package br.net.woodstock.rockframework.security.cert.impl;

import br.net.woodstock.rockframework.security.cert.CertificateBuilder;
import br.net.woodstock.rockframework.security.cert.CertificateException;
import br.net.woodstock.rockframework.security.cert.CertificateRequest;
import br.net.woodstock.rockframework.security.cert.CertificateType;
import br.net.woodstock.rockframework.security.cert.CertificateVersionType;
import br.net.woodstock.rockframework.security.cert.ExtendedKeyUsageType;
import br.net.woodstock.rockframework.security.cert.KeyUsageType;
import br.net.woodstock.rockframework.security.cert.PrivateKeyHolder;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.security.util.SecurityUtils;
import br.net.woodstock.rockframework.utils.ConditionUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:br/net/woodstock/rockframework/security/cert/impl/BouncyCastleCertificateBuilder.class */
public class BouncyCastleCertificateBuilder implements CertificateBuilder {
    private static BouncyCastleCertificateBuilder instance = new BouncyCastleCertificateBuilder();

    protected BouncyCastleCertificateBuilder() {
    }

    @Override // br.net.woodstock.rockframework.security.cert.CertificateBuilder
    public PrivateKeyHolder build(CertificateRequest certificateRequest) {
        try {
            BouncyCastleCertificateRequest bouncyCastleCertificateRequest = new BouncyCastleCertificateRequest(certificateRequest);
            return CertificateVersionType.V3.equals(bouncyCastleCertificateRequest.getVersion()) ? buildV3Certificate(bouncyCastleCertificateRequest) : buildV1Certificate(bouncyCastleCertificateRequest);
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    protected PrivateKeyHolder buildV1Certificate(BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws OperatorCreationException, GeneralSecurityException, IOException {
        JcaX509v1CertificateBuilder jcaX509v1CertificateBuilder = new JcaX509v1CertificateBuilder(bouncyCastleCertificateRequest.getIssuerAsX500Name(), bouncyCastleCertificateRequest.getSerialNumber(), bouncyCastleCertificateRequest.getNotBefore(), bouncyCastleCertificateRequest.getNotAfter(), bouncyCastleCertificateRequest.getSubjectAsX500Name(), bouncyCastleCertificateRequest.getPublicKey());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(bouncyCastleCertificateRequest.getSignAlgorithm());
        jcaContentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        return new PrivateKeyHolder(bouncyCastleCertificateRequest.getPrivateKey(), new Certificate[]{(X509Certificate) SecurityUtils.getCertificateFromFile(jcaX509v1CertificateBuilder.build(jcaContentSignerBuilder.build(bouncyCastleCertificateRequest.getPrivateKey())).getEncoded(), CertificateType.X509)});
    }

    protected PrivateKeyHolder buildV3Certificate(BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws OperatorCreationException, GeneralSecurityException, IOException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder;
        ContentSigner build;
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(bouncyCastleCertificateRequest.getSignAlgorithm());
        jcaContentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
        if (bouncyCastleCertificateRequest.getIssuerPrivateKey() == null || bouncyCastleCertificateRequest.getIssuerCertificate() == null) {
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(bouncyCastleCertificateRequest.getIssuerAsX500Name(), bouncyCastleCertificateRequest.getSerialNumber(), bouncyCastleCertificateRequest.getNotBefore(), bouncyCastleCertificateRequest.getNotAfter(), bouncyCastleCertificateRequest.getSubjectAsX500Name(), bouncyCastleCertificateRequest.getPublicKey());
            build = jcaContentSignerBuilder.build(bouncyCastleCertificateRequest.getPrivateKey());
        } else {
            jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(bouncyCastleCertificateRequest.getIssuerCertificate(), bouncyCastleCertificateRequest.getSerialNumber(), bouncyCastleCertificateRequest.getNotBefore(), bouncyCastleCertificateRequest.getNotAfter(), bouncyCastleCertificateRequest.getSubjectAsX500Principal(), bouncyCastleCertificateRequest.getPublicKey());
            jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(bouncyCastleCertificateRequest.getIssuerCertificate()));
            build = jcaContentSignerBuilder.build(bouncyCastleCertificateRequest.getIssuerPrivateKey());
        }
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(bouncyCastleCertificateRequest.getPublicKey()));
        addV3KeyUsage(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3ExtendedKeyUsage(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3CertificatePolicies(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3OtherNames(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3Comment(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3CRLDistPoint(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3OcspUrl(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3PolicyUrl(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        addV3CAExtensions(jcaX509v3CertificateBuilder, bouncyCastleCertificateRequest);
        X509Certificate x509Certificate = (X509Certificate) SecurityUtils.getCertificateFromFile(jcaX509v3CertificateBuilder.build(build).getEncoded(), CertificateType.X509);
        if (bouncyCastleCertificateRequest.getIssuerPrivateKey() != null && bouncyCastleCertificateRequest.getIssuerCertificate() != null) {
            x509Certificate.verify(bouncyCastleCertificateRequest.getIssuerCertificate().getPublicKey());
        }
        return new PrivateKeyHolder(bouncyCastleCertificateRequest.getPrivateKey(), new Certificate[]{x509Certificate});
    }

    protected void addV3KeyUsage(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (bouncyCastleCertificateRequest.isCa()) {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(0 | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.CRL_SIGN) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.DATA_ENCIPHERMENT) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.DIGITAL_SIGNATURE) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.KEY_AGREEMENT) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.KEY_CERT_SIGN) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.KEY_ENCIPHERMENT) | BouncyCastleCertificateHelper.toKeyUsage(KeyUsageType.NON_REPUDIATION)));
        } else {
            if (bouncyCastleCertificateRequest.getKeyUsage().isEmpty()) {
                return;
            }
            int i = 0;
            Iterator<KeyUsageType> it = bouncyCastleCertificateRequest.getKeyUsage().iterator();
            while (it.hasNext()) {
                i |= BouncyCastleCertificateHelper.toKeyUsage(it.next());
            }
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(i));
        }
    }

    protected void addV3ExtendedKeyUsage(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (bouncyCastleCertificateRequest.getExtendedKeyUsage().isEmpty()) {
            return;
        }
        Vector vector = new Vector();
        Iterator<ExtendedKeyUsageType> it = bouncyCastleCertificateRequest.getExtendedKeyUsage().iterator();
        while (it.hasNext()) {
            KeyPurposeId extendedKeyUsage = BouncyCastleCertificateHelper.toExtendedKeyUsage(it.next());
            if (extendedKeyUsage != null) {
                vector.add(extendedKeyUsage);
            }
        }
        if (vector.size() > 0) {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(vector));
        }
    }

    protected void addV3CertificatePolicies(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getCertificatePolicies())) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (Map.Entry<String, String> entry : bouncyCastleCertificateRequest.getCertificatePolicies().entrySet()) {
                aSN1EncodableVector.add(new PolicyInformation(new ASN1ObjectIdentifier(entry.getKey()), new DERSequence(new ASN1Encodable[]{new PolicyQualifierInfo(X509Extension.cRLDistributionPoints, new DERIA5String(entry.getValue()))})));
            }
            jcaX509v3CertificateBuilder.addExtension(X509Extension.certificatePolicies, false, new DERSequence(aSN1EncodableVector));
        }
    }

    protected void addV3OtherNames(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getEmail()) || !bouncyCastleCertificateRequest.getOtherNames().isEmpty()) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getEmail())) {
                aSN1EncodableVector.add(new GeneralName(1, bouncyCastleCertificateRequest.getEmail()));
            }
            if (!bouncyCastleCertificateRequest.getOtherNames().isEmpty()) {
                for (Map.Entry<String, String> entry : bouncyCastleCertificateRequest.getOtherNames().entrySet()) {
                    aSN1EncodableVector.add(new GeneralName(0, new DERSequence(new ASN1Encodable[]{new ASN1ObjectIdentifier(entry.getKey()), new DERTaggedObject(4, new DEROctetString(entry.getValue().getBytes()))})));
                }
            }
            if (aSN1EncodableVector.size() > 0) {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(aSN1EncodableVector)).toASN1Primitive());
            }
        }
    }

    protected void addV3CRLDistPoint(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getCrlDistPoint())) {
            GeneralName generalName = new GeneralName(6, new DERIA5String(bouncyCastleCertificateRequest.getCrlDistPoint()));
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(generalName);
            jcaX509v3CertificateBuilder.addExtension(X509Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(0, GeneralNames.getInstance(new DERSequence(aSN1EncodableVector))), (ReasonFlags) null, (GeneralNames) null)}));
            jcaX509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCApolicyURL, false, new DERIA5String(bouncyCastleCertificateRequest.getCrlDistPoint()));
        }
    }

    protected void addV3OcspUrl(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getOcspURL())) {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, new GeneralName(6, new DERIA5String(bouncyCastleCertificateRequest.getOcspURL()))));
        }
    }

    protected void addV3PolicyUrl(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getPolicyURL())) {
            jcaX509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCApolicyURL, false, new DERIA5String(bouncyCastleCertificateRequest.getPolicyURL()));
        }
    }

    protected void addV3Comment(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (ConditionUtils.isNotEmpty(bouncyCastleCertificateRequest.getComment())) {
            jcaX509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCertComment, false, new DERIA5String(bouncyCastleCertificateRequest.getComment()));
        }
    }

    protected void addV3CAExtensions(JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder, BouncyCastleCertificateRequest bouncyCastleCertificateRequest) throws CertIOException {
        if (bouncyCastleCertificateRequest.isCa()) {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
        }
    }

    public static BouncyCastleCertificateBuilder getInstance() {
        return instance;
    }
}
