package org.mockserver.socket.tls;

import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.slf4j.event.Level;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-5.11.0.jar:org/mockserver/socket/tls/KeyStoreFactory.class */
public class KeyStoreFactory {
    public static final String KEY_STORE_TYPE = "jks";
    public static final String KEY_STORE_PASSWORD = "changeit";
    public static final String KEY_STORE_CERT_ALIAS = "mockserver-client-cert";
    public static final String KEY_STORE_CA_ALIAS = "mockserver-ca-cert";
    public final String keyStoreFileName = "mockserver_keystore_" + UUID.randomUUID().toString() + "_" + KEY_STORE_TYPE;
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static final String SSL_CONTEXT_FALLBACK_PROTOCOL = "TLSv1";
    private SSLContext sslContext;
    private final MockServerLogger mockServerLogger;
    private final KeyAndCertificateFactory keyAndCertificateFactory;

    public KeyStoreFactory(MockServerLogger mockServerLogger) {
        this.mockServerLogger = mockServerLogger;
        this.keyAndCertificateFactory = KeyAndCertificateFactoryFactory.createKeyAndCertificateFactory(mockServerLogger);
    }

    public synchronized SSLContext sslContext() {
        if (this.keyAndCertificateFactory.certificateNotYetCreated()) {
            this.keyAndCertificateFactory.buildAndSavePrivateKeyAndX509Certificate();
        }
        return sslContext(this.keyAndCertificateFactory.privateKey(), this.keyAndCertificateFactory.x509Certificate(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate(), new X509Certificate[]{this.keyAndCertificateFactory.certificateAuthorityX509Certificate()});
    }

    public synchronized SSLContext sslContext(PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate[] x509CertificateArr) {
        if (this.sslContext == null || ConfigurationProperties.rebuildTLSContext()) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(loadOrCreateKeyStore(privateKey, x509Certificate, x509Certificate2, x509CertificateArr), KEY_STORE_PASSWORD.toCharArray());
                this.sslContext = getSSLContextInstance();
                this.sslContext.init(keyManagerFactory.getKeyManagers(), InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
            } catch (Throwable th) {
                throw new RuntimeException("Failed to initialize the SSLContext", th);
            }
        }
        return this.sslContext;
    }

    public KeyStore loadOrCreateKeyStore() {
        if (this.keyAndCertificateFactory.certificateNotYetCreated()) {
            this.keyAndCertificateFactory.buildAndSavePrivateKeyAndX509Certificate();
        }
        return loadOrCreateKeyStore(this.keyAndCertificateFactory.privateKey(), this.keyAndCertificateFactory.x509Certificate(), this.keyAndCertificateFactory.certificateAuthorityX509Certificate(), new X509Certificate[]{this.keyAndCertificateFactory.certificateAuthorityX509Certificate()});
    }

    public KeyStore loadOrCreateKeyStore(PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate[] x509CertificateArr) {
        KeyStore keyStore = null;
        File file = new File(this.keyStoreFileName);
        if (file.exists()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    try {
                        keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
                        keyStore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new RuntimeException("Exception while loading KeyStore from " + file.getAbsolutePath(), e);
            }
        }
        System.setProperty("javax.net.ssl.trustStore", file.getAbsolutePath());
        return savePrivateKeyAndX509InKeyStore(keyStore, privateKey, KEY_STORE_PASSWORD.toCharArray(), new X509Certificate[]{x509Certificate, x509Certificate2}, x509CertificateArr);
    }

    private SSLContext getSSLContextInstance() throws NoSuchAlgorithmException {
        try {
            if (MockServerLogger.isEnabled(Level.DEBUG)) {
                this.mockServerLogger.logEvent(new LogEntry().setType(LogEntry.LogMessageType.SERVER_CONFIGURATION).setLogLevel(Level.DEBUG).setMessageFormat("using protocol{}").setArguments(SSL_CONTEXT_PROTOCOL));
            }
            return SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
        } catch (NoSuchAlgorithmException e) {
            if (MockServerLogger.isEnabled(Level.WARN)) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.WARN).setMessageFormat("protocol{}not available, falling back to{}").setArguments(SSL_CONTEXT_PROTOCOL, SSL_CONTEXT_FALLBACK_PROTOCOL).setThrowable(e));
            }
            return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
        }
    }

    /* JADX WARN: Finally extract failed */
    private KeyStore savePrivateKeyAndX509InKeyStore(KeyStore keyStore, Key key, char[] cArr, Certificate[] certificateArr, X509Certificate... x509CertificateArr) {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            try {
                keyStore2 = KeyStore.getInstance(KEY_STORE_TYPE);
                keyStore2.load(null, cArr);
            } catch (Exception e) {
                throw new RuntimeException("Exception while saving KeyStore", e);
            }
        }
        try {
            keyStore2.deleteEntry(KEY_STORE_CERT_ALIAS);
        } catch (KeyStoreException e2) {
        }
        keyStore2.setKeyEntry(KEY_STORE_CERT_ALIAS, key, cArr, certificateArr);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                keyStore2.deleteEntry(KEY_STORE_CA_ALIAS);
            } catch (KeyStoreException e3) {
            }
            keyStore2.setCertificateEntry(KEY_STORE_CA_ALIAS, x509Certificate);
        }
        String absolutePath = new File(this.keyStoreFileName).getAbsolutePath();
        FileOutputStream fileOutputStream = new FileOutputStream(absolutePath);
        Throwable th = null;
        try {
            keyStore2.store(fileOutputStream, cArr);
            if (MockServerLogger.isEnabled(Level.TRACE)) {
                this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.TRACE).setMessageFormat("saving key store to file [" + absolutePath + "]"));
            }
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            new File(absolutePath).deleteOnExit();
            return keyStore2;
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
