package org.apache.tuweni.net.tls;

import com.google.common.base.Strings;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import org.apache.tuweni.bytes.Bytes;
import org.apache.tuweni.crypto.Hash;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/tuweni/net/tls/TLS.class */
public final class TLS {
    private TLS() {
    }

    public static boolean createSelfSignedCertificateIfMissing(Path path, Path path2) throws IOException {
        return createSelfSignedCertificateIfMissing(path, path2, null);
    }

    public static boolean createSelfSignedCertificateIfMissing(Path path, Path path2, String str) throws IOException {
        if (Files.exists(path2, new LinkOption[0]) || Files.exists(path, new LinkOption[0])) {
            return false;
        }
        Files.createDirectories(path2.getParent(), new FileAttribute[0]);
        Files.createDirectories(path.getParent(), new FileAttribute[0]);
        Path createTempFile = Files.createTempFile(path.getParent(), "client-key", ".tmp", new FileAttribute[0]);
        Path createTempFile2 = Files.createTempFile(path2.getParent(), "client-cert", ".tmp", new FileAttribute[0]);
        try {
            createSelfSignedCertificate(new Date(), createTempFile, createTempFile2, str);
            Files.move(createTempFile, path, StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
            Files.move(createTempFile2, path2, StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
            return true;
        } catch (NoSuchAlgorithmException | CertificateException | OperatorCreationException e) {
            throw new TLSEnvironmentException("Could not generate certificate: " + e.getMessage(), e);
        }
    }

    private static void createSelfSignedCertificate(Date date, Path path, Path path2, String str) throws NoSuchAlgorithmException, IOException, OperatorCreationException, CertificateException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        Date time = calendar.getTime();
        if (Strings.isNullOrEmpty(str)) {
            str = UUID.randomUUID().toString() + ".com";
        }
        X500Name x500Name = new X500Name("CN=" + str);
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), date, time, x500Name, generateKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(generateKeyPair.getPrivate())));
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(path, StandardCharsets.UTF_8, new OpenOption[0]);
        try {
            PemWriter pemWriter = new PemWriter(newBufferedWriter);
            try {
                pemWriter.writeObject(new PemObject("PRIVATE KEY", generateKeyPair.getPrivate().getEncoded()));
                pemWriter.close();
                if (newBufferedWriter != null) {
                    newBufferedWriter.close();
                }
                newBufferedWriter = Files.newBufferedWriter(path2, StandardCharsets.UTF_8, new OpenOption[0]);
                try {
                    pemWriter = new PemWriter(newBufferedWriter);
                    try {
                        pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
                        pemWriter.close();
                        if (newBufferedWriter != null) {
                            newBufferedWriter.close();
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
                try {
                    pemWriter.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        } finally {
        }
    }

    public static byte[] readPemFile(Path path) throws IOException {
        BufferedReader newBufferedReader = Files.newBufferedReader(path, StandardCharsets.UTF_8);
        try {
            PemReader pemReader = new PemReader(newBufferedReader);
            try {
                byte[] content = pemReader.readPemObject().getContent();
                pemReader.close();
                if (newBufferedReader != null) {
                    newBufferedReader.close();
                }
                return content;
            } finally {
            }
        } catch (Throwable th) {
            if (newBufferedReader != null) {
                try {
                    newBufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static byte[] certificateFingerprint(Path path) throws IOException {
        return Hash.sha2_256(readPemFile(path));
    }

    public static String certificateHexFingerprint(Path path) throws IOException {
        return Bytes.wrap(certificateFingerprint(path)).toHexString().substring(2).toLowerCase();
    }

    public static byte[] certificateFingerprint(Certificate certificate) throws CertificateEncodingException {
        return Hash.sha2_256(certificate.getEncoded());
    }

    public static String certificateHexFingerprint(Certificate certificate) throws CertificateEncodingException {
        return Bytes.wrap(certificateFingerprint(certificate)).toHexString().substring(2).toLowerCase();
    }
}
