package org.bouncycastle.tls.test;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX500NameUtil;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/bouncycastle/tls/test/CertChainUtil.class */
public class CertChainUtil {
    public static String BC = "BC";
    private static final AtomicLong serialNumber = new AtomicLong(1);

    public static X509Certificate createMasterCert(String str, KeyPair keyPair) throws Exception {
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v1CertificateBuilder(new X500Name(str), BigInteger.valueOf(serialNumber.getAndIncrement()), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 2592000000L), new X500Name(str), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(keyPair.getPrivate())));
    }

    public static X509Certificate createIntermediateCert(String str, PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(JcaX500NameUtil.getIssuer(x509Certificate), BigInteger.valueOf(serialNumber.getAndIncrement()), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 2592000000L), new X500Name(str), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey)));
    }

    public static X509Certificate createEndEntityCert(String str, PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(createBaseEndEntityBuilder(str, publicKey, x509Certificate).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey)));
    }

    public static X509Certificate createEndEntityCert(String str, PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, KeyPurposeId keyPurposeId) throws Exception {
        X509v3CertificateBuilder createBaseEndEntityBuilder = createBaseEndEntityBuilder(str, publicKey, x509Certificate);
        createBaseEndEntityBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(keyPurposeId));
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(createBaseEndEntityBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey)));
    }

    private static X509v3CertificateBuilder createBaseEndEntityBuilder(String str, PublicKey publicKey, X509Certificate x509Certificate) throws IOException, NoSuchAlgorithmException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getIssuerX500Principal(), BigInteger.valueOf(serialNumber.getAndIncrement()), new Date(System.currentTimeMillis() - 2592000000L), new Date(System.currentTimeMillis() + 2592000000L), new X500Principal(new X500Name(str).getEncoded()), publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate.getPublicKey()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        return jcaX509v3CertificateBuilder;
    }
}
