package cybervillains.ca;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:cybervillains/ca/CertificateCreator.class */
public class CertificateCreator {
    public static final String SIGN_ALGO = "SHA1withRSA";

    public static X509Certificate generateStdSSLServerCertificate(PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey, String str, String str2) throws SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSubjectDN(new X500Principal(str));
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGN_ALGO);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 155520000000L));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 31104000000L));
        x509V3CertificateGenerator.setIssuerDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(x509Certificate.getPublicKey()));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, new DERSequence(new ASN1Encodable[]{new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth), new DERObjectIdentifier(ExtendedKeyUsageConstants.clientAuth), new DERObjectIdentifier(ExtendedKeyUsageConstants.netscapeServerGatedCrypto), new DERObjectIdentifier(ExtendedKeyUsageConstants.msServerGatedCrypto)}));
        if (str2 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.CRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(0, new GeneralName(6, str2)), (ReasonFlags) null, (GeneralNames) null)}));
        }
        return x509V3CertificateGenerator.generate(privateKey, "BC");
    }

    public static X509Certificate createTypicalMasterCert(KeyPair keyPair) throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X509Principal x509Principal = new X509Principal("O=CyberVillians.com,OU=CyberVillians Certification Authority,C=US");
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
        x509V3CertificateGenerator.setIssuerDN(x509Principal);
        x509V3CertificateGenerator.setSubjectDN(x509Principal);
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 31104000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 622080000000L));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGN_ALGO);
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(6));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, new DERSequence(new ASN1Encodable[]{new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth), new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning), new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown)}));
        X509Certificate generate = x509V3CertificateGenerator.generate(keyPair.getPrivate(), "BC");
        generate.checkValidity(new Date());
        generate.verify(keyPair.getPublic());
        return generate;
    }
}
