package org.hyperledger.fabric.sdk.security.certgen;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.UUID;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/hyperledger/fabric/sdk/security/certgen/TLSCertificateBuilder.class */
public class TLSCertificateBuilder {
    private static final SecureRandom rand = new SecureRandom();
    private static final String defaultSignatureAlgorithm = "SHA256withECDSA";
    private static final String defaultKeyType = "EC";
    private String commonName = UUID.randomUUID().toString();
    private String signatureAlgorithm = defaultSignatureAlgorithm;
    private String keyType = defaultKeyType;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/hyperledger/fabric/sdk/security/certgen/TLSCertificateBuilder$CertType.class */
    public enum CertType {
        CLIENT,
        SERVER;

        ExtendedKeyUsage keyUsage() {
            KeyPurposeId[] keyPurposeIdArr = {KeyPurposeId.id_kp_clientAuth};
            if (ordinal() == 1) {
                keyPurposeIdArr[0] = KeyPurposeId.id_kp_serverAuth;
            }
            return new ExtendedKeyUsage(keyPurposeIdArr);
        }
    }

    /* loaded from: input_file:org/hyperledger/fabric/sdk/security/certgen/TLSCertificateBuilder$SelfSignedKeyIdentifier.class */
    private static class SelfSignedKeyIdentifier {
        private static SecureRandom rand = new SecureRandom();
        private byte[] bytes = new byte[20];

        SelfSignedKeyIdentifier() {
            rand.nextBytes(this.bytes);
        }

        byte[] authorityKeyIdentifier() {
            return this.bytes;
        }

        byte[] subjectKeyIdentifier() {
            return this.bytes;
        }
    }

    public TLSCertificateKeyPair clientCert() {
        try {
            return createCert(CertType.CLIENT, null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public TLSCertificateKeyPair serverCert(String str) {
        try {
            return createCert(CertType.SERVER, str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private TLSCertificateKeyPair createCert(CertType certType, String str) throws Exception {
        KeyPair createKeyPair = createKeyPair();
        return TLSCertificateKeyPair.fromX509CertKeyPair(createSelfSignedCertificate(certType, createKeyPair, str), createKeyPair);
    }

    private X509Certificate createSelfSignedCertificate(CertType certType, KeyPair keyPair, String str) throws Exception {
        X509v3CertificateBuilder createCertBuilder = createCertBuilder(keyPair);
        createCertBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false).getEncoded());
        createCertBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(160).getEncoded());
        createCertBuilder.addExtension(Extension.extendedKeyUsage, false, certType.keyUsage().getEncoded());
        if (str != null) {
            addSAN(createCertBuilder, str);
        }
        X509CertificateHolder build = createCertBuilder.build(new JcaContentSignerBuilder(this.signatureAlgorithm).build(keyPair.getPrivate()));
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider(new BouncyCastleProvider());
        return jcaX509CertificateConverter.getCertificate(build);
    }

    private void addSAN(X509v3CertificateBuilder x509v3CertificateBuilder, String str) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new DERSequence(new ASN1Encodable[]{new GeneralName(2, str)}));
    }

    private X509v3CertificateBuilder createCertBuilder(KeyPair keyPair) {
        X500Name build = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, this.commonName).build();
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(5, -1);
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.add(1, 10);
        return new JcaX509v3CertificateBuilder(build, new BigInteger(160, rand), gregorianCalendar.getTime(), gregorianCalendar2.getTime(), build, keyPair.getPublic());
    }

    private KeyPair createKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyType, (Provider) new BouncyCastleProvider());
        keyPairGenerator.initialize(256, rand);
        return keyPairGenerator.generateKeyPair();
    }
}
