package org.opensearch.migrations.testutils;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/opensearch/migrations/testutils/SelfSignedSSLContextBuilder.class */
public class SelfSignedSSLContextBuilder {
    public static final char[] KEYSTORE_PASSWORD = "".toCharArray();

    private static KeyStore buildKeyStoreForTesting() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry("selfsignedtestcert", generateKeyPair.getPrivate(), KEYSTORE_PASSWORD, new X509Certificate[]{generateSelfSignedCertificate(generateKeyPair)});
        return keyStore;
    }

    private static X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws OperatorCreationException, CertificateException {
        Instant now = Instant.now();
        Date from = Date.from(now.plus((TemporalAmount) Duration.ofHours(1L)));
        Date from2 = Date.from(now);
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate());
        return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Name("CN=localhost"), new BigInteger(64, new SecureRandom()), from2, from, new X500Name("CN=localhost"), keyPair.getPublic()).build(build));
    }

    public static SSLContext getSSLContext() throws Exception {
        KeyStore buildKeyStoreForTesting = buildKeyStoreForTesting();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(buildKeyStoreForTesting, KEYSTORE_PASSWORD);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(buildKeyStoreForTesting);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }
}
