package it.cosenonjaviste.keytool.services;

import it.cosenonjaviste.keytool.models.CSR;
import it.cosenonjaviste.keytool.models.P7B;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import sun.security.x509.AlgorithmId;
import sun.security.x509.AuthorityKeyIdentifierExtension;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateExtensions;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.GeneralNames;
import sun.security.x509.KeyIdentifier;
import sun.security.x509.SerialNumber;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:it/cosenonjaviste/keytool/services/CSRSigner.class */
public class CSRSigner {
    private static final Logger LOGGER = Logger.getLogger(CSRSigner.class.getName());
    private final KeyStoreAdapter signerKeyStoreAdapter;
    private final CSR csr;
    private final KeyPair signerKeyPair;
    private final X509Certificate signerCert;
    private final X509CertInfo certInfo = new X509CertInfo();

    public CSRSigner(KeyStoreAdapter keyStoreAdapter, CSR csr, KeyPair keyPair, X509Certificate x509Certificate) {
        this.signerKeyStoreAdapter = keyStoreAdapter;
        this.csr = csr;
        this.signerKeyPair = keyPair;
        this.signerCert = x509Certificate;
    }

    public CSRSigner withValidity(int i, ChronoUnit chronoUnit) throws CertificateException, IOException {
        Date date = new Date();
        this.certInfo.set("validity", new CertificateValidity(date, new Date(date.toInstant().plus(chronoUnit.getDuration().getSeconds() * i, (TemporalUnit) ChronoUnit.SECONDS).toEpochMilli())));
        return this;
    }

    public P7B sign() throws SignatureException {
        return sign("SHA256withRSA");
    }

    public P7B sign(String str) throws SignatureException {
        try {
            this.certInfo.set("serialNumber", new CertificateSerialNumber(new BigInteger(64, new SecureRandom())));
            this.certInfo.set("key", new CertificateX509Key(this.csr.toPkcs10().getSubjectPublicKeyInfo()));
            this.certInfo.set("version", new CertificateVersion(2));
            this.certInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get(str)));
            this.certInfo.set("subject", this.csr.toPkcs10().getSubjectName());
            this.certInfo.set("issuer", new X500Name(this.signerCert.getSubjectX500Principal().getEncoded()));
            CertificateExtensions certificateExtensions = new CertificateExtensions();
            certificateExtensions.set("AuthorityKeyIdentifier", new AuthorityKeyIdentifierExtension(new KeyIdentifier(this.signerKeyPair.getPublic()), (GeneralNames) null, (SerialNumber) null));
            this.certInfo.set("extensions", certificateExtensions);
            X509Certificate x509CertImpl = new X509CertImpl(this.certInfo);
            x509CertImpl.sign(this.signerKeyPair.getPrivate(), str);
            return new P7B(x509CertImpl, this.signerCert);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new SignatureException(e);
        }
    }
}
