package net.lightbody.bmp.proxy.selenium;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;

/* loaded from: input_file:net/lightbody/bmp/proxy/selenium/CertificateCreator.class */
public class CertificateCreator {
    public static final String KEYGEN_ALGO = "RSA";
    public static final String SIGN_ALGO = "SHA256withRSA";
    public static final String OID_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
    public static final String OID_AUTHORITY_KEY_IDENTIFIER = "2.5.29.35";
    public static final String OID_ISSUER_ALTERNATIVE_NAME = "2.5.29.8";
    public static final String OID_ISSUER_ALTERNATIVE_NAME_2 = "2.5.29.18";
    public static final String OID_CRL_DISTRIBUTION_POINT = "2.5.28.31";
    public static final String OID_AUTHORITY_INFO_ACCESS = "1.3.6.1.5.5.7.1.1";
    public static final String OID_ID_AD_CAISSUERS = "1.3.6.1.5.5.7.48.2";
    private static final HashSet<String> clientCertOidsNeverToCopy = new HashSet<>();
    private static final HashSet<String> clientCertDefaultOidsNotToCopy = new HashSet<>();

    public static X509Certificate mitmDuplicateCertificate(X509Certificate x509Certificate, PublicKey publicKey, X509Certificate x509Certificate2, PrivateKey privateKey, Set<String> set) throws SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, CertIOException, OperatorCreationException {
        if (set == null) {
            new HashSet();
        }
        if (x509Certificate.getCriticalExtensionOIDs() != null) {
            throw new RuntimeException("Ups has critical extensions...");
        }
        if (x509Certificate.getNonCriticalExtensionOIDs() != null) {
            throw new RuntimeException("Ups has non-critical extensions...");
        }
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate2.getSubjectX500Principal(), x509Certificate.getSerialNumber(), x509Certificate.getNotBefore(), x509Certificate.getNotAfter(), x509Certificate.getSubjectX500Principal(), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(x509Certificate2.getPublicKey()));
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGN_ALGO).build(privateKey)));
        certificate.verify(publicKey);
        return certificate;
    }

    public static X509Certificate mitmDuplicateCertificate(X509Certificate x509Certificate, PublicKey publicKey, X509Certificate x509Certificate2, PrivateKey privateKey) throws SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, CertIOException, OperatorCreationException {
        return mitmDuplicateCertificate(x509Certificate, publicKey, x509Certificate2, privateKey, clientCertDefaultOidsNotToCopy);
    }

    public static X509Certificate generateStdSSLServerCertificate(PublicKey publicKey, X509Certificate x509Certificate, PrivateKey privateKey, String str) throws InvalidKeyException, CertificateException, CertIOException, OperatorCreationException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate.getSubjectX500Principal(), new BigInteger(Long.toString(System.currentTimeMillis())), new Date(System.currentTimeMillis() - 31104000000L), new Date(System.currentTimeMillis() + 933120000), new X500Principal(str), publicKey);
        jcaX509v3CertificateBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(x509Certificate.getPublicKey()));
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGN_ALGO).build(privateKey)));
    }

    static {
        clientCertOidsNeverToCopy.add(OID_SUBJECT_KEY_IDENTIFIER);
        clientCertOidsNeverToCopy.add(OID_AUTHORITY_KEY_IDENTIFIER);
        clientCertDefaultOidsNotToCopy.add(OID_ISSUER_ALTERNATIVE_NAME);
        clientCertDefaultOidsNotToCopy.add(OID_ISSUER_ALTERNATIVE_NAME_2);
        clientCertDefaultOidsNotToCopy.add(OID_CRL_DISTRIBUTION_POINT);
        clientCertDefaultOidsNotToCopy.add(OID_AUTHORITY_INFO_ACCESS);
    }
}
