package se.swedenconnect.ca.engine.ca.issuer.impl;

import java.io.IOException;
import java.util.Iterator;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuanceException;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModel;
import se.swedenconnect.ca.engine.ca.models.cert.extension.ExtensionModel;
import se.swedenconnect.ca.engine.ca.models.cert.impl.SelfIssuedCertificateModel;

/* loaded from: input_file:se/swedenconnect/ca/engine/ca/issuer/impl/SelfIssuedCertificateIssuer.class */
public class SelfIssuedCertificateIssuer extends CertificateIssuer {
    private static final Logger log = LoggerFactory.getLogger(SelfIssuedCertificateIssuer.class);

    public SelfIssuedCertificateIssuer(CertificateIssuerModel certificateIssuerModel) {
        super(certificateIssuerModel);
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer
    public X509CertificateHolder issueCertificate(CertificateModel certificateModel) throws CertificateIssuanceException {
        if (!(certificateModel instanceof SelfIssuedCertificateModel)) {
            throw new CertificateIssuanceException("Certificate model must be the SelfIssuedCertificateModel");
        }
        try {
            return (this.certificateIssuerModel.isV1() && certificateModel.getExtensionModels().isEmpty()) ? issueV1Certificate((SelfIssuedCertificateModel) certificateModel) : issueV3Certificate((SelfIssuedCertificateModel) certificateModel);
        } catch (IOException e) {
            log.info("Illegal subject name in certificate request");
            throw new CertificateIssuanceException("Illegal subject name");
        } catch (OperatorCreationException e2) {
            log.error("Error creating signer", e2);
            throw new CertificateIssuanceException("Error creating the signer", e2);
        }
    }

    private X509CertificateHolder issueV3Certificate(SelfIssuedCertificateModel selfIssuedCertificateModel) throws IOException, OperatorCreationException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(getX500Name(selfIssuedCertificateModel.getSubject()), this.certificateIssuerModel.getSerialNumberProvider().getSerialNumber(), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getStartOffset()), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getExpiryOffset()), getX500Name(selfIssuedCertificateModel.getSubject()), selfIssuedCertificateModel.getPublicKey());
        Iterator<ExtensionModel> it = selfIssuedCertificateModel.getExtensionModels().iterator();
        while (it.hasNext()) {
            it.next().addExtensions(jcaX509v3CertificateBuilder);
        }
        return jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.certificateIssuerModel.getAlgorithmName()).build(selfIssuedCertificateModel.getPrivateKey()));
    }

    private X509CertificateHolder issueV1Certificate(SelfIssuedCertificateModel selfIssuedCertificateModel) throws IOException, OperatorCreationException {
        return new JcaX509v1CertificateBuilder(getX500Name(selfIssuedCertificateModel.getSubject()), this.certificateIssuerModel.getSerialNumberProvider().getSerialNumber(), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getStartOffset()), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getExpiryOffset()), getX500Name(selfIssuedCertificateModel.getSubject()), selfIssuedCertificateModel.getPublicKey()).build(new JcaContentSignerBuilder(this.certificateIssuerModel.getAlgorithmName()).build(selfIssuedCertificateModel.getPrivateKey()));
    }
}
