package com.github.monkeywie.proxyee.crt.service.bc;

import com.github.monkeywie.proxyee.crt.CertUtilsLoader;
import com.github.monkeywie.proxyee.crt.spi.CertGenerator;
import com.github.monkeywie.proxyee.crt.spi.CertGeneratorInfo;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

@CertGeneratorInfo(name = CertUtilsLoader.DEFAULT_GENERATOR_NAME)
/* loaded from: input_file:com/github/monkeywie/proxyee/crt/service/bc/BouncyCastleCertGenerator.class */
public class BouncyCastleCertGenerator implements CertGenerator {
    private static KeyFactory keyFactory;

    @Override // com.github.monkeywie.proxyee.crt.spi.CertGenerator
    public X509Certificate generateServerCert(String str, PrivateKey privateKey, Date date, Date date2, PublicKey publicKey, String... strArr) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis() + ((long) (Math.random() * 10000.0d)) + 1000), date, date2, new X500Name((String) Stream.of((Object[]) str.split(", ")).map(str2 -> {
            return "CN".equals(str2.split("=")[0]) ? "CN=" + strArr[0] : str2;
        }).collect(Collectors.joining(", "))), publicKey);
        GeneralName[] generalNameArr = new GeneralName[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            generalNameArr[i] = new GeneralName(2, strArr[i]);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
        return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(privateKey)));
    }

    @Override // com.github.monkeywie.proxyee.crt.spi.CertGenerator
    public X509Certificate generateCaCert(String str, Date date, Date date2, KeyPair keyPair) throws CertIOException, OperatorCreationException, CertificateException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.currentTimeMillis() + ((long) (Math.random() * 10000.0d)) + 1000), date, date2, new X500Name(str), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(0));
        return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate())));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        keyFactory = null;
    }
}
