package cybervillains.ca;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DEREncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:cybervillains/ca/CertificateCreator.class */
public class CertificateCreator {
    private static final HashSet<String> clientCertOidsNeverToCopy = new HashSet<>();
    private static final HashSet<String> clientCertDefaultOidsNotToCopy = new HashSet<>();
    public static final String KEYGEN_ALGO = "RSA";
    public static final String SIGN_ALGO = "SHA1withRSA";
    public static final String OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
    public static final String OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
    public static final String OID_ISSUER_ALTERNATIVE_NAME = "2.5.29.8";
    public static final String OID_ISSUER_ALTERNATIVE_NAME_2 = "2.5.29.18";
    public static final String OID_CRL_DISTRIBUTION_POINT = "2.5.28.31";
    public static final String OID_AUTHORITY_INFO_ACCESS = "1.3.6.1.5.5.7.1.1";
    public static final String OID_ID_AD_CAISSUERS = "1.3.6.1.5.5.7.48.2";

    static {
        clientCertOidsNeverToCopy.add(OID_SUBJECT_KEY_IDENTIFIER);
        clientCertOidsNeverToCopy.add(OID_AUTHORITY_KEY_IDENTIFIER);
        clientCertDefaultOidsNotToCopy.add(OID_ISSUER_ALTERNATIVE_NAME);
        clientCertDefaultOidsNotToCopy.add(OID_ISSUER_ALTERNATIVE_NAME_2);
        clientCertDefaultOidsNotToCopy.add(OID_CRL_DISTRIBUTION_POINT);
        clientCertDefaultOidsNotToCopy.add(OID_AUTHORITY_INFO_ACCESS);
    }

    public static X509Certificate generateStdSSLServerCertificate(PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey, String str, String str2) throws CertificateParsingException, SignatureException, InvalidKeyException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSubjectDN(new X500Principal(str));
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGN_ALGO);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 155520000000L));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 31104000000L));
        x509V3CertificateGenerator.setIssuerDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(Long.toString(System.currentTimeMillis())));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, (DEREncodable) new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, (DEREncodable) new SubjectKeyIdentifierStructure(publicKey));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, (DEREncodable) new AuthorityKeyIdentifierStructure(x509Certificate.getPublicKey()));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.clientAuth));
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.netscapeServerGatedCrypto));
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.msServerGatedCrypto));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, (DEREncodable) new DERSequence(dEREncodableVector));
        if (str2 != null) {
            x509V3CertificateGenerator.addExtension(X509Extensions.CRLDistributionPoints, false, (DEREncodable) new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(0, (ASN1Encodable) new GeneralName(6, str2)), null, null)}));
        }
        return x509V3CertificateGenerator.generate(privateKey, "BC");
    }

    public static X509Certificate mitmDuplicateCertificate(X509Certificate x509Certificate, PublicKey publicKey, X509Certificate x509Certificate2, PrivateKey privateKey, Set<String> set, Map<String, DEREncodable> map, Map<String, DEREncodable> map2) throws CertificateParsingException, SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        if (set == null) {
            set = new HashSet();
        }
        if (map2 == null) {
            map2 = new HashMap();
        }
        if (map == null) {
            map = new HashMap();
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSubjectDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGN_ALGO);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setNotAfter(x509Certificate.getNotAfter());
        x509V3CertificateGenerator.setNotBefore(x509Certificate.getNotBefore());
        x509V3CertificateGenerator.setIssuerDN(x509Certificate2.getSubjectX500Principal());
        x509V3CertificateGenerator.setSerialNumber(x509Certificate.getSerialNumber());
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            for (String str : criticalExtensionOIDs) {
                if (!clientCertOidsNeverToCopy.contains(str) && !set.contains(str) && !map.containsKey(str)) {
                    x509V3CertificateGenerator.copyAndAddExtension(new DERObjectIdentifier(str), true, x509Certificate);
                }
            }
        }
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs != null) {
            for (String str2 : nonCriticalExtensionOIDs) {
                if (!clientCertOidsNeverToCopy.contains(str2) && !set.contains(str2) && !map2.containsKey(str2)) {
                    x509V3CertificateGenerator.copyAndAddExtension(new DERObjectIdentifier(str2), false, x509Certificate);
                }
            }
        }
        for (Map.Entry<String, DEREncodable> entry : map.entrySet()) {
            x509V3CertificateGenerator.addExtension(entry.getKey(), true, entry.getValue());
        }
        for (Map.Entry<String, DEREncodable> entry2 : map2.entrySet()) {
            x509V3CertificateGenerator.addExtension(entry2.getKey(), false, entry2.getValue());
        }
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, (DEREncodable) new SubjectKeyIdentifierStructure(publicKey));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, (DEREncodable) new AuthorityKeyIdentifierStructure(x509Certificate2.getPublicKey()));
        return x509V3CertificateGenerator.generate(privateKey, "BC");
    }

    public static X509Certificate mitmDuplicateCertificate(X509Certificate x509Certificate, PublicKey publicKey, X509Certificate x509Certificate2, PrivateKey privateKey) throws CertificateParsingException, SignatureException, InvalidKeyException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        return mitmDuplicateCertificate(x509Certificate, publicKey, x509Certificate2, privateKey, clientCertDefaultOidsNotToCopy, null, null);
    }

    public static X509Certificate createTypicalMasterCert(KeyPair keyPair) throws SignatureException, InvalidKeyException, SecurityException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X509Principal x509Principal = new X509Principal("O=CyberVillians.com,OU=CyberVillians Certification Authority,C=US");
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(1L));
        x509V3CertificateGenerator.setIssuerDN(x509Principal);
        x509V3CertificateGenerator.setSubjectDN(x509Principal);
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 31104000000L));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 622080000000L));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGN_ALGO);
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, (DEREncodable) new SubjectKeyIdentifierStructure(keyPair.getPublic()));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, (DEREncodable) new BasicConstraints(0));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, (DEREncodable) new KeyUsage(6));
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.serverAuth));
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.OCSPSigning));
        dEREncodableVector.add(new DERObjectIdentifier(ExtendedKeyUsageConstants.verisignUnknown));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, (DEREncodable) new DERSequence(dEREncodableVector));
        X509Certificate generate = x509V3CertificateGenerator.generate(keyPair.getPrivate(), "BC");
        generate.checkValidity(new Date());
        generate.verify(keyPair.getPublic());
        return generate;
    }
}
