package code.ponfee.commons.jce.cert;

import code.ponfee.commons.jce.Providers;
import code.ponfee.commons.jce.RSASignAlgorithms;
import code.ponfee.commons.util.ObjectUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Vector;
import javax.annotation.Nullable;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import sun.security.pkcs10.PKCS10;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.ExtendedKeyUsageExtension;
import sun.security.x509.KeyUsageExtension;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:code/ponfee/commons/jce/cert/X509CertGenerator.class */
public class X509CertGenerator {
    public static X509Certificate createRootCert(String str, RSASignAlgorithms rSASignAlgorithms, PrivateKey privateKey, PublicKey publicKey, Date date, Date date2) {
        return createRootCert(null, str, rSASignAlgorithms, privateKey, publicKey, date, date2);
    }

    public static X509Certificate createRootCert(BigInteger bigInteger, String str, RSASignAlgorithms rSASignAlgorithms, PrivateKey privateKey, PublicKey publicKey, Date date, Date date2) {
        return selfSign(privateKey, createCertInfo(bigInteger, createPkcs10(str, privateKey, publicKey, rSASignAlgorithms), date, date2, createExtensions(true)));
    }

    public static X509Certificate createSubjectCert(X509Certificate x509Certificate, PrivateKey privateKey, String str, RSASignAlgorithms rSASignAlgorithms, PrivateKey privateKey2, PublicKey publicKey, Date date, Date date2) {
        return createSubjectCert(x509Certificate, privateKey, null, str, rSASignAlgorithms, privateKey2, publicKey, date, date2);
    }

    public static X509Certificate createSubjectCert(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, String str, RSASignAlgorithms rSASignAlgorithms, PrivateKey privateKey2, PublicKey publicKey, Date date, Date date2) {
        return caSign(x509Certificate, privateKey, createCertInfo(bigInteger, createPkcs10(str, privateKey2, publicKey, rSASignAlgorithms), date, date2, createExtensions(false)));
    }

    public static X509Certificate createSubjectCert(X509Certificate x509Certificate, PrivateKey privateKey, PKCS10 pkcs10, Date date, Date date2) {
        return createSubjectCert(x509Certificate, privateKey, null, pkcs10, date, date2);
    }

    public static X509Certificate createSubjectCert(X509Certificate x509Certificate, PrivateKey privateKey, BigInteger bigInteger, PKCS10 pkcs10, Date date, Date date2) {
        return caSign(x509Certificate, privateKey, createCertInfo(bigInteger, pkcs10, date, date2, createExtensions(false)));
    }

    public static PKCS10 createPkcs10(String str, PrivateKey privateKey, PublicKey publicKey, RSASignAlgorithms rSASignAlgorithms) {
        Signature signature = Providers.getSignature(rSASignAlgorithms.name());
        try {
            PKCS10 pkcs10 = new PKCS10(publicKey);
            signature.initSign(privateKey);
            pkcs10.encodeAndSign(new X500Name(str), signature);
            return pkcs10;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static CertificateExtensions createExtensions(boolean z) {
        try {
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            KeyUsageExtension keyUsageExtension = new KeyUsageExtension();
            keyUsageExtension.set("digital_signature", true);
            if (z) {
                keyUsageExtension.set("key_encipherment", true);
                keyUsageExtension.set("key_agreement", true);
                keyUsageExtension.set("key_certsign", true);
                keyUsageExtension.set("crl_sign", true);
            } else {
                keyUsageExtension.set("data_encipherment", true);
                Vector vector = new Vector();
                vector.add(new ObjectIdentifier(new int[]{1, 3, 6, 1, 5, 5, 7, 3, 3}));
                certificateExtensions.set("ExtendedKeyUsage", new ExtendedKeyUsageExtension(vector));
            }
            certificateExtensions.set("KeyUsage", keyUsageExtension);
            return certificateExtensions;
        } catch (IOException e) {
            throw new SecurityException(e);
        }
    }

    private static sun.security.x509.X509CertInfo createCertInfo(@Nullable BigInteger bigInteger, PKCS10 pkcs10, Date date, Date date2, CertificateExtensions certificateExtensions) {
        if (bigInteger == null) {
            bigInteger = new BigInteger(1, ObjectUtils.uuid());
        }
        try {
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(pkcs10.getEncoded());
            JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
            jcaContentVerifierProviderBuilder.setProvider(Providers.BC);
            if (!pKCS10CertificationRequest.isSignatureValid(jcaContentVerifierProviderBuilder.build(pKCS10CertificationRequest.getSubjectPublicKeyInfo()))) {
                throw new SecurityException("Invalid pkcs10 signature data.");
            }
            AlgorithmId algorithmId = AlgorithmId.get(pKCS10CertificationRequest.getSignatureAlgorithm().getAlgorithm().getId());
            sun.security.x509.X509CertInfo x509CertInfo = new sun.security.x509.X509CertInfo();
            x509CertInfo.set("version", new CertificateVersion(2));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber(bigInteger));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(algorithmId));
            x509CertInfo.set("subject", pkcs10.getSubjectName());
            x509CertInfo.set("key", new CertificateX509Key(pkcs10.getSubjectPublicKeyInfo()));
            x509CertInfo.set("validity", new CertificateValidity(date, date2));
            if (certificateExtensions != null) {
                x509CertInfo.set("extensions", certificateExtensions);
            }
            return x509CertInfo;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static X509Certificate selfSign(PrivateKey privateKey, sun.security.x509.X509CertInfo x509CertInfo) {
        try {
            CertificateAlgorithmId certificateAlgorithmId = (CertificateAlgorithmId) x509CertInfo.get("algorithmID");
            x509CertInfo.set("issuer", x509CertInfo.get("subject"));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(privateKey, certificateAlgorithmId.get("algorithm").getName());
            return x509CertImpl;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static X509Certificate caSign(X509Certificate x509Certificate, PrivateKey privateKey, sun.security.x509.X509CertInfo x509CertInfo) {
        try {
            x509CertInfo.set("issuer", (X500Name) ((sun.security.x509.X509CertInfo) new X509CertImpl(x509Certificate.getEncoded()).get("x509.info")).get("subject.dname"));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(privateKey, x509Certificate.getSigAlgName());
            return x509CertImpl;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }
}
