package com.worklight.core.auth.impl;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle145.jce.provider.BouncyCastleProvider;
import org.bouncycastle145.x509.X509V3CertificateGenerator;

/* loaded from: input_file:com/worklight/core/auth/impl/CertificateGenerator.class */
public class CertificateGenerator {
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider();
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";

    public static X509Certificate generateCertificate(PublicKey publicKey, String str, X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, SignatureException, InvalidKeyException {
        Date date = new Date(System.currentTimeMillis());
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 50);
        Date time = calendar.getTime();
        BigInteger bigInteger = new BigInteger(64, SECURE_RANDOM);
        if (bigInteger.compareTo(new BigInteger("0")) < 0) {
            bigInteger = bigInteger.negate();
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal(str);
        x509V3CertificateGenerator.setSerialNumber(bigInteger);
        x509V3CertificateGenerator.setIssuerDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(time);
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
        return x509V3CertificateGenerator.generate(privateKey, PROVIDER.getName());
    }

    static {
        Security.addProvider(PROVIDER);
    }
}
