package convex.core.crypto;

import convex.core.crypto.bc.BCProvider;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:convex/core/crypto/CertUtils.class */
public class CertUtils {
    public static X509Certificate selfSign(KeyPair keyPair, String str) throws OperatorCreationException, CertificateException, IOException {
        BouncyCastleProvider bouncyCastleProvider = BCProvider.BC;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        X500Name x500Name = new X500Name(str);
        BigInteger bigInteger = new BigInteger(Long.toString(currentTimeMillis));
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        Date time = calendar.getTime();
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, date, time, x500Name, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true));
        return new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public static KeyPair generateRSAKeyPair() throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(3072, RSAKeyGenParameterSpec.F4));
        return keyPairGenerator.generateKeyPair();
    }

    public static void createCertificateFiles(String str, Path path) throws GeneralSecurityException, IOException {
        KeyPair generateRSAKeyPair = generateRSAKeyPair();
        try {
            X509Certificate selfSign = selfSign(generateRSAKeyPair, str);
            Path resolve = path.resolve("private.pem");
            Path resolve2 = path.resolve("certificate.pem");
            writePemFile(generateRSAKeyPair.getPrivate().getEncoded(), "PRIVATE KEY", resolve);
            writePemFile(selfSign.getEncoded(), "CERTIFICATE", resolve2);
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException("Failed to self sign certificate", e);
        }
    }

    private static void writePemFile(byte[] bArr, String str, Path path) throws IOException {
        PemWriter pemWriter = new PemWriter(new FileWriter(path.toFile()));
        try {
            pemWriter.writeObject(new PemObject(str, bArr));
            pemWriter.close();
        } catch (Throwable th) {
            try {
                pemWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void main(String... strArr) throws OperatorCreationException, GeneralSecurityException, IOException {
        Providers.init();
        createCertificateFiles("CN=localhost, O=o, L=L, ST=il, C=c", Path.of(".", new String[0]));
    }
}
