package net.maritimecloud.pki;

import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Calendar;
import java.util.GregorianCalendar;
import java.util.Locale;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.BigIntegers;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/maritimecloud/pki/CertificateBuilder.class */
public class CertificateBuilder {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateBuilder.class);
    private KeystoreHandler keystoreHandler;
    private SecureRandom random = new SecureRandom();

    public CertificateBuilder(KeystoreHandler keystoreHandler) {
        this.keystoreHandler = keystoreHandler;
    }

    public X509Certificate buildAndSignCert(BigInteger bigInteger, PrivateKey privateKey, PublicKey publicKey, PublicKey publicKey2, X500Name x500Name, X500Name x500Name2, Map<String, String> map, String str, String str2, String str3) throws Exception {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, Calendar.getInstance().getTime(), new GregorianCalendar(PKIConstants.CERT_EXPIRE_YEAR, 0, 1).getTime(), x500Name2, publicKey2);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if ("ROOTCA".equals(str)) {
            jcaX509v3CertificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).addExtension(Extension.keyUsage, true, (ASN1Encodable) new X509KeyUsage(230));
        } else if ("INTERMEDIATE".equals(str)) {
            jcaX509v3CertificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).addExtension(Extension.keyUsage, true, (ASN1Encodable) new X509KeyUsage(230));
        } else {
            GeneralName[] generalNameArr = null;
            if (map != null && !map.isEmpty()) {
                generalNameArr = new GeneralName[map.size()];
                int i = 0;
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    generalNameArr[i] = new GeneralName(0, new DERSequence(new ASN1Encodable[]{new ASN1ObjectIdentifier(entry.getKey()), new DERTaggedObject(true, 0, new DERUTF8String(entry.getValue()))}));
                    i++;
                }
            }
            if (generalNameArr != null) {
                jcaX509v3CertificateBuilder = jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(generalNameArr));
            }
        }
        X509v3CertificateBuilder addExtension = jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey)).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey2));
        addExtension.addExtension(Extension.cRLDistributionPoints, false, (ASN1Encodable) new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(6, str3))), null, null)}));
        if (str2 != null) {
            addExtension.addExtension(Extension.authorityInfoAccess, false, (ASN1Encodable) new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(6, str2)));
        }
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(PKIConstants.SIGNER_ALGORITHM);
        jcaContentSignerBuilder.setProvider("BC");
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(addExtension.build(jcaContentSignerBuilder.build(privateKey)));
    }

    public X509Certificate generateCertForEntity(BigInteger bigInteger, String str, String str2, String str3, String str4, String str5, String str6, PublicKey publicKey, Map<String, String> map, String str7, String str8) throws Exception {
        KeyStore.PrivateKeyEntry signingCertEntry = this.keystoreHandler.getSigningCertEntry(str7);
        X509Certificate x509Certificate = (X509Certificate) signingCertEntry.getCertificate();
        String str9 = str;
        String[] iSOCountries = Locale.getISOCountries();
        int length = iSOCountries.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Locale locale = new Locale("", iSOCountries[i]);
            if (locale.getDisplayCountry(Locale.ENGLISH).equals(str9)) {
                str9 = locale.getCountry();
                break;
            }
            i++;
        }
        String str10 = "C=" + str9 + ", O=" + str2 + ", OU=" + str3 + ", CN=" + str4 + ", UID=" + str6;
        if (str5 != null && !str5.isEmpty()) {
            str10 = str10 + ", E=" + str5;
        }
        String element = CertificateHandler.getElement(new X500Name(x509Certificate.getSubjectDN().getName()), BCStyle.UID);
        return buildAndSignCert(bigInteger, signingCertEntry.getPrivateKey(), x509Certificate.getPublicKey(), publicKey, new JcaX509CertificateHolder(x509Certificate).getSubject(), new X500Name(str10), map, "ENTITY", str8 + "ocsp/" + element, str8 + "crl/" + element);
    }

    public static KeyPair generateKeyPair() {
        ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(PKIConstants.ELLIPTIC_CURVE);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
            try {
                keyPairGenerator.initialize(eCGenParameterSpec, new SecureRandom());
                return keyPairGenerator.generateKeyPair();
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    public BigInteger generateSerialNumber() {
        return BigIntegers.createRandomInRange(new BigInteger("4294967296"), new BigInteger("730750818665451459101842416358141509827966271487"), this.random);
    }
}
