package org.mockserver.socket;

import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.mockserver.configuration.ConfigurationProperties;
import org.mockserver.log.model.MessageLogEntry;
import org.mockserver.logging.MockServerLogger;

/* loaded from: input_file:org/mockserver/socket/KeyStoreFactory.class */
public class KeyStoreFactory {
    public static final String KEY_STORE_PASSWORD = "changeit";
    public static final String CERTIFICATE_DOMAIN = "localhost";
    public static final String KEY_STORE_CERT_ALIAS = "mockserver-client-cert";
    private static final String KEY_STORE_CA_ALIAS = "mockserver-ca-cert";
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static final String SSL_CONTEXT_FALLBACK_PROTOCOL = "TLSv1";
    private static SSLContext sslContext;
    private static final MockServerLogger MOCK_SERVER_LOGGER = new MockServerLogger(KeyStoreFactory.class);
    private static final KeyStoreFactory SSL_FACTORY = new KeyStoreFactory();

    private KeyStoreFactory() {
    }

    public static KeyStoreFactory keyStoreFactory() {
        return SSL_FACTORY;
    }

    public static String defaultKeyStoreFileName() {
        if ("jks".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.jks";
        }
        if ("pkcs12".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.p12";
        }
        if ("jceks".equalsIgnoreCase(ConfigurationProperties.javaKeyStoreType())) {
            return "mockserver_keystore.jceks";
        }
        throw new IllegalArgumentException(ConfigurationProperties.javaKeyStoreType() + " is not a supported keystore type");
    }

    private static KeyStore saveCertificateAsKeyStore(KeyStore keyStore, boolean z, String str, String str2, Key key, char[] cArr, Certificate[] certificateArr, X509Certificate x509Certificate) {
        KeyStore keyStore2 = keyStore;
        if (keyStore2 == null) {
            try {
                keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore2.load(null, cArr);
            } catch (Exception e) {
                throw new RuntimeException("Exception while saving KeyStore", e);
            }
        }
        try {
            keyStore2.deleteEntry(str2);
        } catch (KeyStoreException e2) {
        }
        keyStore2.setKeyEntry(str2, key, cArr, certificateArr);
        try {
            keyStore2.deleteEntry(KEY_STORE_CA_ALIAS);
        } catch (KeyStoreException e3) {
        }
        keyStore2.setCertificateEntry(KEY_STORE_CA_ALIAS, x509Certificate);
        String absolutePath = new File(str).getAbsolutePath();
        FileOutputStream fileOutputStream = new FileOutputStream(absolutePath);
        Throwable th = null;
        try {
            try {
                keyStore2.store(fileOutputStream, cArr);
                MOCK_SERVER_LOGGER.trace("Saving key store to file [" + absolutePath + "]", new Object[0]);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                if (z) {
                    new File(absolutePath).deleteOnExit();
                }
                return keyStore2;
            } finally {
            }
        } finally {
        }
    }

    public synchronized SSLContext sslContext() {
        if (sslContext == null || ConfigurationProperties.rebuildKeyStore()) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(loadOrCreateKeyStore(), ConfigurationProperties.javaKeyStorePassword().toCharArray());
                sslContext = getSSLContextInstance();
                sslContext.init(keyManagerFactory.getKeyManagers(), InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
            } catch (Exception e) {
                throw new RuntimeException("Failed to initialize the SSLContext", e);
            }
        }
        return sslContext;
    }

    private SSLContext getSSLContextInstance() throws NoSuchAlgorithmException {
        try {
            MOCK_SERVER_LOGGER.debug(MessageLogEntry.LogMessageType.SERVER_CONFIGURATION, "Using protocol {}", SSL_CONTEXT_PROTOCOL);
            return SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
        } catch (NoSuchAlgorithmException e) {
            MOCK_SERVER_LOGGER.warn("Protocol {} not available, falling back to {}", SSL_CONTEXT_PROTOCOL, SSL_CONTEXT_FALLBACK_PROTOCOL);
            return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
        }
    }

    public KeyStore loadOrCreateKeyStore() {
        KeyStore keyStore = null;
        File file = new File(ConfigurationProperties.javaKeyStoreFilePath());
        if (file.exists()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    try {
                        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, ConfigurationProperties.javaKeyStorePassword().toCharArray());
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new RuntimeException("Exception while loading KeyStore from " + file.getAbsolutePath(), e);
            }
        }
        System.setProperty("javax.net.ssl.trustStore", file.getAbsolutePath());
        ConfigurationProperties.rebuildKeyStore(false);
        return populateKeyStore(keyStore);
    }

    private KeyStore populateKeyStore(KeyStore keyStore) {
        KeyAndCertificateFactory.keyAndCertificateFactory().buildAndSaveCertificates();
        return saveCertificateAsKeyStore(keyStore, ConfigurationProperties.deleteGeneratedKeyStoreOnExit(), ConfigurationProperties.javaKeyStoreFilePath(), KEY_STORE_CERT_ALIAS, KeyAndCertificateFactory.keyAndCertificateFactory().mockServerPrivateKey(), ConfigurationProperties.javaKeyStorePassword().toCharArray(), new X509Certificate[]{KeyAndCertificateFactory.keyAndCertificateFactory().mockServerX509Certificate(), KeyAndCertificateFactory.keyAndCertificateFactory().mockServerCertificateAuthorityX509Certificate()}, KeyAndCertificateFactory.keyAndCertificateFactory().mockServerCertificateAuthorityX509Certificate());
    }
}
