package de.rwh.utils.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.time.LocalDateTime;
import java.time.Period;
import java.time.ZoneId;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Date;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DLTaggedObject;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;

/* loaded from: input_file:de/rwh/utils/crypto/CertificateAuthority.class */
public class CertificateAuthority {
    public static final TemporalAmount ONE_YEAR = Period.ofYears(1);
    public static final TemporalAmount TEN_YEARS = Period.ofYears(10);
    private X500Name name;
    private X509Certificate caCertificate;
    private KeyPair caKeyPair;
    private String signatureAlgorithm;

    /* loaded from: input_file:de/rwh/utils/crypto/CertificateAuthority$CertificateAuthorityBuilder.class */
    public static class CertificateAuthorityBuilder {
        private final X509Certificate caCertificate;
        private final PrivateKey caPrivateKey;
        private final X500Name name;

        private CertificateAuthorityBuilder(X500Name x500Name, X509Certificate x509Certificate, PrivateKey privateKey) {
            this.name = x500Name;
            this.caCertificate = x509Certificate;
            this.caPrivateKey = privateKey;
        }

        public static CertificateAuthorityBuilder create(X509Certificate x509Certificate, PrivateKey privateKey) {
            return new CertificateAuthorityBuilder(null, (X509Certificate) Objects.requireNonNull(x509Certificate, "caCertificate"), (PrivateKey) Objects.requireNonNull(privateKey, "caPrivateKey"));
        }

        public static CertificateAuthorityBuilder create(String str, String str2, String str3, String str4, String str5, String str6) {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            if (str != null && !str.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.C, str);
            }
            if (str2 != null && !str2.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.ST, str2);
            }
            if (str3 != null && !str3.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.L, str3);
            }
            if (str4 != null && !str4.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.O, str4);
            }
            if (str5 != null && !str5.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.OU, str5);
            }
            if (str6 != null && !str6.isEmpty()) {
                x500NameBuilder.addRDN(BCStyle.CN, str6);
            }
            return new CertificateAuthorityBuilder(x500NameBuilder.build(), null, null);
        }

        public CertificateAuthority initialize() {
            if (this.caCertificate != null && this.caPrivateKey != null) {
                return new CertificateAuthority(this.caCertificate, this.caPrivateKey);
            }
            try {
                CertificateAuthority certificateAuthority = new CertificateAuthority(this.name);
                certificateAuthority.initialize();
                return certificateAuthority;
            } catch (IllegalStateException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | CertificateException | OperatorCreationException | CertIOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public static void registerBouncyCastleProvider() {
        CertificateHelper.registerBouncyCastleProvider();
    }

    public CertificateAuthority(X509Certificate x509Certificate, KeyPair keyPair) {
        this(x509Certificate, keyPair, CertificateHelper.DEFAULT_SIGNATURE_ALGORITHM);
    }

    public CertificateAuthority(X509Certificate x509Certificate, PrivateKey privateKey) {
        this(x509Certificate, privateKey, CertificateHelper.DEFAULT_SIGNATURE_ALGORITHM);
    }

    public CertificateAuthority(X509Certificate x509Certificate, KeyPair keyPair, String str) {
        this.name = null;
        this.caCertificate = x509Certificate;
        this.caKeyPair = keyPair;
        this.signatureAlgorithm = str;
    }

    public CertificateAuthority(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        this.name = null;
        this.caCertificate = x509Certificate;
        this.caKeyPair = new KeyPair(x509Certificate.getPublicKey(), privateKey);
        this.signatureAlgorithm = str;
    }

    public CertificateAuthority(String str, String str2, String str3, String str4, String str5, String str6) {
        this.name = null;
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        if (str != null && !str.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.C, str);
        }
        if (str2 != null && !str2.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.ST, str2);
        }
        if (str3 != null && !str3.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.L, str3);
        }
        if (str4 != null && !str4.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.O, str4);
        }
        if (str5 != null && !str5.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.OU, str5);
        }
        if (str6 != null && !str6.isEmpty()) {
            x500NameBuilder.addRDN(BCStyle.CN, str6);
        }
        this.name = x500NameBuilder.build();
    }

    public CertificateAuthority(X500Name x500Name) {
        this.name = null;
        this.name = x500Name;
    }

    public void initialize() throws NoSuchAlgorithmException, InvalidKeyException, KeyStoreException, CertificateException, OperatorCreationException, CertIOException, IllegalStateException {
        LocalDateTime now = LocalDateTime.now();
        initialize(now, now.plus(TEN_YEARS), CertificateHelper.DEFAULT_KEY_SIZE, CertificateHelper.DEFAULT_SIGNATURE_ALGORITHM);
    }

    public void initialize(LocalDateTime localDateTime, LocalDateTime localDateTime2) throws NoSuchAlgorithmException, InvalidKeyException, KeyStoreException, CertificateException, OperatorCreationException, CertIOException, IllegalStateException {
        if (localDateTime == null || localDateTime2 == null || localDateTime2.isBefore(localDateTime)) {
            throw new IllegalArgumentException("Dates not valid");
        }
        if (isInitialized()) {
            throw new IllegalStateException("already initialized");
        }
        initialize(localDateTime, localDateTime2, CertificateHelper.DEFAULT_KEY_SIZE, CertificateHelper.DEFAULT_SIGNATURE_ALGORITHM);
    }

    public void initialize(LocalDateTime localDateTime, LocalDateTime localDateTime2, int i, String str) throws NoSuchAlgorithmException, InvalidKeyException, KeyStoreException, CertificateException, CertIOException, OperatorCreationException, IllegalStateException {
        if (localDateTime == null || localDateTime2 == null || localDateTime2.isBefore(localDateTime)) {
            throw new IllegalArgumentException("Dates not valid");
        }
        if (i <= 0) {
            throw new IllegalArgumentException("Key size not valid");
        }
        if (isInitialized()) {
            throw new IllegalStateException("already initialized");
        }
        this.signatureAlgorithm = str;
        this.caKeyPair = CertificateHelper.createKeyPair(CertificateHelper.DEFAULT_KEY_ALGORITHM, i);
        this.caCertificate = createCaCertificate(localDateTime, localDateTime2);
    }

    private X509Certificate createCaCertificate(LocalDateTime localDateTime, LocalDateTime localDateTime2) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, CertIOException, InvalidKeyException, OperatorCreationException, IllegalStateException {
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        PublicKey publicKey = this.caKeyPair.getPublic();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.name, valueOf, toDate(localDateTime), toDate(localDateTime2), this.name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, CertificateHelper.toSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(1));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(6));
        return toCertificate(jcaX509v3CertificateBuilder.build(getCaContentSigner()));
    }

    private boolean isInitialized() {
        return (this.caCertificate == null || this.caKeyPair == null) ? false : true;
    }

    public X509Certificate getCertificate() throws IllegalStateException {
        if (isInitialized()) {
            return this.caCertificate;
        }
        throw new IllegalStateException("not initialized");
    }

    public KeyPair getCaKeyPair() {
        if (isInitialized()) {
            return this.caKeyPair;
        }
        throw new IllegalStateException("not initialized");
    }

    public X500Name getName() {
        return this.name;
    }

    public X509Certificate signWebClientCertificate(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, OperatorCreationException, CertificateException, InvalidKeyException, IllegalStateException {
        return signWebClientCertificate(jcaPKCS10CertificationRequest, ONE_YEAR);
    }

    public X509Certificate signWebClientCertificate(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, TemporalAmount temporalAmount) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, OperatorCreationException, CertificateException, InvalidKeyException, IllegalStateException {
        if (isInitialized()) {
            return sign(jcaPKCS10CertificationRequest, new KeyUsage(224), new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth), temporalAmount);
        }
        throw new IllegalStateException("not initialized");
    }

    public X509Certificate signWebServerCertificate(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, OperatorCreationException, CertificateException, InvalidKeyException, IllegalStateException {
        return signWebServerCertificate(jcaPKCS10CertificationRequest, ONE_YEAR);
    }

    public X509Certificate signWebServerCertificate(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, TemporalAmount temporalAmount) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, OperatorCreationException, CertificateException, InvalidKeyException, IllegalStateException {
        if (isInitialized()) {
            return sign(jcaPKCS10CertificationRequest, new KeyUsage(240), new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth), temporalAmount);
        }
        throw new IllegalStateException("not initialized");
    }

    private X509Certificate sign(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, KeyUsage keyUsage, ExtendedKeyUsage extendedKeyUsage, TemporalAmount temporalAmount) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertIOException, OperatorCreationException, CertificateException, InvalidKeyException, IllegalStateException {
        Objects.requireNonNull(jcaPKCS10CertificationRequest, "request");
        Objects.requireNonNull(temporalAmount, "validityPeriod");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        LocalDateTime now = LocalDateTime.now();
        LocalDateTime plus = now.plus(temporalAmount);
        PublicKey publicKey = jcaPKCS10CertificationRequest.getPublicKey();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.caCertificate, valueOf, toDate(now), toDate(plus), new X500Principal(CertificationRequestBuilder.createSubject(getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.C), getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.ST), getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.L), getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.O), getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.OU), getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.CN)).getEncoded()), publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, CertificateHelper.toSubjectKeyIdentifier(publicKey));
        GeneralNames subjectAlternativeNames = getSubjectAlternativeNames(jcaPKCS10CertificationRequest);
        if (subjectAlternativeNames != null) {
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, subjectAlternativeNames);
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, getCaAuthorityKeyIdentifier());
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, extendedKeyUsage);
        return toCertificate(jcaX509v3CertificateBuilder.build(getCaContentSigner()));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.time.ZonedDateTime] */
    private Date toDate(LocalDateTime localDateTime) {
        return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
    }

    private ContentSigner getCaContentSigner() throws OperatorCreationException, IllegalStateException {
        return CertificateHelper.getContentSigner(this.signatureAlgorithm, this.caKeyPair.getPrivate());
    }

    private AuthorityKeyIdentifier getCaAuthorityKeyIdentifier() throws NoSuchAlgorithmException {
        return new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(this.caKeyPair.getPublic());
    }

    private static X509Certificate toCertificate(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509CertificateHolder);
    }

    public static GeneralNames getSubjectAlternativeNames(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest) throws IOException {
        ArrayList arrayList = new ArrayList();
        String dnElement = getDnElement(jcaPKCS10CertificationRequest.getSubject(), BCStyle.E);
        if (dnElement != null && !dnElement.isEmpty()) {
            arrayList.add(new GeneralName(1, dnElement));
        }
        for (Attribute attribute : jcaPKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            for (DERSequence dERSequence : attribute.getAttributeValues()) {
                if (dERSequence instanceof DERSequence) {
                    DERSequence dERSequence2 = dERSequence;
                    for (int i = 0; i < dERSequence2.size(); i++) {
                        DERSequence objectAt = dERSequence2.getObjectAt(i);
                        if (objectAt instanceof DERSequence) {
                            DERSequence dERSequence3 = objectAt;
                            if (dERSequence3.size() >= 2) {
                                ASN1ObjectIdentifier objectAt2 = dERSequence3.getObjectAt(0);
                                DEROctetString objectAt3 = dERSequence3.getObjectAt(1);
                                if ((objectAt2 instanceof ASN1ObjectIdentifier) && (objectAt3 instanceof DEROctetString)) {
                                    if (Extension.subjectAlternativeName.equals(objectAt2)) {
                                        DLSequence dERObject = toDERObject(objectAt3);
                                        if (dERObject instanceof DLSequence) {
                                            DLSequence dLSequence = dERObject;
                                            for (int i2 = 0; i2 < dLSequence.size(); i2++) {
                                                DERTaggedObject objectAt4 = dLSequence.getObjectAt(i2);
                                                if (objectAt4 instanceof DERTaggedObject) {
                                                    arrayList.add(new GeneralName(objectAt4.getTagNo(), objectAt4));
                                                } else if (objectAt4 instanceof DLTaggedObject) {
                                                    arrayList.add(new GeneralName(((DLTaggedObject) objectAt4).getTagNo(), objectAt4));
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        for (Attribute attribute2 : jcaPKCS10CertificationRequest.getAttributes(Extension.subjectAlternativeName)) {
            for (DERSequence dERSequence4 : attribute2.getAttributeValues()) {
                if (dERSequence4 instanceof DERSequence) {
                    DERSequence dERSequence5 = dERSequence4;
                    for (int i3 = 0; i3 < dERSequence5.size(); i3++) {
                        DERTaggedObject objectAt5 = dERSequence5.getObjectAt(i3);
                        if (objectAt5 instanceof DERTaggedObject) {
                            arrayList.add(new GeneralName(objectAt5.getTagNo(), objectAt5));
                        }
                    }
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()]));
    }

    private static ASN1Primitive toDERObject(DEROctetString dEROctetString) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(dEROctetString.getOctets()));
        try {
            ASN1Primitive readObject = aSN1InputStream.readObject();
            aSN1InputStream.close();
            return readObject;
        } catch (Throwable th) {
            try {
                aSN1InputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static String getDnElement(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        if (rDNs.length > 0) {
            return IETFUtils.valueToString(rDNs[0].getFirst().getValue());
        }
        return null;
    }
}
