package org.mockserver.socket;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.apache.http.cookie.ClientCookie;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-2.0.jar:org/mockserver/socket/SSLFactory.class */
public class SSLFactory {
    public static final String KEY_STORE_PASSWORD = "changeit";
    public static final String KEY_STORE_FILENAME = "keystore.jks";
    private static KeyStore keystore;

    /* loaded from: input_file:WEB-INF/lib/mockserver-core-2.0.jar:org/mockserver/socket/SSLFactory$KeyAlgorithmName.class */
    public enum KeyAlgorithmName {
        EC(256, "SHA256withECDSA"),
        RSA(2048, "SHA256WithRSA"),
        DSA(1024, "SHA1WithDSA");

        private final int keySize;
        private final String signatureAlgorithmName;

        KeyAlgorithmName(int i, String str) {
            this.keySize = i;
            this.signatureAlgorithmName = str;
        }
    }

    public static SSLSocket wrapSocket(Socket socket, SSLContext sSLContext) throws Exception {
        SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
        sSLSocket.setUseClientMode(true);
        sSLSocket.startHandshake();
        return sSLSocket;
    }

    public static KeyStore buildKeyStore() {
        if (keystore == null) {
            File file = new File(KEY_STORE_FILENAME);
            if (file.exists()) {
                loadKeyStore(file);
            } else {
                dynamicallyCreateKeyStore();
                saveKeyStore();
            }
        }
        return keystore;
    }

    private static void dynamicallyCreateKeyStore() {
        try {
            keystore = generateCertificate("certAlias", "changeit".toCharArray(), KeyAlgorithmName.RSA, "CN=www.mockserver.com, O=MockServer, L=London, S=England, C=UK", new String[0]);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Exception while building KeyStore dynamically", e);
        }
    }

    private static void loadKeyStore(File file) {
        try {
            FileInputStream fileInputStream = new FileInputStream(KEY_STORE_FILENAME);
            Throwable th = null;
            try {
                keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                keystore.load(fileInputStream, "changeit".toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            } finally {
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Exception while loading KeyStore from " + file.getAbsolutePath(), e);
        }
    }

    private static void saveKeyStore() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keystore.store(byteArrayOutputStream, "changeit".toCharArray());
            File file = new File(KEY_STORE_FILENAME);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            Throwable th = null;
            try {
                try {
                    fileOutputStream.write(byteArrayOutputStream.toByteArray());
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    file.deleteOnExit();
                } finally {
                }
            } finally {
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Exception while saving KeyStore", e);
        }
    }

    private static KeyStore generateCertificate(String str, char[] cArr, KeyAlgorithmName keyAlgorithmName, String str2, String... strArr) throws GeneralSecurityException, IOException {
        CertAndKeyGen certAndKeyGen = new CertAndKeyGen(keyAlgorithmName.name(), keyAlgorithmName.signatureAlgorithmName, "SunCertificates");
        certAndKeyGen.generate(keyAlgorithmName.keySize);
        PrivateKey privateKey = certAndKeyGen.getPrivateKey();
        X509CertInfo x509CertInfo = new X509CertInfo();
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + TimeUnit.DAYS.toMillis(360L)));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X500Name x500Name = new X500Name(str2);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
        x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
        x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
        x509CertInfo.set("key", new CertificateX509Key(certAndKeyGen.getPublicKey()));
        x509CertInfo.set(ClientCookie.VERSION_ATTR, new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)));
        GeneralNames generalNames = new GeneralNames();
        for (String str3 : strArr) {
            generalNames.add(new GeneralName(new DNSName(str3)));
        }
        if (generalNames.size() > 0) {
            CertificateExtensions certificateExtensions = (CertificateExtensions) x509CertInfo.get("extensions");
            if (certificateExtensions == null) {
                certificateExtensions = new CertificateExtensions();
            }
            certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
            x509CertInfo.set("extensions", certificateExtensions);
        }
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);
        x509CertInfo.set("algorithmID.algorithm", x509CertImpl.get("x509.algorithm"));
        X509Certificate x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str, privateKey, cArr, new X509Certificate[]{x509CertImpl2});
        return keyStore;
    }
}
