package org.infinispan.commons.test.security;

import java.io.BufferedWriter;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicLong;
import java.util.function.Consumer;
import javax.security.auth.x500.X500Principal;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

/* loaded from: input_file:org/infinispan/commons/test/security/TestCertificates.class */
public class TestCertificates {
    public static final String BASE_DN = "CN=%s,OU=Infinispan,O=JBoss,L=Red Hat";
    public static final String KEY_ALGORITHM = "RSA";
    public static final String KEY_SIGNATURE_ALGORITHM = "SHA256withRSA";
    public static final String EXTENSION = ".pfx";
    public static final char[] KEY_PASSWORD = "secret".toCharArray();
    public static final String KEYSTORE_TYPE = KeyStore.getDefaultType();
    private static final AtomicLong CERT_SERIAL = new AtomicLong(1);

    public static String certificate(String str) {
        return baseDir().resolve(str + ".pfx").toString();
    }

    public static String pem(String str) {
        return baseDir().resolve(str + ".pem").toString();
    }

    private static void createKeyStores() {
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance(KEY_ALGORITHM).generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            PublicKey publicKey = generateKeyPair.getPublic();
            X500Principal dn = dn("CA");
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(null, null);
            SelfSignedX509CertificateAndSigningKey createSelfSignedCertificate = createSelfSignedCertificate(dn, true, "ca");
            keyStore.setCertificateEntry("ca", createSelfSignedCertificate.getSelfSignedCertificate());
            createSignedCertificate(privateKey, publicKey, createSelfSignedCertificate, dn, "server", keyStore);
            createSignedCertificate(privateKey, publicKey, createSelfSignedCertificate, dn, "client", keyStore);
            createSignedCertificate(privateKey, publicKey, createSelfSignedCertificate, dn, "sni", keyStore);
            OutputStream newOutputStream = Files.newOutputStream(getCertificateFile("trust.pfx"), new OpenOption[0]);
            try {
                keyStore.store(newOutputStream, KEY_PASSWORD);
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
                createSelfSignedCertificate(dn, true, "untrusted");
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static Path baseDir() {
        return Paths.get(System.getProperty("user.dir"), "target", "test-classes");
    }

    private static X500Principal dn(String str) {
        return new X500Principal(String.format(BASE_DN, str));
    }

    private static Path getCertificateFile(String str) {
        return baseDir().resolve(str);
    }

    private static SelfSignedX509CertificateAndSigningKey createSelfSignedCertificate(X500Principal x500Principal, boolean z, String str) {
        SelfSignedX509CertificateAndSigningKey.Builder keyAlgorithmName = SelfSignedX509CertificateAndSigningKey.builder().setDn(x500Principal).setSignatureAlgorithmName(KEY_SIGNATURE_ALGORITHM).setKeyAlgorithmName(KEY_ALGORITHM);
        if (z) {
            keyAlgorithmName.addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647");
        }
        SelfSignedX509CertificateAndSigningKey build = keyAlgorithmName.build();
        X509Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        writeKeyStore(getCertificateFile(str + ".pfx"), keyStore -> {
            try {
                keyStore.setCertificateEntry(str, selfSignedCertificate);
            } catch (KeyStoreException e) {
                throw new RuntimeException(e);
            }
        });
        try {
            BufferedWriter newBufferedWriter = Files.newBufferedWriter(baseDir().resolve(str + ".pem"), new OpenOption[0]);
            try {
                newBufferedWriter.write("-----BEGIN PRIVATE KEY-----\n");
                newBufferedWriter.write(Base64.getEncoder().encodeToString(build.getSigningKey().getEncoded()));
                newBufferedWriter.write("\n-----END PRIVATE KEY-----\n");
                newBufferedWriter.write("-----BEGIN CERTIFICATE-----\n");
                newBufferedWriter.write(Base64.getEncoder().encodeToString(selfSignedCertificate.getEncoded()));
                newBufferedWriter.write("\n-----END CERTIFICATE-----\n");
                if (newBufferedWriter != null) {
                    newBufferedWriter.close();
                }
                return build;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static void createSignedCertificate(PrivateKey privateKey, PublicKey publicKey, SelfSignedX509CertificateAndSigningKey selfSignedX509CertificateAndSigningKey, X500Principal x500Principal, String str, KeyStore keyStore) throws CertificateException {
        X509Certificate selfSignedCertificate = selfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
        X509Certificate build = new X509CertificateBuilder().setIssuerDn(x500Principal).setSubjectDn(dn(str)).setSignatureAlgorithmName(KEY_SIGNATURE_ALGORITHM).setSigningKey(selfSignedX509CertificateAndSigningKey.getSigningKey()).setPublicKey(publicKey).setSerialNumber(BigInteger.valueOf(CERT_SERIAL.getAndIncrement())).addExtension(new BasicConstraintsExtension(false, false, -1)).build();
        try {
            keyStore.setCertificateEntry(str, build);
            writeKeyStore(getCertificateFile(str + ".pfx"), keyStore2 -> {
                try {
                    keyStore2.setCertificateEntry("ca", selfSignedCertificate);
                    keyStore2.setKeyEntry(str, privateKey, KEY_PASSWORD, new X509Certificate[]{build, selfSignedCertificate});
                } catch (KeyStoreException e) {
                    throw new RuntimeException(e);
                }
            });
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    private static void writeKeyStore(Path path, Consumer<KeyStore> consumer) {
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                consumer.accept(keyStore);
                keyStore.store(newOutputStream, KEY_PASSWORD);
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    static {
        createKeyStores();
    }
}
