package org.apache.plc4x.java.opcua.context;

import java.math.BigInteger;
import java.net.InetAddress;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import org.apache.commons.lang3.RandomUtils;
import org.apache.commons.net.telnet.TelnetCommand;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/CertificateGenerator.class */
public class CertificateGenerator<PKCS10CertificateRequest> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CertificateGenerator.class);
    private static final String APPURI = "urn:eclipse:milo:plc4x:server";

    public static CertificateKeyPair generateCertificate() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            keyPairGenerator.generateKeyPair();
            keyPairGenerator.generateKeyPair();
            X500NameBuilder x500NameBuilder = new X500NameBuilder();
            x500NameBuilder.addRDN(BCStyle.CN, "Apache PLC4X Driver Client");
            x500NameBuilder.addRDN(BCStyle.O, "Apache Software Foundation");
            x500NameBuilder.addRDN(BCStyle.OU, "dev");
            x500NameBuilder.addRDN(BCStyle.L, "");
            x500NameBuilder.addRDN(BCStyle.ST, "DE");
            x500NameBuilder.addRDN(BCStyle.C, "US");
            BigInteger bigInteger = new BigInteger(RandomUtils.nextBytes(40));
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, -1);
            Date time = calendar.getTime();
            calendar.add(5, 9125);
            Date time2 = calendar.getTime();
            try {
                KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator2.initialize(2048, new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator2.generateKeyPair();
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500NameBuilder.build(), bigInteger, time, time2, Locale.ENGLISH, x500NameBuilder.build(), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
                GeneralName[] generalNameArr = {new GeneralName(2, InetAddress.getLocalHost().getHostName()), new GeneralName(6, APPURI)};
                x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(generateKeyPair.getPublic()));
                x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
                x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(TelnetCommand.WONT));
                x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(true));
                x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) GeneralNames.getInstance(new DERSequence(generalNameArr)));
                X509CertificateHolder build = x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(generateKeyPair.getPrivate()));
                JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
                jcaX509CertificateConverter.setProvider(new BouncyCastleProvider());
                return new CertificateKeyPair(generateKeyPair, jcaX509CertificateConverter.getCertificate(build));
            } catch (Exception e) {
                LOGGER.error("Security Algorithm is unsupported for certificate");
                return null;
            }
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.error("Security Algorithim is unsupported for certificate");
            return null;
        }
    }
}
