package org.wildfly.security.ssl;

import io.netty.buffer.Unpooled;
import io.netty.handler.codec.http.DefaultFullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpVersion;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.time.Instant;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLSession;
import org.junit.Assert;
import org.mockserver.integration.ClientAndServer;
import org.mockserver.matchers.Times;
import org.mockserver.model.Header;
import org.mockserver.model.HttpRequest;
import org.mockserver.model.HttpResponse;
import org.mockserver.model.NottableString;
import org.wildfly.common.iteration.ByteIterator;
import org.xipki.datasource.DataSourceFactory;
import org.xipki.http.servlet.ServletURI;
import org.xipki.http.servlet.SslReverseProxyMode;
import org.xipki.ocsp.server.impl.HttpOcspServlet;
import org.xipki.ocsp.server.impl.OcspServer;
import org.xipki.security.SecurityFactoryImpl;
import org.xipki.security.SignerFactoryRegisterImpl;

/* loaded from: input_file:org/wildfly/security/ssl/TestingOcspServer.class */
public class TestingOcspServer {
    private int port;
    private ClientAndServer server;
    private Connection connection;
    private OcspServer ocspServer = null;
    private SecurityFactoryImpl securityFactory = new SecurityFactoryImpl();

    public TestingOcspServer(int i) throws Exception {
        this.port = i;
        initDatabase();
    }

    private void initDatabase() throws Exception {
        this.connection = new DataSourceFactory().createDataSource("datasource1", TestingOcspServer.class.getResource("ocsp-db.properties").openStream(), this.securityFactory.getPasswordResolver()).getConnection();
        this.connection.prepareStatement("CREATE TABLE ISSUER (\n    ID INT NOT NULL,\n    SUBJECT VARCHAR(350) NOT NULL,\n    NBEFORE BIGINT NOT NULL,\n    NAFTER BIGINT NOT NULL,\n    S1C CHAR(28) NOT NULL,\n    REV SMALLINT DEFAULT 0,\n    RR SMALLINT,\n    RT BIGINT,\n    RIT BIGINT,\n    CERT VARCHAR(4000) NOT NULL,\n    CRL_INFO VARCHAR(1000)\n);").execute();
        this.connection.prepareStatement("CREATE TABLE CERT (\n    ID BIGINT NOT NULL,\n    IID INT NOT NULL,\n    SN VARCHAR(40) NOT NULL,\n    LUPDATE BIGINT NOT NULL,\n    NBEFORE BIGINT,\n    NAFTER BIGINT,\n    REV SMALLINT DEFAULT 0,\n    RR SMALLINT,\n    RT BIGINT,\n    RIT BIGINT,\n    PN VARCHAR(45)\n);").execute();
    }

    public void start() throws Exception {
        Assert.assertNull("OCSP server already started", this.ocspServer);
        this.ocspServer = new OcspServer();
        this.ocspServer.setConfFile(TestingOcspServer.class.getResource("ocsp-responder.xml").getFile());
        this.securityFactory.setSignerFactoryRegister(new SignerFactoryRegisterImpl());
        this.ocspServer.setSecurityFactory(this.securityFactory);
        this.ocspServer.init();
        HttpOcspServlet httpOcspServlet = new HttpOcspServlet();
        httpOcspServlet.setServer(this.ocspServer);
        this.server = new ClientAndServer(new Integer[]{Integer.valueOf(this.port)});
        this.server.when(HttpRequest.request().withMethod("POST").withPath("/ocsp"), Times.unlimited()).respond(httpRequest -> {
            return getHttpResponse(httpRequest, httpOcspServlet);
        });
        this.server.when(HttpRequest.request().withMethod("GET").withPath("/ocsp/.*"), Times.unlimited()).respond(httpRequest2 -> {
            return getHttpResponse(httpRequest2, httpOcspServlet);
        });
    }

    public void stop() throws SQLException {
        Assert.assertNotNull("OCSP server not started", this.ocspServer);
        this.server.stop();
        this.ocspServer.shutdown();
        this.connection.close();
        this.ocspServer = null;
    }

    public void createIssuer(int i, X509Certificate x509Certificate) throws SQLException, CertificateException, NoSuchAlgorithmException {
        Assert.assertNull("OCSP server already started", this.ocspServer);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        PreparedStatement prepareStatement = this.connection.prepareStatement("INSERT INTO ISSUER (ID, SUBJECT, NBEFORE, NAFTER, S1C, CERT) VALUES (?, ?, ?, ?, ?, ?)");
        prepareStatement.setInt(1, i);
        prepareStatement.setString(2, x509Certificate.getSubjectDN().toString());
        prepareStatement.setLong(3, x509Certificate.getNotBefore().toInstant().getEpochSecond());
        prepareStatement.setLong(4, x509Certificate.getNotAfter().toInstant().getEpochSecond());
        prepareStatement.setString(5, ByteIterator.ofBytes(messageDigest.digest(x509Certificate.getEncoded())).base64Encode().drainToString());
        prepareStatement.setString(6, ByteIterator.ofBytes(x509Certificate.getEncoded()).base64Encode().drainToString());
        prepareStatement.execute();
    }

    public void createCertificate(int i, int i2, X509Certificate x509Certificate) throws SQLException {
        long epochSecond = Instant.now().getEpochSecond();
        PreparedStatement prepareStatement = this.connection.prepareStatement("INSERT INTO CERT (ID, IID, SN, LUPDATE, NBEFORE, NAFTER) VALUES (?, ?, ?, ?, ?, ?)");
        prepareStatement.setInt(1, i);
        prepareStatement.setInt(2, i2);
        prepareStatement.setString(3, x509Certificate.getSerialNumber().toString(16));
        prepareStatement.setLong(4, epochSecond);
        prepareStatement.setLong(5, x509Certificate.getNotBefore().toInstant().getEpochSecond());
        prepareStatement.setLong(6, x509Certificate.getNotAfter().toInstant().getEpochSecond());
        prepareStatement.execute();
    }

    public void revokeCertificate(int i, int i2) throws SQLException {
        long epochSecond = Instant.now().getEpochSecond();
        PreparedStatement prepareStatement = this.connection.prepareStatement("UPDATE CERT SET REV = 1, RR = ?, RT = ?, RIT = ? WHERE ID = ?");
        prepareStatement.setInt(1, i2);
        prepareStatement.setLong(2, epochSecond);
        prepareStatement.setLong(3, epochSecond);
        prepareStatement.setInt(4, i);
        prepareStatement.execute();
    }

    public HttpResponse getHttpResponse(HttpRequest httpRequest, HttpOcspServlet httpOcspServlet) {
        HttpMethod httpMethod;
        byte[] rawBytes;
        if (httpRequest.getBody() == null) {
            httpMethod = HttpMethod.GET;
            rawBytes = httpRequest.getPath().getValue().split("/ocsp/", 2)[1].getBytes(StandardCharsets.UTF_8);
        } else {
            httpMethod = HttpMethod.POST;
            rawBytes = httpRequest.getBody().getRawBytes();
        }
        DefaultFullHttpRequest defaultFullHttpRequest = new DefaultFullHttpRequest(HttpVersion.HTTP_1_0, httpMethod, httpRequest.getPath().getValue(), Unpooled.wrappedBuffer(rawBytes));
        for (Header header : httpRequest.getHeaderList()) {
            Iterator it = header.getValues().iterator();
            while (it.hasNext()) {
                defaultFullHttpRequest.headers().add(header.getName().getValue(), ((NottableString) it.next()).getValue());
            }
        }
        try {
            FullHttpResponse service = httpOcspServlet.service(defaultFullHttpRequest, new ServletURI(httpRequest.getPath().getValue()), (SSLSession) null, SslReverseProxyMode.NONE);
            HttpResponse withBody = HttpResponse.response().withStatusCode(Integer.valueOf(service.status().code())).withBody(service.content().array());
            Iterator it2 = service.headers().iterator();
            while (it2.hasNext()) {
                Map.Entry entry = (Map.Entry) it2.next();
                withBody.withHeader((String) entry.getKey(), new String[]{(String) entry.getValue()});
            }
            return withBody;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
