package org.owasp.proxy.util;

import flex.messaging.io.PageableRowSetProxy;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.BasicConstraintsExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.GeneralNames;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.NetscapeCertTypeExtension;
import sun.security.x509.SerialNumber;
import sun.security.x509.SubjectKeyIdentifierExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:lib/proxy-1.1-SNAPSHOT.jar:org/owasp/proxy/util/SunCertificateUtils.class */
public class SunCertificateUtils {
    private static final String SIGALG = "SHA1withRSA";

    public static X509Certificate sign(X500Principal x500Principal, PublicKey publicKey, X500Principal x500Principal2, PublicKey publicKey2, PrivateKey privateKey, Date date, Date date2, BigInteger bigInteger) throws GeneralSecurityException {
        try {
            X500Name x500Name = new X500Name(x500Principal.getName());
            X500Name x500Name2 = new X500Name(x500Principal2.getName());
            Signature signature = Signature.getInstance(SIGALG);
            signature.initSign(privateKey);
            X500Signer x500Signer = new X500Signer(signature, x500Name2);
            CertificateValidity certificateValidity = new CertificateValidity(date, date2);
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set(PageableRowSetProxy.VERSION, new CertificateVersion(2));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(x500Signer.getAlgorithmId()));
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
            x509CertInfo.set("key", new CertificateX509Key(publicKey));
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Signer.getSigner()));
            x509CertInfo.set("extensions", x500Principal == x500Principal2 ? getCACertificateExtensions() : getCertificateExtensions(publicKey, publicKey2));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(privateKey, SIGALG);
            return x509CertImpl;
        } catch (IOException e) {
            throw new CertificateEncodingException("generate: " + e.getMessage(), e);
        }
    }

    private static CertificateExtensions getCACertificateExtensions() throws IOException {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, true, 0));
        return certificateExtensions;
    }

    private static CertificateExtensions getCertificateExtensions(PublicKey publicKey, PublicKey publicKey2) throws IOException {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
        certificateExtensions.set("AuthorityKeyIdentifier", new AuthorityKeyIdentifierExtension(new KeyIdentifier(publicKey2), (GeneralNames) null, (SerialNumber) null));
        certificateExtensions.set("BasicConstraints", new BasicConstraintsExtension(true, false, 5));
        boolean[] zArr = new boolean[8];
        zArr[0] = true;
        zArr[1] = true;
        certificateExtensions.set("NetscapeCertType", new NetscapeCertTypeExtension(false, new NetscapeCertTypeExtension(zArr).getExtensionValue()));
        boolean[] zArr2 = new boolean[9];
        zArr2[0] = true;
        zArr2[2] = true;
        certificateExtensions.set("KeyUsage", new KeyUsageExtension(zArr2));
        ObjectIdentifier objectIdentifier = new ObjectIdentifier(new int[]{1, 3, 6, 1, 5, 5, 7, 3, 1});
        ObjectIdentifier objectIdentifier2 = new ObjectIdentifier(new int[]{1, 3, 6, 1, 5, 5, 7, 3, 2});
        Vector vector = new Vector();
        vector.add(objectIdentifier);
        vector.add(objectIdentifier2);
        certificateExtensions.set("ExtendedKeyUsage", new ExtendedKeyUsageExtension(false, vector));
        return certificateExtensions;
    }
}
