package ca.nrc.cadc.cred;

import ca.nrc.cadc.auth.X509CertificateChain;
import java.io.IOException;
import java.io.Writer;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Random;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:ca/nrc/cadc/cred/CertUtil.class */
public class CertUtil {
    public static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256WITHRSA";
    public static final int DEFAULT_KEY_LENGTH = 2048;

    public static X509Certificate generateCertificate(PKCS10CertificationRequest pKCS10CertificationRequest, int i, X509CertificateChain x509CertificateChain) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, CertificateParsingException, CertificateEncodingException, SignatureException, CertificateExpiredException, CertificateNotYetValidException {
        X509Certificate x509Certificate = x509CertificateChain.getChain()[0];
        PrivateKey privateKey = x509CertificateChain.getPrivateKey();
        Security.addProvider(new BouncyCastleProvider());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setSubjectDN(new X500Principal("CN=" + String.valueOf(Math.abs(new Random().nextInt())) + "," + x509Certificate.getSubjectX500Principal().getName("RFC2253")));
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -65);
        Date time = gregorianCalendar.getTime();
        for (X509Certificate x509Certificate2 : x509CertificateChain.getChain()) {
            if (time.before(x509Certificate2.getNotBefore())) {
                time = x509Certificate2.getNotBefore();
            }
        }
        x509V3CertificateGenerator.setNotBefore(time);
        if (i <= 0) {
            Date notAfter = x509Certificate.getNotAfter();
            for (X509Certificate x509Certificate3 : x509CertificateChain.getChain()) {
                if (notAfter.after(x509Certificate3.getNotAfter())) {
                    notAfter = x509Certificate3.getNotAfter();
                }
            }
            x509V3CertificateGenerator.setNotAfter(notAfter);
        } else {
            gregorianCalendar.add(12, 5);
            gregorianCalendar.add(13, i);
            for (X509Certificate x509Certificate4 : x509CertificateChain.getChain()) {
                x509Certificate4.checkValidity(gregorianCalendar.getTime());
            }
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
        }
        x509V3CertificateGenerator.setPublicKey(pKCS10CertificationRequest.getPublicKey());
        x509V3CertificateGenerator.setSignatureAlgorithm(DEFAULT_SIGNATURE_ALGORITHM);
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(160));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(x509Certificate));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pKCS10CertificationRequest.getPublicKey("BC")));
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier("1.3.6.1.5.5.7.21.1");
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERObjectIdentifier);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new DERSequence(aSN1EncodableVector));
        x509V3CertificateGenerator.addExtension(new DERObjectIdentifier("1.3.6.1.5.5.7.1.14"), true, new DERSequence(aSN1EncodableVector2));
        return x509V3CertificateGenerator.generate(privateKey, "BC");
    }

    public static void writePEMCertificateAndKey(X509CertificateChain x509CertificateChain, Writer writer) throws IOException {
        if (x509CertificateChain == null) {
            throw new IllegalArgumentException("Null certificate chain");
        }
        if (writer == null) {
            throw new IllegalArgumentException("Null writer");
        }
        PEMWriter pEMWriter = new PEMWriter(writer);
        pEMWriter.writeObject(x509CertificateChain.getChain()[0]);
        pEMWriter.writeObject(x509CertificateChain.getPrivateKey());
        for (int i = 1; i < x509CertificateChain.getChain().length; i++) {
            pEMWriter.writeObject(x509CertificateChain.getChain()[i]);
        }
        pEMWriter.flush();
    }
}
