package io.mosip.kernel.keymanager.hsm.util;

import io.mosip.kernel.core.keymanager.exception.KeystoreProcessingException;
import io.mosip.kernel.core.keymanager.model.CertificateParameters;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerErrorCode;
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:io/mosip/kernel/keymanager/hsm/util/CertificateUtility.class */
public class CertificateUtility {
    private CertificateUtility() {
    }

    public static X509Certificate generateX509Certificate(PrivateKey privateKey, PublicKey publicKey, String str, String str2, String str3, String str4, LocalDateTime localDateTime, LocalDateTime localDateTime2, String str5, String str6) {
        X500Name x500Name = new X500Name(getCertificateAttributes(str, str2, str3, str4));
        return generateX509Certificate(privateKey, publicKey, x500Name, x500Name, str5, str6, localDateTime, localDateTime2);
    }

    public static X509Certificate generateX509Certificate(PrivateKey privateKey, PublicKey publicKey, CertificateParameters certificateParameters, X500Principal x500Principal, String str, String str2) {
        X500Name certificateAttributes = getCertificateAttributes(certificateParameters);
        return generateX509Certificate(privateKey, publicKey, Objects.nonNull(x500Principal) ? new X500Name(RFC4519Style.INSTANCE, x500Principal.getName()) : certificateAttributes, certificateAttributes, str, str2, certificateParameters.getNotBefore(), certificateParameters.getNotAfter());
    }

    private static X509Certificate generateX509Certificate(PrivateKey privateKey, PublicKey publicKey, X500Name x500Name, X500Name x500Name2, String str, String str2, LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        try {
            BigInteger bigInteger = new BigInteger(Long.toString(new SecureRandom().nextLong()));
            ContentSigner build = new JcaContentSignerBuilder(str).setProvider(str2).build(privateKey);
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, getDateFromLocalDateTime(localDateTime), getDateFromLocalDateTime(localDateTime2), x500Name2, publicKey);
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
            return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(build));
        } catch (OperatorCreationException | IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.time.ZonedDateTime] */
    private static Date getDateFromLocalDateTime(LocalDateTime localDateTime) {
        return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
    }

    private static String getCertificateAttributes(String str, String str2, String str3, String str4) {
        return "CN=" + str + ", OU =" + str2 + ",O=" + str3 + ", C=" + str4;
    }

    private static X500Name getCertificateAttributes(CertificateParameters certificateParameters) {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE);
        addRDN(certificateParameters.getCountry(), x500NameBuilder, BCStyle.C);
        addRDN(certificateParameters.getState(), x500NameBuilder, BCStyle.ST);
        addRDN(certificateParameters.getLocation(), x500NameBuilder, BCStyle.L);
        addRDN(certificateParameters.getOrganization(), x500NameBuilder, BCStyle.O);
        addRDN(certificateParameters.getOrganizationUnit(), x500NameBuilder, BCStyle.OU);
        addRDN(certificateParameters.getCommonName(), x500NameBuilder, BCStyle.CN);
        return x500NameBuilder.build();
    }

    private static void addRDN(String str, X500NameBuilder x500NameBuilder, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (str == null || str.isEmpty()) {
            return;
        }
        x500NameBuilder.addRDN(aSN1ObjectIdentifier, str);
    }
}
