package org.springframework.cloud.configuration;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/springframework/cloud/configuration/KeyTool.class */
public class KeyTool {
    private static final long ONE_DAY = 86400000;
    private static final long TEN_YEARS = 315360000000L;

    public KeyAndCert createCA(String str) throws Exception {
        KeyPair createKeyPair = createKeyPair();
        return new KeyAndCert(createKeyPair, createCert(createKeyPair, str));
    }

    public KeyAndCert signCertificate(String str, KeyAndCert keyAndCert) throws Exception {
        return signCertificate(createKeyPair(), str, keyAndCert);
    }

    public KeyAndCert signCertificate(KeyPair keyPair, String str, KeyAndCert keyAndCert) throws Exception {
        return new KeyAndCert(keyPair, createCert(keyPair.getPublic(), keyAndCert.privateKey(), keyAndCert.subject(), str));
    }

    public KeyPair createKeyPair() throws Exception {
        return createKeyPair(1024);
    }

    public KeyPair createKeyPair(int i) throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public X509Certificate createCert(KeyPair keyPair, String str) throws Exception {
        JcaX509v3CertificateBuilder certBuilder = certBuilder(keyPair.getPublic(), str, str);
        certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(4));
        certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        return signCert(certBuilder, keyPair.getPrivate());
    }

    public X509Certificate createCert(PublicKey publicKey, PrivateKey privateKey, String str, String str2) throws Exception {
        JcaX509v3CertificateBuilder certBuilder = certBuilder(publicKey, str, str2);
        certBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(128));
        certBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        certBuilder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(new GeneralName[]{new GeneralName(2, "localhost")})));
        return signCert(certBuilder, privateKey);
    }

    private JcaX509v3CertificateBuilder certBuilder(PublicKey publicKey, String str, String str2) {
        X500Name x500Name = new X500Name(String.format("dc=%s", str));
        X500Name x500Name2 = new X500Name(String.format("dc=%s", str2));
        long currentTimeMillis = System.currentTimeMillis();
        return new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(currentTimeMillis), new Date(currentTimeMillis - ONE_DAY), new Date(currentTimeMillis + TEN_YEARS), x500Name2, publicKey);
    }

    private X509Certificate signCert(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, PrivateKey privateKey) throws Exception {
        return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey)));
    }
}
