package org.apache.clerezza.ssl.keygen.bouncy;

import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.clerezza.ssl.keygen.CertSerialisation;
import org.apache.clerezza.ssl.keygen.Certificate;
import org.apache.clerezza.ssl.keygen.KeygenService;
import org.apache.clerezza.ssl.keygen.PubKey;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:org/apache/clerezza/ssl/keygen/bouncy/DefaultCertificate.class */
public class DefaultCertificate implements Certificate {
    static final Logger log = Logger.getLogger(DefaultCertificate.class.getName());
    String CN;
    Date startDate;
    Date endDate;
    PubKey subjectPubKey;
    private BouncyKeygenService service;
    CertSerialisation serialization;
    LinkedList<String> sans = new LinkedList<>();
    double numDays = 0.0d;
    double numHours = 0.0d;
    double earlier = 0.0d;
    X509Certificate cert = null;

    public DefaultCertificate(BouncyKeygenService bouncyKeygenService) {
        this.service = bouncyKeygenService;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public X509Certificate getCertificate() {
        return this.cert;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void addSubjectAlternativeName(String str) {
        URL url = null;
        try {
            url = new URL(str);
            String protocol = url.getProtocol();
            if (!protocol.equals("http") && !protocol.equals("https") && !protocol.equals("ftp") && !protocol.equals("ftps")) {
                log.log(Level.INFO, "using WebId with protocol " + protocol + ". Could be a mistake. WebId=" + url);
            }
        } catch (MalformedURLException e) {
            log.log(Level.WARNING, "Malformed URL " + url, (Throwable) e);
        }
        this.sans.add(str);
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void setSubjectCommonName(String str) {
        this.CN = str;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void setStartDate(Date date) {
        this.startDate = date;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void setEndDate(Date date) {
        this.endDate = date;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void addDurationInDays(String str) {
        if (null == str || "".equals(str)) {
            return;
        }
        try {
            this.numDays += Double.valueOf(str).doubleValue();
        } catch (NumberFormatException e) {
            log.log(Level.WARNING, "unable to interpret the number of days passed as a float " + str);
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void startEarlier(String str) {
        if (null == str || "".equals(str)) {
            return;
        }
        try {
            this.earlier += Double.valueOf(str).doubleValue();
        } catch (NumberFormatException e) {
            log.log(Level.WARNING, "unable to interpret the number of days passed as a float " + str);
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void addDurationInHours(String str) {
        if (null == str || "".equals(str)) {
            return;
        }
        try {
            this.numHours += Double.valueOf(str).doubleValue();
        } catch (NumberFormatException e) {
            log.log(Level.WARNING, "unable to interpret the number of hours passed as a float" + str);
        }
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public PubKey getSubjectPublicKey() {
        return this.subjectPubKey;
    }

    public void setSubjectPublicKey(PubKey pubKey) {
        this.subjectPubKey = pubKey;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public void setDefaultSerialisation(CertSerialisation certSerialisation) {
        this.serialization = certSerialisation;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public CertSerialisation getSerialisation() throws Exception {
        if (this.cert == null) {
            generate();
        }
        return this.serialization;
    }

    public void generate() throws Exception {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.reset();
        x509V3CertificateGenerator.setIssuerDN(new X509Name(KeygenService.issuer));
        Vector vector = new Vector();
        Vector vector2 = new Vector();
        vector.add(X509Name.O);
        vector2.add("FOAF+SSL");
        vector.add(X509Name.OU);
        vector2.add("The Community Of Self Signers");
        String first = this.sans.getFirst();
        vector.add(X509Name.UID);
        vector2.add(first);
        vector.add(X509Name.CN);
        vector2.add(this.CN);
        x509V3CertificateGenerator.setSubjectDN(new X509Name(vector, vector2));
        x509V3CertificateGenerator.setNotBefore(getStartDate());
        x509V3CertificateGenerator.setNotAfter(getEndDate());
        x509V3CertificateGenerator.setSerialNumber(this.service.nextRandom());
        x509V3CertificateGenerator.setPublicKey(getSubjectPublicKey().getPublicKey());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA1WithRSAEncryption");
        x509V3CertificateGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        x509V3CertificateGenerator.addExtension(X509Extension.keyUsage, true, new KeyUsage(236));
        x509V3CertificateGenerator.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(160));
        x509V3CertificateGenerator.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(getSubjectPublicKey().getPublicKey()));
        if (this.sans.size() == 0) {
            throw new Exception("WebId not set!");
        }
        if (this.sans.size() == 1) {
            x509V3CertificateGenerator.addExtension(X509Extension.subjectAlternativeName, true, new GeneralNames(new GeneralName(6, first)));
        } else {
            GeneralName[] generalNameArr = new GeneralName[this.sans.size()];
            Iterator<String> it = this.sans.iterator();
            int i = 0;
            while (it.hasNext()) {
                generalNameArr[i] = new GeneralName(6, it.next());
                i++;
            }
            x509V3CertificateGenerator.addExtension(X509Extension.subjectAlternativeName, true, new DERSequence(generalNameArr));
        }
        this.cert = x509V3CertificateGenerator.generate(this.service.privateKey);
        this.cert.verify(this.service.certificate.getPublicKey());
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public Date getEndDate() {
        if (this.endDate == null) {
            if (this.numDays == 0.0d && this.numHours == 0.0d) {
                this.numDays = 365.0d;
            }
            this.endDate = new Date(getStartDate().getTime() + ((long) (this.numDays * 8.64E7d)) + ((long) ((this.numHours + this.earlier) * 3600000.0d)));
        }
        return this.endDate;
    }

    @Override // org.apache.clerezza.ssl.keygen.Certificate
    public Date getStartDate() {
        if (this.startDate == null) {
            this.startDate = new Date(System.currentTimeMillis() - ((long) (this.earlier * 3600000.0d)));
        }
        return this.startDate;
    }
}
