package se.swedenconnect.ca.engine.revocation.crl.impl;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.engine.configuration.CAAlgorithmRegistry;
import se.swedenconnect.ca.engine.revocation.crl.CRLIssuer;
import se.swedenconnect.security.credential.PkiCredential;

/* loaded from: input_file:se/swedenconnect/ca/engine/revocation/crl/impl/AbstractCRLIssuer.class */
public abstract class AbstractCRLIssuer implements CRLIssuer {
    private static final Logger log = LoggerFactory.getLogger(AbstractCRLIssuer.class);
    private final PkiCredential issuerCredential;
    private final X509CertificateHolder issuerCertificate;
    private final CAAlgorithmRegistry.SignatureAlgorithmProperties algorithmProperties;

    public AbstractCRLIssuer(PkiCredential pkiCredential, String str) throws NoSuchAlgorithmException {
        this.issuerCredential = pkiCredential;
        this.algorithmProperties = CAAlgorithmRegistry.getAlgorithmProperties(str);
        try {
            this.issuerCertificate = new JcaX509CertificateHolder(pkiCredential.getCertificate());
        } catch (CertificateEncodingException e) {
            log.error("The PKI credentials for the CRL issuer does not contain a valid signing certificate");
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorityKeyIdentifier getAki() throws CertificateEncodingException, IOException {
        GeneralNames generalNames = new GeneralNames(new GeneralName[]{new GeneralName(4, this.issuerCertificate.getSubject().toASN1Primitive())});
        Extension extension = this.issuerCertificate.getExtension(Extension.subjectKeyIdentifier);
        return new AuthorityKeyIdentifier(extension == null ? null : SubjectKeyIdentifier.getInstance(extension.getParsedValue()).getKeyIdentifier(), generalNames, this.issuerCertificate.getSerialNumber());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ContentSigner getContentSigner() throws OperatorCreationException {
        return new JcaContentSignerBuilder(this.algorithmProperties.getSigAlgoName()).build(this.issuerCredential.getPrivateKey());
    }
}
