package com.github.gv2011.util.sec;

import com.github.gv2011.util.Constant;
import com.github.gv2011.util.FileUtils;
import com.github.gv2011.util.Verify;
import com.github.gv2011.util.bytes.ByteUtils;
import com.github.gv2011.util.bytes.Bytes;
import com.github.gv2011.util.bytes.BytesBuilder;
import com.github.gv2011.util.bytes.Hash256;
import com.github.gv2011.util.bytes.TypedBytes;
import com.github.gv2011.util.ex.Exceptions;
import com.github.gv2011.util.ex.ThrowingSupplier;
import com.github.gv2011.util.icol.ICollections;
import com.github.gv2011.util.icol.IList;
import com.github.gv2011.util.icol.Opt;
import com.github.gv2011.util.num.NumUtils;
import com.github.gv2011.util.serviceloader.RecursiveServiceLoader;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/util-apis-0.9.jar:com/github/gv2011/util/sec/SecUtils.class */
public final class SecUtils {
    public static final String TLSV12 = "TLSv1.2";
    public static final String JKS = "JKS";
    public static final String RSA = "RSA";
    public static final String JKS_DEFAULT_PASSWORD = "changeit";
    public static final String KEY_FILE_NAME = "key.pkcs8";
    public static final String PKCS12 = "PKCS12";
    public static final String PKCS12_FILE_EXTENSION = "p12";
    public static final String JAVAX_NET_DEBUG_SYS_PROP = "javax.net.debug";
    public static final String JAVAX_NET_DEBUG_SYS_PROP_ALL = "all";
    private static final String PKIX = "PKIX";
    private static final String SUN_X509 = "SunX509";
    private static final String CERT_FILE_PATTERN = "cert{}.crt";
    private static final String CERT_ALIAS = "cert";
    private static final String X_509 = "X.509";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecUtils.class);
    static final Constant<SecProvider> SEC_PROVIDER = RecursiveServiceLoader.lazyService(SecProvider.class);

    private SecUtils() {
        Exceptions.staticClass();
    }

    public static final SimpleKeyStore createSimpleKeyStore(Domain domain) {
        return SEC_PROVIDER.get().createSimpleKeyStore(domain);
    }

    public static final SimpleKeyStore loadSimpleKeyStore(TypedBytes typedBytes) {
        return SEC_PROVIDER.get().loadSimpleKeyStore(typedBytes);
    }

    public static RSAPublicKey createRsaPublicKey(BigInteger bigInteger, BigInteger bigInteger2) {
        return (RSAPublicKey) Exceptions.call(() -> {
            return KeyFactory.getInstance(RSA).generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        });
    }

    public static RSAPublicKey parseRsaPublicKey(Bytes bytes) {
        return (RSAPublicKey) Exceptions.call(() -> {
            return KeyFactory.getInstance(RSA).generatePublic(new X509EncodedKeySpec(bytes.toByteArray()));
        });
    }

    public static final X509Certificate readCertificate(Bytes bytes) {
        CertificateFactory certificateFactory = (CertificateFactory) Exceptions.call(() -> {
            return CertificateFactory.getInstance(X_509);
        });
        Objects.requireNonNull(bytes);
        return (X509Certificate) Exceptions.callWithCloseable(bytes::openStream, inputStream -> {
            return (X509Certificate) certificateFactory.generateCertificate(inputStream);
        });
    }

    public static final Hash256 getFingerPrint(Certificate certificate) {
        Objects.requireNonNull(certificate);
        return ByteUtils.newBytes((byte[]) Exceptions.call(certificate::getEncoded)).hash();
    }

    public static final X509Certificate readCertificateFromPem(String str) {
        CertificateFactory certificateFactory = (CertificateFactory) Exceptions.call(() -> {
            return CertificateFactory.getInstance(X_509);
        });
        return (X509Certificate) Exceptions.callWithCloseable(() -> {
            return new ByteArrayInputStream(str.getBytes(StandardCharsets.US_ASCII));
        }, byteArrayInputStream -> {
            return (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        });
    }

    public static final IList<X509Certificate> readCertificateChainFromPem(String str) {
        CertificateFactory certificateFactory = (CertificateFactory) Exceptions.call(() -> {
            return CertificateFactory.getInstance(X_509);
        });
        return (IList) Exceptions.callWithCloseable(() -> {
            return new ByteArrayInputStream(str.getBytes(StandardCharsets.US_ASCII));
        }, byteArrayInputStream -> {
            IList.Builder listBuilder = ICollections.listBuilder();
            listBuilder.add((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream));
            listBuilder.add((X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream));
            return (IList) listBuilder.build();
        });
    }

    public static final void writeCertificateChain(IList<X509Certificate> iList, Path path) {
        writeCertificateChain(iList, path, CERT_FILE_PATTERN);
    }

    public static final void writeCertificateChain(IList<X509Certificate> iList, Path path, String str) {
        int i = 0;
        boolean z = false;
        while (!z) {
            if (!FileUtils.deleteFile(certFile(path, i, str)) && i >= iList.size()) {
                z = true;
            }
            i++;
        }
        for (int i2 = 0; i2 < iList.size(); i2++) {
            X509Certificate x509Certificate = iList.get(i2);
            Objects.requireNonNull(x509Certificate);
            ByteUtils.newBytes((byte[]) Exceptions.call(x509Certificate::getEncoded)).write(certFile(path, i2, str));
        }
    }

    public static final Bytes convertToPkcs12(Path path) {
        RsaKeyPair parse = RsaKeyPair.parse(ByteUtils.read(path.resolve("key.rsa")));
        IList<X509Certificate> readCertificateChain = readCertificateChain(path);
        return (Bytes) Exceptions.call(() -> {
            KeyStore keyStore = KeyStore.getInstance(PKCS12);
            keyStore.load(null, null);
            keyStore.setKeyEntry(CERT_ALIAS, parse.getPrivate(), JKS_DEFAULT_PASSWORD.toCharArray(), (Certificate[]) readCertificateChain.toArray(new Certificate[readCertificateChain.size()]));
            BytesBuilder newBytesBuilder = ByteUtils.newBytesBuilder();
            keyStore.store(newBytesBuilder, "default".toCharArray());
            return newBytesBuilder.build();
        });
    }

    public static final IList<X509Certificate> readCertificateChain(Path path) {
        return readCertificateChain(path, CERT_FILE_PATTERN);
    }

    public static final IList<X509Certificate> readCertificateChain(Path path, String str) {
        IList.Builder listBuilder = ICollections.listBuilder();
        int i = 0;
        Path certFile = certFile(path, 0, str);
        while (true) {
            Path path2 = certFile;
            if (!Files.exists(path2, new LinkOption[0])) {
                return (IList) listBuilder.build();
            }
            listBuilder.add(readCertificate(ByteUtils.read(path2)));
            i++;
            certFile = certFile(path, i, str);
        }
    }

    private static Path certFile(Path path, int i) {
        return certFile(path, i, CERT_FILE_PATTERN);
    }

    private static Path certFile(Path path, int i, String str) {
        return path.resolve(Exceptions.format(str, NumUtils.withLeadingZeros(i + 1, 2)));
    }

    public static final KeyStore readKeyStore(ThrowingSupplier<InputStream> throwingSupplier) {
        KeyStore keyStore = (KeyStore) Exceptions.call(() -> {
            return KeyStore.getInstance(JKS);
        });
        Exceptions.callWithCloseable(throwingSupplier, inputStream -> {
            keyStore.load(inputStream, JKS_DEFAULT_PASSWORD.toCharArray());
        });
        return keyStore;
    }

    public static final KeyStore createJKSKeyStore(RsaKeyPair rsaKeyPair, IList<X509Certificate> iList) {
        KeyStore keyStore = (KeyStore) Exceptions.call(() -> {
            return KeyStore.getInstance(JKS);
        });
        Exceptions.call(() -> {
            keyStore.load(null);
        });
        return addToKeyStore(rsaKeyPair, iList, keyStore, Opt.empty());
    }

    public static final KeyStore createJKSKeyStore(Path path) {
        return createJKSKeyStore(RsaKeyPair.parse(ByteUtils.read(path.resolve(KEY_FILE_NAME))), ICollections.listOf(readCertificate(ByteUtils.read(certFile(path, 0)))));
    }

    public static final KeyStore addToKeyStore(ServerCertificate serverCertificate, KeyStore keyStore) {
        addToKeyStore(serverCertificate.keyPair(), serverCertificate.certificateChain(), keyStore, Opt.of(serverCertificate.domain().toString()));
        return keyStore;
    }

    public static final KeyStore addToKeyStore(RsaKeyPair rsaKeyPair, IList<X509Certificate> iList, KeyStore keyStore, Opt<String> opt) {
        Verify.verifyEqual(rsaKeyPair.getPublic(), iList.get(0).getPublicKey());
        Exceptions.call(() -> {
            keyStore.setKeyEntry((String) opt.orElseGet(() -> {
                return findAlias(keyStore);
            }), rsaKeyPair.getPrivate(), JKS_DEFAULT_PASSWORD.toCharArray(), (Certificate[]) iList.toArray(new Certificate[iList.size()]));
        });
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final String findAlias(KeyStore keyStore) {
        return (String) Exceptions.call(() -> {
            String str = CERT_ALIAS;
            int i = 0;
            while (keyStore.containsAlias(str)) {
                i++;
                str = "cert" + i;
            }
            return str;
        });
    }

    public static final Bytes createJKSKeyStoreBytes(RsaKeyPair rsaKeyPair, IList<X509Certificate> iList) {
        BytesBuilder newBytesBuilder = ByteUtils.newBytesBuilder();
        try {
            Exceptions.call(() -> {
                createJKSKeyStore(rsaKeyPair, iList).store(newBytesBuilder, JKS_DEFAULT_PASSWORD.toCharArray());
            });
            Bytes build = newBytesBuilder.build();
            if (newBytesBuilder != null) {
                newBytesBuilder.close();
            }
            return build;
        } catch (Throwable th) {
            if (newBytesBuilder != null) {
                try {
                    newBytesBuilder.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static final Bytes createJKSKeyStore(X509Certificate x509Certificate) {
        KeyStore keyStore = (KeyStore) Exceptions.call(() -> {
            return KeyStore.getInstance(JKS);
        });
        Exceptions.call(() -> {
            keyStore.load(null, null);
        });
        Exceptions.call(() -> {
            keyStore.setCertificateEntry(CERT_ALIAS, x509Certificate);
        });
        BytesBuilder newBytesBuilder = ByteUtils.newBytesBuilder();
        try {
            Exceptions.call(() -> {
                keyStore.store(newBytesBuilder, JKS_DEFAULT_PASSWORD.toCharArray());
            });
            Bytes build = newBytesBuilder.build();
            if (newBytesBuilder != null) {
                newBytesBuilder.close();
            }
            return build;
        } catch (Throwable th) {
            if (newBytesBuilder != null) {
                try {
                    newBytesBuilder.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static final void extractJKSKeyStore(Bytes bytes, Path path) {
        Objects.requireNonNull(bytes);
        KeyStore readKeyStore = readKeyStore(bytes::openStream);
        RsaKeyPair create = RsaKeyPair.create((RSAPrivateCrtKey) Exceptions.call(() -> {
            return readKeyStore.getKey(CERT_ALIAS, JKS_DEFAULT_PASSWORD.toCharArray());
        }));
        IList iList = (IList) Arrays.stream((Certificate[]) Exceptions.call(() -> {
            return readKeyStore.getCertificateChain(CERT_ALIAS);
        })).map(certificate -> {
            return (X509Certificate) certificate;
        }).collect(ICollections.toIList());
        create.encode().write(path.resolve(KEY_FILE_NAME));
        writeCertificateChain(iList, path);
    }

    public static final SSLServerSocketFactory createServerSocketFactory(Bytes bytes) {
        Objects.requireNonNull(bytes);
        return createServerSocketFactory(readKeyStore(bytes::openStream), false);
    }

    public static final SSLServerSocketFactory createServerSocketFactory(KeyStore keyStore, boolean z) {
        return (SSLServerSocketFactory) Exceptions.call(() -> {
            SSLContext sSLContext = (SSLContext) Exceptions.call(() -> {
                return SSLContext.getInstance(TLSV12);
            });
            sSLContext.init(getKeyManagers(keyStore), z ? new TrustManager[]{new TrustAllTrustManager()} : null, null);
            return sSLContext.getServerSocketFactory();
        });
    }

    private static final KeyManager[] getKeyManagers(KeyStore keyStore) {
        return (KeyManager[]) Exceptions.call(() -> {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SUN_X509);
            keyManagerFactory.init(keyStore, JKS_DEFAULT_PASSWORD.toCharArray());
            return keyManagerFactory.getKeyManagers();
        });
    }

    public static final SSLServerSocketFactory createServerSocketFactory(Path path) {
        return createServerSocketFactory(path, false);
    }

    public static final SSLServerSocketFactory createServerSocketFactory(Path path, boolean z) {
        createCertificateIfMissing(path);
        return createServerSocketFactory(createJKSKeyStore(path), z);
    }

    private static final void createCertificateIfMissing(Path path) {
        Exceptions.call(() -> {
            Files.createDirectories(path, new FileAttribute[0]);
            Path resolve = path.resolve(KEY_FILE_NAME);
            Path certFile = certFile(path, 0);
            if (!Files.exists(resolve, new LinkOption[0])) {
                Verify.verify(!Files.exists(certFile, new LinkOption[0]));
                RsaKeyPair.create().encode().write(resolve);
            }
            if (Files.exists(certFile, new LinkOption[0])) {
                return;
            }
            ByteUtils.newBytes(SEC_PROVIDER.get().createCertificateBuilder().build(RsaKeyPair.parse(ByteUtils.read(resolve))).getEncoded()).write(certFile);
        });
    }

    public static final SSLSocket connect(Path path, PublicKey publicKey, InetSocketAddress inetSocketAddress) {
        createCertificateIfMissing(path);
        return (SSLSocket) Exceptions.call(() -> {
            SSLContext sSLContext = (SSLContext) Exceptions.call(() -> {
                return SSLContext.getInstance(TLSV12);
            });
            sSLContext.init(getKeyManagers(createJKSKeyStore(path)), new TrustManager[]{new TrustAllTrustManager()}, null);
            boolean z = false;
            Socket createSocket = sSLContext.getSocketFactory().createSocket(inetSocketAddress.getAddress(), inetSocketAddress.getPort());
            try {
                SSLSocket sSLSocket = (SSLSocket) createSocket;
                Verify.verifyEqual(sSLSocket.getSession().getPeerCertificates()[0].getPublicKey(), publicKey);
                z = true;
                if (1 == 0) {
                    createSocket.close();
                }
                return sSLSocket;
            } catch (Throwable th) {
                if (!z) {
                    createSocket.close();
                }
                throw th;
            }
        });
    }

    public static final SSLSocketFactory createSocketFactory(X509Certificate x509Certificate) {
        return (SSLSocketFactory) Exceptions.call(() -> {
            KeyStore keyStore = KeyStore.getInstance(JKS);
            keyStore.load(null, null);
            keyStore.setCertificateEntry(CERT_ALIAS, x509Certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(PKIX);
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = (SSLContext) Exceptions.call(() -> {
                return SSLContext.getInstance(TLSV12);
            });
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext.getSocketFactory();
        });
    }

    public static RSAPublicKey getPublicKey(Path path) {
        createCertificateIfMissing(path);
        return RsaKeyPair.parse(ByteUtils.read(path.resolve(KEY_FILE_NAME))).getPublic();
    }

    public static final DestroyingCloseable asDestroyable(KeyStore keyStore) {
        return new KeyStoreDestroyer(keyStore);
    }
}
