package org.opensearch.migrations.bulkload.common.http;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/TestTlsUtils.class */
public class TestTlsUtils {

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/TestTlsUtils$CertificateBundle.class */
    public static class CertificateBundle {
        public final X509Certificate certificate;
        public final PrivateKey privateKey;
        public final String pemCertificate;
        public final String pemPrivateKey;

        public CertificateBundle(X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
            this.certificate = x509Certificate;
            this.privateKey = privateKey;
            this.pemCertificate = toPEM(x509Certificate);
            this.pemPrivateKey = toPEM(privateKey);
        }

        public InputStream getCertificateInputStream() {
            return new ByteArrayInputStream(this.pemCertificate.getBytes());
        }

        public InputStream getPrivateKeyInputStream() {
            return new ByteArrayInputStream(this.pemPrivateKey.getBytes());
        }

        private static String toPEM(Object obj) throws Exception {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(obj);
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    stringWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    public static CertificateBundle generateCaCertificate() throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        X500Name x500Name = new X500Name("CN=Test CA");
        X509v3CertificateBuilder createCertBuilder = createCertBuilder(x500Name, x500Name, generateKeyPair.getPublic());
        createCertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        createCertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
        return new CertificateBundle(signCertificate(createCertBuilder, generateKeyPair.getPrivate()), generateKeyPair.getPrivate());
    }

    public static CertificateBundle generateServerCertificate(CertificateBundle certificateBundle) throws Exception {
        return generateSignedCertificate("CN=localhost", certificateBundle, false);
    }

    public static CertificateBundle generateClientCertificate(CertificateBundle certificateBundle) throws Exception {
        return generateSignedCertificate("CN=client", certificateBundle, false);
    }

    private static CertificateBundle generateSignedCertificate(String str, CertificateBundle certificateBundle, boolean z) throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        X509v3CertificateBuilder createCertBuilder = createCertBuilder(new X500Name(certificateBundle.certificate.getSubjectX500Principal().getName()), new X500Name(str), generateKeyPair.getPublic());
        if (z) {
            createCertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            createCertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
        } else {
            createCertBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
            createCertBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(160));
        }
        return new CertificateBundle(signCertificate(createCertBuilder, certificateBundle.privateKey), generateKeyPair.getPrivate());
    }

    private static X509v3CertificateBuilder createCertBuilder(X500Name x500Name, X500Name x500Name2, PublicKey publicKey) {
        Instant now = Instant.now();
        return new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(now.toEpochMilli()), Date.from(now), Date.from(now.plusSeconds(31536000L)), x500Name2, publicKey);
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws Exception {
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey)));
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
