package org.neo4j.test.ssl;

import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import java.util.Set;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/neo4j/test/ssl/CertificateChainFactory.class */
public class CertificateChainFactory {
    private static final Date NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    private static final Date NOT_AFTER = new Date(253402300799000L);
    private static volatile boolean cleanupRequired = true;

    public void createCertificateChain(Path path, Path path2, Path path3, Path path4, Path path5, Path path6, int i, BouncyCastleProvider bouncyCastleProvider) throws Exception {
        Security.addProvider(bouncyCastleProvider);
        installCleanupHook(path, path2, path3, path4, path5, path6, bouncyCastleProvider);
        String str = "http://localhost:" + i;
        KeyPair generateKeyPair = generateKeyPair();
        KeyPair generateKeyPair2 = generateKeyPair();
        KeyPair generateKeyPair3 = generateKeyPair();
        X509Certificate generateCertificate = generateCertificate(null, null, generateKeyPair, "rootCA", str, path5, path6, bouncyCastleProvider);
        X509Certificate generateCertificate2 = generateCertificate(generateCertificate, generateKeyPair.getPrivate(), generateKeyPair2, "intCA", str, path3, path4, bouncyCastleProvider);
        writePem("CERTIFICATE", generateCertificate(generateCertificate2, generateKeyPair2.getPrivate(), generateKeyPair3, "endUserCA", str, path, path2, bouncyCastleProvider).getEncoded(), generateCertificate2.getEncoded(), generateCertificate.getEncoded(), path);
        writePem("PRIVATE KEY", generateKeyPair3.getPrivate().getEncoded(), path2);
        cleanupRequired = false;
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    private X509Certificate generateCertificate(X509Certificate x509Certificate, PrivateKey privateKey, KeyPair keyPair, String str, String str2, Path path, Path path2, BouncyCastleProvider bouncyCastleProvider) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = x509Certificate == null ? new JcaX509v3CertificateBuilder(new X500Name("CN=" + str), BigInteger.valueOf(new Random().nextInt()), NOT_BEFORE, NOT_AFTER, new X500Name("CN=" + str), keyPair.getPublic()) : new JcaX509v3CertificateBuilder(x509Certificate, BigInteger.valueOf(new Random().nextInt()), NOT_BEFORE, NOT_AFTER, new X500Name("CN=" + str), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(132));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, new AuthorityInformationAccess(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(6, str2 + "/" + str))));
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(bouncyCastleProvider).build(privateKey == null ? keyPair.getPrivate() : privateKey)));
        writePem("CERTIFICATE", certificate.getEncoded(), path);
        writePem("PRIVATE KEY", keyPair.getPrivate().getEncoded(), path2);
        return certificate;
    }

    private static void installCleanupHook(Path path, Path path2, Path path3, Path path4, Path path5, Path path6, BouncyCastleProvider bouncyCastleProvider) {
        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
            if (cleanupRequired) {
                System.err.println("Cleaning up partially generated self-signed certificate...");
                try {
                    Security.removeProvider(bouncyCastleProvider.getName());
                    Files.deleteIfExists(path);
                    Files.deleteIfExists(path2);
                    Files.deleteIfExists(path3);
                    Files.deleteIfExists(path4);
                    Files.deleteIfExists(path5);
                    Files.deleteIfExists(path6);
                } catch (IOException e) {
                    System.err.println("Error cleaning up");
                    e.printStackTrace(System.err);
                }
            }
        }));
    }

    private void writePem(String str, byte[] bArr, Path path) throws IOException {
        Files.createDirectories(path.getParent(), new FileAttribute[0]);
        PemWriter pemWriter = new PemWriter(Files.newBufferedWriter(path, StandardCharsets.UTF_8, new OpenOption[0]));
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.flush();
            pemWriter.close();
            try {
                Files.setPosixFilePermissions(path, Set.of(PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_READ));
            } catch (UnsupportedOperationException e) {
                File file = path.toFile();
                file.setReadable(false, false);
                file.setWritable(false, false);
                file.setReadable(true);
                file.setWritable(true);
            }
        } catch (Throwable th) {
            try {
                pemWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void writePem(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, Path path) throws IOException {
        Files.createDirectories(path.getParent(), new FileAttribute[0]);
        PemWriter pemWriter = new PemWriter(Files.newBufferedWriter(path, StandardCharsets.UTF_8, new OpenOption[0]));
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.writeObject(new PemObject(str, bArr2));
            pemWriter.writeObject(new PemObject(str, bArr3));
            pemWriter.flush();
            pemWriter.close();
            try {
                Files.setPosixFilePermissions(path, Set.of(PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_READ));
            } catch (UnsupportedOperationException e) {
                File file = path.toFile();
                file.setReadable(false, false);
                file.setWritable(false, false);
                file.setReadable(true);
                file.setWritable(true);
            }
        } catch (Throwable th) {
            try {
                pemWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
