package org.imixs.archive.signature.ca;

import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Base64;
import org.imixs.archive.signature.KeystoreService;

/* loaded from: input_file:org/imixs/archive/signature/ca/X509CertificateGenerator.class */
public class X509CertificateGenerator {
    private static final String BC_PROVIDER = "BC";
    private static final String DEFAULT_KEY_ALGORITHM = "RSA";
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static Logger logger = Logger.getLogger(KeystoreService.class.getName());
    private String keyAlgorithm = DEFAULT_KEY_ALGORITHM;
    private String signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM;

    public X509CertificateGenerator() throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchProviderException {
        Security.addProvider(new BouncyCastleProvider());
    }

    public String getKeyAlgorithm() {
        return this.keyAlgorithm;
    }

    public void setKeyAlgorithm(String str) {
        this.keyAlgorithm = str;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public X509Certificate generateRootCertificate(KeyPair keyPair, String str) throws OperatorCreationException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        BigInteger bigInteger = new BigInteger(Long.toString(new SecureRandom().nextLong()));
        X500Name x500Name = new X500Name("CN=" + str);
        ContentSigner build = new JcaContentSignerBuilder(getSignatureAlgorithm()).setProvider(BC_PROVIDER).build(keyPair.getPrivate());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, bigInteger, time, time2, x500Name, keyPair.getPublic());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
        return new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(jcaX509v3CertificateBuilder.build(build));
    }

    public X509Certificate[] generateSignedCertificate(X509Certificate x509Certificate, PrivateKey privateKey, KeyPair keyPair, String str, String str2, List<String> list, String str3, String str4, String str5) throws NoSuchAlgorithmException, OperatorCreationException, CertIOException, CertificateException, InvalidKeyException, NoSuchProviderException, SignatureException {
        logger.fine("...generating new certificate for user " + str + "...");
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("cn is empty or null!");
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, -1);
        Date time = calendar.getTime();
        calendar.add(1, 1);
        Date time2 = calendar.getTime();
        X500Name x500Name = new X500Name("CN=" + str);
        BigInteger bigInteger = new BigInteger(Long.toString(new SecureRandom().nextLong()));
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Name, keyPair.getPublic());
        ContentSigner build = new JcaContentSignerBuilder(getSignatureAlgorithm()).setProvider(BC_PROVIDER).build(privateKey);
        PKCS10CertificationRequest build2 = jcaPKCS10CertificationRequestBuilder.build(build);
        X500Name x500Name2 = new X500Name(x509Certificate.getSubjectDN().toString());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(RFC4519Style.INSTANCE);
        x500NameBuilder.addRDN(RFC4519Style.cn, str);
        if (list != null && !list.isEmpty()) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                x500NameBuilder.addRDN(RFC4519Style.ou, it.next());
            }
        }
        if (str2 != null && !str2.isEmpty()) {
            x500NameBuilder.addRDN(RFC4519Style.o, str2);
        }
        if (str3 != null && !str3.isEmpty()) {
            x500NameBuilder.addRDN(RFC4519Style.l, str3);
        }
        if (str4 != null && !str4.isEmpty()) {
            x500NameBuilder.addRDN(RFC4519Style.st, str4);
        }
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name2, bigInteger, time, time2, x500NameBuilder.build(), build2.getSubjectPublicKeyInfo());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(build2.getSubjectPublicKeyInfo()));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(128));
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BC_PROVIDER).getCertificate(x509v3CertificateBuilder.build(build));
        certificate.verify(x509Certificate.getPublicKey(), BC_PROVIDER);
        return new X509Certificate[]{certificate, x509Certificate};
    }

    public KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(getKeyAlgorithm(), BC_PROVIDER);
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            logger.severe("Failed to generate keypair: " + e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    public void exportKeyPairToKeystore(Certificate[] certificateArr, PrivateKey privateKey, String str, String str2, KeyStore keyStore, String str3, String str4) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (str == null) {
            keyStore.setKeyEntry(str2, privateKey, null, certificateArr);
        } else {
            keyStore.setKeyEntry(str2, privateKey, str.toCharArray(), certificateArr);
        }
        keyStore.store(new FileOutputStream(str3), str4.toCharArray());
    }

    public void writeCertToFileBase64Encoded(Certificate certificate, String str) throws Exception {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write("-----BEGIN CERTIFICATE-----".getBytes());
        fileOutputStream.write(Base64.encode(certificate.getEncoded()));
        fileOutputStream.write("-----END CERTIFICATE-----".getBytes());
        fileOutputStream.close();
    }
}
