package com.exasol.jdbc.importExport;

import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/exasol/jdbc/importExport/CertificateBuilder.class */
public class CertificateBuilder {
    static final String sigAlgName = "SHA256WithRSA";
    static final String commonName = "EXALoader";
    static final int keysize = 2048;
    static final String keyAlg = "RSA";
    static final String organizationalUnit = "R&D";
    static final String organization = "EXASOL";
    static final String city = "Nuremberg";
    static final String state = "Bavaria";
    static final String country = "Germany";
    private KeyPair keyPair = null;

    private KeyPair getKeypair() throws NoSuchAlgorithmException {
        if (this.keyPair != null) {
            return this.keyPair;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyAlg);
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }

    public PublicKey getPublicKey() {
        return this.keyPair.getPublic();
    }

    public PrivateKey getPrivateKey() {
        return this.keyPair.getPrivate();
    }

    private ContentSigner getSigner(String str, KeyPair keyPair) throws OperatorCreationException {
        return new JcaContentSignerBuilder(str).build(keyPair.getPrivate());
    }

    private static X500NameBuilder getSubject(String str, String str2, String str3, String str4, String str5) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE);
        x500NameBuilder.addRDN(RFC4519Style.o, str);
        x500NameBuilder.addRDN(RFC4519Style.ou, str2);
        x500NameBuilder.addRDN(RFC4519Style.l, str3);
        x500NameBuilder.addRDN(RFC4519Style.st, str4);
        x500NameBuilder.addRDN(RFC4519Style.c, str5);
        return x500NameBuilder;
    }

    public X509Certificate generate(int i) throws NoSuchAlgorithmException, CertificateException, IOException {
        try {
            this.keyPair = getKeypair();
            Instant now = Instant.now();
            try {
                try {
                    try {
                        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new JcaX509v3CertificateBuilder(new X500Name("CN=EXALoader"), BigInteger.valueOf(now.toEpochMilli()), Date.from(now), Date.from(now.plus((TemporalAmount) Duration.ofDays(i))), getSubject(organization, organizationalUnit, city, state, country).build(), this.keyPair.getPublic()).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyId(this.keyPair.getPublic())).addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) createAuthorityKeyId(this.keyPair.getPublic())).addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).build(getSigner(sigAlgName, this.keyPair)));
                    } catch (CertificateException e) {
                        throw new CertificateException("ERROR: Certificate Signing Failed. Exception: " + e.getLocalizedMessage());
                    }
                } catch (OperatorCreationException e2) {
                    throw new IOException("ERROR: ContentSigner Failed. Exception: " + e2.getLocalizedMessage());
                }
            } catch (CertIOException | OperatorCreationException e3) {
                throw new CertificateException("ERROR: Certificate Builder Error. Exception: " + e3.getLocalizedMessage());
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new NoSuchAlgorithmException("ERROR: KeyPair failed. Exception: " + e4.getLocalizedMessage());
        }
    }

    private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    public static String x509CertificateToPem(X509Certificate x509Certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(x509Certificate);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        return stringWriter.toString();
    }
}
