package com.github.toolarium.security.certificate.impl;

import com.github.toolarium.security.certificate.CertificateUtilFactory;
import com.github.toolarium.security.certificate.ICertificateGenerator;
import com.github.toolarium.security.certificate.ICertificateVerifier;
import com.github.toolarium.security.certificate.dto.CertificateStore;
import com.github.toolarium.security.pki.util.PKIUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.LocalTime;
import java.time.ZoneId;
import java.time.temporal.TemporalAdjuster;
import java.util.Date;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/toolarium/security/certificate/impl/CertificateGenerator.class */
public class CertificateGenerator implements ICertificateGenerator {
    private static final long ONE_DAY = 86400000;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateGenerator.class);

    @Override // com.github.toolarium.security.certificate.ICertificateGenerator
    public CertificateStore createCreateCertificate(CertificateStore certificateStore, String str, String str2, Date date, int i) throws GeneralSecurityException {
        return createCreateCertificate(certificateStore.getKeyPair(), certificateStore, str, str2, date, i);
    }

    @Override // com.github.toolarium.security.certificate.ICertificateGenerator
    public CertificateStore createCreateCertificate(String str) throws GeneralSecurityException {
        return createCreateCertificate(PKIUtil.getInstance().generateKeyPair(null, "RSA", 2048), null, str, null, new Date(), 365);
    }

    @Override // com.github.toolarium.security.certificate.ICertificateGenerator
    public CertificateStore createCreateCertificate(String str, String str2, int i) throws GeneralSecurityException {
        return createCreateCertificate(PKIUtil.getInstance().generateKeyPair(null, "RSA", 2048), null, str, str2, new Date(), i);
    }

    @Override // com.github.toolarium.security.certificate.ICertificateGenerator
    public CertificateStore createCreateCertificate(KeyPair keyPair, String str, String str2, Date date, int i) throws GeneralSecurityException {
        return createCreateCertificate(keyPair, null, str, str2, date, i);
    }

    @Override // com.github.toolarium.security.certificate.ICertificateGenerator
    public CertificateStore createCreateCertificate(KeyPair keyPair, CertificateStore certificateStore, String str, String str2, Date date, int i) throws GeneralSecurityException {
        X500Name x500Name;
        PrivateKey privateKey;
        int i2 = i;
        if (i2 < 1) {
            i2 = 1;
        }
        try {
            LocalDateTime plusYears = i2 % 365 == 0 ? dateToLocalDateTime(date).plusYears(i2 / 365) : dateToLocalDateTime(new Date(date.getTime() + (86400000 * (i2 - 1))));
            BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
            X500Name build = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, str).build();
            if (certificateStore == null || certificateStore.getCertificates() == null || certificateStore.getCertificates().length <= 0) {
                x500Name = build;
                privateKey = keyPair.getPrivate();
            } else {
                privateKey = certificateStore.getKeyPair().getPrivate();
                x500Name = new X500Name(certificateStore.getCertificates()[0].getIssuerX500Principal().getName());
            }
            String str3 = str2;
            if (str3 == null) {
                str3 = str;
            }
            X509v3CertificateBuilder addExtension = new X509v3CertificateBuilder(x500Name, valueOf, localDateTimeToDate(dateToLocalDateTime(date).with((TemporalAdjuster) LocalTime.MIN)), localDateTimeToDate(plusYears.with((TemporalAdjuster) LocalTime.MAX)), build, SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded()))).addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(2, str3)));
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            AuthorityKeyIdentifier createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(keyPair.getPublic());
            addExtension.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(2, "localhost")));
            addExtension.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
            addExtension.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) createAuthorityKeyIdentifier);
            addExtension.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
            addExtension.addExtension(Extension.keyUsage, false, new KeyUsage(238).getEncoded());
            addExtension.addExtension(Extension.extendedKeyUsage, 1 == 0, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_emailProtection}).getEncoded());
            String str4 = "SHA256WithRSAEncryption";
            if ("RSA".equals(keyPair.getPublic().getAlgorithm())) {
                str4 = "SHA256WithRSA";
            } else if ("EC".equals(keyPair.getPublic().getAlgorithm())) {
                str4 = "SHA256withECRSA";
            }
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(addExtension.build(new JcaContentSignerBuilder(str4).setProvider(new BouncyCastleProvider()).build(privateKey)));
            int i3 = 1;
            if (certificateStore != null && certificateStore.getCertificates() != null) {
                i3 = 1 + certificateStore.getCertificates().length;
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[i3];
            x509CertificateArr[0] = certificate;
            if (certificateStore != null && certificateStore.getCertificates() != null && certificateStore.getCertificates().length > 0) {
                for (int length = certificateStore.getCertificates().length - 1; length >= 0; length--) {
                    x509CertificateArr[length + 1] = certificateStore.getCertificates()[length];
                }
            }
            ICertificateVerifier verifier = CertificateUtilFactory.getInstance().getVerifier();
            Logger logger = LOG;
            Objects.requireNonNull(logger);
            verifier.verifyCertificateChain(logger::info, x509CertificateArr);
            return new CertificateStore(keyPair, x509CertificateArr);
        } catch (IOException | GeneralSecurityException | OperatorCreationException e) {
            GeneralSecurityException generalSecurityException = new GeneralSecurityException(e.getMessage());
            generalSecurityException.setStackTrace(e.getStackTrace());
            throw generalSecurityException;
        }
    }

    public static void main(String[] strArr) throws Exception {
        CertificateStore createCreateCertificate = new CertificateGenerator().createCreateCertificate(PKIUtil.getInstance().generateKeyPair(null, "RSA", 2048), "Test CN", "localhost", new Date(), 365);
        createCreateCertificate.write("testca", "alias", "4321");
        createCreateCertificate.writeCertificate("testca");
        createCreateCertificate.writePublicKey("testca");
        createCreateCertificate.writePrivateKey("testca");
    }

    private LocalDateTime dateToLocalDateTime(Date date) {
        return LocalDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.time.ZonedDateTime] */
    private Date localDateTimeToDate(LocalDateTime localDateTime) {
        return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
    }
}
