package org.xwiki.crypto.x509.internal;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKKeyPairGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-crypto-5.2-milestone-2.jar:org/xwiki/crypto/x509/internal/X509Keymaker.class */
public class X509Keymaker {
    private static final String CA_ORGANIZATION_NAME = "Fake authorities for trusting client certificates";
    private final X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
    private final JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
    private final long anHour = 3600000;
    private final long aDay = 86400000;
    private final String certSignatureAlgorithm = "SHA1WithRSAEncryption";
    private KeyPair authorityKeyPair;
    private X509Certificate authorityCertificate;

    public X509Keymaker() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public KeyPair newKeyPair() {
        return this.keyPairGen.generateKeyPair();
    }

    public void setAuthorityKeyPair(KeyPair keyPair) {
        this.authorityKeyPair = keyPair;
    }

    public void setAuthorityCertificate(X509Certificate x509Certificate) {
        this.authorityCertificate = x509Certificate;
    }

    public X509Certificate getAuthorityCertificate() {
        return this.authorityCertificate;
    }

    public synchronized X509Certificate[] makeClientAndAuthorityCertificates(PublicKey publicKey, int i, boolean z, String str, String str2) throws GeneralSecurityException {
        KeyPair keyPair = this.authorityKeyPair;
        if (keyPair == null) {
            keyPair = newKeyPair();
        }
        X509Certificate[] x509CertificateArr = {makeClientCertificate(publicKey, keyPair, i, z, str, str2), getAuthorityCertificate()};
        if (x509CertificateArr[1] == null) {
            x509CertificateArr[1] = makeCertificateAuthority(keyPair, i, str);
        }
        return x509CertificateArr;
    }

    public synchronized X509Certificate makeClientCertificate(PublicKey publicKey, KeyPair keyPair, int i, boolean z, String str, String str2) throws GeneralSecurityException {
        try {
            X509Name x509Name = new X509Name("UID=" + str2);
            prepareGenericCertificate(publicKey, i, x509Name, x509Name);
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.BasicConstraints, true, (DEREncodable) new BasicConstraints(false));
            this.certGenerator.addExtension((DERObjectIdentifier) MiscObjectIdentifiers.netscapeCertType, false, (DEREncodable) new NetscapeCertType(160));
            int i2 = 184;
            if (z) {
                i2 = 184 | 64;
            }
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.KeyUsage, true, (DEREncodable) new KeyUsage(i2));
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.AuthorityKeyIdentifier, false, (DEREncodable) new AuthorityKeyIdentifierStructure(keyPair.getPublic()));
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.SubjectAlternativeName, true, (DEREncodable) new GeneralNames(new GeneralName(6, str)));
            X509Certificate generate = generate(keyPair);
            this.certGenerator.reset();
            return generate;
        } catch (Throwable th) {
            this.certGenerator.reset();
            throw th;
        }
    }

    public synchronized X509Certificate makeCertificateAuthority(KeyPair keyPair, int i, final String str) throws GeneralSecurityException {
        try {
            X509Name x509Name = new X509Name(new Vector<DERObjectIdentifier>() { // from class: org.xwiki.crypto.x509.internal.X509Keymaker.1
                {
                    add(X509Name.O);
                    add(X509Name.CN);
                }
            }, new Vector<String>() { // from class: org.xwiki.crypto.x509.internal.X509Keymaker.2
                {
                    add(X509Keymaker.CA_ORGANIZATION_NAME);
                    add(str);
                }
            });
            prepareGenericCertificate(keyPair.getPublic(), i, x509Name, x509Name);
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.BasicConstraints, true, (DEREncodable) new BasicConstraints(0));
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.KeyUsage, true, (DEREncodable) new KeyUsage(4));
            this.certGenerator.addExtension((DERObjectIdentifier) X509Extensions.SubjectKeyIdentifier, false, (DEREncodable) new SubjectKeyIdentifierStructure(keyPair.getPublic()));
            X509Certificate generate = generate(keyPair);
            this.certGenerator.reset();
            return generate;
        } catch (Throwable th) {
            this.certGenerator.reset();
            throw th;
        }
    }

    private synchronized void prepareGenericCertificate(PublicKey publicKey, int i, X509Name x509Name, X509Name x509Name2) {
        this.certGenerator.reset();
        X509V3CertificateGenerator x509V3CertificateGenerator = this.certGenerator;
        long currentTimeMillis = System.currentTimeMillis();
        getClass();
        x509V3CertificateGenerator.setNotBefore(new Date(currentTimeMillis - 3600000));
        X509V3CertificateGenerator x509V3CertificateGenerator2 = this.certGenerator;
        long currentTimeMillis2 = System.currentTimeMillis();
        getClass();
        x509V3CertificateGenerator2.setNotAfter(new Date(currentTimeMillis2 + (86400000 * i)));
        this.certGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()).abs());
        this.certGenerator.setPublicKey(publicKey);
        X509V3CertificateGenerator x509V3CertificateGenerator3 = this.certGenerator;
        getClass();
        x509V3CertificateGenerator3.setSignatureAlgorithm("SHA1WithRSAEncryption");
        this.certGenerator.setSubjectDN(x509Name);
        this.certGenerator.setIssuerDN(x509Name2);
    }

    private synchronized X509Certificate generate(KeyPair keyPair) throws GeneralSecurityException {
        X509Certificate generate = this.certGenerator.generate(keyPair.getPrivate());
        generate.verify(keyPair.getPublic());
        return generate;
    }
}
