package org.xwiki.crypto.x509.internal;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:WEB-INF/lib/xwiki-platform-legacy-crypto-script-7.0.1.jar:org/xwiki/crypto/x509/internal/X509Keymaker.class */
public class X509Keymaker {
    private static final String CA_ORGANIZATION_NAME = "Fake authorities for trusting client certificates";
    private KeyPairGenerator generator;
    private final long anHour = 3600000;
    private final long aDay = 86400000;
    private final String certSignatureAlgorithm = "SHA1WithRSA";
    private KeyPair authorityKeyPair;
    private X509Certificate authorityCertificate;
    private Provider provider;

    public Provider getProvider() {
        return this.provider;
    }

    public X509Keymaker setProvider(Provider provider) {
        this.provider = provider;
        try {
            this.generator = KeyPairGenerator.getInstance("RSA", provider);
            return this;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public synchronized KeyPair newKeyPair() {
        return this.generator.generateKeyPair();
    }

    public void setAuthorityKeyPair(KeyPair keyPair) {
        this.authorityKeyPair = keyPair;
    }

    public void setAuthorityCertificate(X509Certificate x509Certificate) {
        this.authorityCertificate = x509Certificate;
    }

    public X509Certificate getAuthorityCertificate() {
        return this.authorityCertificate;
    }

    public synchronized X509Certificate[] makeClientAndAuthorityCertificates(PublicKey publicKey, int i, boolean z, String str, String str2) throws GeneralSecurityException {
        KeyPair keyPair = this.authorityKeyPair;
        if (keyPair == null) {
            keyPair = newKeyPair();
        }
        X509Certificate[] x509CertificateArr = {makeClientCertificate(publicKey, keyPair, i, z, str, str2), getAuthorityCertificate()};
        if (x509CertificateArr[1] == null) {
            x509CertificateArr[1] = makeCertificateAuthority(keyPair, i, str);
        }
        return x509CertificateArr;
    }

    public X509Certificate makeClientCertificate(PublicKey publicKey, KeyPair keyPair, int i, boolean z, String str, String str2) throws GeneralSecurityException {
        X500Name x500Name = new X500Name("UID=" + str2);
        JcaX509v3CertificateBuilder prepareGenericCertificate = prepareGenericCertificate(publicKey, i, x500Name, x500Name);
        try {
            prepareGenericCertificate.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
            prepareGenericCertificate.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(160));
            int i2 = 184;
            if (z) {
                i2 = 184 | 64;
            }
            prepareGenericCertificate.addExtension(X509Extension.keyUsage, true, new KeyUsage(i2));
            prepareGenericCertificate.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic()));
            prepareGenericCertificate.addExtension(X509Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(6, str)));
            return new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(prepareGenericCertificate.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider(this.provider).build(keyPair.getPrivate())));
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    public X509Certificate makeCertificateAuthority(KeyPair keyPair, int i, String str) throws GeneralSecurityException {
        X500Name build = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.O, CA_ORGANIZATION_NAME).addRDN(BCStyle.CN, str).build();
        JcaX509v3CertificateBuilder prepareGenericCertificate = prepareGenericCertificate(keyPair.getPublic(), i, build, build);
        try {
            prepareGenericCertificate.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(0));
            prepareGenericCertificate.addExtension(X509Extension.keyUsage, true, new KeyUsage(4));
            prepareGenericCertificate.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
            return new JcaX509CertificateConverter().setProvider(this.provider).getCertificate(prepareGenericCertificate.build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider(this.provider).build(keyPair.getPrivate())));
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    private JcaX509v3CertificateBuilder prepareGenericCertificate(PublicKey publicKey, int i, X500Name x500Name, X500Name x500Name2) {
        return new JcaX509v3CertificateBuilder(x500Name2, BigInteger.valueOf(System.currentTimeMillis()).abs(), new Date(System.currentTimeMillis() - 3600000), new Date(System.currentTimeMillis() + (86400000 * i)), x500Name, publicKey);
    }
}
