package io.fusionauth.http.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/fusionauth/http/security/SecurityTools.class */
public final class SecurityTools {
    public static final String CERT_END = "-----END CERTIFICATE";
    public static final String CERT_START = "BEGIN CERTIFICATE-----";
    public static final String P8_KEY_END = "-----END PRIVATE KEY";
    public static final String P8_KEY_START = "BEGIN PRIVATE KEY-----";

    private SecurityTools() {
    }

    public static SSLContext clientContext(Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert-alias", certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }

    public static Certificate parseCertificate(String str) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.getBytes())).stream().findFirst().get();
    }

    public static Certificate[] parseCertificates(String str) throws CertificateException {
        return reorderCertificates(CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.getBytes())));
    }

    private static Certificate[] reorderCertificates(Collection<X509Certificate> collection) {
        if (collection.isEmpty()) {
            throw new IllegalArgumentException("Empty certificate list");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[collection.size()];
        if (collection.size() == 1) {
            x509CertificateArr[0] = collection.stream().findFirst().get();
            return x509CertificateArr;
        }
        HashMap hashMap = new HashMap(collection.size());
        HashMap hashMap2 = new HashMap(collection.size());
        for (X509Certificate x509Certificate : collection) {
            hashMap.put(x509Certificate.getIssuerX500Principal(), x509Certificate);
            hashMap2.put(x509Certificate.getSubjectX500Principal(), x509Certificate);
        }
        Iterator<X509Certificate> it = collection.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate next = it.next();
            if (!hashMap.containsKey(next.getSubjectX500Principal())) {
                x509CertificateArr[0] = next;
                break;
            }
        }
        for (int i = 0; i < x509CertificateArr.length - 1; i++) {
            X509Certificate x509Certificate2 = (X509Certificate) hashMap2.get(x509CertificateArr[i].getIssuerX500Principal());
            if (x509Certificate2 == null) {
                throw new IllegalArgumentException("Missing issuer cert for " + x509CertificateArr[i].getIssuerX500Principal());
            }
            x509CertificateArr[i + 1] = x509Certificate2;
        }
        return x509CertificateArr;
    }

    public static byte[] parseDERFromPEM(String str, String str2, String str3) {
        int indexOf = str.indexOf(str2);
        if (indexOf < 0) {
            throw new IllegalArgumentException("Invalid PEM format");
        }
        int indexOf2 = str.indexOf(str3);
        if (indexOf2 < 0) {
            throw new IllegalArgumentException("Invalid PEM format");
        }
        return Base64.getDecoder().decode(str.substring(indexOf + str2.length(), indexOf2).replaceAll("\\s", ""));
    }

    public static RSAPrivateKey parsePrivateKey(String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(parseDERFromPEM(str, P8_KEY_START, P8_KEY_END)));
    }

    public static SSLContext serverContext(Certificate certificate, PrivateKey privateKey) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("cert-alias", certificate);
        keyStore.setKeyEntry("key-alias", privateKey, "changeit".toCharArray(), new Certificate[]{certificate});
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext;
    }

    public static SSLContext serverContext(Certificate[] certificateArr, PrivateKey privateKey) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setKeyEntry("key-alias", privateKey, "changeit".toCharArray(), certificateArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext;
    }

    static {
        System.setProperty("jsse.enableSNIExtension", "false");
    }
}
