package org.objectweb.proactive.extensions.ssl;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.objectweb.proactive.benchmarks.NAS.FT.FTClasses;

/* loaded from: input_file:org/objectweb/proactive/extensions/ssl/CertificateGenerator.class */
public class CertificateGenerator {
    public X509Certificate generateCertificate(String str, KeyPair keyPair) throws SslException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal(str);
        x509V3CertificateGenerator.setIssuerDN(x500Principal);
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - 10000));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 5256000));
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160));
        Vector vector = new Vector();
        vector.add(KeyPurposeId.id_kp_serverAuth);
        vector.add(KeyPurposeId.id_kp_clientAuth);
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(vector));
        try {
            X509Certificate generate = x509V3CertificateGenerator.generate(keyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME);
            try {
                generate.checkValidity();
                generate.verify(keyPair.getPublic());
                return generate;
            } catch (GeneralSecurityException e) {
                throw new SslException("Generated certificate is not valid", e);
            }
        } catch (GeneralSecurityException e2) {
            throw new SslException("Failed to generate certificate", e2);
        }
    }

    public KeyPair generateRSAKeyPair() throws SslException {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SslHelpers.BC_NAME);
            keyPairGenerator.initialize(FTClasses.D_NX, secureRandom);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new SslException("Failed to generate an RSA key pair. Unknow algorithm RSA", e);
        } catch (NoSuchProviderException e2) {
            throw new SslException("Failed to generate an RSA key pair. Bad provider: " + SslHelpers.BC_NAME, e2);
        }
    }
}
