package io.gatling.recorder.http.ssl;

import com.typesafe.scalalogging.Logger;
import com.typesafe.scalalogging.StrictLogging;
import io.gatling.commons.util.Io$;
import io.gatling.commons.util.PathHelper$;
import io.gatling.commons.util.PathHelper$RichPath$;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslProvider;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.ThreadLocalRandom;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import scala.Predef$;
import scala.concurrent.duration.package;
import scala.concurrent.duration.package$;
import scala.runtime.BoxedUnit;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: SslUtil.scala */
/* loaded from: input_file:io/gatling/recorder/http/ssl/SslUtil$.class */
public final class SslUtil$ implements StrictLogging {
    public static SslUtil$ MODULE$;
    private final SslProvider TheSslProvider;
    private final Logger logger;

    static {
        new SslUtil$();
    }

    public Logger logger() {
        return this.logger;
    }

    public void com$typesafe$scalalogging$StrictLogging$_setter_$logger_$eq(Logger logger) {
        this.logger = logger;
    }

    public SslProvider TheSslProvider() {
        return this.TheSslProvider;
    }

    public Object readPEM(InputStream inputStream) {
        return Io$.MODULE$.withCloseable(new PEMParser(new InputStreamReader(inputStream)), pEMParser -> {
            return pEMParser.readObject();
        });
    }

    public void writePEM(Object obj, OutputStream outputStream) {
        Io$.MODULE$.withCloseable(new JcaPEMWriter(new OutputStreamWriter(outputStream)), jcaPEMWriter -> {
            jcaPEMWriter.writeObject(obj);
            return BoxedUnit.UNIT;
        });
    }

    public X509Certificate certificateFromHolder(X509CertificateHolder x509CertificateHolder) {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
    }

    public KeyPair newRSAKeyPair() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.generateKeyPair();
    }

    private ContentSigner newSigner(PrivateKey privateKey) {
        return new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);
    }

    public void generateGatlingCAPEMFiles(Path path, String str, String str2) {
        Predef$.MODULE$.assert(PathHelper$RichPath$.MODULE$.isDirectory$extension(PathHelper$.MODULE$.RichPath(path)), () -> {
            return new StringBuilder(18).append(path).append(" isn't a directory").toString();
        });
        KeyPair newRSAKeyPair = newRSAKeyPair();
        writePEM(generateCACertificate$1(newRSAKeyPair), PathHelper$RichPath$.MODULE$.outputStream$extension(PathHelper$.MODULE$.RichPath(PathHelper$RichPath$.MODULE$.$div$extension0(PathHelper$.MODULE$.RichPath(path), str2))));
        writePEM(newRSAKeyPair, PathHelper$RichPath$.MODULE$.outputStream$extension(PathHelper$.MODULE$.RichPath(PathHelper$RichPath$.MODULE$.$div$extension0(PathHelper$.MODULE$.RichPath(path), str))));
    }

    public Try<Ca> getCA(InputStream inputStream, InputStream inputStream2) {
        return Try$.MODULE$.apply(() -> {
            return new Ca(MODULE$.certificateFromHolder((X509CertificateHolder) MODULE$.readPEM(inputStream)), new JcaPEMKeyConverter().getPrivateKey(((PEMKeyPair) MODULE$.readPEM(inputStream2)).getPrivateKeyInfo()));
        });
    }

    public Try<KeyStore> updateKeystoreWithNewAlias(KeyStore keyStore, char[] cArr, String str, Try<Ca> r9) {
        return r9.flatMap(ca -> {
            return MODULE$.createCSR(str).flatMap(csr -> {
                return MODULE$.createServerCert(ca.cert(), ca.privKey(), csr.cert()).flatMap(x509Certificate -> {
                    return MODULE$.addNewKeystoreEntry(keyStore, cArr, x509Certificate, csr.privKey(), ca.cert(), str).map(keyStore2 -> {
                        return keyStore2;
                    });
                });
            });
        });
    }

    private Try<Csr> createCSR(String str) {
        return Try$.MODULE$.apply(() -> {
            KeyPair newRSAKeyPair = MODULE$.newRSAKeyPair();
            return new Csr(new JcaPKCS10CertificationRequestBuilder(new X500Principal(new StringBuilder(51).append("C=FR, ST=Val de marne, O=GatlingCA, OU=Gatling, CN=").append(str).toString()), newRSAKeyPair.getPublic()).build(MODULE$.newSigner(newRSAKeyPair.getPrivate())), newRSAKeyPair.getPrivate());
        });
    }

    private Try<X509Certificate> createServerCert(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10CertificationRequest pKCS10CertificationRequest) {
        return Try$.MODULE$.apply(() -> {
            r0 = System.currentTimeMillis();
            return MODULE$.certificateFromHolder(new X509v3CertificateBuilder(new JcaX509CertificateHolder(x509Certificate).getSubject(), BigInteger.valueOf(ThreadLocalRandom.current().nextLong()), new Date(r0), new Date(r0 + new package.DurationInt(package$.MODULE$.DurationInt(1)).day().toMillis()), pKCS10CertificationRequest.getSubject(), pKCS10CertificationRequest.getSubjectPublicKeyInfo()).build(MODULE$.newSigner(privateKey)));
        });
    }

    private Try<KeyStore> addNewKeystoreEntry(KeyStore keyStore, char[] cArr, X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2, String str) {
        return Try$.MODULE$.apply(() -> {
            keyStore.setCertificateEntry(str, x509Certificate);
            keyStore.setKeyEntry(str, privateKey, cArr, new Certificate[]{x509Certificate, x509Certificate2});
            return keyStore;
        });
    }

    private final X509CertificateHolder generateCACertificate$1(KeyPair keyPair) {
        long currentTimeMillis = System.currentTimeMillis();
        return new JcaX509v1CertificateBuilder(new X500Principal("C=FR, ST=Val de marne, O=GatlingCA, CN=Gatling"), BigInteger.valueOf(currentTimeMillis), new Date(currentTimeMillis), new Date(currentTimeMillis + new package.DurationInt(package$.MODULE$.DurationInt(365)).days().toMillis()), new X500Principal("C=FR, ST=Val de marne, O=GatlingCA, CN=Gatling"), keyPair.getPublic()).build(newSigner(keyPair.getPrivate()));
    }

    private SslUtil$() {
        SslProvider sslProvider;
        MODULE$ = this;
        StrictLogging.$init$(this);
        if (OpenSsl.isAvailable()) {
            if (logger().underlying().isInfoEnabled()) {
                logger().underlying().info("OpenSSL is not available on your architecture.");
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            } else {
                BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
            }
            sslProvider = SslProvider.OPENSSL;
        } else {
            sslProvider = SslProvider.JDK;
        }
        this.TheSslProvider = sslProvider;
        Security.addProvider(new BouncyCastleProvider());
    }
}
