package tech.justen.concord.goodwill;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OutputEncryptor;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:tech/justen/concord/goodwill/CertUtils.class */
public class CertUtils {
    private static final String BC_PROVIDER = "BC";
    private static final String KEY_ALGORITHM = "EC";
    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";
    private static final ECGenParameterSpec EC_PARAMS = new ECGenParameterSpec("secp256r1");

    /* loaded from: input_file:tech/justen/concord/goodwill/CertUtils$CA.class */
    public static class CA {
        private X509CertificateHolder cert;
        private KeyPair keyPair;

        public CA(KeyPair keyPair, X509CertificateHolder x509CertificateHolder) {
            this.cert = x509CertificateHolder;
            this.keyPair = keyPair;
        }

        public InputStream getCACertInputStream() throws IOException, CertificateException {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(CertUtils.BC_PROVIDER).getCertificate(this.cert);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream);
            try {
                CertUtils.encodeCertificate(certificate, outputStreamWriter);
                outputStreamWriter.close();
                return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            } catch (Throwable th) {
                try {
                    outputStreamWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        public InputStream getCAKeyInputStream() throws IOException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream);
            try {
                CertUtils.encodePrivateKey(this.keyPair.getPrivate(), outputStreamWriter);
                outputStreamWriter.close();
                return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            } catch (Throwable th) {
                try {
                    outputStreamWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        public void generatePKI(File file, File file2, File file3) throws Exception {
            CertUtils.encodeCertificate(new JcaX509CertificateConverter().setProvider(CertUtils.BC_PROVIDER).getCertificate(this.cert), file);
            X500Name x500Name = new X500Name("CN=goodwill-client");
            BigInteger bigInteger = new BigInteger(Long.toString(new SecureRandom().nextLong()));
            KeyPair generateKeyPair = CertUtils.generateKeyPair();
            CertUtils.encodePrivateKey(generateKeyPair.getPrivate(), file3);
            Calendar calendar = Calendar.getInstance();
            Date time = calendar.getTime();
            calendar.add(5, 1);
            Date time2 = calendar.getTime();
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Name, generateKeyPair.getPublic());
            ContentSigner build = new JcaContentSignerBuilder(CertUtils.SIGNATURE_ALGORITHM).setProvider(CertUtils.BC_PROVIDER).build(this.keyPair.getPrivate());
            PKCS10CertificationRequest build2 = jcaPKCS10CertificationRequestBuilder.build(build);
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(this.cert.getSubject(), bigInteger, time, time2, build2.getSubject(), build2.getSubjectPublicKeyInfo());
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
            x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(this.cert));
            x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(build2.getSubjectPublicKeyInfo()));
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(32));
            CertUtils.encodeCertificate(new JcaX509CertificateConverter().setProvider(CertUtils.BC_PROVIDER).getCertificate(x509v3CertificateBuilder.build(build)), file2);
        }
    }

    private static void registerProvider() {
        if (Security.getProvider(BC_PROVIDER) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public static KeyPair generateKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        registerProvider();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, BC_PROVIDER);
        keyPairGenerator.initialize(EC_PARAMS);
        return keyPairGenerator.generateKeyPair();
    }

    public static void encodeCertificate(X509Certificate x509Certificate, File file) throws IOException, CertificateEncodingException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            encodeCertificate(x509Certificate, fileWriter);
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void encodeCertificate(X509Certificate x509Certificate, Writer writer) throws IOException, CertificateEncodingException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        try {
            jcaPEMWriter.writeObject(new PemObject("CERTIFICATE", x509Certificate.getEncoded()));
            jcaPEMWriter.close();
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void encodePrivateKey(PrivateKey privateKey, File file) throws IOException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            encodePrivateKey(privateKey, fileWriter);
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void encodePrivateKey(PrivateKey privateKey, Writer writer) throws IOException {
        JcaPKCS8Generator jcaPKCS8Generator = new JcaPKCS8Generator(privateKey, (OutputEncryptor) null);
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(writer);
        try {
            jcaPEMWriter.writeObject(jcaPKCS8Generator.generate());
            jcaPEMWriter.close();
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CA generateCA() throws Exception {
        KeyPair generateKeyPair = generateKeyPair();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(5, 3);
        Date time2 = calendar.getTime();
        BigInteger bigInteger = new BigInteger(Long.toString(new SecureRandom().nextLong()));
        X500Name x500Name = new X500Name("CN=goodwill-server");
        ContentSigner build = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BC_PROVIDER).build(generateKeyPair.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, time, time2, x500Name, generateKeyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(generateKeyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(new ASN1Encodable[]{new GeneralName(2, "localhost"), new GeneralName(7, "127.0.0.1")}));
        return new CA(generateKeyPair, jcaX509v3CertificateBuilder.build(build));
    }
}
