package de.fenvariel.maven.certificate;

import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:de/fenvariel/maven/certificate/CertificateFactory.class */
public class CertificateFactory {
    private final PrivateKey issuerPrivateKey;
    private final X509Certificate[] issuerChain;

    public CertificateFactory(PrivateKey privateKey, X509Certificate... x509CertificateArr) {
        this.issuerPrivateKey = privateKey;
        if (x509CertificateArr == null) {
            this.issuerChain = new X509Certificate[0];
        } else {
            this.issuerChain = x509CertificateArr;
        }
    }

    public X509Certificate[] createCACertificateChain(int i, Date date, Date date2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        return createChain(createCACertificate(i, date, date2, x500Principal, publicKey));
    }

    public X509Certificate[] createClientCertificateChain(Date date, Date date2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        return createChain(createClientCertificate(date, date2, x500Principal, publicKey));
    }

    public X509Certificate[] createCACertificateChain(int i, Date date, int i2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        return createChain(createCACertificate(i, date, notAfter(date, i2), x500Principal, publicKey));
    }

    public X509Certificate[] createServerCertificateChain(Date date, int i, X500Principal x500Principal, PublicKey publicKey, String str) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        return createChain(createServerCertificate(date, notAfter(date, i), x500Principal, publicKey, str));
    }

    public X509Certificate[] createClientCertificateChain(Date date, int i, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        return createChain(createClientCertificate(date, notAfter(date, i), x500Principal, publicKey));
    }

    private BigInteger createX509Serial() {
        UUID randomUUID = UUID.randomUUID();
        ByteBuffer allocate = ByteBuffer.allocate(16);
        allocate.putLong(randomUUID.getMostSignificantBits());
        allocate.putLong(randomUUID.getLeastSignificantBits());
        return new BigInteger(allocate.array());
    }

    private X509Certificate[] createChain(X509Certificate x509Certificate) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.issuerChain.length + 1];
        System.arraycopy(this.issuerChain, 0, x509CertificateArr, 1, this.issuerChain.length);
        x509CertificateArr[0] = x509Certificate;
        return x509CertificateArr;
    }

    private Date notAfter(Date date, int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(6, i);
        return calendar.getTime();
    }

    private X509v3CertificateBuilder prepareBuilder(Date date, Date date2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException {
        X500Principal x500Principal2;
        PublicKey publicKey2;
        BigInteger createX509Serial = createX509Serial();
        if (this.issuerChain == null || this.issuerChain.length <= 0) {
            x500Principal2 = x500Principal;
            publicKey2 = publicKey;
        } else {
            x500Principal2 = this.issuerChain[0].getSubjectX500Principal();
            publicKey2 = this.issuerChain[0].getPublicKey();
        }
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal2, createX509Serial, date, date2, x500Principal, publicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey2));
        return jcaX509v3CertificateBuilder;
    }

    private X509Certificate createCACertificate(int i, Date date, Date date2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        X509v3CertificateBuilder prepareBuilder = prepareBuilder(date, date2, x500Principal, publicKey);
        addCACertificateExtensions(prepareBuilder, i);
        X509Certificate sign = sign(prepareBuilder);
        verify(sign);
        return sign;
    }

    private X509Certificate createServerCertificate(Date date, Date date2, X500Principal x500Principal, PublicKey publicKey, String str) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        X509v3CertificateBuilder prepareBuilder = prepareBuilder(date, date2, x500Principal, publicKey);
        addServerCertificateExtensions(prepareBuilder, str);
        X509Certificate sign = sign(prepareBuilder);
        verify(sign);
        return sign;
    }

    private X509Certificate createClientCertificate(Date date, Date date2, X500Principal x500Principal, PublicKey publicKey) throws GeneralSecurityException, CertIOException, OperatorCreationException {
        X509v3CertificateBuilder prepareBuilder = prepareBuilder(date, date2, x500Principal, publicKey);
        addClientCertificateExtensions(prepareBuilder);
        X509Certificate sign = sign(prepareBuilder);
        verify(sign);
        return sign;
    }

    private X509Certificate sign(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertificateException, OperatorCreationException {
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(this.issuerPrivateKey)));
    }

    private void verify(X509Certificate x509Certificate) throws GeneralSecurityException {
        PublicKey publicKey = (this.issuerChain == null || this.issuerChain.length <= 0) ? x509Certificate.getPublicKey() : this.issuerChain[0].getPublicKey();
        x509Certificate.checkValidity(new Date());
        x509Certificate.verify(publicKey);
    }

    private void addCACertificateExtensions(X509v3CertificateBuilder x509v3CertificateBuilder, int i) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(134));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(i));
    }

    private void addServerCertificateExtensions(X509v3CertificateBuilder x509v3CertificateBuilder, String str) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(128));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(2, str)));
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
    }

    private void addClientCertificateExtensions(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(224));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
    }
}
