package com.gitlab.credit_reference_platform.crp.gateway.certificate;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Date;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:BOOT-INF/lib/crp-gateway-certificate-2.0.0.jar:com/gitlab/credit_reference_platform/crp/gateway/certificate/CertificateGenerator.class */
public class CertificateGenerator {
    private String secureRandomAlgo;
    private String privateKeyType;
    private int privateKeySize;
    private String signatureAlgorithm;
    private String certOwnerDN;
    private Instant validFrom;
    private Instant validTo;

    public CertificateGenerator(String str, int i, String str2, String str3, String str4, Instant instant, Instant instant2) {
        this.privateKeyType = str;
        this.privateKeySize = i;
        this.secureRandomAlgo = str2;
        this.signatureAlgorithm = str3;
        this.certOwnerDN = str4;
        this.validFrom = instant;
        this.validTo = instant2;
    }

    public KeyPair generateKeyPair() throws CertificateGeneratorException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.privateKeyType);
            try {
                keyPairGenerator.initialize(this.privateKeySize, SecureRandom.getInstance(this.secureRandomAlgo));
                return keyPairGenerator.generateKeyPair();
            } catch (NoSuchAlgorithmException e) {
                throw new CertificateGeneratorException(String.format("No providers support SecureRandomSpi with type - [%s]", this.secureRandomAlgo), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateGeneratorException(String.format("No providers support KeyPairGeneratoreSpi with type - [%s]", this.privateKeyType), e2);
        }
    }

    public KeyStore.PrivateKeyEntry generateSelfSignedCertificate() throws CertificateGeneratorException {
        return generateSignedCertificate(null);
    }

    public KeyStore.PrivateKeyEntry generateSignedCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) throws CertificateGeneratorException {
        return generateSignedCertificate(generateKeyPair(), privateKeyEntry, this.signatureAlgorithm);
    }

    public KeyStore.PrivateKeyEntry generateSignedCertificate(KeyPair keyPair, KeyStore.PrivateKeyEntry privateKeyEntry, String str) throws CertificateGeneratorException {
        X500Name x500Name;
        Certificate[] certificateChain;
        PrivateKey privateKey;
        X500Name x500Name2 = new X500Name(this.certOwnerDN);
        X509Certificate x509Certificate = null;
        if (privateKeyEntry == null) {
            x500Name = x500Name2;
            certificateChain = new Certificate[0];
            privateKey = keyPair.getPrivate();
        } else {
            x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
            x500Name = new X500Name(x509Certificate.getSubjectX500Principal().getName());
            certificateChain = privateKeyEntry.getCertificateChain();
            privateKey = privateKeyEntry.getPrivateKey();
        }
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, generateSerialNumber(), Date.from(this.validFrom), Date.from(this.validTo), x500Name, SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            try {
                x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new SubjectKeyIdentifier(messageDigest.digest(keyPair.getPublic().getEncoded())));
                if (x509Certificate != null) {
                    try {
                        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) new AuthorityKeyIdentifier(messageDigest.digest(x509Certificate.getPublicKey().getEncoded())));
                    } catch (CertIOException e) {
                        throw new CertificateGeneratorException("Failed to set AuthorityKeyIdentifier into Extension", e);
                    }
                }
                try {
                    try {
                        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(privateKey)));
                        Certificate[] certificateArr = new Certificate[certificateChain.length + 1];
                        certificateArr[0] = certificate;
                        System.arraycopy(certificateChain, 0, certificateArr, 1, certificateChain.length);
                        return new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), certificateArr);
                    } catch (CertificateException e2) {
                        throw new CertificateGeneratorException("Failed to create certificate", e2);
                    }
                } catch (OperatorCreationException e3) {
                    throw new CertificateGeneratorException(String.format("Failed when signing the certificate with algorithm [%s]", str), e3);
                }
            } catch (CertIOException e4) {
                throw new CertificateGeneratorException("Failed to set SubjectKeyIdentifier into Extension", e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new CertificateGeneratorException("Failed to generate SubjectKeyIdentifier", e5);
        }
    }

    protected BigInteger generateSerialNumber() {
        return new BigInteger(64, new SecureRandom());
    }

    @Generated
    public String getSecureRandomAlgo() {
        return this.secureRandomAlgo;
    }

    @Generated
    public String getPrivateKeyType() {
        return this.privateKeyType;
    }

    @Generated
    public int getPrivateKeySize() {
        return this.privateKeySize;
    }

    @Generated
    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Generated
    public String getCertOwnerDN() {
        return this.certOwnerDN;
    }

    @Generated
    public Instant getValidFrom() {
        return this.validFrom;
    }

    @Generated
    public Instant getValidTo() {
        return this.validTo;
    }
}
