package nxt.util;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import nxt.bq0;
import nxt.k11;
import nxt.nt0;
import nxt.ot0;
import nxt.qn;
import nxt.z70;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDefaultDigestProvider;

/* loaded from: classes.dex */
public class SslKeyStoreGenerator {
    public final Path a;
    public final String b;
    public final String c;
    public final List d;
    public final int e;
    public final int f;
    public final String g;
    public final String h;

    public SslKeyStoreGenerator(nt0 nt0Var) {
        this.a = nt0Var.a;
        this.b = nt0Var.b;
        this.c = nt0Var.c;
        this.d = Collections.unmodifiableList(nt0Var.d);
        this.e = nt0Var.e;
        this.f = nt0Var.f;
        this.g = nt0Var.g;
        this.h = nt0Var.h;
    }

    public static Path c(Path path) {
        String path2 = path.getFileName().toString();
        if (path2.indexOf(".") > 0) {
            path2 = path2.substring(0, path2.lastIndexOf("."));
        }
        return path.getParent().resolve(path2 + "-ca.crt");
    }

    public static void main(String[] strArr) {
        try {
            new SslKeyStoreGenerator(new nt0()).a();
        } catch (ot0 e) {
            e.printStackTrace();
        }
    }

    public final void a() {
        String str = this.b;
        Path path = this.a;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.g);
            keyPairGenerator.initialize(this.f);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
            Files.createDirectories(path.getParent(), new FileAttribute[0]);
            X509Certificate b = b(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), true);
            FileOutputStream fileOutputStream = new FileOutputStream(c(path).toFile());
            fileOutputStream.write(b.getEncoded());
            fileOutputStream.close();
            X509Certificate b2 = b(generateKeyPair2.getPublic(), generateKeyPair.getPrivate(), false);
            KeyStore keyStore = KeyStore.getInstance(this.c);
            keyStore.load(null, str.toCharArray());
            keyStore.setKeyEntry("main", generateKeyPair2.getPrivate(), str.toCharArray(), new Certificate[]{b2, b});
            keyStore.store(new FileOutputStream(path.toFile()), str.toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new Exception(e);
        }
    }

    /* JADX WARN: Type inference failed for: r5v1, types: [java.lang.Object, org.bouncycastle.operator.bc.BcContentSignerBuilder] */
    public final X509Certificate b(PublicKey publicKey, PrivateKey privateKey, boolean z) {
        try {
            new DefaultSignatureAlgorithmIdentifierFinder();
            AlgorithmIdentifier b = DefaultSignatureAlgorithmIdentifierFinder.b(this.h);
            new DefaultDigestAlgorithmIdentifierFinder();
            AlgorithmIdentifier b2 = DefaultDigestAlgorithmIdentifierFinder.b(b);
            AsymmetricKeyParameter a = PrivateKeyFactory.a(privateKey.getEncoded());
            SubjectPublicKeyInfo n = SubjectPublicKeyInfo.n(publicKey.getEncoded());
            ?? obj = new Object();
            obj.a = b;
            obj.b = b2;
            obj.c = BcDefaultDigestProvider.b;
            ContentSigner a2 = obj.a(a);
            X500Name d = d(z);
            X500Name d2 = z ? d : d(true);
            Date date = new Date();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(d2, new BigInteger(64, qn.i()), date, new Date(((this.e + (z ? 1 : 0)) * 86400000) + date.getTime()), d, n);
            if (z) {
                x509v3CertificateBuilder.a(Extension.x2, true, new BasicConstraints());
                x509v3CertificateBuilder.a(Extension.t2, true, new KeyUsage(4));
            } else {
                x509v3CertificateBuilder.a(Extension.v2, false, new GeneralNames((GeneralName[]) this.d.stream().map(new k11(5)).toArray(new bq0(7))));
            }
            return new JcaX509CertificateConverter().a(x509v3CertificateBuilder.b(a2));
        } catch (CertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    public final X500Name d(boolean z) {
        return new X500Name(z70.v("CN=", z ? "Ardor Local CA" : (String) this.d.get(0), ", O=Jelurida, OU=Ardor"));
    }
}
