package org.mockserver.socket;

import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.glassfish.jersey.SslConfigurator;
import org.mockserver.configuration.ConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-3.9.15.jar:org/mockserver/socket/SSLFactory.class */
public class SSLFactory {
    public static final String KEY_STORE_PASSWORD = "changeit";
    public static final String CERTIFICATE_DOMAIN = "localhost";
    public static final String KEY_STORE_CERT_ALIAS = "mockserver-client-cert";
    public static final String KEY_STORE_CA_ALIAS = "mockserver-ca-cert";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SSLFactory.class);
    private static final SSLFactory SSL_FACTORY = new SSLFactory();
    private static final TrustManager DUMMY_TRUST_MANAGER = new X509TrustManager() { // from class: org.mockserver.socket.SSLFactory.1
        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            SSLFactory.logger.trace("Approving client certificate for: " + x509CertificateArr[0].getSubjectDN());
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            SSLFactory.logger.trace("Approving server certificate for: " + x509CertificateArr[0].getSubjectDN());
        }
    };
    private KeyStore keystore;

    private SSLFactory() {
    }

    public static String defaultKeyStoreFileName() {
        if ("jks".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.jks";
        }
        if ("pkcs12".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.p12";
        }
        if ("jceks".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.jceks";
        }
        throw new IllegalArgumentException(ConfigurationProperties.javaKeyStoreType() + " is not a supported keystore type");
    }

    public static SSLFactory getInstance() {
        return SSL_FACTORY;
    }

    public static SSLEngine createClientSSLEngine() {
        SSLEngine createSSLEngine = getInstance().sslContext().createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        return createSSLEngine;
    }

    public static SSLEngine createServerSSLEngine() {
        SSLEngine createSSLEngine = getInstance().sslContext().createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        return createSSLEngine;
    }

    public static void addSubjectAlternativeName(String str) {
        if (str != null) {
            String substringBefore = StringUtils.substringBefore(str, ":");
            try {
                InetAddress byName = InetAddress.getByName(substringBefore);
                ConfigurationProperties.addSslSubjectAlternativeNameDomains(byName.getHostName());
                ConfigurationProperties.addSslSubjectAlternativeNameDomains(byName.getCanonicalHostName());
            } catch (UnknownHostException e) {
                ConfigurationProperties.addSslSubjectAlternativeNameDomains(substringBefore);
            }
        }
    }

    public SSLContext sslContext() {
        try {
            KeyManagerFactory keyManagerFactoryInstance = getKeyManagerFactoryInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactoryInstance.init(buildKeyStore(), ConfigurationProperties.javaKeyStorePassword().toCharArray());
            final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManagerFactoryInstance.getKeyManagers()[0];
            X509ExtendedKeyManager x509ExtendedKeyManager2 = new X509ExtendedKeyManager() { // from class: org.mockserver.socket.SSLFactory.2
                @Override // javax.net.ssl.X509KeyManager
                public String[] getClientAliases(String str, Principal[] principalArr) {
                    return x509ExtendedKeyManager.getClientAliases(str, principalArr);
                }

                @Override // javax.net.ssl.X509KeyManager
                public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                    return x509ExtendedKeyManager.chooseClientAlias(strArr, principalArr, socket);
                }

                @Override // javax.net.ssl.X509KeyManager
                public String[] getServerAliases(String str, Principal[] principalArr) {
                    return x509ExtendedKeyManager.getServerAliases(str, principalArr);
                }

                @Override // javax.net.ssl.X509KeyManager
                public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
                    return x509ExtendedKeyManager.chooseServerAlias(str, principalArr, socket);
                }

                @Override // javax.net.ssl.X509KeyManager
                public X509Certificate[] getCertificateChain(String str) {
                    return x509ExtendedKeyManager.getCertificateChain(str);
                }

                @Override // javax.net.ssl.X509KeyManager
                public PrivateKey getPrivateKey(String str) {
                    return x509ExtendedKeyManager.getPrivateKey(str);
                }

                @Override // javax.net.ssl.X509ExtendedKeyManager
                public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
                    return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
                }

                @Override // javax.net.ssl.X509ExtendedKeyManager
                public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
                    return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
                }
            };
            SSLContext sSLContextInstance = getSSLContextInstance("TLS");
            sSLContextInstance.init(new KeyManager[]{x509ExtendedKeyManager2}, new TrustManager[]{DUMMY_TRUST_MANAGER}, null);
            return sSLContextInstance;
        } catch (Exception e) {
            throw new RuntimeException("Failed to initialize the SSLContext", e);
        }
    }

    public SSLSocket wrapSocket(Socket socket) throws Exception {
        SSLSocket sSLSocket = (SSLSocket) sslContext().getSocketFactory().createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
        sSLSocket.setUseClientMode(true);
        sSLSocket.startHandshake();
        return sSLSocket;
    }

    public KeyStore buildKeyStore() {
        return buildKeyStore(ConfigurationProperties.rebuildKeyStore());
    }

    public KeyStore buildKeyStore(boolean z) {
        if (this.keystore == null || z) {
            File file = new File(ConfigurationProperties.javaKeyStoreFilePath());
            System.setProperty(SslConfigurator.TRUST_STORE_FILE, file.getAbsolutePath());
            if (file.exists()) {
                this.keystore = updateExistingKeyStore(file);
            } else {
                createNewKeyStore();
            }
            ConfigurationProperties.rebuildKeyStore(false);
        }
        return this.keystore;
    }

    private SSLContext getSSLContextInstance(String str) throws NoSuchAlgorithmException {
        return SSLContext.getInstance(str);
    }

    private KeyManagerFactory getKeyManagerFactoryInstance(String str) throws NoSuchAlgorithmException {
        return KeyManagerFactory.getInstance(str);
    }

    private void createNewKeyStore() {
        try {
            this.keystore = new KeyStoreFactory().generateCertificate(null, KEY_STORE_CERT_ALIAS, KEY_STORE_CA_ALIAS, ConfigurationProperties.javaKeyStorePassword().toCharArray(), ConfigurationProperties.sslCertificateDomainName(), ConfigurationProperties.sslSubjectAlternativeNameDomains(), ConfigurationProperties.sslSubjectAlternativeNameIps());
        } catch (Exception e) {
            throw new RuntimeException("Exception while building KeyStore dynamically", e);
        }
    }

    private KeyStore updateExistingKeyStore(File file) {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(ConfigurationProperties.javaKeyStoreFilePath());
                logger.trace("Loading key store from file [" + file + "]");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, ConfigurationProperties.javaKeyStorePassword().toCharArray());
                new KeyStoreFactory().generateCertificate(keyStore, KEY_STORE_CERT_ALIAS, KEY_STORE_CA_ALIAS, ConfigurationProperties.javaKeyStorePassword().toCharArray(), ConfigurationProperties.sslCertificateDomainName(), ConfigurationProperties.sslSubjectAlternativeNameDomains(), ConfigurationProperties.sslSubjectAlternativeNameIps());
                IOUtils.closeQuietly((InputStream) fileInputStream);
                return keyStore;
            } catch (Throwable th) {
                IOUtils.closeQuietly((InputStream) fileInputStream);
                throw th;
            }
        } catch (Exception e) {
            throw new RuntimeException("Exception while loading KeyStore from " + file.getAbsolutePath(), e);
        }
    }
}
