package com.github.tomakehurst.wiremock.crypto;

import com.github.tomakehurst.wiremock.common.Exceptions;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Objects;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:com/github/tomakehurst/wiremock/crypto/X509CertificateSpecification.class */
public class X509CertificateSpecification implements CertificateSpecification {
    private final X509CertificateVersion version;
    private final X500Name subject;
    private final X500Name issuer;
    private final Date notBefore;
    private final Date notAfter;

    public X509CertificateSpecification(X509CertificateVersion x509CertificateVersion, String str, String str2, Date date, Date date2) throws IOException {
        this.version = (X509CertificateVersion) Objects.requireNonNull(x509CertificateVersion);
        this.subject = new X500Name((String) Objects.requireNonNull(str));
        this.issuer = new X500Name((String) Objects.requireNonNull(str2));
        this.notBefore = (Date) Objects.requireNonNull(date);
        this.notAfter = (Date) Objects.requireNonNull(date2);
    }

    @Override // com.github.tomakehurst.wiremock.crypto.CertificateSpecification
    public X509Certificate certificateFor(KeyPair keyPair) throws CertificateException, InvalidKeyException, SignatureException {
        try {
            SecureRandom secureRandom = new SecureRandom();
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set("version", this.version.getVersion());
            try {
                x509CertInfo.set("subject", this.subject);
            } catch (CertificateException e) {
                x509CertInfo.set("subject", new CertificateSubjectName(this.subject));
            }
            try {
                x509CertInfo.set("issuer", this.issuer);
            } catch (CertificateException e2) {
                x509CertInfo.set("issuer", new CertificateIssuerName(this.issuer));
            }
            x509CertInfo.set("validity", new CertificateValidity(this.notBefore, this.notAfter));
            x509CertInfo.set("key", new CertificateX509Key(keyPair.getPublic()));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber(new BigInteger(64, secureRandom)));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.SHA256_oid)));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(keyPair.getPrivate(), "SHA256withRSA");
            x509CertInfo.set("algorithmID.algorithm", x509CertImpl.get("x509.algorithm"));
            X509CertImpl x509CertImpl2 = new X509CertImpl(x509CertInfo);
            x509CertImpl2.sign(keyPair.getPrivate(), "SHA256withRSA");
            x509CertImpl2.verify(keyPair.getPublic());
            return x509CertImpl2;
        } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e3) {
            return (X509Certificate) Exceptions.throwUnchecked(e3, (Class) null);
        }
    }
}
