package net.maritimeconnectivity.pki;

import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.security.AuthProvider;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import net.maritimeconnectivity.pki.exception.PKIRuntimeException;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.pkcs11.SunPKCS11;

/* loaded from: input_file:net/maritimeconnectivity/pki/Revocation.class */
public class Revocation {
    private static final Logger log = LoggerFactory.getLogger(Revocation.class);

    public static int getCRLReasonFromString(String str) {
        int i = 0;
        if ("unspecified".equals(str)) {
            i = 0;
        } else if ("keycompromise".equals(str)) {
            i = 1;
        } else if ("cacompromise".equals(str)) {
            i = 2;
        } else if ("affiliationchanged".equals(str)) {
            i = 3;
        } else if ("superseded".equals(str)) {
            i = 4;
        } else if ("cessationofoperation".equals(str)) {
            i = 5;
        } else if ("certificatehold".equals(str)) {
            i = 6;
        } else if ("removefromcrl".equals(str)) {
            i = 8;
        } else if ("privilegewithdrawn".equals(str)) {
            i = 9;
        } else if ("aacompromise".equals(str)) {
            i = 10;
        }
        return i;
    }

    public static X509CRL generateCRL(List<RevocationInfo> list, KeyStore.PrivateKeyEntry privateKeyEntry, AuthProvider authProvider) {
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(5, 7);
        try {
            X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X500Name(new JcaX509CertificateHolder((X509Certificate) privateKeyEntry.getCertificate()).getSubject().toString()), date);
            x509v2CRLBuilder.setNextUpdate(new Date(date.getTime() + 604800000));
            for (RevocationInfo revocationInfo : list) {
                x509v2CRLBuilder.addCRLEntry(revocationInfo.getSerialNumber(), revocationInfo.getRevokedAt(), revocationInfo.getRevokeReason().ordinal());
            }
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(PKIConstants.SIGNER_ALGORITHM);
            if (authProvider instanceof SunPKCS11) {
                jcaContentSignerBuilder.setProvider(authProvider);
            } else {
                jcaContentSignerBuilder.setProvider(PKIConstants.BC_PROVIDER_NAME);
            }
            try {
                X509CRLHolder build = x509v2CRLBuilder.build(jcaContentSignerBuilder.build(privateKeyEntry.getPrivateKey()));
                JcaX509CRLConverter jcaX509CRLConverter = new JcaX509CRLConverter();
                jcaX509CRLConverter.setProvider(PKIConstants.BC_PROVIDER_NAME);
                X509CRL x509crl = null;
                try {
                    x509crl = jcaX509CRLConverter.getCRL(build);
                } catch (CRLException e) {
                    log.error(e.getMessage(), e);
                }
                return x509crl;
            } catch (OperatorCreationException e2) {
                log.error(e2.getMessage(), e2);
                return null;
            }
        } catch (CertificateEncodingException e3) {
            log.error(e3.getMessage(), e3);
            return null;
        }
    }

    public static void generateRootCACRL(String str, List<RevocationInfo> list, KeyStore.PrivateKeyEntry privateKeyEntry, String str2, AuthProvider authProvider) {
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(new X500Name(str), date);
        x509v2CRLBuilder.setNextUpdate(calendar.getTime());
        if (list != null) {
            for (RevocationInfo revocationInfo : list) {
                x509v2CRLBuilder.addCRLEntry(revocationInfo.getSerialNumber(), revocationInfo.getRevokedAt(), revocationInfo.getRevokeReason().ordinal());
            }
        }
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(PKIConstants.SIGNER_ALGORITHM);
        if (authProvider != null) {
            jcaContentSignerBuilder.setProvider(authProvider);
        } else {
            jcaContentSignerBuilder.setProvider(PKIConstants.BC_PROVIDER_NAME);
        }
        try {
            X509CRLHolder build = x509v2CRLBuilder.build(jcaContentSignerBuilder.build(privateKeyEntry.getPrivateKey()));
            JcaX509CRLConverter jcaX509CRLConverter = new JcaX509CRLConverter();
            jcaX509CRLConverter.setProvider(PKIConstants.BC_PROVIDER_NAME);
            try {
                try {
                    String pemFromEncoded = CertificateHandler.getPemFromEncoded("X509 CRL", jcaX509CRLConverter.getCRL(build).getEncoded());
                    try {
                        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(str2));
                        Throwable th = null;
                        try {
                            try {
                                bufferedWriter.write(pemFromEncoded);
                                if (bufferedWriter != null) {
                                    if (0 != 0) {
                                        try {
                                            bufferedWriter.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        bufferedWriter.close();
                                    }
                                }
                            } catch (Throwable th3) {
                                th = th3;
                                throw th3;
                            }
                        } finally {
                        }
                    } catch (IOException e) {
                        log.error(e.getMessage(), e);
                    }
                } catch (CRLException e2) {
                    log.error("unable to generate RootCACRL", e2);
                }
            } catch (CRLException e3) {
                throw new PKIRuntimeException(e3.getMessage(), e3);
            }
        } catch (OperatorCreationException e4) {
            log.error(e4.getMessage(), e4);
        }
    }

    public static BasicOCSPRespBuilder initOCSPRespBuilder(OCSPReq oCSPReq, PublicKey publicKey) {
        try {
            BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()), new JcaDigestCalculatorProviderBuilder().setProvider(PKIConstants.BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1));
            Extension extension = oCSPReq.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
            if (extension != null) {
                basicOCSPRespBuilder.setResponseExtensions(new Extensions(new Extension[]{extension}));
            }
            return basicOCSPRespBuilder;
        } catch (Exception e) {
            return null;
        }
    }

    public static OCSPResp generateOCSPResponse(BasicOCSPRespBuilder basicOCSPRespBuilder, KeyStore.PrivateKeyEntry privateKeyEntry, AuthProvider authProvider) {
        try {
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(PKIConstants.SIGNER_ALGORITHM);
            if (authProvider instanceof SunPKCS11) {
                jcaContentSignerBuilder.setProvider(authProvider);
            } else {
                jcaContentSignerBuilder.setProvider(PKIConstants.BC_PROVIDER_NAME);
            }
            return new OCSPRespBuilder().build(0, basicOCSPRespBuilder.build(jcaContentSignerBuilder.build(privateKeyEntry.getPrivateKey()), new X509CertificateHolder[]{new X509CertificateHolder(privateKeyEntry.getCertificate().getEncoded())}, new Date()));
        } catch (Exception e) {
            return null;
        }
    }
}
