package se.lublin.humla.net;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes2.dex */
public class HumlaCertificateGenerator {
    private static final String ISSUER = "CN=Humla Client";
    private static final Integer YEARS_VALID = 20;

    public static X509Certificate generateCertificate(OutputStream outputStream) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, NoSuchProviderException, IOException {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded());
        ContentSigner build = new JcaContentSignerBuilder("SHA1withRSA").setProvider(bouncyCastleProvider).build(generateKeyPair.getPrivate());
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, YEARS_VALID.intValue());
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate(new X509v3CertificateBuilder(new X500Name(ISSUER), BigInteger.ONE, date, calendar.getTime(), new X500Name(ISSUER), subjectPublicKeyInfo).build(build));
        KeyStore keyStore = KeyStore.getInstance("PKCS12", bouncyCastleProvider);
        keyStore.load(null, null);
        keyStore.setKeyEntry("Humla Key", generateKeyPair.getPrivate(), null, new X509Certificate[]{certificate});
        keyStore.store(outputStream, "".toCharArray());
        return certificate;
    }
}
