package eu.emi.security.authn.x509.helpers.proxy;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;

/* loaded from: input_file:eu/emi/security/authn/x509/helpers/proxy/X509v3CertificateBuilder.class */
public class X509v3CertificateBuilder {
    private FixedV3TBSCertificateGenerator tbsGen = new FixedV3TBSCertificateGenerator();
    private X509ExtensionsGenerator extGenerator;

    public X509v3CertificateBuilder(X500Name x500Name, BigInteger bigInteger, Date date, Date date2, X500Name x500Name2, SubjectPublicKeyInfo subjectPublicKeyInfo) {
        this.tbsGen.setSerialNumber(new DERInteger(bigInteger));
        this.tbsGen.setIssuer(x500Name);
        this.tbsGen.setStartDate(new Time(date));
        this.tbsGen.setEndDate(new Time(date2));
        this.tbsGen.setSubject(x500Name2);
        this.tbsGen.setSubjectPublicKeyInfo(subjectPublicKeyInfo);
        this.extGenerator = new X509ExtensionsGenerator();
    }

    public X509v3CertificateBuilder addExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z, ASN1Encodable aSN1Encodable) {
        this.extGenerator.addExtension(aSN1ObjectIdentifier, z, aSN1Encodable);
        return this;
    }

    public X509Certificate build(PrivateKey privateKey, AlgorithmIdentifier algorithmIdentifier, String str, String str2, SecureRandom secureRandom) throws InvalidKeyException, CertificateParsingException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, IOException {
        if (algorithmIdentifier == null || str == null) {
            throw new IllegalStateException("no signature algorithm specified");
        }
        if (privateKey == null) {
            throw new IllegalStateException("no private key specified");
        }
        this.tbsGen.setSignature(algorithmIdentifier);
        if (!this.extGenerator.isEmpty()) {
            this.tbsGen.setExtensions(this.extGenerator.generate());
        }
        return sign(this.tbsGen.generateTBSCertificate(), algorithmIdentifier, str, privateKey, str2, secureRandom);
    }

    private X509Certificate sign(DERSequence dERSequence, AlgorithmIdentifier algorithmIdentifier, String str, PrivateKey privateKey, String str2, SecureRandom secureRandom) throws InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, IOException, CertificateParsingException {
        byte[] calculateSignature = calculateSignature(str, str2, privateKey, secureRandom, dERSequence);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERSequence);
        aSN1EncodableVector.add(algorithmIdentifier.toASN1Object());
        aSN1EncodableVector.add(new DERBitString(calculateSignature));
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new DERSequence(aSN1EncodableVector).getDEREncoded()));
        } catch (CertificateException e) {
            throw new RuntimeException("The generated proxy certificate was not parsed by the JDK", e);
        }
    }

    private byte[] calculateSignature(String str, String str2, PrivateKey privateKey, SecureRandom secureRandom, ASN1Encodable aSN1Encodable) throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = str2 != null ? Signature.getInstance(str, str2) : Signature.getInstance(str);
        if (secureRandom != null) {
            signature.initSign(privateKey, secureRandom);
        } else {
            signature.initSign(privateKey);
        }
        signature.update(aSN1Encodable.getEncoded("DER"));
        return signature.sign();
    }

    public static AlgorithmIdentifier extractAlgorithmId(X509Certificate x509Certificate) throws IOException {
        String sigAlgOID = x509Certificate.getSigAlgOID();
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return new AlgorithmIdentifier(new DERObjectIdentifier(sigAlgOID));
        }
        return new AlgorithmIdentifier(new DERObjectIdentifier(sigAlgOID), ASN1Object.fromByteArray(sigAlgParams));
    }
}
