package org.netpreserve.jwarc.net;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicInteger;
import javax.security.auth.x500.X500Principal;
import org.apache.batik.constants.XMLConstants;

/* loaded from: input_file:WEB-INF/lib/jwarc-0.28.3.jar:org/netpreserve/jwarc/net/CertificateAuthority.class */
public class CertificateAuthority {
    private final KeyPair caKeyPair;
    final KeyPair subKeyPair;
    final X509Certificate caCert;
    AtomicInteger serial = new AtomicInteger((int) (System.currentTimeMillis() >> 8));

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateAuthority(X500Principal x500Principal) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(256);
        this.caKeyPair = keyPairGenerator.generateKeyPair();
        this.subKeyPair = keyPairGenerator.generateKeyPair();
        this.caCert = signCertificate(x500Principal, this.caKeyPair.getPrivate(), x500Principal, this.caKeyPair.getPublic(), this.serial.getAndIncrement(), true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate issue(X500Principal x500Principal) throws GeneralSecurityException {
        return signCertificate(this.caCert.getSubjectX500Principal(), this.caKeyPair.getPrivate(), x500Principal, this.subKeyPair.getPublic(), this.serial.getAndIncrement(), false);
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v24, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v60, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r4v9, types: [byte[], byte[][]] */
    private static X509Certificate signCertificate(X500Principal x500Principal, PrivateKey privateKey, X500Principal x500Principal2, PublicKey publicKey, int i, boolean z) throws GeneralSecurityException {
        byte[] bArr = {48, 12, 6, 8, 42, -122, 72, -50, 61, 4, 3, 2, 5, 0};
        byte[] derSequence = derSequence(new byte[]{new byte[]{-96, 3, 2, 1, 2}, new byte[]{2, 4, (byte) (i >> 24), (byte) (i >> 16), (byte) (i >> 8), (byte) i}, bArr, x500Principal.getEncoded(), new byte[]{48, 30, 23, 13, 49, 57, 48, 50, 49, 49, 48, 55, 49, 55, 51, 48, 90, 23, 13, 51, 52, 48, 50, 49, 49, 48, 55, 49, 55, 51, 48, 90}, x500Principal2.getEncoded(), publicKey.getEncoded(), z ? new byte[]{-93, 22, 48, 20, 48, 18, 6, 3, 85, 29, 19, 1, 1, -1, 4, 8, 48, 6, 1, 1, -1, 2, 1, 12} : tag(163, derSequence(new byte[]{derSequence(new byte[]{new byte[]{6, 3, 85, 29, 17}, tag(4, derSequence(new byte[]{tag(130, x500Principal2.getName().split(XMLConstants.XML_EQUAL_SIGN)[1].getBytes(StandardCharsets.US_ASCII))}))})}))});
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);
        signature.update(derSequence);
        byte[] sign = signature.sign();
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(derSequence(new byte[]{derSequence, bArr, new byte[]{3, (byte) (sign.length + 1), 0}, sign})));
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], byte[][]] */
    private static byte[] tag(int i, byte[] bArr) {
        return concat(new byte[]{new byte[]{(byte) i}, derLength(bArr.length), bArr});
    }

    private static byte[] concat(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    private static byte[] derSequence(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] derLength = derLength(i);
        byte[] bArr3 = new byte[i + derLength.length + 1];
        bArr3[0] = 48;
        System.arraycopy(derLength, 0, bArr3, 1, derLength.length);
        int length = derLength.length + 1;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, length, bArr4.length);
            length += bArr4.length;
        }
        return bArr3;
    }

    private static byte[] derLength(int i) {
        if (i < 128) {
            return new byte[]{(byte) i};
        }
        if (i < 256) {
            return new byte[]{-127, (byte) i};
        }
        if (i < 65536) {
            return new byte[]{-126, (byte) (i >> 8), (byte) i};
        }
        throw new IllegalArgumentException("too large");
    }

    public X509Certificate certificate() {
        return this.caCert;
    }

    public static void main(String[] strArr) throws GeneralSecurityException {
        System.out.println(Base64.getEncoder().encodeToString(new CertificateAuthority(new X500Principal("CN=ca")).issue(new X500Principal("CN=www.example.org")).getEncoded()));
    }
}
