package snowblossom.lib.tls;

import com.google.protobuf.ByteString;
import io.grpc.netty.GrpcSslContexts;
import io.netty.handler.ssl.SslContext;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import snowblossom.lib.AddressUtil;
import snowblossom.lib.Globals;
import snowblossom.lib.KeyUtil;
import snowblossom.proto.AddressSpec;
import snowblossom.proto.SignedMessagePayload;
import snowblossom.proto.WalletDatabase;
import snowblossom.proto.WalletKeyPair;

/* loaded from: input_file:snowblossom/lib/tls/CertGen.class */
public class CertGen {
    public static SslContext getServerSSLContext(WalletDatabase walletDatabase) throws Exception {
        if (walletDatabase.getKeysCount() != 1) {
            throw new RuntimeException("Unexpected number of keys in wallet db");
        }
        if (walletDatabase.getAddressesCount() != 1) {
            throw new RuntimeException("Unexpected number of addresses in wallet db");
        }
        WalletKeyPair keys = walletDatabase.getKeys(0);
        AddressSpec addresses = walletDatabase.getAddresses(0);
        WalletKeyPair generateWalletRSAKey = KeyUtil.generateWalletRSAKey(2048);
        KeyPair decodeKeypair = KeyUtil.decodeKeypair(generateWalletRSAKey);
        return GrpcSslContexts.forServer(pemCodeCert(generateSelfSignedCert(keys, generateWalletRSAKey, addresses)).newInput(), pemCodeECPrivateKey(decodeKeypair.getPrivate()).newInput()).build();
    }

    public static X509Certificate generateSelfSignedCert(WalletKeyPair walletKeyPair, WalletKeyPair walletKeyPair2, AddressSpec addressSpec) throws Exception {
        String addressString = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, AddressUtil.getHashForSpec(addressSpec));
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(walletKeyPair2.getPublicKey().toByteArray()));
        X500Name x500Name = new X500Name(String.format("CN=%s, O=Snowblossom", addressString));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 315360000000L), x500Name, subjectPublicKeyInfo);
        x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.134"), true, MsgSigUtil.signMessage(addressSpec, walletKeyPair, SignedMessagePayload.newBuilder().setTlsPublicKey(walletKeyPair2.getPublicKey()).build()).toByteString().toByteArray());
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(walletKeyPair2.getPrivateKey().toByteArray());
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(createKey)));
    }

    public static ByteString pemCode(byte[] bArr, String str) {
        try {
            PemObject pemObject = new PemObject(str, bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
            pemWriter.writeObject(pemObject);
            pemWriter.flush();
            pemWriter.close();
            return ByteString.copyFrom(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static ByteString pemCodeCert(Certificate certificate) throws CertificateEncodingException {
        return pemCode(certificate.getEncoded(), PEMParser.TYPE_CERTIFICATE);
    }

    public static ByteString pemCodeECPrivateKey(PrivateKey privateKey) {
        return pemCode(privateKey.getEncoded(), PEMParser.TYPE_PRIVATE_KEY);
    }
}
