package org.mockserver.socket;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: input_file:WEB-INF/lib/mockserver-core-3.6.jar:org/mockserver/socket/KeyStoreFactory.class */
public class KeyStoreFactory {
    public static KeyPair generateRSAKeyPair() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(PKIFailureInfo.wrongIntegrity, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public X509Certificate createCACert(PublicKey publicKey, PrivateKey privateKey) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.addExtension((DERObjectIdentifier) X509Extensions.BasicConstraints, false, (ASN1Encodable) new BasicConstraints(true));
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 2592000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 2592000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK"));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
        X509Certificate generate = x509V3CertificateGenerator.generate(privateKey);
        generate.checkValidity(new Date());
        generate.verify(publicKey);
        return generate;
    }

    public X509Certificate createClientCert(PublicKey publicKey, PrivateKey privateKey, PublicKey publicKey2, String str, String[] strArr, String[] strArr2) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(new X509Principal("CN=www.mockserver.com, O=MockServer, L=London, ST=England, C=UK"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 2592000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 2592000000L));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal("CN=" + str + ", O=MockServer, L=London, ST=England, C=UK"));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
        ArrayList arrayList = new ArrayList();
        if (strArr != null) {
            for (String str2 : strArr) {
                arrayList.add(new GeneralName(2, str2));
            }
        }
        if (strArr2 != null) {
            for (String str3 : strArr2) {
                arrayList.add(new GeneralName(7, str3));
            }
        }
        if (arrayList.size() > 0) {
            x509V3CertificateGenerator.addExtension((DERObjectIdentifier) Extension.subjectAlternativeName, false, (ASN1Encodable) new DERSequence((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[arrayList.size()])));
        }
        X509Certificate generate = x509V3CertificateGenerator.generate(privateKey);
        generate.checkValidity(new Date());
        generate.verify(publicKey2);
        return generate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore generateCertificate(String str, String str2, char[] cArr, String str3, String[] strArr, String[] strArr2) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPair generateRSAKeyPair = generateRSAKeyPair();
        PrivateKey privateKey = generateRSAKeyPair.getPrivate();
        PublicKey publicKey = generateRSAKeyPair.getPublic();
        KeyPair generateRSAKeyPair2 = generateRSAKeyPair();
        PrivateKey privateKey2 = generateRSAKeyPair2.getPrivate();
        PublicKey publicKey2 = generateRSAKeyPair2.getPublic();
        X509Certificate createCACert = createCACert(publicKey2, privateKey2);
        X509Certificate createClientCert = createClientCert(publicKey, privateKey2, publicKey2, str3, strArr, strArr2);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str, privateKey, cArr, new X509Certificate[]{createClientCert, createCACert});
        return keyStore;
    }
}
