package lu.nowina.nexu.https;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:lu/nowina/nexu/https/PKIManager.class */
public class PKIManager {
    public KeyPair createKeyPair() {
        try {
            return KeyPairGenerator.getInstance("RSA").generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public X509Certificate generateSelfSignedCertificate(PrivateKey privateKey, PublicKey publicKey, Date date, Date date2, String str) {
        try {
            ContentSigner build = new JcaContentSignerBuilder("SHA512withRSA").build(privateKey);
            X500Name x500Name = new X500Name(str);
            return toX509Certificate(generateX509Cert(x500Name, build, x500Name, new BigInteger(Long.toString(new Random().nextLong())), date, date2, publicKey, null, null));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected X509CertificateHolder generateX509Cert(X500Name x500Name, ContentSigner contentSigner, X500Name x500Name2, BigInteger bigInteger, Date date, Date date2, PublicKey publicKey, String str, String str2) throws Exception {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_DH_anon_WITH_AES_128_GCM_SHA256));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
        return x509v3CertificateBuilder.build(contentSigner);
    }

    private X509Certificate toX509Certificate(X509CertificateHolder x509CertificateHolder) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
        } catch (IOException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
