package jptools.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Calendar;
import java.util.Date;
import jptools.logger.LogInformation;
import jptools.logger.Logger;
import jptools.resource.ResourceException;
import jptools.security.cert.PKIUtil;
import jptools.util.KeyValueHolder;
import jptools.util.RandomGenerator;
import jptools.util.formatter.HexFormatter;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.provider.X509CertificateObject;

/* loaded from: input_file:jptools/security/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private static Logger log = Logger.getLogger(X509CertificateGenerator.class);
    private LogInformation logInfo;
    private PKIUtil pkiUtil;
    private KeyValueHolder<X509Certificate, KeyPair> masterCa;
    private RSAPrivateCrtKeyParameters caPrivateKey;

    public X509CertificateGenerator(LogInformation logInformation) {
        this.logInfo = logInformation;
        this.pkiUtil = new PKIUtil(logInformation);
    }

    public void loadMasterCertificate(String str, String str2, String str3) throws UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException, ResourceException, IOException, InvalidKeyException, SignatureException {
        log.info(this.logInfo, "Loading CA certificate and private key from file '" + str + "', using alias '" + str3 + "'.");
        this.masterCa = this.pkiUtil.readPKCS12KeyPair(str, null, str3, str2);
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) this.masterCa.getValue().getPrivate();
        this.caPrivateKey = new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
        this.pkiUtil.verifyCertificate(this.masterCa.getKey());
    }

    public KeyValueHolder<X509Certificate[], KeyPair> createCertificate(String str, String str2, int i, Date date, int i2) throws IOException, InvalidKeyException, SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CryptoException, KeyStoreException, NoSuchProviderException, CertificateException, InvalidKeySpecException {
        if (this.masterCa == null || this.masterCa.getKey() == null || this.masterCa.getValue() == null) {
            throw new IllegalStateException("Master certificate is not valid.");
        }
        String str3 = str2 != null ? str2 : "RSA";
        int i3 = 1024;
        if (i > 0) {
            i3 = i;
        }
        log.info(this.logInfo, "Generating certificate for distinguished subject name '" + str + "', valid for " + i2 + " days");
        log.increaseHierarchyLevel(this.logInfo);
        log.debug(this.logInfo, "Creating RSA keypair");
        KeyPair generateKeyPair = this.pkiUtil.generateKeyPair(null, str3, i3);
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.setSerialNumber(new DERInteger(BigInteger.valueOf(System.currentTimeMillis())));
        v3TBSCertificateGenerator.setIssuer(PrincipalUtil.getSubjectX509Principal(this.masterCa.getKey()));
        v3TBSCertificateGenerator.setSubject(new X509Name("CN=" + str));
        log.debug(this.logInfo, "Certificate structure generated, creating SHA1 digest");
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.sha1WithRSAEncryption;
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier, new DERNull());
        v3TBSCertificateGenerator.setSignature(algorithmIdentifier);
        v3TBSCertificateGenerator.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo(new ASN1InputStream(new ByteArrayInputStream(generateKeyPair.getPublic().getEncoded())).readObject()));
        if (date == null) {
            v3TBSCertificateGenerator.setStartDate(new Time(new Date()));
        } else {
            v3TBSCertificateGenerator.setStartDate(new Time(date));
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, i2);
        v3TBSCertificateGenerator.setEndDate(new Time(calendar.getTime()));
        PrivateKey generatePrivate = KeyFactory.getInstance(str3).generatePrivate(new RSAPrivateCrtKeySpec(this.caPrivateKey.getModulus(), this.caPrivateKey.getPublicExponent(), this.caPrivateKey.getExponent(), this.caPrivateKey.getP(), this.caPrivateKey.getQ(), this.caPrivateKey.getDP(), this.caPrivateKey.getDQ(), this.caPrivateKey.getQInv()));
        TBSCertificateStructure generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(generateTBSCertificate);
        Signature signature = Signature.getInstance(aSN1ObjectIdentifier.getId());
        signature.initSign(generatePrivate, RandomGenerator.getInstance().getSecureRandom());
        signature.update(byteArrayOutputStream.toByteArray());
        byte[] sign = signature.sign();
        log.debug(this.logInfo, "SHA1/RSA signature of digest is '" + HexFormatter.toHex(sign) + "'");
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(generateTBSCertificate);
        aSN1EncodableVector.add(algorithmIdentifier);
        aSN1EncodableVector.add(new DERBitString(sign));
        X509Certificate x509CertificateObject = new X509CertificateObject(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)));
        log.debug(this.logInfo, "Verifying certificate for correct signature with CA public key");
        x509CertificateObject.verify(this.masterCa.getValue().getPublic());
        X509Certificate[] x509CertificateArr = {x509CertificateObject, this.masterCa.getKey()};
        this.pkiUtil.verifyCertificateChain(x509CertificateArr);
        log.decreaseHierarchyLevel(this.logInfo);
        return new KeyValueHolder<>(x509CertificateArr, generateKeyPair);
    }

    public boolean createCertificate(String str, String str2, int i, Date date, int i2, String str3, String str4, String str5) throws IOException, InvalidKeyException, SecurityException, SignatureException, NoSuchAlgorithmException, DataLengthException, CryptoException, KeyStoreException, NoSuchProviderException, CertificateException, InvalidKeySpecException, ResourceException {
        KeyValueHolder<X509Certificate[], KeyPair> createCertificate = createCertificate(str, str2, i, date, i2);
        if (createCertificate == null) {
            return false;
        }
        this.pkiUtil.writePKCS12KeyStore(str3, str4, createCertificate.getValue().getPrivate(), createCertificate.getKey(), str5);
        return true;
    }

    public static void main(String[] strArr) throws Exception {
        X509CertificateGenerator x509CertificateGenerator = new X509CertificateGenerator(null);
        x509CertificateGenerator.loadMasterCertificate("ca.p12", "test password", "Test CA");
        x509CertificateGenerator.createCertificate("Test CN", "RSA", 1024, new Date(), 30, "testca.pem", "Alias", "4321");
    }
}
