package io.skodjob.testframe.security;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:io/skodjob/testframe/security/CertAndKeyBuilder.class */
public class CertAndKeyBuilder {
    public static final int KEY_SIZE = 2048;
    public static final String KEY_PAIR_ALGORITHM = "RSA";
    public static final String SIGNATURE_ALGORITHM = "SHA256WithRSA";
    public static final Duration CERTIFICATE_VALIDITY_PERIOD = Duration.ofDays(30);
    private final KeyPair keyPair;
    private final CertAndKey caCert;
    private final List<Extension> extensions;
    private X500Name issuer;
    private X500Name subject;

    private CertAndKeyBuilder(KeyPair keyPair, CertAndKey certAndKey, List<Extension> list) {
        this.keyPair = keyPair;
        this.caCert = certAndKey;
        if (certAndKey != null) {
            try {
                this.issuer = new JcaX509CertificateHolder(certAndKey.getCertificate()).getSubject();
            } catch (CertificateEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        this.extensions = new ArrayList(list);
    }

    public static CertAndKeyBuilder rootCaCertBuilder() {
        KeyPair generateKeyPair = generateKeyPair();
        return new CertAndKeyBuilder(generateKeyPair, null, Arrays.asList(new Extension(Extension.keyUsage, true, keyUsage(6)), new Extension(Extension.basicConstraints, true, ca()), new Extension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(generateKeyPair.getPublic()))));
    }

    public static CertAndKeyBuilder intermediateCaCertBuilder(CertAndKey certAndKey) {
        KeyPair generateKeyPair = generateKeyPair();
        return new CertAndKeyBuilder(generateKeyPair, certAndKey, Arrays.asList(new Extension(Extension.keyUsage, true, keyUsage(4)), new Extension(Extension.basicConstraints, true, ca()), new Extension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(generateKeyPair.getPublic())), new Extension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier(certAndKey.getPublicKey()))));
    }

    public static CertAndKeyBuilder appCaCertBuilder(CertAndKey certAndKey) {
        KeyPair generateKeyPair = generateKeyPair();
        return new CertAndKeyBuilder(generateKeyPair, certAndKey, Arrays.asList(new Extension(Extension.basicConstraints, true, ca()), new Extension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(generateKeyPair.getPublic())), new Extension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier(certAndKey.getPublicKey()))));
    }

    public static CertAndKeyBuilder endEntityCertBuilder(CertAndKey certAndKey) {
        KeyPair generateKeyPair = generateKeyPair();
        return new CertAndKeyBuilder(generateKeyPair, certAndKey, Arrays.asList(new Extension(Extension.keyUsage, true, keyUsage(160)), new Extension(Extension.extendedKeyUsage, false, extendedKeyUsage(KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth)), new Extension(Extension.basicConstraints, true, notCa()), new Extension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier(generateKeyPair.getPublic())), new Extension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier(certAndKey.getPublicKey()))));
    }

    public CertAndKeyBuilder withIssuerDn(String str) {
        this.issuer = new X500Name(str);
        return this;
    }

    public CertAndKeyBuilder withSubjectDn(String str) {
        this.subject = new X500Name(str);
        return this;
    }

    public CertAndKeyBuilder withSanDnsName(String str) {
        this.extensions.add(new Extension(Extension.subjectAlternativeName, false, encode(GeneralNames.getInstance(new DERSequence(new GeneralName(2, str))))));
        return this;
    }

    public CertAndKeyBuilder withSanDnsNames(ASN1Encodable[] aSN1EncodableArr) {
        this.extensions.add(new Extension(Extension.subjectAlternativeName, false, encode(GeneralNames.getInstance(new DERSequence(aSN1EncodableArr)))));
        return this;
    }

    public CertAndKey build() {
        try {
            BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
            ContentSigner createContentSigner = createContentSigner();
            Instant minus = Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.issuer, valueOf, Date.from(minus), Date.from(minus.plus((TemporalAmount) CERTIFICATE_VALIDITY_PERIOD)), this.subject, this.keyPair.getPublic());
            Iterator<Extension> it = this.extensions.iterator();
            while (it.hasNext()) {
                jcaX509v3CertificateBuilder.addExtension(it.next());
            }
            return new CertAndKey(new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(createContentSigner)), this.keyPair.getPrivate());
        } catch (CertIOException | CertificateException | OperatorCreationException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private ContentSigner createContentSigner() throws OperatorCreationException {
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM);
        return this.caCert == null ? jcaContentSignerBuilder.build(this.keyPair.getPrivate()) : jcaContentSignerBuilder.build(this.caCert.getPrivateKey());
    }

    private static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM, "BC");
            keyPairGenerator.initialize(KEY_SIZE);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] keyUsage(int i) {
        return encode(new KeyUsage(i));
    }

    private static byte[] extendedKeyUsage(KeyPurposeId... keyPurposeIdArr) {
        return encode(new ExtendedKeyUsage(keyPurposeIdArr));
    }

    private static byte[] notCa() {
        return encode(new BasicConstraints(false));
    }

    private static byte[] ca() {
        return encode(new BasicConstraints(true));
    }

    private static byte[] createSubjectKeyIdentifier(PublicKey publicKey) {
        return encode(createExtensionUtils().createSubjectKeyIdentifier(publicKey));
    }

    private static byte[] createAuthorityKeyIdentifier(PublicKey publicKey) {
        return encode(createExtensionUtils().createAuthorityKeyIdentifier(publicKey));
    }

    private static byte[] encode(ASN1Object aSN1Object) {
        try {
            return aSN1Object.getEncoded();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static JcaX509ExtensionUtils createExtensionUtils() {
        try {
            return new JcaX509ExtensionUtils();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
