package net.dona.doip.util.tls;

import java.io.IOException;
import java.io.Reader;
import java.io.Writer;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:net/dona/doip/util/tls/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private static SecureRandom random = new SecureRandom();
    private static final Date notBefore;
    private static final Date notAfter;

    public static X509Certificate generate(String str, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        if (str == null) {
            return generateWithUid(null, publicKey, privateKey);
        }
        int indexOf = str.indexOf(58);
        if (indexOf >= 0 && isDigits(str.substring(0, indexOf))) {
            return generateWithUid("0:" + str, publicKey, privateKey);
        }
        return generateWithUid(str, publicKey, privateKey);
    }

    public static X509Certificate generate(String str, int i, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        return generateWithUid("" + i + ":" + str, publicKey, privateKey);
    }

    public static X509Certificate generateWithUid(String str, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        return generateWithCnAndUid(null, str, publicKey, privateKey);
    }

    public static X509Certificate generateWithCnAndUid(String str, String str2, PublicKey publicKey, PrivateKey privateKey) throws Exception {
        X500Name x500Name;
        if (str2 == null) {
            if (str == null) {
                str = "anonymous";
            }
            x500Name = new X500Name(new RDN[]{new RDN(new AttributeTypeAndValue(BCStyle.CN, new DERUTF8String(str)))});
        } else {
            x500Name = str == null ? new X500Name(new RDN[]{new RDN(new AttributeTypeAndValue(BCStyle.UID, new DERUTF8String(str2)))}) : new X500Name(new RDN[]{new RDN(new AttributeTypeAndValue(BCStyle.CN, new DERUTF8String(str))), new RDN(new AttributeTypeAndValue(BCStyle.UID, new DERUTF8String(str2)))});
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(publicKey.getEncoded());
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(aSN1InputStream.readObject());
            aSN1InputStream.close();
            byte[] bArr = new byte[20];
            random.nextBytes(bArr);
            bArr[0] = (byte) (bArr[0] & Byte.MAX_VALUE);
            return new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, new BigInteger(bArr), notBefore, notAfter, x500Name, subjectPublicKeyInfo).build(new JcaContentSignerBuilder("SHA256with" + privateKey.getAlgorithm()).build(privateKey)));
        } catch (Throwable th) {
            aSN1InputStream.close();
            throw th;
        }
    }

    public static void storeCertAndKey(KeyStore keyStore, Certificate certificate, PrivateKey privateKey, String str, String str2) throws KeyStoreException {
        keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), new Certificate[]{certificate});
    }

    private static void addBCProviderIfNeeded() {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static void writeCertAsPem(Writer writer, Certificate certificate) throws IOException {
        addBCProviderIfNeeded();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        try {
            jcaPEMWriter.writeObject(certificate);
        } finally {
            jcaPEMWriter.close();
        }
    }

    public static X509Certificate readCertAsPem(Reader reader) throws IOException {
        addBCProviderIfNeeded();
        PEMParser pEMParser = new PEMParser(reader);
        try {
            Object readObject = pEMParser.readObject();
            if (readObject instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) readObject;
                pEMParser.close();
                reader.close();
                return x509Certificate;
            }
            if (!(readObject instanceof X509CertificateHolder)) {
                pEMParser.close();
                reader.close();
                return null;
            }
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
            pEMParser.close();
            reader.close();
            return certificate;
        } catch (CertificateException e) {
            pEMParser.close();
            reader.close();
            return null;
        } catch (Throwable th) {
            pEMParser.close();
            reader.close();
            throw th;
        }
    }

    public static X509Certificate[] readCertChainAsPem(Reader reader) throws IOException {
        addBCProviderIfNeeded();
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(reader);
        while (true) {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    pEMParser.close();
                    reader.close();
                    return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                }
                if (readObject instanceof X509Certificate) {
                    arrayList.add((X509Certificate) readObject);
                } else if (readObject instanceof X509CertificateHolder) {
                    arrayList.add(new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject));
                }
            } catch (CertificateException e) {
                pEMParser.close();
                reader.close();
                return null;
            } catch (Throwable th) {
                pEMParser.close();
                reader.close();
                throw th;
            }
        }
    }

    private static boolean isDigits(String str) {
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt < '0' || charAt > '9') {
                return false;
            }
        }
        return true;
    }

    static {
        random.setSeed(System.nanoTime());
        notBefore = Date.from(Instant.parse("2000-01-01T00:00:00Z"));
        notAfter = Date.from(Instant.parse("9999-12-31T23:59:59Z"));
    }
}
