package org.apache.kafka.test;

import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManagerFactory;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.Mode;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:org/apache/kafka/test/TestSslUtils.class */
public class TestSslUtils {
    public static X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2) throws CertificateException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(str2);
            AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
            ContentSigner build = new BcRSAContentSignerBuilder(find, find2).build(createKey);
            X500Name x500Name = new X500Name(str);
            Date date = new Date();
            return new JcaX509CertificateConverter().setProvider("BC").getCertificate(new X509v1CertificateBuilder(x500Name, new BigInteger(64, new SecureRandom()), date, new Date(date.getTime() + (i * 86400000)), x500Name, subjectPublicKeyInfo).build(build));
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    public static KeyPair generateKeyPair(String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.genKeyPair();
    }

    private static KeyStore createEmptyKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    private static void saveKeyStore(KeyStore keyStore, String str, Password password) throws GeneralSecurityException, IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, password.value().toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    public static void createKeyStore(String str, Password password, String str2, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str2, key, password.value().toCharArray(), new Certificate[]{certificate});
        saveKeyStore(createEmptyKeyStore, str, password);
    }

    public static void createKeyStore(String str, Password password, Password password2, String str2, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str2, key, password2.value().toCharArray(), new Certificate[]{certificate});
        saveKeyStore(createEmptyKeyStore, str, password);
    }

    public static void createTrustStore(String str, Password password, String str2, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setCertificateEntry(str2, certificate);
        saveKeyStore(createEmptyKeyStore, str, password);
    }

    public static <T extends Certificate> void createTrustStore(String str, Password password, Map<String, T> map) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, password.value().toCharArray());
            fileInputStream.close();
        } catch (EOFException e) {
            keyStore = createEmptyKeyStore();
        }
        for (Map.Entry<String, T> entry : map.entrySet()) {
            keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
        }
        saveKeyStore(keyStore, str, password);
    }

    public static Map<String, X509Certificate> createX509Certificates(KeyPair keyPair) throws GeneralSecurityException {
        HashMap hashMap = new HashMap();
        hashMap.put("localhost", generateCertificate("CN=localhost, O=localhost", keyPair, 30, "SHA1withRSA"));
        return hashMap;
    }

    public static Map<String, Object> createSslConfig(Mode mode, File file, Password password, Password password2, File file2, Password password3) {
        HashMap hashMap = new HashMap();
        hashMap.put("security.protocol", "SSL");
        hashMap.put("ssl.protocol", "TLSv1.2");
        if (mode == Mode.SERVER || (mode == Mode.CLIENT && file != null)) {
            hashMap.put("ssl.keystore.location", file.getPath());
            hashMap.put("ssl.keystore.type", "JKS");
            hashMap.put("ssl.keymanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
            hashMap.put("ssl.keystore.password", password);
            hashMap.put("ssl.key.password", password2);
        }
        hashMap.put("ssl.truststore.location", file2.getPath());
        hashMap.put("ssl.truststore.password", password3);
        hashMap.put("ssl.truststore.type", "JKS");
        hashMap.put("ssl.trustmanager.algorithm", TrustManagerFactory.getDefaultAlgorithm());
        ArrayList arrayList = new ArrayList();
        arrayList.add("TLSv1.2");
        hashMap.put("ssl.enabled.protocols", arrayList);
        return hashMap;
    }

    public static Map<String, Object> createSslConfig(boolean z, boolean z2, Mode mode, File file, String str) throws IOException, GeneralSecurityException {
        File createTempFile;
        HashMap hashMap = new HashMap();
        Password password = mode == Mode.SERVER ? new Password("ServerPassword") : new Password("ClientPassword");
        Password password2 = new Password("TrustStorePassword");
        if (z) {
            createTempFile = File.createTempFile("clientKS", ".jks");
            KeyPair generateKeyPair = generateKeyPair("RSA");
            X509Certificate generateCertificate = generateCertificate("CN=localhost, O=client", generateKeyPair, 30, "SHA1withRSA");
            createKeyStore(createTempFile.getPath(), password, "client", generateKeyPair.getPrivate(), generateCertificate);
            hashMap.put(str, generateCertificate);
        } else {
            createTempFile = File.createTempFile("serverKS", ".jks");
            KeyPair generateKeyPair2 = generateKeyPair("RSA");
            X509Certificate generateCertificate2 = generateCertificate("CN=localhost, O=server", generateKeyPair2, 30, "SHA1withRSA");
            createKeyStore(createTempFile.getPath(), password, password, "server", generateKeyPair2.getPrivate(), generateCertificate2);
            hashMap.put(str, generateCertificate2);
        }
        if (z2) {
            createTrustStore(file.getPath(), password2, hashMap);
        }
        return createSslConfig(mode, createTempFile, password, password, file, password2);
    }
}
