package org.apache.impala.testutil;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.MiscPEMGenerator;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/impala/testutil/X509CertChain.class */
public class X509CertChain {
    private static final String SHA256_WITH_RSA = "SHA256withRSA";
    private static final AlgorithmIdentifier SIGNATURE_SHA256_RSA = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption, DERNull.INSTANCE);
    private static final KeyUsage KEY_USAGE_CERT_SIGN = new KeyUsage(6);
    private static final KeyUsage KEY_USAGE_SERVER_AUTH = new KeyUsage(160);
    private static final BasicConstraints CONSTRAINT_CA = new BasicConstraints(true);
    private final KeyPair rootCaKp_;
    private final KeyPair leafKp_;
    private final X509Certificate rootCert_;
    private final X509Certificate leafCert_;

    public X509CertChain(String str, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048);
        this.rootCaKp_ = keyPairGenerator.generateKeyPair();
        this.leafKp_ = keyPairGenerator.generateKeyPair();
        this.rootCert_ = generateRootCACert(str, this.rootCaKp_);
        this.leafCert_ = generateLeafCert(str2, this.leafKp_, this.rootCert_, this.rootCaKp_.getPrivate());
    }

    public String rootCertAsPemString() throws CertificateEncodingException, IOException {
        return certToPem(this.rootCert_);
    }

    public String leafCertAsPemString() throws CertificateEncodingException, IOException {
        return certToPem(this.leafCert_);
    }

    public void writeRootCertAsPem(Writer writer) throws CertificateEncodingException, IOException {
        certToPem(this.rootCert_, writer);
    }

    public void writeLeafCertAsPem(Writer writer) throws CertificateEncodingException, IOException {
        certToPem(this.leafCert_, writer);
    }

    public void writeLeafPrivateKeyAsPem(Writer writer) throws IOException {
        PemObject pemObject = new PemObject("RSA PRIVATE KEY", this.leafKp_.getPrivate().getEncoded());
        PemWriter pemWriter = new PemWriter(writer);
        pemWriter.writeObject(pemObject);
        pemWriter.close();
    }

    public X509Certificate getRootCert() {
        return this.rootCert_;
    }

    public X509Certificate getLeafCert() {
        return this.leafCert_;
    }

    private X509Certificate generateRootCACert(String str, KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, IOException, CertificateException {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        X500Name x500Name = new X500Name(String.format("CN=%s", str));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        extensionsGenerator.addExtension(Extension.keyUsage, false, KEY_USAGE_CERT_SIGN);
        extensionsGenerator.addExtension(Extension.basicConstraints, false, CONSTRAINT_CA);
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(System.currentTimeMillis() - 60000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(System.currentTimeMillis() + 3600000)));
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(1L));
        v3TBSCertificateGenerator.setIssuer(x500Name);
        v3TBSCertificateGenerator.setSubject(x500Name);
        v3TBSCertificateGenerator.setSignature(SIGNATURE_SHA256_RSA);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        Signature signature = Signature.getInstance(SHA256_WITH_RSA, "BC");
        signature.initSign(keyPair.getPrivate());
        signature.update(v3TBSCertificateGenerator.generateTBSCertificate().getEncoded("DER"));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(SIGNATURE_SHA256_RSA);
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    private X509Certificate generateLeafCert(String str, KeyPair keyPair, X509Certificate x509Certificate, PrivateKey privateKey) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException, CertificateException {
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        X500Name x500Name = new X500Name(String.format("CN=%s", str));
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        X500Name x500Name2 = new X500Name(x509Certificate.getSubjectX500Principal().getName());
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
        extensionsGenerator.addExtension(Extension.keyUsage, false, KEY_USAGE_SERVER_AUTH);
        extensionsGenerator.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth}));
        v3TBSCertificateGenerator.setStartDate(new Time(new Date(System.currentTimeMillis() - 60000)));
        v3TBSCertificateGenerator.setEndDate(new Time(new Date(System.currentTimeMillis() + 3600000)));
        v3TBSCertificateGenerator.setSerialNumber(new ASN1Integer(2L));
        v3TBSCertificateGenerator.setIssuer(x500Name2);
        v3TBSCertificateGenerator.setSubject(x500Name);
        v3TBSCertificateGenerator.setSignature(SIGNATURE_SHA256_RSA);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        v3TBSCertificateGenerator.setExtensions(extensionsGenerator.generate());
        TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        Signature signature = Signature.getInstance(SHA256_WITH_RSA, "BC");
        signature.initSign(privateKey);
        signature.update(v3TBSCertificateGenerator.generateTBSCertificate().getEncoded("DER"));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(SIGNATURE_SHA256_RSA);
        aSN1EncodableVector.add(new DERBitString(signature.sign()));
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getEncoded("DER")));
    }

    private void certToPem(X509Certificate x509Certificate, Writer writer) throws IOException, CertificateEncodingException {
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        PemWriter pemWriter = new PemWriter(writer);
        pemWriter.writeObject(new MiscPEMGenerator(x509CertificateHolder));
        pemWriter.close();
    }

    private String certToPem(X509Certificate x509Certificate) throws IOException, CertificateEncodingException {
        StringWriter stringWriter = new StringWriter();
        certToPem(x509Certificate, stringWriter);
        stringWriter.flush();
        return stringWriter.toString();
    }
}
