package com.peterphi.std.crypto.keygen;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: input_file:com/peterphi/std/crypto/keygen/RSAGenerator.class */
public class RSAGenerator {
    private static final Logger log = Logger.getLogger(RSAGenerator.class);

    private RSAGenerator() {
    }

    public static KeyPair generate(int i) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public byte[] createRequest(KeyPair keyPair, X500Principal x500Principal) throws Exception {
        return new PKCS10CertificationRequest("SHA512withRSA", x500Principal, keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate()).getEncoded();
    }

    public static X509Certificate createSimpleX509(String str, String str2, KeyPair keyPair, int i) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        Calendar calendar2 = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
        calendar2.add(1, i);
        x509V3CertificateGenerator.setNotBefore(calendar.getTime());
        x509V3CertificateGenerator.setNotAfter(calendar2.getTime());
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(str2));
        x509V3CertificateGenerator.setIssuerDN(new X509Name(str));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(180));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        return x509V3CertificateGenerator.generate(keyPair.getPrivate(), "BC");
    }

    static {
        if (Security.getProvider("BC") == null) {
            log.info("[RSAGenerator] Loading Bouncy Castle Provider");
            Security.addProvider(new BouncyCastleProvider());
            log.debug("[RSAGenerator] Bouncy Castle Provider loaded");
        }
    }
}
