package io.mapsmessaging.security.certificates;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:io/mapsmessaging/security/certificates/CertificateUtils.class */
public class CertificateUtils {
    public static CertificateWithPrivateKey generateSelfSignedCertificateSecret(String str) throws OperatorCreationException, IOException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        X500Principal x500Principal = new X500Principal("CN=" + str);
        KeyPair generateKeyPair = generateKeyPair();
        long currentTimeMillis = System.currentTimeMillis();
        long j = currentTimeMillis + 31536000000L;
        ASN1Encodable[] aSN1EncodableArr = {new GeneralName(2, str)};
        KeyPurposeId[] keyPurposeIdArr = {KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth};
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, BigInteger.ONE, new Date(currentTimeMillis), new Date(j), x500Principal, generateKeyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(160));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIdArr));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(aSN1EncodableArr));
        return new CertificateWithPrivateKey(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate())).toASN1Structure().getEncoded())), generateKeyPair.getPrivate());
    }

    private static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    private CertificateUtils() {
    }
}
