package org.jumpmind.security;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.time.DateUtils;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.jumpmind.util.AppUtils;

/* loaded from: classes.dex */
public class BouncyCastleSecurityService extends SecurityService {
    public KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public PKCS10CertificationRequest generateRequest(KeyPair keyPair) throws Exception {
        return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Requested Test Certificate"), keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate());
    }

    public X509Certificate generateV1Certificate(String str, KeyPair keyPair) throws Exception {
        if (str == null) {
            str = AppUtils.getHostName();
        }
        String format = String.format("CN=%s, OU=SymmetricDS, O=JumpMind, L=Unknown, ST=Unknown, C=Unknown", str);
        this.log.info("Installing a default SSL certificate: {}", format);
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        x509V1CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V1CertificateGenerator.setIssuerDN(new X500Principal(format));
        x509V1CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - DateUtils.MILLIS_PER_DAY));
        x509V1CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 788400000000L));
        x509V1CertificateGenerator.setSubjectDN(new X500Principal(format));
        x509V1CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V1CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        return x509V1CertificateGenerator.generate(keyPair.getPrivate(), "BC");
    }

    @Override // org.jumpmind.security.SecurityService, org.jumpmind.security.ISecurityService
    public void installDefaultSslCert(String str) {
        synchronized (BouncyCastleSecurityService.class) {
            Security.addProvider(new BouncyCastleProvider());
            try {
                try {
                    KeyStore keyStore = getKeyStore(getKeyStorePassword());
                    KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(getKeyStorePassword().toCharArray());
                    String property = System.getProperty("sym.keystore.ssl.cert.alias", SecurityConstants.ALIAS_SYM_PRIVATE_KEY);
                    if (keyStore.getEntry(property, passwordProtection) == null) {
                        KeyPair generateRSAKeyPair = generateRSAKeyPair();
                        keyStore.setEntry(property, new KeyStore.PrivateKeyEntry(generateRSAKeyPair.getPrivate(), new X509Certificate[]{generateV1Certificate(str, generateRSAKeyPair)}), passwordProtection);
                        saveKeyStore(keyStore, getKeyStorePassword());
                    }
                } catch (RuntimeException e) {
                    throw e;
                }
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        }
    }
}
