package de.petendi.commons.crypto;

import de.petendi.commons.crypto.connector.SecurityProviderConnector;
import java.io.OutputStream;
import java.io.Writer;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

/* loaded from: input_file:lib/commons-crypto-2.0.0.jar:de/petendi/commons/crypto/Certificates.class */
public final class Certificates {
    private String issuer;
    private String privateKeyEntry;
    private String crlUri;
    private final SecurityProviderConnector securityProviderConnector;

    public Certificates(SecurityProviderConnector securityProviderConnector) {
        this(securityProviderConnector, "issuer");
    }

    public Certificates(SecurityProviderConnector securityProviderConnector, String str) {
        this(securityProviderConnector, str, "private-key", null);
    }

    public Certificates(SecurityProviderConnector securityProviderConnector, String str, String str2, String str3) {
        this.securityProviderConnector = securityProviderConnector;
        this.issuer = str;
        this.privateKeyEntry = str2;
        this.crlUri = str3;
    }

    public X509Certificate create(String str, KeyStore keyStore) {
        if (keyStore == null) {
            throw new IllegalArgumentException("no keyStore given");
        }
        return create(str, (Writer) null, keyStore, (char[]) null);
    }

    private X509Certificate create(String str, Writer writer, KeyStore keyStore, char[] cArr) {
        return create(str, cArr, writer, null, keyStore);
    }

    public X509Certificate create(String str, char[] cArr, Writer writer, OutputStream outputStream) {
        if (outputStream == null) {
            throw new IllegalArgumentException("no stream for pkcs12 given");
        }
        return create(str, cArr, writer, outputStream, null);
    }

    private X509Certificate createCertificate(String str, String str2, String str3, PublicKey publicKey, PrivateKey privateKey) {
        try {
            return this.securityProviderConnector.createCertificate(str, str2, str3, publicKey, privateKey);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private X509Certificate create(String str, char[] cArr, Writer writer, OutputStream outputStream, KeyStore keyStore) {
        KeyStore keyStore2;
        if (str == null) {
            throw new IllegalArgumentException("userId must not be null");
        }
        try {
            KeyPair generateKeyPair = this.securityProviderConnector.generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            X509Certificate createCertificate = createCertificate("CN=" + str, "CN=" + this.issuer, this.crlUri, publicKey, privateKey);
            Certificate[] certificateArr = {createCertificate};
            if (writer != null) {
                this.securityProviderConnector.writeCertificate(writer, createCertificate);
            }
            if (keyStore == null) {
                keyStore2 = KeyStore.getInstance("PKCS12", this.securityProviderConnector.getProviderName());
                keyStore2.load(null, cArr);
            } else {
                keyStore2 = keyStore;
            }
            keyStore2.setKeyEntry(this.privateKeyEntry, privateKey, cArr, certificateArr);
            if (outputStream != null) {
                keyStore2.store(outputStream, cArr);
                outputStream.flush();
                outputStream.close();
            }
            return createCertificate;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }
}
