package io.gravitee.apim.gateway.tests.sdk.utils;

import java.io.IOException;
import java.io.StringWriter;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:io/gravitee/apim/gateway/tests/sdk/utils/TLSUtils.class */
public class TLSUtils {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$TlsData.class */
    public interface TlsData<D> {
        void writeToDisk(Path path) throws IOException;

        String toPem() throws IOException;

        default String toPem(D d) throws IOException {
            StringWriter stringWriter = new StringWriter();
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                try {
                    jcaPEMWriter.writeObject(d);
                    jcaPEMWriter.flush();
                    String stringWriter2 = stringWriter.toString();
                    jcaPEMWriter.close();
                    stringWriter.close();
                    return stringWriter2;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    stringWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        D data();
    }

    /* loaded from: input_file:io/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert.class */
    public static final class X509Cert extends Record implements TlsData<X509Certificate> {
        private final X509Certificate data;

        public X509Cert(X509Certificate x509Certificate) {
            this.data = x509Certificate;
        }

        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public void writeToDisk(Path path) throws IOException {
            Files.writeString(path, toPem(), new OpenOption[0]);
        }

        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public String toPem() throws IOException {
            return toPem(this.data);
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, X509Cert.class), X509Cert.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;->data:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, X509Cert.class), X509Cert.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;->data:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, X509Cert.class, Object.class), X509Cert.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;->data:Ljava/security/cert/X509Certificate;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public X509Certificate data() {
            return this.data;
        }
    }

    /* loaded from: input_file:io/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key.class */
    public static final class X509Key extends Record implements TlsData<PrivateKey> {
        private final PrivateKey data;

        public X509Key(PrivateKey privateKey) {
            this.data = privateKey;
        }

        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public void writeToDisk(Path path) throws IOException {
            Files.writeString(path, toPem(), new OpenOption[0]);
        }

        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public String toPem() throws IOException {
            return toPem(this.data);
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, X509Key.class), X509Key.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;->data:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, X509Key.class), X509Key.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;->data:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, X509Key.class, Object.class), X509Key.class, "data", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;->data:Ljava/security/PrivateKey;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.gravitee.apim.gateway.tests.sdk.utils.TLSUtils.TlsData
        public PrivateKey data() {
            return this.data;
        }
    }

    /* loaded from: input_file:io/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair.class */
    public static final class X509Pair extends Record {
        private final X509Cert certificate;
        private final X509Key privateKey;

        public X509Pair(X509Cert x509Cert, X509Key x509Key) {
            this.certificate = x509Cert;
            this.privateKey = x509Key;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, X509Pair.class), X509Pair.class, "certificate;privateKey", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->certificate:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->privateKey:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, X509Pair.class), X509Pair.class, "certificate;privateKey", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->certificate:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->privateKey:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, X509Pair.class, Object.class), X509Pair.class, "certificate;privateKey", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->certificate:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Cert;", "FIELD:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Pair;->privateKey:Lio/gravitee/apim/gateway/tests/sdk/utils/TLSUtils$X509Key;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public X509Cert certificate() {
            return this.certificate;
        }

        public X509Key privateKey() {
            return this.privateKey;
        }
    }

    public static X509Pair createKeyPair(String str) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", (Provider) new BouncyCastleProvider());
        keyPairGenerator.initialize(2048);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        return new X509Pair(new X509Cert(generateCert(genKeyPair, str)), new X509Key(genKeyPair.getPrivate()));
    }

    private static X509Certificate generateCert(KeyPair keyPair, String str) throws Exception {
        String formatted = "C=FR, O=Gravitee, OU=IntegrationTests, CN=%s".formatted(str);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(formatted), BigInteger.ONE, Date.from(Instant.now().minus(30L, (TemporalUnit) ChronoUnit.DAYS)), Date.from(Instant.now().plus(30L, (TemporalUnit) ChronoUnit.DAYS)), new X500Name(formatted), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded()))));
        certificate.checkValidity(new Date());
        certificate.verify(keyPair.getPublic());
        return certificate;
    }

    public static KeyStore createKeyStore(String str, Object obj, char[] cArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, cArr);
        addEntry(keyStore, str, obj, cArr);
        return keyStore;
    }

    public static void appendToKeyStore(KeyStore keyStore, String str, Object obj, char[] cArr) throws Exception {
        addEntry(keyStore, str, obj, cArr);
    }

    public static KeyStore toTrustStore(KeyStore keyStore, char[] cArr) throws Exception {
        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
        keyStore2.load(null, cArr);
        Iterator it = Collections.list(keyStore.aliases()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            keyStore2.setEntry(str, new KeyStore.TrustedCertificateEntry(keyStore.getCertificate(str)), null);
        }
        return keyStore2;
    }

    private static void addEntry(KeyStore keyStore, String str, Object obj, char[] cArr) throws KeyStoreException {
        if (keyStore.containsAlias(str)) {
            throw new IllegalArgumentException("alias %s already exists".formatted(str));
        }
        if (obj instanceof X509Pair) {
            X509Pair x509Pair = (X509Pair) obj;
            keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(x509Pair.privateKey().data(), new X509Certificate[]{x509Pair.certificate().data()}), new KeyStore.PasswordProtection(cArr));
        } else {
            if (!(obj instanceof X509Cert)) {
                throw new IllegalArgumentException("%s cannot be added to a key store".formatted(obj));
            }
            keyStore.setEntry(str, new KeyStore.TrustedCertificateEntry(((X509Cert) obj).data()), null);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
