package gg.essential.quic.backend;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Locale;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:essential-9b4375a5275450b7ae1e7c93c2d74d7e.jar:gg/essential/quic/backend/SelfSignedCert.class */
public class SelfSignedCert {
    private static final Date DEFAULT_NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    private static final Date DEFAULT_NOT_AFTER = new Date(253402300799000L);
    private final X509Certificate certificate;
    private final PublicKey publicKey;
    private final PrivateKey privateKey;

    public SelfSignedCert() throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X500Name x500Name = new X500Name("CN=localhost");
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new X509v3CertificateBuilder(x500Name, new BigInteger(64, secureRandom), DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, Locale.ROOT, x500Name, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(generateKeyPair.getPrivate())));
            certificate.verify(generateKeyPair.getPublic());
            this.certificate = certificate;
            this.publicKey = generateKeyPair.getPublic();
            this.privateKey = generateKeyPair.getPrivate();
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }

    public X509Certificate certificate() {
        return this.certificate;
    }

    public PublicKey publicKey() {
        return this.publicKey;
    }

    public PrivateKey privateKey() {
        return this.privateKey;
    }
}
