package se.swedenconnect.ca.engine.ca.issuer.impl;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Iterator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuanceException;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer;
import se.swedenconnect.ca.engine.ca.issuer.CertificateIssuerModel;
import se.swedenconnect.ca.engine.ca.models.cert.CertificateModel;
import se.swedenconnect.ca.engine.ca.models.cert.extension.ExtensionModel;
import se.swedenconnect.security.credential.PkiCredential;

/* loaded from: input_file:se/swedenconnect/ca/engine/ca/issuer/impl/BasicCertificateIssuer.class */
public class BasicCertificateIssuer extends CertificateIssuer {
    private static final Logger log = LoggerFactory.getLogger(BasicCertificateIssuer.class);
    private final X500Name issuerName;
    private final PkiCredential issuerCredential;

    public BasicCertificateIssuer(CertificateIssuerModel certificateIssuerModel, PkiCredential pkiCredential) {
        super(certificateIssuerModel);
        this.issuerCredential = pkiCredential;
        try {
            this.issuerName = new JcaX509CertificateHolder(pkiCredential.getCertificate()).getSubject();
        } catch (CertificateEncodingException e) {
            log.error("PkiCredential does not contain a valid issuer certificate");
            throw new RuntimeException(e);
        }
    }

    @Override // se.swedenconnect.ca.engine.ca.issuer.CertificateIssuer
    public X509CertificateHolder issueCertificate(CertificateModel certificateModel) throws CertificateIssuanceException {
        try {
            return (this.certificateIssuerModel.isV1() && certificateModel.getExtensionModels().isEmpty()) ? issueV1Certificate(certificateModel) : issueV3Certificate(certificateModel);
        } catch (OperatorCreationException e) {
            log.error("Error creating signer", e);
            throw new CertificateIssuanceException("Error creating the signer", e);
        } catch (IOException e2) {
            log.info("Illegal subject name in certificate request");
            throw new CertificateIssuanceException("Illegal subject name");
        }
    }

    private X509CertificateHolder issueV3Certificate(CertificateModel certificateModel) throws IOException, OperatorCreationException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.issuerName, this.certificateIssuerModel.getSerialNumberProvider().getSerialNumber(), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getStartOffset()), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getExpiryOffset()), getX500Name(certificateModel.getSubject()), certificateModel.getPublicKey());
        Iterator<ExtensionModel> it = certificateModel.getExtensionModels().iterator();
        while (it.hasNext()) {
            it.next().addExtensions(jcaX509v3CertificateBuilder);
        }
        return jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.certificateIssuerModel.getAlgorithmName()).build(this.issuerCredential.getPrivateKey()));
    }

    private X509CertificateHolder issueV1Certificate(CertificateModel certificateModel) throws OperatorCreationException, IOException {
        return new JcaX509v1CertificateBuilder(this.issuerName, this.certificateIssuerModel.getSerialNumberProvider().getSerialNumber(), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getStartOffset()), CertificateIssuer.getOffsetTime(this.certificateIssuerModel.getExpiryOffset()), getX500Name(certificateModel.getSubject()), certificateModel.getPublicKey()).build(new JcaContentSignerBuilder(this.certificateIssuerModel.getAlgorithmName()).build(this.issuerCredential.getPrivateKey()));
    }
}
