package io.gravitee.am.service.impl;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import io.gravitee.am.common.event.Action;
import io.gravitee.am.common.event.Type;
import io.gravitee.am.common.utils.RandomString;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Certificate;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.common.event.Event;
import io.gravitee.am.model.common.event.Payload;
import io.gravitee.am.plugins.certificate.core.schema.CertificateSchema;
import io.gravitee.am.plugins.certificate.core.schema.CertificateSchemaProperty;
import io.gravitee.am.repository.management.api.CertificateRepository;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.CertificatePluginService;
import io.gravitee.am.service.CertificateService;
import io.gravitee.am.service.EventService;
import io.gravitee.am.service.TaskManager;
import io.gravitee.am.service.exception.AbstractManagementException;
import io.gravitee.am.service.exception.CertificateNotFoundException;
import io.gravitee.am.service.exception.CertificatePluginSchemaNotFoundException;
import io.gravitee.am.service.exception.CertificateWithApplicationsException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.model.NewCertificate;
import io.gravitee.am.service.model.UpdateCertificate;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.CertificateAuditBuilder;
import io.gravitee.am.service.tasks.AssignSystemCertificate;
import io.gravitee.am.service.tasks.AssignSystemCertificateDefinition;
import io.gravitee.am.service.utils.CertificateTimeComparator;
import io.reactivex.Completable;
import io.reactivex.Flowable;
import io.reactivex.Maybe;
import io.reactivex.Single;
import io.reactivex.SingleSource;
import io.reactivex.functions.Function;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

@Component
@Primary
/* loaded from: input_file:io/gravitee/am/service/impl/CertificateServiceImpl.class */
public class CertificateServiceImpl implements CertificateService {
    public static final String DEFAULT_CERTIFICATE_PLUGIN = "pkcs12-am-certificate";
    public static final String ECDSA = "ECDSA";
    public static final String DEFAULT_CERT_CN_NAME = "cn=Gravitee.io";
    public static final String DEFAULT_CERT_ALGO = "SHA256withRSA";
    public static final String DEFAULT_CERT_PWD = "gravitee";
    public static final int DEFAULT_CERT_KEYSIZE = 2048;
    public static final int DEFAULT_CERT_VALIDITY_IN_DAYS = 365;
    public static final String DEFAULT_CERT_ALIAS = "default";
    private final Logger LOGGER = LoggerFactory.getLogger(CertificateServiceImpl.class);
    private static final String RSA = "RSA";
    private static final String EC = "EC";

    @Autowired
    @Lazy
    private CertificateRepository certificateRepository;

    @Autowired
    private ApplicationService applicationService;

    @Autowired
    private EventService eventService;

    @Autowired
    private AuditService auditService;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private CertificatePluginService certificatePluginService;

    @Autowired
    private Environment environment;

    @Autowired
    private TaskManager taskManager;

    @Value("${domains.certificates.default.refresh.delay:10}")
    private int delay;

    @Value("${domains.certificates.default.refresh.timeUnit:MINUTES}")
    private String timeUnit;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/gravitee/am/service/impl/CertificateServiceImpl$CertificateWithSchema.class */
    public static class CertificateWithSchema {
        private final Certificate certificate;
        private final CertificateSchema schema;

        public CertificateWithSchema(Certificate certificate, CertificateSchema certificateSchema) {
            this.certificate = certificate;
            this.schema = certificateSchema;
        }

        public Certificate getCertificate() {
            return this.certificate;
        }

        public CertificateSchema getSchema() {
            return this.schema;
        }
    }

    @Override // io.gravitee.am.service.CertificateService
    public Maybe<Certificate> findById(String str) {
        this.LOGGER.debug("Find certificate by ID: {}", str);
        return this.certificateRepository.findById(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find a certificate using its ID: {}", str, th);
            return Maybe.error(new TechnicalManagementException(String.format("An error occurs while trying to find a certificate using its ID: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Flowable<Certificate> findByDomain(String str) {
        return innerFindByDomain(str);
    }

    private Flowable<Certificate> innerFindByDomain(String str) {
        this.LOGGER.debug("Find certificates by domain: {}", str);
        return this.certificateRepository.findByDomain(str).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find certificates by domain", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find certificates by domain", th));
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Flowable<Certificate> findAll() {
        this.LOGGER.debug("Find all certificates");
        return this.certificateRepository.findAll().onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to find all certificates", th);
            return Flowable.error(new TechnicalManagementException("An error occurs while trying to find all certificates by domain", th));
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Single<Certificate> create(final String str, final NewCertificate newCertificate, User user, final boolean z) {
        this.LOGGER.debug("Create a new certificate {} for domain {}", newCertificate, str);
        return this.certificatePluginService.getSchema(newCertificate.getType()).switchIfEmpty(Maybe.error(new CertificatePluginSchemaNotFoundException(newCertificate.getType()))).map(str2 -> {
            return (CertificateSchema) this.objectMapper.readValue(str2, CertificateSchema.class);
        }).flatMapSingle(new Function<CertificateSchema, SingleSource<Certificate>>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.1
            public SingleSource<Certificate> apply(CertificateSchema certificateSchema) throws Exception {
                String str3 = str;
                NewCertificate newCertificate2 = newCertificate;
                boolean z2 = z;
                return Single.create(singleEmitter -> {
                    String generate = RandomString.generate();
                    Certificate certificate = new Certificate();
                    certificate.setId(generate);
                    certificate.setDomain(str3);
                    certificate.setName(newCertificate2.getName());
                    certificate.setType(newCertificate2.getType());
                    certificate.setSystem(z2);
                    try {
                        JsonNode readTree = CertificateServiceImpl.this.objectMapper.readTree(newCertificate2.getConfiguration());
                        certificateSchema.getProperties().entrySet().stream().filter(entry -> {
                            return ((CertificateSchemaProperty) entry.getValue()).getWidget() != null && "file".equals(((CertificateSchemaProperty) entry.getValue()).getWidget());
                        }).map(entry2 -> {
                            return (String) entry2.getKey();
                        }).forEach(str4 -> {
                            try {
                                JsonNode readTree2 = CertificateServiceImpl.this.objectMapper.readTree(readTree.get(str4).asText());
                                certificate.setMetadata(Collections.singletonMap("file", Base64.getDecoder().decode(readTree2.get("content").asText())));
                                ((ObjectNode) readTree).put(str4, readTree2.get("name").asText());
                                newCertificate2.setConfiguration(CertificateServiceImpl.this.objectMapper.writeValueAsString(readTree));
                            } catch (IOException e) {
                                CertificateServiceImpl.this.LOGGER.error("An error occurs while trying to create certificate binaries", e);
                                singleEmitter.onError(e);
                            }
                        });
                        certificate.setConfiguration(newCertificate2.getConfiguration());
                        certificate.setCreatedAt(new Date());
                        certificate.setUpdatedAt(certificate.getCreatedAt());
                    } catch (Exception e) {
                        CertificateServiceImpl.this.LOGGER.error("An error occurs while trying to create certificate configuration", e);
                        singleEmitter.onError(e);
                    }
                    singleEmitter.onSuccess(certificate);
                });
            }
        }).flatMap(certificate -> {
            return this.certificateRepository.create(certificate);
        }).flatMap(certificate2 -> {
            return this.eventService.create(new Event(Type.CERTIFICATE, new Payload(certificate2.getId(), ReferenceType.DOMAIN, certificate2.getDomain(), Action.CREATE))).flatMap(event -> {
                return Single.just(certificate2);
            });
        }).doOnError(th -> {
            this.LOGGER.error("An error occurs while trying to create a certificate", th);
            throw new TechnicalManagementException("An error occurs while trying to create a certificate", th);
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Single<Certificate> update(String str, String str2, UpdateCertificate updateCertificate, User user) {
        this.LOGGER.debug("Update a certificate {} for domain {}", str2, str);
        return this.certificateRepository.findById(str2).switchIfEmpty(Maybe.error(new CertificateNotFoundException(str2))).flatMapSingle(new Function<Certificate, SingleSource<CertificateWithSchema>>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.2
            public SingleSource<CertificateWithSchema> apply(final Certificate certificate) throws Exception {
                return CertificateServiceImpl.this.certificatePluginService.getSchema(certificate.getType()).switchIfEmpty(Maybe.error(new CertificatePluginSchemaNotFoundException(certificate.getType()))).flatMapSingle(new Function<String, SingleSource<? extends CertificateWithSchema>>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.2.1
                    public SingleSource<? extends CertificateWithSchema> apply(String str3) throws Exception {
                        return Single.just(new CertificateWithSchema(certificate, (CertificateSchema) CertificateServiceImpl.this.objectMapper.readValue(str3, CertificateSchema.class)));
                    }
                });
            }
        }).flatMap(certificateWithSchema -> {
            return Single.create(singleEmitter -> {
                Certificate certificate = new Certificate(certificateWithSchema.getCertificate());
                certificate.setName(updateCertificate.getName());
                certificate.setUpdatedAt(new Date());
                if (!certificate.isSystem()) {
                    try {
                        CertificateSchema schema = certificateWithSchema.getSchema();
                        JsonNode readTree = this.objectMapper.readTree(certificateWithSchema.getCertificate().getConfiguration());
                        JsonNode readTree2 = this.objectMapper.readTree(updateCertificate.getConfiguration());
                        schema.getProperties().entrySet().stream().filter(entry -> {
                            return ((CertificateSchemaProperty) entry.getValue()).getWidget() != null && "file".equals(((CertificateSchemaProperty) entry.getValue()).getWidget());
                        }).map(entry2 -> {
                            return (String) entry2.getKey();
                        }).forEach(str3 -> {
                            try {
                                if (!readTree.get(str3).asText().equals(readTree2.get(str3).asText())) {
                                    JsonNode readTree3 = this.objectMapper.readTree(readTree2.get(str3).asText());
                                    certificate.setMetadata(Collections.singletonMap("file", Base64.getDecoder().decode(readTree3.get("content").asText())));
                                    ((ObjectNode) readTree2).put(str3, readTree3.get("name").asText());
                                    updateCertificate.setConfiguration(this.objectMapper.writeValueAsString(readTree2));
                                }
                            } catch (IOException e) {
                                this.LOGGER.error("An error occurs while trying to update certificate binaries", e);
                                singleEmitter.onError(e);
                            }
                        });
                        certificate.setConfiguration(updateCertificate.getConfiguration());
                    } catch (Exception e) {
                        this.LOGGER.error("An error occurs while trying to update certificate configuration", e);
                        singleEmitter.onError(e);
                    }
                }
                singleEmitter.onSuccess(certificate);
            }).flatMap(certificate -> {
                return this.certificateRepository.update(certificate);
            }).flatMap(certificate2 -> {
                return this.eventService.create(new Event(Type.CERTIFICATE, new Payload(certificate2.getId(), ReferenceType.DOMAIN, certificate2.getDomain(), Action.UPDATE))).flatMap(event -> {
                    return Single.just(certificate2);
                });
            }).onErrorResumeNext(th -> {
                this.LOGGER.error("An error occurs while trying to update a certificate", th);
                throw new TechnicalManagementException("An error occurs while trying to update a certificate", th);
            });
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Completable delete(String str, User user) {
        this.LOGGER.debug("Delete certificate {}", str);
        return this.certificateRepository.findById(str).switchIfEmpty(Maybe.error(new CertificateNotFoundException(str))).flatMapSingle(certificate -> {
            return this.applicationService.findByCertificate(str).count().flatMap(l -> {
                if (l.longValue() > 0) {
                    throw new CertificateWithApplicationsException();
                }
                return Single.just(certificate);
            });
        }).flatMapCompletable(certificate2 -> {
            return this.certificateRepository.delete(str).andThen(this.eventService.create(new Event(Type.CERTIFICATE, new Payload(certificate2.getId(), ReferenceType.DOMAIN, certificate2.getDomain(), Action.DELETE)))).toCompletable().doOnComplete(() -> {
                this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_DELETED").certificate(certificate2));
            }).doOnError(th -> {
                this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_DELETED").throwable(th));
            });
        }).onErrorResumeNext(th -> {
            this.LOGGER.error("An error occurs while trying to delete certificate: {}", str, th);
            return th instanceof AbstractManagementException ? Completable.error(th) : Completable.error(new TechnicalManagementException(String.format("An error occurs while trying to delete certificate: %s", str), th));
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Completable updateExpirationDate(String str, Date date) {
        if (date != null) {
            return this.certificateRepository.updateExpirationDate(str, date);
        }
        this.LOGGER.warn("updateExpirationDate call with null for certificate '{}'", str);
        return Completable.complete();
    }

    @Override // io.gravitee.am.service.CertificateService
    public Single<Certificate> create(final String str) {
        final NewCertificate newCertificate = new NewCertificate();
        newCertificate.setName("Default");
        newCertificate.setType(DEFAULT_CERTIFICATE_PLUGIN);
        return this.certificatePluginService.getSchema(newCertificate.getType()).map(new Function<String, CertificateSchema>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.5
            public CertificateSchema apply(String str2) throws Exception {
                return (CertificateSchema) CertificateServiceImpl.this.objectMapper.readValue(str2, CertificateSchema.class);
            }
        }).map(new Function<CertificateSchema, String>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.4
            public String apply(CertificateSchema certificateSchema) throws Exception {
                int intValue = ((Integer) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.keysize", Integer.TYPE, Integer.valueOf(CertificateServiceImpl.DEFAULT_CERT_KEYSIZE))).intValue();
                int intValue2 = ((Integer) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.validity", Integer.TYPE, Integer.valueOf(CertificateServiceImpl.DEFAULT_CERT_VALIDITY_IN_DAYS))).intValue();
                String str2 = (String) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.name", String.class, CertificateServiceImpl.DEFAULT_CERT_CN_NAME);
                String str3 = (String) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.algorithm", String.class, CertificateServiceImpl.DEFAULT_CERT_ALGO);
                String str4 = (String) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.alias", String.class, "default");
                String str5 = (String) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.keypass", String.class, CertificateServiceImpl.DEFAULT_CERT_PWD);
                String str6 = (String) CertificateServiceImpl.this.environment.getProperty("domains.certificates.default.storepass", String.class, CertificateServiceImpl.DEFAULT_CERT_PWD);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CertificateServiceImpl.this.getAlgorithmCategory(str3));
                keyPairGenerator.initialize(intValue);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                java.security.cert.Certificate[] certificateArr = {CertificateServiceImpl.this.generateCertificate(str2, generateKeyPair, intValue2, str3)};
                KeyStore keyStore = KeyStore.getInstance("pkcs12");
                keyStore.load(null, null);
                keyStore.setKeyEntry(str4, generateKeyPair.getPrivate(), str5.toCharArray(), certificateArr);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                keyStore.store(byteArrayOutputStream, str6.toCharArray());
                ObjectNode createObjectNode = CertificateServiceImpl.this.objectMapper.createObjectNode();
                ObjectNode createObjectNode2 = CertificateServiceImpl.this.objectMapper.createObjectNode();
                createObjectNode2.put("content", new String(Base64.getEncoder().encode(byteArrayOutputStream.toByteArray())));
                createObjectNode2.put("name", str + ".p12");
                createObjectNode.put("content", CertificateServiceImpl.this.objectMapper.writeValueAsString(createObjectNode2));
                createObjectNode.put("alias", str4);
                createObjectNode.put("storepass", str6);
                createObjectNode.put("keypass", str5);
                return CertificateServiceImpl.this.objectMapper.writeValueAsString(createObjectNode);
            }
        }).flatMapSingle(new Function<String, SingleSource<Certificate>>() { // from class: io.gravitee.am.service.impl.CertificateServiceImpl.3
            public SingleSource<Certificate> apply(String str2) throws Exception {
                newCertificate.setConfiguration(str2);
                return CertificateServiceImpl.this.create(str, newCertificate, true);
            }
        });
    }

    @Override // io.gravitee.am.service.CertificateService
    public Single<Certificate> rotate(String str, User user) {
        return innerFindByDomain(str).filter((v0) -> {
            return v0.isSystem();
        }).sorted(new CertificateTimeComparator()).firstElement().map((v0) -> {
            return Optional.ofNullable(v0);
        }).switchIfEmpty(Maybe.just(Optional.empty())).flatMapSingle(optional -> {
            if (!optional.isPresent()) {
                return create(str);
            }
            Certificate certificate = (Certificate) optional.get();
            LocalDateTime now = LocalDateTime.now();
            NewCertificate newCertificate = new NewCertificate();
            newCertificate.setName("Default " + DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss").format(now));
            newCertificate.setType(DEFAULT_CERTIFICATE_PLUGIN);
            newCertificate.setConfiguration(generateCertificateConfiguration(str, certificate.getConfiguration(), now));
            return create(str, newCertificate, true).map(certificate2 -> {
                AssignSystemCertificate assignSystemCertificate = new AssignSystemCertificate(this.applicationService, this.certificateRepository, this.taskManager);
                AssignSystemCertificateDefinition assignSystemCertificateDefinition = new AssignSystemCertificateDefinition(str, certificate2.getId(), certificate.getId());
                assignSystemCertificateDefinition.setDelay(this.delay);
                assignSystemCertificateDefinition.setUnit(TimeUnit.valueOf(this.timeUnit.toUpperCase()));
                assignSystemCertificate.setDefinition(assignSystemCertificateDefinition);
                this.taskManager.schedule(assignSystemCertificate);
                return certificate2;
            });
        }).doOnSuccess(certificate -> {
            this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).referenceId(str).referenceType(ReferenceType.DOMAIN).type("CERTIFICATE_CREATED").certificate(certificate));
        }).doOnError(th -> {
            this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).referenceId(str).referenceType(ReferenceType.DOMAIN).type("CERTIFICATE_CREATED").throwable(th));
        });
    }

    private String generateCertificateConfiguration(String str, String str2, LocalDateTime localDateTime) throws Exception {
        String format = DateTimeFormatter.ofPattern("-yyyyMMddHHmmss").format(localDateTime);
        String str3 = ((String) this.environment.getProperty("domains.certificates.default.alias", String.class, "default")) + format;
        int intValue = ((Integer) this.environment.getProperty("domains.certificates.default.keysize", Integer.TYPE, Integer.valueOf(DEFAULT_CERT_KEYSIZE))).intValue();
        int intValue2 = ((Integer) this.environment.getProperty("domains.certificates.default.validity", Integer.TYPE, Integer.valueOf(DEFAULT_CERT_VALIDITY_IN_DAYS))).intValue();
        String str4 = (String) this.environment.getProperty("domains.certificates.default.name", String.class, DEFAULT_CERT_CN_NAME);
        String str5 = (String) this.environment.getProperty("domains.certificates.default.algorithm", String.class, DEFAULT_CERT_ALGO);
        String str6 = (String) this.environment.getProperty("domains.certificates.default.keypass", String.class, DEFAULT_CERT_PWD);
        String str7 = (String) this.environment.getProperty("domains.certificates.default.storepass", String.class, DEFAULT_CERT_PWD);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(getAlgorithmCategory(str5));
        keyPairGenerator.initialize(intValue);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        java.security.cert.Certificate[] certificateArr = {generateCertificate(str4, generateKeyPair, intValue2, str5)};
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(null, null);
        keyStore.setKeyEntry(str3, generateKeyPair.getPrivate(), str6.toCharArray(), certificateArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, str7.toCharArray());
        ObjectNode objectNode = (ObjectNode) this.objectMapper.readValue(str2, ObjectNode.class);
        ObjectNode createObjectNode = this.objectMapper.createObjectNode();
        createObjectNode.put("content", new String(Base64.getEncoder().encode(byteArrayOutputStream.toByteArray())));
        createObjectNode.put("name", str + format + ".p12");
        objectNode.put("content", this.objectMapper.writeValueAsString(createObjectNode));
        objectNode.put("alias", str3);
        objectNode.put("storepass", str7);
        objectNode.put("keypass", str6);
        return this.objectMapper.writeValueAsString(objectNode);
    }

    private String getAlgorithmCategory(String str) {
        String str2;
        if (str.endsWith(RSA)) {
            str2 = RSA;
        } else {
            if (!str.endsWith(ECDSA)) {
                throw new IllegalArgumentException("Unsupported signing algorithm");
            }
            str2 = EC;
        }
        return str2;
    }

    private X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2) throws GeneralSecurityException, IOException, OperatorCreationException {
        X500Name x500Name = new X500Name(str);
        Date date = new Date();
        Date date2 = new Date(date.getTime() + (i * 1000 * 24 * 60 * 60));
        BigInteger bigInteger = new BigInteger(Long.toString(date.getTime()));
        ContentSigner build = new JcaContentSignerBuilder(str2).build(keyPair.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProviderSingleton.getInstance()).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }
}
