package org.commonjava.indy.httprox.util;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import sun.security.x509.AlgorithmId;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/commonjava/indy/httprox/util/CertUtils.class */
public class CertUtils {
    public static final String DEFAULT_SIGN_ALGORITHM = "SHA256withRSA";
    public static final String KEY_TYPE_RSA = "RSA";
    public static final String CERT_TYPE_X509 = "X.509";
    public static final int DEFAULT_CERT_EXPIRATION_DAYS = 365;

    public static X509Certificate generateX509Certificate(KeyPair keyPair, String str, int i, String str2) throws GeneralSecurityException, IOException {
        PrivateKey privateKey = keyPair.getPrivate();
        X509CertInfo x509CertInfo = new X509CertInfo();
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + TimeUnit.DAYS.toMillis(i)));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X500Name x500Name = new X500Name(str);
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
        x509CertInfo.set("subject", x500Name);
        x509CertInfo.set("issuer", x500Name);
        x509CertInfo.set("key", new CertificateX509Key(keyPair.getPublic()));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)));
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, str2);
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get("x509.algorithm"));
        X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(privateKey, str2);
        return x509CertImpl2;
    }

    public static X509Certificate loadX509Certificate(File file) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance(CERT_TYPE_X509);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
        Throwable th = null;
        try {
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                if (bufferedInputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                return (X509Certificate) generateCertificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (bufferedInputStream != null) {
                if (th != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static KeyStore createKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        return keyStore;
    }

    public static KeyStore loadKeyStore(File file, String str) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(new FileInputStream(file), str.toCharArray());
        return keyStore;
    }

    public static PrivateKey getPrivateKey(String str) throws Exception {
        return KeyFactory.getInstance(KEY_TYPE_RSA).generatePrivate(new PKCS8EncodedKeySpec(Files.readAllBytes(Paths.get(str, new String[0]))));
    }

    public static PublicKey getPublicKey(String str) throws Exception {
        return KeyFactory.getInstance(KEY_TYPE_RSA).generatePublic(new X509EncodedKeySpec(Files.readAllBytes(Paths.get(str, new String[0]))));
    }

    public static X509Certificate createSignedCertificate(X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, boolean z) throws Exception {
        Principal subjectDN = x509Certificate2.getSubjectDN();
        String sigAlgName = x509Certificate2.getSigAlgName();
        X509CertInfo x509CertInfo = new X509CertInfo(x509Certificate.getTBSCertificate());
        x509CertInfo.set("issuer", subjectDN);
        if (z) {
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(false, new BasicConstraintsExtension(true, -1).getExtensionValue()));
            x509CertInfo.set("extensions", certificateExtensions);
        }
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, sigAlgName);
        return x509CertImpl;
    }

    public static CertificateAndKeys createSignedCertificateAndKey(String str, X509Certificate x509Certificate, PrivateKey privateKey, boolean z) throws Exception {
        KeyPair generateKeyPair = KeyPairGenerator.getInstance(KEY_TYPE_RSA).generateKeyPair();
        return new CertificateAndKeys(createSignedCertificate(generateX509Certificate(generateKeyPair, str, DEFAULT_CERT_EXPIRATION_DAYS, DEFAULT_SIGN_ALGORITHM), x509Certificate, privateKey, z), generateKeyPair.getPrivate(), generateKeyPair.getPublic());
    }
}
