package org.openqa.selenium.security;

import ch.qos.logback.core.net.ssl.SSL;
import com.google.common.base.Throwables;
import com.itextpdf.text.pdf.security.SecurityConstants;
import cybervillains.ca.CertificateCreator;
import cybervillains.ca.KeyStoreManager;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.openqa.jetty.html.Input;
import org.openqa.selenium.io.IOUtils;

/* loaded from: input_file:org/openqa/selenium/security/CertificateGenerator.class */
public class CertificateGenerator {
    private static final String KEY_PURPOSE_BASE = "1.3.6.1.5.5.7.3";
    private static final String SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
    private static final String CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
    private static final String BOUNCY_CASTLE = "BC";
    private static char[] SIGNING_PASSWORD = Input.Password.toCharArray();
    private static final AtomicLong serialSeed = new AtomicLong(new Date().getTime() / 1000);
    private final KeyAndCert caCert;
    private final File serializedStore;
    private final KeyPairGenerator pairGenerator;

    public CertificateGenerator(File file) {
        Security.addProvider(new BouncyCastleProvider());
        this.serializedStore = new File(file, "cybervillainsCA.jks");
        try {
            this.pairGenerator = KeyPairGenerator.getInstance(SecurityConstants.RSA);
            this.pairGenerator.initialize(1024);
            this.caCert = readRootSigningCert();
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    public KeyAndCert generateCertificate(String str, String str2) {
        X500Principal issuerX500Principal = this.caCert.getCertificate().getIssuerX500Principal();
        X500Principal x500Principal = new X500Principal(String.format("CN=%s, OU=Test, O=CyberVillainsCA, L=Seattle, S=Washington, C=US", str));
        Date date = new Date(System.currentTimeMillis() - TimeUnit.DAYS.toMillis(1L));
        Date date2 = new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365L));
        KeyPair generateKeyPair = this.pairGenerator.generateKeyPair();
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(generateKeyPair.getPublic().getEncoded())).readObject());
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(issuerX500Principal, BigInteger.valueOf(serialSeed.getAndIncrement()), date, date2, x500Principal, generateKeyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, subjectPublicKeyInfo);
            jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(this.caCert.getCertificate()));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new DERSequence(new ASN1Encodable[]{new DERObjectIdentifier("1.3.6.1.5.5.7.3.1"), new DERObjectIdentifier("1.3.6.1.5.5.7.3.2")}));
            if (str2 != null) {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(0, new GeneralName(6, str2)), null, null)}));
            }
            return new KeyAndCert(generateKeyPair.getPrivate(), new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertificateCreator.SIGN_ALGO).setProvider(BOUNCY_CASTLE).build(this.caCert.getPrivateKey()))));
        } catch (IOException e) {
            throw Throwables.propagate(e);
        } catch (GeneralSecurityException e2) {
            throw Throwables.propagate(e2);
        } catch (OperatorCreationException e3) {
            throw Throwables.propagate(e3);
        }
    }

    private KeyAndCert readRootSigningCert() {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                                fileInputStream = new FileInputStream(this.serializedStore);
                                keyStore.load(fileInputStream, SIGNING_PASSWORD);
                                KeyAndCert keyAndCert = new KeyAndCert((PrivateKey) keyStore.getKey(KeyStoreManager._caPrivKeyAlias, SIGNING_PASSWORD), (X509Certificate) keyStore.getCertificate("signingCert"));
                                IOUtils.closeQuietly(fileInputStream);
                                return keyAndCert;
                            } catch (FileNotFoundException e) {
                                throw Throwables.propagate(e);
                            }
                        } catch (IOException e2) {
                            throw Throwables.propagate(e2);
                        }
                    } catch (CertificateException e3) {
                        throw Throwables.propagate(e3);
                    }
                } catch (KeyStoreException e4) {
                    throw Throwables.propagate(e4);
                }
            } catch (NoSuchAlgorithmException e5) {
                throw Throwables.propagate(e5);
            } catch (UnrecoverableKeyException e6) {
                throw Throwables.propagate(e6);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }
}
