package com.dkfqs.proxyrecorder.lib;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import net.sf.ehcache.concurrent.Sync;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;

/* loaded from: input_file:com/dkfqs/proxyrecorder/lib/GenerateX509ServerCertificate.class */
public class GenerateX509ServerCertificate {
    private static final SecureRandom secureRandom = new SecureRandom();
    private KeyPair keypair = null;
    private X509Certificate sslServerCertificate = null;

    public void generateCertificate(String str, String str2, X509Certificate x509Certificate, RSAPrivateKey rSAPrivateKey) {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new GeneralName(2, str));
            if (str2 != null) {
                arrayList.add(new GeneralName(7, str2));
            }
            DERSequence dERSequence = new DERSequence((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[0]));
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, secureRandom);
            this.keypair = keyPairGenerator.generateKeyPair();
            X500Name build = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, str).build();
            byte[] bArr = new byte[20];
            secureRandom.nextBytes(bArr);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, new BigInteger(160, secureRandom), new Date(System.currentTimeMillis() - Sync.ONE_DAY), new Date(System.currentTimeMillis() + 157680000000L), build, this.keypair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, bArr);
            jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifierStructure(x509Certificate));
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) dERSequence);
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false));
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(160).getEncoded());
            jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth}).getEncoded());
            X509CertificateHolder build2 = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(rSAPrivateKey));
            JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
            jcaX509CertificateConverter.setProvider(new BouncyCastleProvider());
            this.sslServerCertificate = jcaX509CertificateConverter.getCertificate(build2);
        } catch (Throwable th) {
            System.out.println("Fatal error occurred at " + getClass().getSimpleName());
            th.printStackTrace();
            System.exit(1);
        }
    }

    public KeyStore getTransientKeyStore(String str, X509Certificate x509Certificate) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(SslConfigurationDefaults.KEYSTORE_TYPE);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("nixda" + "Cert", this.sslServerCertificate);
        keyStore.setKeyEntry("nixda" + "Key", this.keypair.getPrivate(), str.toCharArray(), new Certificate[]{this.sslServerCertificate, x509Certificate});
        return keyStore;
    }

    public KeyPair getKeypair() {
        return this.keypair;
    }

    public X509Certificate getCertificate() {
        return this.sslServerCertificate;
    }
}
