package com.adguard.filter.proxy.ssl;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Date;
import org.apache.commons.lang.time.DateUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private static final KeyPurposeId[] f487a = {KeyPurposeId.id_kp_serverAuth};
    private static final Date b = DateUtils.addMonths(new Date(), -6);
    private static final Date c = DateUtils.addYears(new Date(), 5);
    private static final Date d = DateUtils.addMonths(new Date(), 6);

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 2 */
    public static a a() {
        AsymmetricCipherKeyPair a2 = a(2048);
        return new a(a(a2, "CN=Adguard Personal CA, C=EN", b, c, "Adguard"), a2);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 2 */
    public static a a(Certificate certificate, a aVar) {
        AsymmetricCipherKeyPair a2 = a(1024);
        X509CertificateHolder a3 = aVar.a();
        X500Name issuer = a3.getIssuer();
        X500Name subject = certificate.getSubject();
        BigInteger valueOf = BigInteger.valueOf(System.nanoTime());
        SubjectPublicKeyInfo createSubjectPublicKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(a2.getPublic());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(issuer, valueOf, b, d, subject, createSubjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(176));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(f487a));
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new SubjectKeyIdentifier(createSubjectPublicKeyInfo.getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifier(a3.getSubjectPublicKeyInfo(), new GeneralNames(new GeneralName(a3.getIssuer())), a3.getSerialNumber()));
        Extension extension = new X509CertificateHolder(certificate).getExtension(Extension.subjectAlternativeName);
        if (extension != null) {
            x509v3CertificateBuilder.addExtension(extension);
        }
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
        return new a(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(aVar.b().getPrivate())), a2);
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private static synchronized X509CertificateHolder a(AsymmetricCipherKeyPair asymmetricCipherKeyPair, String str, Date date, Date date2, String str2) {
        X509CertificateHolder build;
        synchronized (b.class) {
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(str), BigInteger.valueOf(System.nanoTime()), date, date2, new X500Name(str), SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricCipherKeyPair.getPublic()));
            x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(0));
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(6));
            x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new ExtendedKeyUsage(f487a));
            x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(1, str2)));
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
            try {
                build = x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(asymmetricCipherKeyPair.getPrivate()));
            } catch (OperatorCreationException e) {
                throw new GeneralSecurityException(e.toString());
            }
        }
        return build;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 3 */
    private static AsymmetricCipherKeyPair a(int i) {
        RSAKeyGenerationParameters rSAKeyGenerationParameters = new RSAKeyGenerationParameters(new BigInteger("10001", 16), r.f501a, i, 40);
        RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
        rSAKeyPairGenerator.init(rSAKeyGenerationParameters);
        return rSAKeyPairGenerator.generateKeyPair();
    }
}
