package com.zving.framework.security;

import com.zving.framework.utility.DateUtil;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;

/* loaded from: input_file:com/zving/framework/security/CAUtil.class */
public class CAUtil {
    public static KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate createCA(PublicKey publicKey, PrivateKey privateKey, String str, int i) throws Exception {
        Date date = new Date(System.currentTimeMillis());
        Date addMonth = DateUtil.addMonth(date, i);
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new DefaultSignatureAlgorithmIdentifierFinder().find(publicKey.getAlgorithm()), publicKey.getEncoded());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis()), date, addMonth, new X500Name(str), subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectPublicKeyInfo));
        x509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectPublicKeyInfo));
        x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
        x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(6));
        X509CertificateHolder build = x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey));
        build.isValidOn(new Date());
        build.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(publicKey));
        return new JcaX509CertificateConverter().getCertificate(build);
    }
}
