package org.mockserver.socket.tls.jdk;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.apache.commons.lang3.StringUtils;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.file.FileReader;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.socket.tls.KeyAndCertificateFactory;
import org.mockserver.socket.tls.PEMToFile;
import org.slf4j.event.Level;

/* loaded from: input_file:org/mockserver/socket/tls/jdk/JDKKeyAndCertificateFactory.class */
public class JDKKeyAndCertificateFactory implements KeyAndCertificateFactory {
    private final MockServerLogger mockServerLogger;
    private final X509Generator x509Generator = new X509Generator(new MockServerLogger());
    private X509AndPrivateKey x509AndPrivateKey;
    private String certificateAuthorityPrivateKey;
    private X509Certificate certificateAuthorityX509Certificate;

    public JDKKeyAndCertificateFactory(MockServerLogger mockServerLogger) {
        this.mockServerLogger = mockServerLogger;
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public void buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate() {
        if (dynamicallyUpdateCertificateAuthority() && certificateAuthorityCertificateNotYetCreated()) {
            try {
                X509AndPrivateKey generateRootX509AndPrivateKey = this.x509Generator.generateRootX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm("RSA").setSigningAlgorithm("SHA256withRSA").setCommonName(CertificateSigningRequest.ROOT_COMMON_NAME).setKeyPairSize(2048));
                saveAsPEMFile(generateRootX509AndPrivateKey.getCert(), certificateAuthorityX509CertificatePath(), "Certificate Authority X509 Certificate");
                saveAsPEMFile(generateRootX509AndPrivateKey.getPrivateKey(), certificateAuthorityPrivateKeyPath(), "Certificate Authority Private Key");
            } catch (Exception e) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating certificate authority private key and X509 certificate").setThrowable(e));
            }
        }
    }

    private void saveAsPEMFile(String str, String str2, String str3) throws IOException {
        if (MockServerLogger.isEnabled(Level.DEBUG)) {
            this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.DEBUG).setMessageFormat("created dynamic " + str3 + " PEM file at{}").setArguments(str2));
        }
        FileWriter fileWriter = new FileWriter(createFileIfNotExists(str3, new File(str2)));
        Throwable th = null;
        try {
            fileWriter.write(str);
            if (fileWriter != null) {
                if (0 == 0) {
                    fileWriter.close();
                    return;
                }
                try {
                    fileWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (fileWriter != null) {
                if (0 != 0) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th3;
        }
    }

    private File createFileIfNotExists(String str, File file) {
        if (!file.exists()) {
            try {
                createParentDirs(file);
                if (!file.createNewFile()) {
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("failed to create the file{}while attempting to save Certificate Authority " + str + " PEM file").setArguments(file.getAbsolutePath()));
                }
            } catch (Throwable th) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("failed to create the file{}while attempting to save Certificate Authority " + str + " PEM file").setArguments(file.getAbsolutePath()).setThrowable(th));
            }
        }
        return file;
    }

    public static void createParentDirs(File file) throws IOException {
        File parentFile = file.getCanonicalFile().getParentFile();
        if (parentFile == null) {
            return;
        }
        createParentDirs(parentFile);
        if (!parentFile.exists()) {
            parentFile.mkdirs();
        }
        if (!parentFile.isDirectory()) {
            throw new IOException("Unable to create parent directories of " + file);
        }
    }

    private boolean dynamicallyUpdateCertificateAuthority() {
        return ConfigurationProperties.dynamicallyCreateCertificateAuthorityCertificate() && StringUtils.isNotBlank(ConfigurationProperties.directoryToSaveDynamicSSLCertificate());
    }

    public boolean certificateAuthorityCertificateNotYetCreated() {
        return !PEMToFile.validX509PEMFileExists(certificateAuthorityX509CertificatePath());
    }

    private String certificateAuthorityPrivateKeyPath() {
        return dynamicallyUpdateCertificateAuthority() ? new File(new File(ConfigurationProperties.directoryToSaveDynamicSSLCertificate()), "PKCS8CertificateAuthorityPrivateKey.pem").getAbsolutePath() : ConfigurationProperties.certificateAuthorityPrivateKey();
    }

    private String certificateAuthorityX509CertificatePath() {
        return dynamicallyUpdateCertificateAuthority() ? new File(new File(ConfigurationProperties.directoryToSaveDynamicSSLCertificate()), "CertificateAuthorityCertificate.pem").getAbsolutePath() : ConfigurationProperties.certificateAuthorityCertificate();
    }

    private String certificateAuthorityPrivateKey() {
        if (this.certificateAuthorityPrivateKey == null) {
            if (dynamicallyUpdateCertificateAuthority()) {
                buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
            }
            this.certificateAuthorityPrivateKey = FileReader.readFileFromClassPathOrPath(certificateAuthorityPrivateKeyPath());
            if (MockServerLogger.isEnabled(Level.TRACE)) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("loaded dynamic CA private key from path{}PEM{}").setArguments(certificateAuthorityPrivateKeyPath(), this.certificateAuthorityPrivateKey));
            }
        }
        return this.certificateAuthorityPrivateKey;
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public X509Certificate certificateAuthorityX509Certificate() {
        if (this.certificateAuthorityX509Certificate == null) {
            if (dynamicallyUpdateCertificateAuthority()) {
                buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
            }
            this.certificateAuthorityX509Certificate = PEMToFile.x509FromPEMFile(certificateAuthorityX509CertificatePath());
            if (MockServerLogger.isEnabled(Level.TRACE)) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("loaded dynamic CA X509 from path{}from PEM{}as{}").setArguments(certificateAuthorityX509CertificatePath(), FileReader.readFileFromClassPathOrPath(certificateAuthorityX509CertificatePath()), this.certificateAuthorityX509Certificate));
            }
        }
        return this.certificateAuthorityX509Certificate;
    }

    private boolean customPrivateKeyAndCertificateProvided() {
        return StringUtils.isBlank(ConfigurationProperties.privateKeyPath()) || StringUtils.isBlank(ConfigurationProperties.x509CertificatePath());
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public void buildAndSavePrivateKeyAndX509Certificate() {
        if (customPrivateKeyAndCertificateProvided()) {
            try {
                if (dynamicallyUpdateCertificateAuthority()) {
                    buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
                }
                String certificateAuthorityPrivateKey = certificateAuthorityPrivateKey();
                X509Certificate certificateAuthorityX509Certificate = certificateAuthorityX509Certificate();
                this.x509AndPrivateKey = this.x509Generator.generateLeafX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm("RSA").setSigningAlgorithm("SHA256withRSA").setCommonName(CertificateSigningRequest.ROOT_COMMON_NAME).setCommonName(ConfigurationProperties.sslCertificateDomainName()).addSubjectAlternativeNames(ConfigurationProperties.sslSubjectAlternativeNameDomains()).addSubjectAlternativeNames(ConfigurationProperties.sslSubjectAlternativeNameIps()).setKeyPairSize(2048), certificateAuthorityX509Certificate.getIssuerDN().getName(), certificateAuthorityPrivateKey, certificateAuthorityX509Certificate);
                if (MockServerLogger.isEnabled(Level.TRACE)) {
                    this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("created new X509{}with SAN Domain Names{}and IPs{}").setArguments(x509Certificate(), Arrays.toString(ConfigurationProperties.sslSubjectAlternativeNameDomains()), Arrays.toString(ConfigurationProperties.sslSubjectAlternativeNameIps())));
                }
                if (ConfigurationProperties.preventCertificateDynamicUpdate()) {
                    saveAsPEMFile(this.x509AndPrivateKey.getCert(), x509CertificatePath(), "X509 Certificate");
                    saveAsPEMFile(this.x509AndPrivateKey.getPrivateKey(), privateKeyPath(), "Private Key");
                }
            } catch (Exception e) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating private key and X509 certificate").setThrowable(e));
            }
        }
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public boolean certificateNotYetCreated() {
        return customPrivateKeyAndCertificateProvided() && this.x509AndPrivateKey == null;
    }

    private String privateKeyPath() {
        return new File(new File(ConfigurationProperties.directoryToSaveDynamicSSLCertificate()), "PKCS8PrivateKey.pem").getAbsolutePath();
    }

    private String x509CertificatePath() {
        return new File(new File(ConfigurationProperties.directoryToSaveDynamicSSLCertificate()), "Certificate.pem").getAbsolutePath();
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public PrivateKey privateKey() {
        return customPrivateKeyAndCertificateProvided() ? PEMToFile.privateKeyFromPEM(this.x509AndPrivateKey.getPrivateKey()) : PEMToFile.privateKeyFromPEMFile(ConfigurationProperties.privateKeyPath());
    }

    @Override // org.mockserver.socket.tls.KeyAndCertificateFactory
    public X509Certificate x509Certificate() {
        return customPrivateKeyAndCertificateProvided() ? PEMToFile.x509FromPEM(this.x509AndPrivateKey.getCert()) : PEMToFile.x509FromPEMFile(ConfigurationProperties.x509CertificatePath());
    }
}
