package org.imixs.signature.ca;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.logging.Logger;
import javax.ejb.Singleton;
import javax.inject.Inject;
import org.bouncycastle.operator.OperatorCreationException;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.imixs.signature.pdf.SigningService;
import org.imixs.signature.service.KeystoreService;
import org.imixs.workflow.ItemCollection;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/imixs/signature/ca/CAService.class */
public class CAService {

    @Inject
    @ConfigProperty(name = SigningService.ENV_SIGNATURE_ROOTCERT_ALIAS)
    Optional<String> rootCertAlias;

    @Inject
    @ConfigProperty(name = SigningService.ENV_SIGNATURE_ROOTCERT_PASSWORD)
    Optional<String> rootCertPassword;

    @Inject
    KeystoreService keystoreService;
    private static Logger logger = Logger.getLogger(CAService.class.getName());

    public boolean existsCertificate(String str) {
        Certificate[] loadCertificate = this.keystoreService.loadCertificate(str);
        return (loadCertificate == null || loadCertificate.length == 0) ? false : true;
    }

    public void createCertificate(String str, ItemCollection itemCollection) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, OperatorCreationException, CertificateException, SignatureException, IOException {
        X509Certificate[] generateSignedCertificate;
        logger.info("...generating new X509Certificate for alias '" + str + "'...");
        X509CertificateGenerator x509CertificateGenerator = new X509CertificateGenerator();
        X509Certificate x509Certificate = (X509Certificate) this.keystoreService.loadCertificate(this.rootCertAlias.get())[0];
        PrivateKey loadPrivateKey = this.keystoreService.loadPrivateKey(this.rootCertAlias.get(), this.rootCertPassword.get());
        KeyPair generateKeyPair = x509CertificateGenerator.generateKeyPair();
        if (itemCollection != null) {
            String itemValueString = itemCollection.getItemValueString("x509.cn");
            if (itemValueString.isEmpty()) {
                logger.warning("x509.cn attribute is missing - fallback to '" + str + "' !");
                itemValueString = str;
            }
            generateSignedCertificate = x509CertificateGenerator.generateSignedCertificate(x509Certificate, loadPrivateKey, generateKeyPair, itemValueString, itemCollection.getItemValueString("x509.o"), itemCollection.getItemValue("x509.ou"), itemCollection.getItemValueString("x509.city"), itemCollection.getItemValueString("x509.state"), itemCollection.getItemValueString("x509.country"));
        } else {
            generateSignedCertificate = x509CertificateGenerator.generateSignedCertificate(x509Certificate, loadPrivateKey, generateKeyPair, str, null, null, null, null, null);
        }
        this.keystoreService.storeCertificate(generateSignedCertificate, generateKeyPair.getPrivate(), "", str);
    }
}
