package com.afwsamples.testdpc.policy.utils;

import com.afwsamples.testdpc.policy.PolicyManagementFragment;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes33.dex */
public class CertificateUtils {
    public static X509Certificate createCertificate(KeyPair keyPair, X500Principal x500Principal, X500Principal x500Principal2) throws OperatorCreationException, CertificateException, IOException {
        String str;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis - 86400000);
        Date date2 = new Date(currentTimeMillis + 86400000);
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(X500Name.getInstance(x500Principal2.getEncoded()), new BigInteger(1, bArr), date, date2, X500Name.getInstance(x500Principal.getEncoded()), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        String algorithm = keyPair.getPrivate().getAlgorithm();
        if (algorithm.equals("RSA")) {
            str = "SHA256withRSA";
        } else {
            if (!algorithm.equals("EC")) {
                throw new IllegalArgumentException("Unknown key algorithm " + algorithm);
            }
            str = "SHA256withECDSA";
        }
        return (X509Certificate) CertificateFactory.getInstance(PolicyManagementFragment.X509_CERT_TYPE).generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(keyPair.getPrivate())).getEncoded()));
    }
}
