package de.fraunhofer.iosb.ilt.faaast.service.certificate.util;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.stream.Stream;
import org.apache.poi.hssf.record.SSTRecord;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/fraunhofer/iosb/ilt/faaast/service/certificate/util/SelfSignedCertificateGenerator.class */
public class SelfSignedCertificateGenerator {
    public static KeyPair generateRsaKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyPair generateEcKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public X509Certificate generateSelfSigned(KeyPair keyPair, Date date, Date date2, String str, String str2, String str3, String str4, String str5, String str6, String str7, List<String> list, List<String> list2, String str8) throws Exception {
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        if (str != null) {
            x500NameBuilder.addRDN(BCStyle.CN, str);
        }
        if (str2 != null) {
            x500NameBuilder.addRDN(BCStyle.O, str2);
        }
        if (str3 != null) {
            x500NameBuilder.addRDN(BCStyle.OU, str3);
        }
        if (str4 != null) {
            x500NameBuilder.addRDN(BCStyle.L, str4);
        }
        if (str5 != null) {
            x500NameBuilder.addRDN(BCStyle.ST, str5);
        }
        if (str6 != null) {
            x500NameBuilder.addRDN(BCStyle.C, str6);
        }
        X500Name build = x500NameBuilder.build();
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(build, new BigInteger(Long.toString(System.currentTimeMillis())), date, date2, Locale.ENGLISH, build, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        BasicConstraints basicConstraints = new BasicConstraints(0);
        addAuthorityKeyIdentifier(x509v3CertificateBuilder, keyPair);
        addBasicConstraints(x509v3CertificateBuilder, basicConstraints);
        addKeyUsage(x509v3CertificateBuilder);
        addExtendedKeyUsage(x509v3CertificateBuilder);
        addSubjectAlternativeNames(x509v3CertificateBuilder, keyPair, str7, list, list2);
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str8).setProvider(new BouncyCastleProvider()).build(keyPair.getPrivate())));
    }

    protected void addSubjectAlternativeNames(X509v3CertificateBuilder x509v3CertificateBuilder, KeyPair keyPair, String str, List<String> list, List<String> list2) throws CertIOException, NoSuchAlgorithmException {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(new GeneralName(6, str));
        }
        Stream<R> map = list.stream().distinct().map(str2 -> {
            return new GeneralName(2, str2);
        });
        Objects.requireNonNull(arrayList);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = list2.stream().distinct().map(str3 -> {
            return new GeneralName(7, str3);
        });
        Objects.requireNonNull(arrayList);
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[0])));
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
    }

    protected void addExtendedKeyUsage(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
    }

    protected void addKeyUsage(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(SSTRecord.sid));
    }

    protected void addBasicConstraints(X509v3CertificateBuilder x509v3CertificateBuilder, BasicConstraints basicConstraints) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) basicConstraints);
    }

    protected void addAuthorityKeyIdentifier(X509v3CertificateBuilder x509v3CertificateBuilder, KeyPair keyPair) throws CertIOException, NoSuchAlgorithmException {
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
    }
}
