package com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:recorderHttp-remote.jar:com/ibm/rational/test/lt/recorder/proxy/internal/proxy/ssl/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private X509Certificate caCert;
    private PrivateKey caCertPrivateKey;

    public X509CertificateGenerator() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, NoSuchProviderException, SignatureException {
        InputStream resourceAsStream = getClass().getResourceAsStream("aFile.bin");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(resourceAsStream, "changeit".toCharArray());
        String nextElement = keyStore.aliases().nextElement();
        Key key = keyStore.getKey(nextElement, "changeit".toCharArray());
        if (key == null) {
            throw new RuntimeException("Wrong certificate resource: aFile.bin - null key");
        }
        this.caCertPrivateKey = (PrivateKey) key;
        this.caCert = (X509Certificate) keyStore.getCertificate(nextElement);
        if (this.caCert == null) {
            throw new RuntimeException("Wrong certificate resource: aFile.bin - null certificate");
        }
        this.caCert.verify(this.caCert.getPublicKey());
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    public KeyStore createX509Certificate(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SecurityException, SignatureException, KeyStoreException, CertificateException, IOException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setSubjectDN(new X509Name("CN=" + str));
        x509V3CertificateGenerator.setIssuerDN(PrincipalUtil.getSubjectX509Principal(this.caCert));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 1000000));
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 365);
        x509V3CertificateGenerator.setNotAfter(calendar.getTime());
        x509V3CertificateGenerator.setPublicKey(generateKeyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, (DEREncodable) new AuthorityKeyIdentifierStructure(this.caCert));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, (DEREncodable) new SubjectKeyIdentifierStructure(generateKeyPair.getPublic()));
        X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(this.caCertPrivateKey, "BC");
        generateX509Certificate.verify(this.caCert.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry("RptKey", generateKeyPair.getPrivate(), str2.toCharArray(), new X509Certificate[]{generateX509Certificate, this.caCert});
        return keyStore;
    }
}
