package nxt.util;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import nxt.cc;
import nxt.g50;
import nxt.np;
import nxt.ox;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: classes.dex */
public class SslKeyStoreGenerator {
    public final Path a;
    public final String b;
    public final String c;
    public final List<String> d;
    public final int e;
    public final int f;
    public final String g;
    public final String h;

    /* loaded from: classes.dex */
    public static class b {
        public Path a = Paths.get("cert", "local_ssl.jks");
        public String b = "123456";
        public String c = "JKS";
        public final List<String> d;
        public int e;
        public int f;
        public String g;
        public String h;

        public b() {
            ArrayList arrayList = new ArrayList();
            this.d = arrayList;
            this.e = 36500;
            this.f = 2048;
            this.g = "RSA";
            this.h = "SHA256WithRSAEncryption";
            arrayList.add("localhost");
            arrayList.add("ip:127.0.0.1");
        }
    }

    /* loaded from: classes.dex */
    public static class c extends Exception {
        public c(Throwable th, a aVar) {
            super(th);
        }
    }

    public SslKeyStoreGenerator(b bVar, a aVar) {
        this.a = bVar.a;
        this.b = bVar.b;
        this.c = bVar.c;
        this.d = Collections.unmodifiableList(bVar.d);
        this.e = bVar.e;
        this.f = bVar.f;
        this.g = bVar.g;
        this.h = bVar.h;
    }

    public static Path c(Path path) {
        String path2 = path.getFileName().toString();
        if (path2.indexOf(".") > 0) {
            path2 = path2.substring(0, path2.lastIndexOf("."));
        }
        return path.getParent().resolve(path2 + "-ca.crt");
    }

    public static void main(String[] strArr) {
        try {
            new SslKeyStoreGenerator(new b(), null).a();
        } catch (c e) {
            e.printStackTrace();
        }
    }

    public void a() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.g);
            keyPairGenerator.initialize(this.f);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
            Files.createDirectories(this.a.getParent(), new FileAttribute[0]);
            X509Certificate b2 = b(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), true);
            FileOutputStream fileOutputStream = new FileOutputStream(c(this.a).toFile());
            fileOutputStream.write(b2.getEncoded());
            fileOutputStream.close();
            X509Certificate b3 = b(generateKeyPair2.getPublic(), generateKeyPair.getPrivate(), false);
            KeyStore keyStore = KeyStore.getInstance(this.c);
            keyStore.load(null, this.b.toCharArray());
            keyStore.setKeyEntry("main", generateKeyPair2.getPrivate(), this.b.toCharArray(), new Certificate[]{b3, b2});
            keyStore.store(new FileOutputStream(this.a.toFile()), this.b.toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new c(e, null);
        }
    }

    public final X509Certificate b(PublicKey publicKey, PrivateKey privateKey, boolean z) {
        try {
            AlgorithmIdentifier b2 = new DefaultSignatureAlgorithmIdentifierFinder().b(this.h);
            AlgorithmIdentifier a2 = new DefaultDigestAlgorithmIdentifierFinder().a(b2);
            AsymmetricKeyParameter a3 = PrivateKeyFactory.a(privateKey.getEncoded());
            SubjectPublicKeyInfo k = SubjectPublicKeyInfo.k(publicKey.getEncoded());
            ContentSigner a4 = new BcRSAContentSignerBuilder(b2, a2).a(a3);
            X500Name d = d(z);
            X500Name d2 = z ? d : d(true);
            Date date = new Date();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(d2, new BigInteger(64, cc.i()), date, new Date(((this.e + (z ? 1 : 0)) * 24 * 60 * 60 * 1000) + date.getTime()), d, k);
            if (z) {
                x509v3CertificateBuilder.a(Extension.v2, true, new BasicConstraints(true));
                x509v3CertificateBuilder.a(Extension.s2, true, new KeyUsage(4));
            } else {
                x509v3CertificateBuilder.a(Extension.t2, false, new GeneralNames((GeneralName[]) this.d.stream().map(g50.w2).toArray(ox.i)));
            }
            return new JcaX509CertificateConverter().a(x509v3CertificateBuilder.b(a4));
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    public final X500Name d(boolean z) {
        return new X500Name(np.o("CN=", z ? "Ardor Local CA" : this.d.get(0), ", O=Jelurida, OU=Ardor"));
    }
}
