package org.apache.ratis.security;

import java.io.File;
import java.io.FileReader;
import java.io.InputStream;
import java.nio.file.OpenOption;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Optional;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.ratis.security.TlsConf;
import org.apache.ratis.util.FileUtils;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ratis/security/SecurityTestUtils.class */
public interface SecurityTestUtils {
    public static final Logger LOG = LoggerFactory.getLogger(SecurityTestUtils.class);
    public static final ClassLoader CLASS_LOADER = SecurityTestUtils.class.getClassLoader();

    static File getResource(String str) {
        File file = (File) Optional.ofNullable(CLASS_LOADER.getResource(str)).map((v0) -> {
            return v0.getFile();
        }).map(File::new).orElse(null);
        LOG.info("Getting resource {}: {}", str, file);
        return file;
    }

    static TlsConf newServerTlsConfig(boolean z) {
        LOG.info("newServerTlsConfig: mutualAuthn? {}", Boolean.valueOf(z));
        return new TlsConf.Builder().setName("server").setPrivateKey(new TlsConf.PrivateKeyConf(getResource("ssl/server.pem"))).setKeyCertificates(new TlsConf.CertificatesConf(getResource("ssl/server.crt"))).setTrustCertificates(new TlsConf.CertificatesConf(getResource("ssl/client.crt"))).setMutualTls(z).build();
    }

    static TlsConf newClientTlsConfig(boolean z) {
        LOG.info("newClientTlsConfig: mutualAuthn? {}", Boolean.valueOf(z));
        return new TlsConf.Builder().setName("client").setPrivateKey(new TlsConf.PrivateKeyConf(getResource("ssl/client.pem"))).setKeyCertificates(new TlsConf.CertificatesConf(getResource("ssl/client.crt"))).setTrustCertificates(new TlsConf.CertificatesConf(getResource("ssl/ca.crt"))).setMutualTls(z).build();
    }

    static PrivateKey getPrivateKey(String str) {
        try {
            FileReader fileReader = new FileReader(getResource(str));
            PemReader pemReader = new PemReader(fileReader);
            PemObject readPemObject = pemReader.readPemObject();
            pemReader.close();
            fileReader.close();
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(readPemObject.getContent()));
        } catch (Exception e) {
            Assert.fail("Failed to get private key from " + str + ". Error: " + e.getMessage());
            return null;
        }
    }

    static X509Certificate[] getCertificate(String str) {
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[1];
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream newInputStream = FileUtils.newInputStream(getResource(str), new OpenOption[0]);
            Throwable th = null;
            try {
                x509CertificateArr[0] = (X509Certificate) certificateFactory.generateCertificate(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return x509CertificateArr;
            } finally {
            }
        } catch (Exception e) {
            Assert.fail("Failed to get certificate from " + str + ". Error: " + e.getMessage());
            return null;
        }
    }

    static KeyStore getServerKeyStore() {
        try {
            PrivateKey privateKey = getPrivateKey("ssl/server.pem");
            X509Certificate[] certificate = getCertificate("ssl/server.crt");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("ratis-server-key", privateKey, new char[0], certificate);
            return keyStore;
        } catch (Exception e) {
            Assert.fail("Failed to get sever key store " + e.getMessage());
            return null;
        }
    }

    static KeyStore getClientKeyStore() {
        try {
            PrivateKey privateKey = getPrivateKey("ssl/client.pem");
            X509Certificate[] certificate = getCertificate("ssl/client.crt");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("ratis-client-key", privateKey, new char[0], certificate);
            return keyStore;
        } catch (Exception e) {
            Assert.fail("Failed to get client key store " + e.getMessage());
            return null;
        }
    }

    static KeyStore getTrustStore() {
        try {
            X509Certificate[] certificate = getCertificate("ssl/ca.crt");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (X509Certificate x509Certificate : certificate) {
                keyStore.setCertificateEntry(x509Certificate.getSerialNumber().toString(), x509Certificate);
            }
            return keyStore;
        } catch (Exception e) {
            Assert.fail("Failed to get sever key store " + e.getMessage());
            return null;
        }
    }

    static KeyManager getKeyManager(Supplier<KeyStore> supplier) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyStore keyStore = supplier.get();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        return keyManagerFactory.getKeyManagers()[0];
    }

    static X509TrustManager getTrustManager(Supplier<KeyStore> supplier) throws KeyStoreException, NoSuchAlgorithmException {
        KeyStore keyStore = supplier.get();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }
}
