package org.apache.directory.server.core.security;

import com.github.benmanes.caffeine.cache.LocalCacheFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.constants.ApacheSchemaConstants;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.DNSName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.IPAddressName;
import sun.security.x509.SubjectAlternativeNameExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:apacheds-core-2.0.0.AM26.jar:org/apache/directory/server/core/security/CertificateUtil.class */
public final class CertificateUtil {
    private static final boolean SELF_SIGNED = true;
    private static final boolean CA_SIGNED = false;
    private static final boolean CRITICAL = true;

    private CertificateUtil() {
    }

    private static void setInfo(X509CertInfo x509CertInfo, X500Name x500Name, X500Name x500Name2, KeyPair keyPair, int i, String str, boolean z) throws CertificateException, IOException, NoSuchAlgorithmException {
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + (i * 86400000)));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set(SchemaConstants.SERIAL_NUMBER_AT, new CertificateSerialNumber(new BigInteger(64, new SecureRandom())));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(str)));
        x509CertInfo.set("issuer", x500Name2);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("subject", x500Name);
        x509CertInfo.set(LocalCacheFactory.KEY, new CertificateX509Key(keyPair.getPublic()));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new DNSName(InetAddress.getLocalHost().getHostName())));
        generalNames.add(new GeneralName(new IPAddressName(InetAddress.getLocalHost().getHostAddress())));
        SubjectAlternativeNameExtension subjectAlternativeNameExtension = new SubjectAlternativeNameExtension(generalNames);
        certificateExtensions.set(subjectAlternativeNameExtension.getExtensionId().toString(), subjectAlternativeNameExtension);
        BasicConstraintsExtension basicConstraintsExtension = new BasicConstraintsExtension(true, z, -1);
        certificateExtensions.set(basicConstraintsExtension.getExtensionId().toString(), basicConstraintsExtension);
        x509CertInfo.set("extensions", certificateExtensions);
    }

    public static X509Certificate generateSelfSignedCertificate(X500Name x500Name, KeyPair keyPair, int i, String str) throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        X509CertInfo x509CertInfo = new X509CertInfo();
        setInfo(x509CertInfo, x500Name, x500Name, keyPair, i, str, true);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(keyPair.getPrivate(), str);
        return x509CertImpl;
    }

    public static X509Certificate generateCertificate(X500Name x500Name, X500Name x500Name2, KeyPair keyPair, int i, String str) throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        X509CertInfo x509CertInfo = new X509CertInfo();
        setInfo(x509CertInfo, x500Name, x500Name2, keyPair, i, str, false);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(keyPair.getPrivate(), str);
        return x509CertImpl;
    }

    public static KeyManagerFactory loadKeyStore(String str, String str2) throws Exception {
        char[] charArray = Strings.isEmpty(str2) ? null : str2.toCharArray();
        if (Strings.isEmpty(str)) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, charArray);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                Enumeration<String> aliases = keyStore.aliases();
                if (!aliases.hasMoreElements()) {
                    throw new KeyStoreException("Key store is empty");
                }
                String nextElement = aliases.nextElement();
                if (aliases.hasMoreElements()) {
                    throw new KeyStoreException("Key store contains more than one entry");
                }
                if (!keyStore.isKeyEntry(nextElement)) {
                    throw new KeyStoreException("Key store must contain a key entry");
                }
                if (keyStore.getCertificateChain(nextElement) == null) {
                    throw new KeyStoreException("Key store must contain a certificate chain");
                }
                if (keyStore.getKey(nextElement, charArray) == null) {
                    throw new KeyStoreException("Private key must be recoverable by the key store password");
                }
                String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
                if (property == null) {
                    property = KeyManagerFactory.getDefaultAlgorithm();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
                keyManagerFactory.init(keyStore, charArray);
                return keyManagerFactory;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static File createTempKeyStore(String str, char[] cArr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException {
        File file = Files.createTempFile(str, "ks", new FileAttribute[0]).toFile();
        file.deleteOnExit();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                keyStore.load(null, cArr);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                KeyPair generateKeyPair = KeyPairGenerator.getInstance("EC").generateKeyPair();
                keyStore.setKeyEntry("apachedsKey", generateKeyPair.getPrivate(), cArr, new X509Certificate[]{generateSelfSignedCertificate(new X500Name("apacheds", "directory", ApacheSchemaConstants.SCHEMA_NAME, "US"), generateKeyPair, 365, "SHA256WithECDSA")});
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                Throwable th3 = null;
                try {
                    try {
                        keyStore.store(fileOutputStream, cArr);
                        if (fileOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                fileOutputStream.close();
                            }
                        }
                        return file;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (fileOutputStream != null) {
                        if (th3 != null) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th7;
        }
    }
}
