package org.mockserver.echo.tls;

import io.netty.handler.ssl.SslProtocols;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.File;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509KeyManager;
import org.mockserver.configuration.Configuration;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.socket.tls.KeyAndCertificateFactory;
import org.mockserver.socket.tls.KeyAndCertificateFactoryFactory;
import org.slf4j.event.Level;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-5.13.0.jar:org/mockserver/echo/tls/UniqueCertificateChainSSLContextBuilder.class */
public class UniqueCertificateChainSSLContextBuilder {

    /* loaded from: input_file:WEB-INF/lib/mockserver-core-5.13.0.jar:org/mockserver/echo/tls/UniqueCertificateChainSSLContextBuilder$UniqueCertificateChainX509KeyManager.class */
    private static class UniqueCertificateChainX509KeyManager implements X509KeyManager {
        private static final String CLIENT_ALIAS = "client_alias";
        private static final String SERVER_ALIAS = "server_alias";
        X509Certificate[] x509Certificates;
        PrivateKey privateKey;

        private UniqueCertificateChainX509KeyManager(Configuration configuration) {
            MockServerLogger mockServerLogger = new MockServerLogger();
            boolean booleanValue = configuration.dynamicallyCreateCertificateAuthorityCertificate().booleanValue();
            String directoryToSaveDynamicSSLCertificate = configuration.directoryToSaveDynamicSSLCertificate();
            String privateKeyPath = configuration.privateKeyPath();
            String x509CertificatePath = configuration.x509CertificatePath();
            try {
                try {
                    File file = new File(File.createTempFile("prefix", "suffix").getParentFile().getAbsolutePath() + "/" + UUID.randomUUID());
                    if (!file.mkdir()) {
                        throw new RuntimeException("Exception creating temporary directory for test certificates " + file);
                    }
                    configuration.dynamicallyCreateCertificateAuthorityCertificate(true);
                    configuration.directoryToSaveDynamicSSLCertificate(file.getAbsolutePath());
                    configuration.privateKeyPath("");
                    configuration.x509CertificatePath("");
                    KeyAndCertificateFactory createKeyAndCertificateFactory = KeyAndCertificateFactoryFactory.createKeyAndCertificateFactory(configuration, mockServerLogger);
                    createKeyAndCertificateFactory.buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
                    createKeyAndCertificateFactory.buildAndSavePrivateKeyAndX509Certificate();
                    this.x509Certificates = new X509Certificate[]{createKeyAndCertificateFactory.x509Certificate(), createKeyAndCertificateFactory.certificateAuthorityX509Certificate()};
                    this.privateKey = createKeyAndCertificateFactory.privateKey();
                    configuration.dynamicallyCreateCertificateAuthorityCertificate(Boolean.valueOf(booleanValue));
                    configuration.directoryToSaveDynamicSSLCertificate(directoryToSaveDynamicSSLCertificate);
                    configuration.privateKeyPath(privateKeyPath);
                    configuration.x509CertificatePath(x509CertificatePath);
                } catch (Throwable th) {
                    mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception create fake certificates and private keys").setThrowable(th));
                    configuration.dynamicallyCreateCertificateAuthorityCertificate(Boolean.valueOf(booleanValue));
                    configuration.directoryToSaveDynamicSSLCertificate(directoryToSaveDynamicSSLCertificate);
                    configuration.privateKeyPath(privateKeyPath);
                    configuration.x509CertificatePath(x509CertificatePath);
                }
            } catch (Throwable th2) {
                configuration.dynamicallyCreateCertificateAuthorityCertificate(Boolean.valueOf(booleanValue));
                configuration.directoryToSaveDynamicSSLCertificate(directoryToSaveDynamicSSLCertificate);
                configuration.privateKeyPath(privateKeyPath);
                configuration.x509CertificatePath(x509CertificatePath);
                throw th2;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return new String[]{CLIENT_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return CLIENT_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return new String[]{SERVER_ALIAS};
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return SERVER_ALIAS;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.x509Certificates;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.privateKey;
        }
    }

    public static SSLContext uniqueCertificateChainSSLContext(Configuration configuration) throws Exception {
        SSLContext sSLContext = SSLContext.getInstance(SslProtocols.TLS_v1_2);
        sSLContext.init(new KeyManager[]{new UniqueCertificateChainX509KeyManager(configuration)}, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
        return sSLContext;
    }
}
