHARS);
            return keyManagerFactory;
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError("Default KeyManagerFactory algorithm was not available.", e);
        }
    }
}
