package br.net.woodstock.rockframework.security.cert.impl;

import br.net.woodstock.rockframework.security.cert.CertificateBuilder;
import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.cert.CertificateType;
import br.net.woodstock.rockframework.security.cert.ExtendedKeyUsageType;
import br.net.woodstock.rockframework.security.cert.KeyUsageType;
import br.net.woodstock.rockframework.security.cert.PrivateKeyHolder;
import br.net.woodstock.rockframework.security.crypt.KeyPairType;
import br.net.woodstock.rockframework.security.sign.SignatureType;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.security.util.SecurityUtils;
import br.net.woodstock.rockframework.util.DateBuilder;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:br/net/woodstock/rockframework/security/cert/impl/BouncyCastleCertificateBuilder.class */
public class BouncyCastleCertificateBuilder implements CertificateBuilder {
    private static final String DEFAULT_ISSUER = "Woodstock Tecnologia";
    private String subject;
    private KeyPair keyPair;
    private SignatureType signType;
    private String issuerName;
    private Certificate issuerCertificate;
    private BigInteger serialNumber;
    private Date notBefore;
    private Date notAfter;
    private boolean v3;
    private Set<KeyUsageType> keyUsage;
    private Set<ExtendedKeyUsageType> extendedKeyUsage;

    public BouncyCastleCertificateBuilder(String str) {
        this(str, DEFAULT_ISSUER);
    }

    public BouncyCastleCertificateBuilder(String str, String str2) {
        this.subject = str;
        this.issuerName = str2;
        this.keyUsage = new HashSet();
        this.extendedKeyUsage = new HashSet();
    }

    public BouncyCastleCertificateBuilder withKeyPair(KeyPair keyPair) {
        this.keyPair = keyPair;
        return this;
    }

    public BouncyCastleCertificateBuilder withSignType(SignatureType signatureType) {
        this.signType = signatureType;
        return this;
    }

    public BouncyCastleCertificateBuilder withIssuer(String str) {
        this.issuerName = str;
        return this;
    }

    public BouncyCastleCertificateBuilder withIssuer(Certificate certificate) {
        this.issuerCertificate = certificate;
        return this;
    }

    public BouncyCastleCertificateBuilder withSerialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger;
        return this;
    }

    public BouncyCastleCertificateBuilder withNotBefore(Date date) {
        this.notBefore = date;
        return this;
    }

    public BouncyCastleCertificateBuilder withNotAfter(Date date) {
        this.notAfter = date;
        return this;
    }

    public BouncyCastleCertificateBuilder withKeyUsage(KeyUsageType... keyUsageTypeArr) {
        for (KeyUsageType keyUsageType : keyUsageTypeArr) {
            this.keyUsage.add(keyUsageType);
        }
        return this;
    }

    public BouncyCastleCertificateBuilder withExtendedKeyUsage(ExtendedKeyUsageType... extendedKeyUsageTypeArr) {
        for (ExtendedKeyUsageType extendedKeyUsageType : extendedKeyUsageTypeArr) {
            this.extendedKeyUsage.add(extendedKeyUsageType);
        }
        return this;
    }

    public BouncyCastleCertificateBuilder withV3Extensions(boolean z) {
        this.v3 = z;
        return this;
    }

    @Override // br.net.woodstock.rockframework.security.cert.CertificateBuilder
    public PrivateKeyHolder build() {
        X509Certificate x509Certificate;
        PrivateKey privateKey;
        try {
            long currentTimeMillis = System.currentTimeMillis();
            String str = this.subject;
            KeyPair keyPair = this.keyPair;
            SignatureType signatureType = this.signType;
            String str2 = this.issuerName;
            BigInteger bigInteger = this.serialNumber;
            Date date = this.notBefore;
            Date date2 = this.notAfter;
            if (keyPair == null) {
                keyPair = KeyPairGenerator.getInstance(KeyPairType.RSA.getAlgorithm()).generateKeyPair();
            }
            if (signatureType == null) {
                signatureType = SignatureType.SHA1_RSA;
            }
            if (str2 == null) {
                str2 = DEFAULT_ISSUER;
            }
            if (bigInteger == null) {
                bigInteger = BigInteger.valueOf(currentTimeMillis);
            }
            if (date == null) {
                DateBuilder dateBuilder = new DateBuilder(currentTimeMillis);
                dateBuilder.removeDays(1);
                date = dateBuilder.getDate();
            }
            if (date2 == null) {
                DateBuilder dateBuilder2 = new DateBuilder(currentTimeMillis);
                dateBuilder2.addYears(1);
                date2 = dateBuilder2.getDate();
            }
            if (this.v3) {
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = this.issuerCertificate != null ? new JcaX509v3CertificateBuilder((X509Certificate) this.issuerCertificate, bigInteger, date, date2, BouncyCastleProviderHelper.toX500Principal(str), keyPair.getPublic()) : new JcaX509v3CertificateBuilder(BouncyCastleProviderHelper.toX500Name(str2), bigInteger, date, date2, BouncyCastleProviderHelper.toX500Name(str), keyPair.getPublic());
                JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(signatureType.getAlgorithm());
                jcaContentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                ContentSigner build = jcaContentSignerBuilder.build(keyPair.getPrivate());
                if (this.keyUsage.size() > 0) {
                    int i = 0;
                    Iterator<KeyUsageType> it = this.keyUsage.iterator();
                    while (it.hasNext()) {
                        i |= toKeyUsage(it.next());
                    }
                    jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(i));
                }
                if (this.extendedKeyUsage.size() > 0) {
                    Vector vector = new Vector();
                    Iterator<ExtendedKeyUsageType> it2 = this.extendedKeyUsage.iterator();
                    while (it2.hasNext()) {
                        KeyPurposeId extendedKeyUsage = toExtendedKeyUsage(it2.next());
                        if (extendedKeyUsage != null) {
                            vector.add(extendedKeyUsage);
                        }
                    }
                    if (vector.size() > 0) {
                        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(vector));
                    } else {
                        jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
                    }
                } else {
                    jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage));
                }
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(1, str)));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
                x509Certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(jcaX509v3CertificateBuilder.build(build).getEncoded(), CertificateType.X509);
                privateKey = keyPair.getPrivate();
            } else {
                JcaX509v1CertificateBuilder jcaX509v1CertificateBuilder = new JcaX509v1CertificateBuilder(BouncyCastleProviderHelper.toX500Name(str2), bigInteger, date, date2, BouncyCastleProviderHelper.toX500Name(str), keyPair.getPublic());
                JcaContentSignerBuilder jcaContentSignerBuilder2 = new JcaContentSignerBuilder(signatureType.getAlgorithm());
                jcaContentSignerBuilder2.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                x509Certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(jcaX509v1CertificateBuilder.build(jcaContentSignerBuilder2.build(keyPair.getPrivate())).getEncoded(), CertificateType.X509);
                privateKey = keyPair.getPrivate();
            }
            return new PrivateKeyHolder(privateKey, new Certificate[]{x509Certificate});
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    private int toKeyUsage(KeyUsageType keyUsageType) {
        switch (keyUsageType) {
            case CRL_SIGN:
                return 2;
            case DATA_ENCIPHERMENT:
                return 16;
            case DECIPHER_ONLY:
                return 32768;
            case DIGITAL_SIGNATURE:
                return 128;
            case ENCIPHER_ONLY:
                return 1;
            case KEY_AGREEMENT:
                return 8;
            case KEY_CERT_SIGN:
                return 4;
            case KEY_ENCIPHERMENT:
                return 32;
            case NON_REPUDIATION:
                return 64;
            default:
                return 0;
        }
    }

    private KeyPurposeId toExtendedKeyUsage(ExtendedKeyUsageType extendedKeyUsageType) {
        switch (extendedKeyUsageType) {
            case ANY:
                return KeyPurposeId.anyExtendedKeyUsage;
            case CAP_WAP_AC:
                return KeyPurposeId.id_kp_capwapAC;
            case CAP_WAP_WTP:
                return KeyPurposeId.id_kp_capwapWTP;
            case CLIENT_AUTH:
                return KeyPurposeId.id_kp_clientAuth;
            case CODE_SIGN:
                return KeyPurposeId.id_kp_codeSigning;
            case DVCS:
                return KeyPurposeId.id_kp_dvcs;
            case EAP_OVER_LAN:
                return KeyPurposeId.id_kp_eapOverLAN;
            case EAP_OVER_PPP:
                return KeyPurposeId.id_kp_eapOverPPP;
            case EMAIL_PROTECTION:
                return KeyPurposeId.id_kp_emailProtection;
            case IPSEC_END_SYSTEM:
                return KeyPurposeId.id_kp_ipsecEndSystem;
            case IPSEC_IKE:
                return KeyPurposeId.id_kp_ipsecIKE;
            case IPSEC_TUNNEL:
                return KeyPurposeId.id_kp_ipsecTunnel;
            case IPSEC_USER:
                return KeyPurposeId.id_kp_ipsecUser;
            case OCSP_SIGNING:
                return KeyPurposeId.id_kp_OCSPSigning;
            case SBGP_CERT_AA_SERVER_AUTH:
                return KeyPurposeId.id_kp_sbgpCertAAServerAuth;
            case SCVP_CLIENT:
                return KeyPurposeId.id_kp_scvpClient;
            case SCVP_RESPONDER:
                return KeyPurposeId.id_kp_scvp_responder;
            case SCVP_SERVER:
                return KeyPurposeId.id_kp_scvpServer;
            case SERVER_AUTH:
                return KeyPurposeId.id_kp_serverAuth;
            case SMART_CARD_LOGIN:
                return KeyPurposeId.id_kp_smartcardlogon;
            case TIMESTAMPING:
                return KeyPurposeId.id_kp_timeStamping;
            default:
                return null;
        }
    }
}
