package com.zving.framework.security;

import com.zving.framework.utility.DateUtil;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: input_file:com/zving/framework/security/CAUtil.class */
public class CAUtil {
    public static KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate createCA(PublicKey publicKey, PrivateKey privateKey, String str, int i) throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        X509Principal x509Principal = new X509Principal(str);
        x509V3CertificateGenerator.setIssuerDN(x509Principal);
        x509V3CertificateGenerator.setSubjectDN(x509Principal);
        Date date = new Date(System.currentTimeMillis());
        Date addMonth = DateUtil.addMonth(date, i);
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(addMonth);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSA");
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new DERInputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject());
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(subjectPublicKeyInfo));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(subjectPublicKeyInfo));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(6));
        X509Certificate generate = x509V3CertificateGenerator.generate(privateKey, "BC");
        generate.checkValidity(new Date());
        generate.verify(publicKey);
        return generate;
    }
}
