package won.cryptography.service;

import java.math.BigInteger;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/won-core-0.2.jar:won/cryptography/service/CertificateService.class */
public class CertificateService {
    private static final String PROVIDER_BC = "BC";
    private final Logger logger = LoggerFactory.getLogger(getClass());

    public X509Certificate createSelfSignedCertificate(BigInteger bigInteger, KeyPair keyPair, String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(BCStyle.CN, str);
        hashMap.put(BCStyle.OU, "Web of Needs");
        return createSelfSignedCertificate(bigInteger, keyPair, hashMap, str2);
    }

    public X509Certificate createSelfSignedCertificate(BigInteger bigInteger, KeyPair keyPair, Map<ASN1ObjectIdentifier, String> map, String str) {
        try {
            X509v3CertificateBuilder createBuilderWithBasicInfo = createBuilderWithBasicInfo(bigInteger, keyPair, map);
            if (str != null) {
                addToCertBuilderWebIdInfo(createBuilderWithBasicInfo, str);
            }
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(createBuilderWithBasicInfo.build(createContentSigner(keyPair)));
            certificate.checkValidity(new Date());
            certificate.verify(certificate.getPublicKey());
            return certificate;
        } catch (Exception e) {
            throw new IllegalArgumentException("Could not create certificate for key pair with algorithm " + keyPair.getPublic().getAlgorithm(), e);
        }
    }

    private void addToCertBuilderWebIdInfo(X509v3CertificateBuilder x509v3CertificateBuilder, String str) throws CertificateException {
        if (str != null) {
            try {
                x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName[]{new GeneralName(6, str)}));
            } catch (CertIOException e) {
                throw new CertificateException("Could not add webID to the certificate" + str, e);
            }
        }
    }

    private ContentSigner createContentSigner(KeyPair keyPair) throws Exception {
        String str;
        if (keyPair.getPublic().getAlgorithm().contains("ECDSA")) {
            str = "SHA256WithECDSA";
        } else if (keyPair.getPublic().getAlgorithm().contains("RSA")) {
            str = "SHA256WithRSA";
        } else {
            if (!keyPair.getPublic().getAlgorithm().contains("DSA")) {
                throw new IllegalArgumentException(keyPair.getPublic().getAlgorithm() + " is not supported");
            }
            str = "SHA256WithDSA";
        }
        return new JcaContentSignerBuilder(str).setProvider("BC").build(keyPair.getPrivate());
    }

    private X509v3CertificateBuilder createBuilderWithBasicInfo(BigInteger bigInteger, KeyPair keyPair, Map<ASN1ObjectIdentifier, String> map) {
        DateTime dateTime = new DateTime();
        Date date = dateTime.minusDays(1).withTimeAtStartOfDay().toDate();
        Date date2 = dateTime.plusYears(2).withTimeAtStartOfDay().toDate();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        for (ASN1ObjectIdentifier aSN1ObjectIdentifier : map.keySet()) {
            x500NameBuilder.addRDN(aSN1ObjectIdentifier, map.get(aSN1ObjectIdentifier));
        }
        X500Name build = x500NameBuilder.build();
        return new X509v3CertificateBuilder(build, bigInteger, date, date2, build, new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())));
    }

    public static List<URI> getWebIdFromSubjectAlternativeNames(X509Certificate x509Certificate) throws CertificateParsingException {
        ArrayList arrayList = new ArrayList();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 6) {
                    try {
                        arrayList.add(new URI((String) list.get(1)));
                    } catch (URISyntaxException e) {
                        throw new CertificateParsingException("Could not retrieve webID from SAN", e);
                    }
                }
            }
        }
        return arrayList;
    }
}
