package org.zaproxy.zap.extension.dynssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import java.util.Vector;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
import org.parosproxy.paros.security.SslCertificateService;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/dynssl/SslCertificateUtils.class */
public class SslCertificateUtils {
    private static final long DEFAULT_VALID_DAYS = 365;

    public static final KeyStore createRootCA() throws NoSuchAlgorithmException {
        Date time = Calendar.getInstance().getTime();
        Date date = new Date(time.getTime() + 31536000000L);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PrivateKey privateKey = genKeyPair.getPrivate();
        PublicKey publicKey = genKeyPair.getPublic();
        Random random = new Random();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, "OWASP Zed Attack Proxy Root CA");
        x500NameBuilder.addRDN(BCStyle.L, Integer.toHexString(System.getProperty("user.name").hashCode()) + Integer.toHexString(System.getProperty("user.home").hashCode()));
        x500NameBuilder.addRDN(BCStyle.O, "OWASP Root CA");
        x500NameBuilder.addRDN(BCStyle.OU, "OWASP ZAP Root CA");
        x500NameBuilder.addRDN(BCStyle.C, "xx");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.valueOf(random.nextInt()), time, date, x500NameBuilder.build(), publicKey);
        try {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(182));
            Vector vector = new Vector(3, 1);
            vector.add(KeyPurposeId.id_kp_serverAuth);
            vector.add(KeyPurposeId.id_kp_clientAuth);
            vector.add(KeyPurposeId.anyExtendedKeyUsage);
            jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(vector));
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider("BC").build(privateKey)));
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry(SslCertificateService.ZAPROXY_JKS_ALIAS, privateKey, SslCertificateService.PASSPHRASE, new Certificate[]{certificate});
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException("Errors during assembling root CA.", e);
        }
    }

    public static final String keyStore2String(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, SslCertificateService.PASSPHRASE);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        return Base64.encodeBase64URLSafeString(byteArray);
    }

    public static final KeyStore string2Keystore(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(byteArrayInputStream, SslCertificateService.PASSPHRASE);
        byteArrayInputStream.close();
        return keyStore;
    }
}
