package org.wildfly.security.ssl.test.util;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import javax.security.auth.x500.X500Principal;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.cert.AccessDescription;
import org.wildfly.security.x500.cert.AuthorityInformationAccessExtension;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.X509CertificateBuilder;
import org.wildfly.security.x500.cert.X509CertificateExtension;

/* loaded from: input_file:org/wildfly/security/ssl/test/util/CAGenerationTool.class */
public class CAGenerationTool implements Closeable {
    public static final String SIGNATURE_ALGORTHM = "SHA256withRSA";
    private static final String BEETLES_STORE = "beetles.keystore";
    private static final String KEY_ALGORITHM = "RSA";
    private static final String KEYSTORE_TYPE = "JKS";
    private static final int OCSP_PORT = 4854;
    static final char[] PASSWORD = "Elytron".toCharArray();
    private static final Set<Identity> BEETLES = Collections.unmodifiableSet(new HashSet(Arrays.asList(Identity.LADYBIRD, Identity.SCARAB, Identity.DUNG, Identity.FIREFLY)));
    private static final Predicate<Identity> INCLUDE_IN_BEETLES;
    private final File workingDir;
    private final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
    private final Map<Identity, CAState> caMap = new HashMap();
    private final Map<Identity, X509Certificate> certificateMap = new HashMap();
    private volatile boolean closed = false;

    /* loaded from: input_file:org/wildfly/security/ssl/test/util/CAGenerationTool$Builder.class */
    public static class Builder {
        private String baseDir = ".";
        private Identity[] requestedIdentities = new Identity[0];

        public Builder setBaseDir(String str) {
            this.baseDir = str;
            return this;
        }

        public Builder setRequestIdentities(Identity... identityArr) {
            this.requestedIdentities = identityArr;
            return this;
        }

        public CAGenerationTool build() throws Exception {
            return new CAGenerationTool(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/ssl/test/util/CAGenerationTool$CAState.class */
    public static class CAState {
        PrivateKey signingKey;
        X509Certificate issuerCertificate;
        int serialNumber = 1;

        CAState() {
        }
    }

    /* loaded from: input_file:org/wildfly/security/ssl/test/util/CAGenerationTool$Identity.class */
    public enum Identity {
        CA("CN=Elytron CA, ST=Elytron, C=UK, EMAILADDRESS=elytron@wildfly.org, O=Root Certificate Authority", null, true, "ca.truststore"),
        LADYBIRD("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Ladybird", CA, false, "ladybird.keystore"),
        SCARAB("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Scarab", CA, false, "scarab.keystore"),
        DUNG("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Dung", CA, false, "dung.keystore"),
        FIREFLY("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Firefly", CA, false, "firefly.keystore"),
        INTERMEDIATE("CN=Elytron ICA, ST=Elytron, C=UK, O=Intermediate Certificate Authority", CA, true, null),
        ROVE("OU=Elytron, O=Elytron, C=UK, ST=Elytron, CN=Rove", INTERMEDIATE, false, "rove.keystore"),
        SECOND_CA("CN=Wildfly CA, ST=Wildfly, C=CA, EMAILADDRESS=admin@wildfly.org O=Another Root Certificate Authority", null, true, "ca.truststore2"),
        LADYBUG("OU=Wildfly, O=Wildfly, C=CA, ST=Wildfly, CN=Ladybug", SECOND_CA, false, "ladybug.keystore"),
        GREENJUNE("OU=Wildfly, O=Wildfly, C=CA, ST=Wildfly, CN=Green June", SECOND_CA, false, "greenjune.keystore");

        private final X500Principal principal;
        private final Identity signedBy;
        private final boolean ca;
        private final String keyStoreName;

        Identity(String str, Identity identity, boolean z, String str2) {
            this.principal = new X500Principal(str);
            this.signedBy = identity;
            this.ca = z;
            this.keyStoreName = str2;
        }

        public X500Principal getPrincipal() {
            return this.principal;
        }

        public Identity getSignedBy() {
            return this.signedBy;
        }

        public boolean isCertificateAuthority() {
            return this.ca;
        }

        public String getKeyStoreName() {
            return this.keyStoreName;
        }

        @Override // java.lang.Enum
        public String toString() {
            return name().toLowerCase();
        }
    }

    protected CAGenerationTool(Builder builder) throws Exception {
        this.workingDir = new File(builder.baseDir);
        this.workingDir.mkdirs();
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        for (Identity identity : builder.requestedIdentities) {
            if (identity.isCertificateAuthority()) {
                this.caMap.computeIfAbsent(identity, this::createCA);
            } else {
                X509Certificate createIdentity = createIdentity(identity);
                this.certificateMap.put(identity, createIdentity);
                if (INCLUDE_IN_BEETLES.test(identity)) {
                    createEmptyKeyStore.setCertificateEntry(identity.toString(), createIdentity);
                }
            }
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(this.workingDir, BEETLES_STORE));
            try {
                createEmptyKeyStore.store(fileOutputStream, PASSWORD);
                fileOutputStream.close();
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public DefinedIdentity getDefinedIdentity(Identity identity) {
        if (identity.isCertificateAuthority()) {
            return getDefinedCAIdentity(identity);
        }
        if (this.certificateMap.containsKey(identity)) {
            return new DefinedIdentity(this, identity, this.certificateMap.get(identity));
        }
        throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString()));
    }

    public DefinedCAIdentity getDefinedCAIdentity(Identity identity) {
        if (!identity.isCertificateAuthority()) {
            throw new IllegalStateException(String.format("Identity %s is not a CertificateAuthority", identity.toString()));
        }
        if (!this.caMap.containsKey(identity)) {
            throw new IllegalStateException(String.format("Identity %s has not been created.", identity.toString()));
        }
        CAState cAState = this.caMap.get(identity);
        return new DefinedCAIdentity(this, identity, cAState.issuerCertificate, cAState.signingKey);
    }

    public KeyStore getBeetlesKeyStore() {
        return loadKeyStore(new File(this.workingDir, BEETLES_STORE));
    }

    @Deprecated
    public X509Certificate getCertificate(Identity identity) {
        return this.certificateMap.get(identity);
    }

    @Deprecated
    public PrivateKey getPrivateKey(Identity identity) {
        if (identity.isCertificateAuthority()) {
            return this.caMap.computeIfAbsent(identity, this::createCA).signingKey;
        }
        throw new IllegalStateException(String.format("Identity %s if not a CertificateAuthority", identity.toString()));
    }

    private CAState createCA(Identity identity) {
        CAState cAState = new CAState();
        Identity signedBy = identity.getSignedBy();
        if (signedBy == null) {
            SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setDn(identity.getPrincipal()).setKeyAlgorithmName(KEY_ALGORITHM).setSignatureAlgorithmName(SIGNATURE_ALGORTHM).addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647").build();
            cAState.issuerCertificate = build.getSelfSignedCertificate();
            cAState.signingKey = build.getSigningKey();
        } else {
            try {
                CAState computeIfAbsent = this.caMap.computeIfAbsent(signedBy, this::createCA);
                KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
                X509CertificateBuilder publicKey = new X509CertificateBuilder().setIssuerDn(signedBy.getPrincipal()).setSubjectDn(identity.getPrincipal()).setSignatureAlgorithmName(SIGNATURE_ALGORTHM).setSigningKey(computeIfAbsent.signingKey).setPublicKey(generateKeyPair.getPublic());
                int i = computeIfAbsent.serialNumber;
                computeIfAbsent.serialNumber = i + 1;
                cAState.issuerCertificate = publicKey.setSerialNumber(BigInteger.valueOf(i)).addExtension(new BasicConstraintsExtension(false, true, -1)).addExtension(new AuthorityInformationAccessExtension(Collections.singletonList(new AccessDescription("1.3.6.1.5.5.7.48.1", new GeneralName.URIName("http://localhost:4854/ocsp"))))).build();
                cAState.signingKey = generateKeyPair.getPrivate();
            } catch (CertificateException e) {
                throw new RuntimeException(e);
            }
        }
        if (identity.getKeyStoreName() != null) {
            try {
                File file = new File(this.workingDir, identity.getKeyStoreName());
                KeyStore loadKeyStore = file.exists() ? loadKeyStore(file) : createEmptyKeyStore();
                loadKeyStore.setCertificateEntry(identity.toString(), cAState.issuerCertificate);
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                try {
                    loadKeyStore.store(fileOutputStream, PASSWORD);
                    fileOutputStream.close();
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                throw new RuntimeException(e2);
            }
        }
        this.certificateMap.put(identity, cAState.issuerCertificate);
        return cAState;
    }

    private X509Certificate createCustomCertificate(Identity identity, X500Principal x500Principal, KeyPair keyPair, X509CertificateExtension... x509CertificateExtensionArr) throws CertificateException {
        CAState computeIfAbsent = this.caMap.computeIfAbsent(identity, this::createCA);
        X509CertificateBuilder publicKey = new X509CertificateBuilder().setIssuerDn(identity.getPrincipal()).setSubjectDn(x500Principal).setSignatureAlgorithmName(SIGNATURE_ALGORTHM).setSigningKey(computeIfAbsent.signingKey).setPublicKey(keyPair.getPublic());
        int i = computeIfAbsent.serialNumber;
        computeIfAbsent.serialNumber = i + 1;
        X509CertificateBuilder addExtension = publicKey.setSerialNumber(BigInteger.valueOf(i)).addExtension(new BasicConstraintsExtension(false, false, -1));
        for (X509CertificateExtension x509CertificateExtension : x509CertificateExtensionArr) {
            addExtension.addExtension(x509CertificateExtension);
        }
        return addExtension.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CustomIdentity createCustomIdentity(String str, X500Principal x500Principal, String str2, Identity identity, X509CertificateExtension... x509CertificateExtensionArr) {
        try {
            KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
            X509Certificate createCustomCertificate = createCustomCertificate(identity, x500Principal, generateKeyPair, x509CertificateExtensionArr);
            File file = new File(this.workingDir, str2);
            KeyStore createEmptyKeyStore = createEmptyKeyStore();
            ArrayList arrayList = new ArrayList();
            arrayList.add(createCustomCertificate);
            Identity identity2 = identity;
            do {
                arrayList.add(this.caMap.get(identity2).issuerCertificate);
                identity2 = identity2.getSignedBy();
            } while (identity2 != null);
            createEmptyKeyStore.setKeyEntry(str, generateKeyPair.getPrivate(), PASSWORD, (Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                createEmptyKeyStore.store(fileOutputStream, PASSWORD);
                fileOutputStream.close();
                return new CustomIdentity(this, createCustomCertificate, file);
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Umnable to create identity", e);
        }
    }

    @Deprecated
    public X509Certificate createIdentity(String str, X500Principal x500Principal, String str2, Identity identity, X509CertificateExtension... x509CertificateExtensionArr) {
        try {
            KeyPair generateKeyPair = this.keyPairGenerator.generateKeyPair();
            X509Certificate createCustomCertificate = createCustomCertificate(identity, x500Principal, generateKeyPair, x509CertificateExtensionArr);
            File file = new File(this.workingDir, str2);
            KeyStore createEmptyKeyStore = createEmptyKeyStore();
            ArrayList arrayList = new ArrayList();
            arrayList.add(createCustomCertificate);
            Identity identity2 = identity;
            do {
                CAState cAState = this.caMap.get(identity2);
                createEmptyKeyStore.setCertificateEntry(identity2.toString(), cAState.issuerCertificate);
                arrayList.add(cAState.issuerCertificate);
                identity2 = identity2.getSignedBy();
            } while (identity2 != null);
            createEmptyKeyStore.setKeyEntry(str, generateKeyPair.getPrivate(), PASSWORD, (Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                createEmptyKeyStore.store(fileOutputStream, PASSWORD);
                fileOutputStream.close();
                return createCustomCertificate;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private X509Certificate createSelfSignedIdentity(String str, X500Principal x500Principal, String str2) {
        SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setDn(x500Principal).setKeyAlgorithmName(KEY_ALGORITHM).setSignatureAlgorithmName(SIGNATURE_ALGORTHM).build();
        X509Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        File file = new File(this.workingDir, str2);
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        try {
            createEmptyKeyStore.setKeyEntry(str, build.getSigningKey(), PASSWORD, new X509Certificate[]{build.getSelfSignedCertificate()});
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                createEmptyKeyStore.store(fileOutputStream, PASSWORD);
                fileOutputStream.close();
                return selfSignedCertificate;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private X509Certificate createIdentity(Identity identity) {
        Identity signedBy = identity.getSignedBy();
        if (signedBy == null) {
            throw new IllegalStateException(String.format("Identity %s does not have a CA.", identity.toString()));
        }
        return createIdentity(identity.toString(), identity.getPrincipal(), identity.getKeyStoreName(), signedBy, new X509CertificateExtension[0]);
    }

    private static KeyStore createEmptyKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore loadKeyStore(Identity identity) {
        return loadKeyStore(new File(this.workingDir, identity.getKeyStoreName()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore loadKeyStore(File file) {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
                keyStore.load(fileInputStream, PASSWORD);
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void assertNotClosed() {
        if (this.closed) {
            throw new IllegalStateException("The CAGenerationTool is closed.");
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.closed = true;
        this.workingDir.delete();
    }

    public static Builder builder() {
        return new Builder();
    }

    static {
        Set<Identity> set = BEETLES;
        Objects.requireNonNull(set);
        INCLUDE_IN_BEETLES = (v1) -> {
            return r0.contains(v1);
        };
    }
}
