package com.ghc.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/ghc/ssl/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private static final Pattern IPv4_MATCHER_PATTERN = Pattern.compile("^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}");
    private final X509Certificate caCert;
    private final PrivateKey pk;
    private final Certificate[] caCertChain;

    /* loaded from: input_file:com/ghc/ssl/X509CertificateGenerator$CertificateSpec.class */
    public static class CertificateSpec {
        private final String subjectDn;
        private final PublicKey publicKey;
        private final List<String> dnsNames;
        private final List<String> ipAddresses;

        private CertificateSpec(String str, PublicKey publicKey) {
            this.subjectDn = str;
            this.publicKey = publicKey;
            this.dnsNames = new ArrayList();
            this.ipAddresses = new ArrayList();
        }

        public void setDnsNames(Collection<String> collection) {
            this.dnsNames.clear();
            this.dnsNames.addAll(collection);
        }

        public void setIpAddresses(Collection<String> collection) {
            this.ipAddresses.clear();
            this.ipAddresses.addAll(collection);
        }

        /* synthetic */ CertificateSpec(String str, PublicKey publicKey, CertificateSpec certificateSpec) {
            this(str, publicKey);
        }
    }

    static {
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    X509CertificateGenerator(X509Certificate x509Certificate, PrivateKey privateKey, Certificate[] certificateArr) {
        if (x509Certificate == null && privateKey == null) {
            throw new IllegalArgumentException("Both a CA Certificate and a Private Key must be specified");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("A CA Certificate must be specified");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("A Private Key must be specified");
        }
        this.caCert = x509Certificate;
        this.pk = privateKey;
        this.caCertChain = certificateArr != null ? certificateArr : new Certificate[0];
    }

    private static X509CertificateGenerator fromKeyStore(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, IllegalArgumentException {
        X509Certificate x509Certificate = null;
        PrivateKey privateKey = null;
        Certificate[] certificateArr = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements() && (x509Certificate == null || privateKey == null)) {
            try {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) certificate;
                        certificateArr = keyStore.getCertificateChain(nextElement);
                        privateKey = (PrivateKey) keyStore.getKey(nextElement, cArr);
                    }
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
                Logger.getLogger(X509CertificateGenerator.class.getName()).log(Level.SEVERE, (String) null, e);
            }
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Failed to find valid PrivateKey entry for use as a CA.");
        }
        return new X509CertificateGenerator(x509Certificate, privateKey, certificateArr);
    }

    public static X509CertificateGenerator fromJksUrl(URL url, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, IllegalArgumentException {
        KeyStore keyStore = KeyStore.getInstance(KeyIdStore.TYPE);
        keyStore.load(url.openStream(), cArr);
        return fromKeyStore(keyStore, cArr);
    }

    public static CertificateSpec createCertificateSpec(String str, PublicKey publicKey) {
        return new CertificateSpec(str, publicKey, null);
    }

    public synchronized X509Certificate generate(CertificateSpec certificateSpec) throws GeneralSecurityException, OperatorCreationException, CertIOException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.caCert, new BigInteger(Integer.valueOf(new Random().nextInt(100000)).toString()), this.caCert.getNotBefore(), this.caCert.getNotAfter(), new X500Principal("CN=" + certificateSpec.subjectDn), certificateSpec.publicKey);
        addSANs(jcaX509v3CertificateBuilder, certificateSpec.dnsNames, certificateSpec.ipAddresses, certificateSpec.subjectDn);
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(this.caCert));
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.caCert.getSigAlgName()).build(this.pk)));
        certificate.checkValidity();
        return certificate;
    }

    private void addSANs(X509v3CertificateBuilder x509v3CertificateBuilder, Collection<String> collection, Collection<String> collection2, String str) throws CertIOException {
        HashSet hashSet = new HashSet();
        addNames(hashSet, 2, collection);
        addNames(hashSet, 7, (Iterable) collection2.stream().map(X509CertificateGenerator::stripIPv6ScopeId).collect(Collectors.toSet()));
        try {
            if (isIPAddress(str)) {
                hashSet.add(new GeneralName(7, stripIPv6ScopeId(str)));
            } else {
                hashSet.add(new GeneralName(2, str));
            }
        } catch (IllegalArgumentException e) {
            Logger.getLogger(X509CertificateGenerator.class.getName()).log(Level.WARNING, str, (Throwable) e);
        }
        if (hashSet.isEmpty()) {
            return;
        }
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence((ASN1Encodable[]) hashSet.toArray(new ASN1Encodable[hashSet.size()]))));
    }

    public X509Certificate generateForLocalHost(PublicKey publicKey) throws GeneralSecurityException, UnknownHostException, OperatorCreationException, CertIOException {
        String hostName = InetAddress.getLocalHost().getHostName();
        ArrayList<InetAddress> arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(InetAddress.getAllByName(hostName)));
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (InetAddress inetAddress : arrayList) {
            hashSet.add(inetAddress.getHostName());
            hashSet.add(inetAddress.getCanonicalHostName());
            hashSet2.add(stripIPv6ScopeId(inetAddress.getHostAddress()));
        }
        hashSet.add("localhost");
        hashSet2.add("::1");
        hashSet2.add("127.0.0.1");
        hashSet.removeAll(hashSet2);
        CertificateSpec certificateSpec = new CertificateSpec(hostName, publicKey, null);
        certificateSpec.setDnsNames(hashSet);
        certificateSpec.setIpAddresses(hashSet2);
        return generate(certificateSpec);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Certificate[] getCaCertificateChain() {
        return this.caCertChain;
    }

    protected X509Certificate getCaCertificate() {
        return this.caCert;
    }

    protected PrivateKey getPrivakeKey() {
        return this.pk;
    }

    private static void addNames(Collection<ASN1Encodable> collection, int i, Iterable<String> iterable) {
        if (iterable == null) {
            return;
        }
        for (String str : iterable) {
            try {
                collection.add(new GeneralName(i, str));
            } catch (IllegalArgumentException e) {
                Logger.getLogger(X509CertificateGenerator.class.getName()).log(Level.WARNING, str, (Throwable) e);
            }
        }
    }

    private static boolean isIPAddress(String str) {
        if (str == null) {
            return false;
        }
        return (str.contains(":") && !str.contains(".")) || IPv4_MATCHER_PATTERN.matcher(str).find();
    }

    private static String stripIPv6ScopeId(String str) {
        return (str == null || !str.contains("%")) ? str : str.substring(0, str.indexOf("%"));
    }
}
