package com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl;

import com.ibm.rational.test.lt.provider.util.JvmUtils;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateIssuerName;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateSubjectName;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateVersion;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:libraries/IbmPart.jar:com/ibm/rational/test/lt/recorder/proxy/internal/proxy/ssl/X509IBMCertificateGenerator.class */
public class X509IBMCertificateGenerator implements IX509CertificateGenerator {
    private static final int[] serverAuthOidData = {1, 3, 6, 1, 5, 5, 7, 3, 1};
    private X509Certificate caCert;
    private PrivateKey caPrivateKey;

    public X509IBMCertificateGenerator(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, InvalidKeyException, NoSuchProviderException, SignatureException {
        InputStream resourceAsStream = getClass().getResourceAsStream(str);
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(resourceAsStream, "changeit".toCharArray());
        String nextElement = keyStore.aliases().nextElement();
        Key key = keyStore.getKey(nextElement, "changeit".toCharArray());
        if (key == null) {
            throw new RuntimeException("Wrong certificate resource: " + str + " - null key");
        }
        this.caPrivateKey = (PrivateKey) key;
        this.caCert = (X509Certificate) keyStore.getCertificate(nextElement);
        if (this.caCert == null) {
            throw new RuntimeException("Wrong certificate resource: " + str + " - null certificate");
        }
        this.caCert.verify(this.caCert.getPublicKey());
    }

    @Override // com.ibm.rational.test.lt.recorder.proxy.internal.proxy.ssl.IX509CertificateGenerator
    public KeyStore createX509Certificate(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SecurityException, SignatureException, KeyStoreException, CertificateException, IOException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        X509CertInfo x509CertInfo = new X509CertInfo();
        Date date = new Date();
        CertificateValidity certificateValidity = new CertificateValidity(date, new Date(date.getTime() + 604800000));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X500Name x500Name = new X500Name("CN=" + str);
        X500Name x500Name2 = (X500Name) ((X509CertInfo) new X509CertImpl(this.caCert.getEncoded()).get("x509.info")).get("subject.dname");
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
        if (JvmUtils.getJvmVersion() > 1.7f) {
            x509CertInfo.set("subject", x500Name);
            x509CertInfo.set("issuer", x500Name2);
        } else {
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Name2));
        }
        x509CertInfo.set("key", new CertificateX509Key(publicKey));
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)));
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(new RelaxedIBMDNSName(str)));
        certificateExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(generalNames));
        Vector vector = new Vector();
        vector.add(ObjectIdentifier.newInternal(serverAuthOidData));
        certificateExtensions.set("ExtKeyUsage", new ExtKeyUsageExtension(vector));
        x509CertInfo.set("extensions", certificateExtensions);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(this.caPrivateKey, "SHA256withRSA");
        x509CertInfo.set("algorithmID.algorithm", (AlgorithmId) x509CertImpl.get("x509.algorithm"));
        X509Certificate x509CertImpl2 = new X509CertImpl(x509CertInfo);
        x509CertImpl2.sign(this.caPrivateKey, "SHA256withRSA");
        x509CertImpl2.verify(this.caCert.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry("RptKey", privateKey, str2.toCharArray(), new X509Certificate[]{x509CertImpl2, this.caCert});
        return keyStore;
    }
}
