package se.swedenconnect.ca.cmc.api;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.List;
import lombok.Generated;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.ca.engine.ca.models.cert.extension.ExtensionModel;
import se.swedenconnect.ca.engine.ca.models.cert.extension.impl.simple.AuthorityKeyIdentifierModel;
import se.swedenconnect.ca.engine.ca.models.cert.extension.impl.simple.SubjectKeyIdentifierModel;
import se.swedenconnect.ca.engine.ca.models.cert.impl.AbstractCertificateModelBuilder;
import se.swedenconnect.ca.engine.configuration.CAAlgorithmRegistry;

/* loaded from: input_file:se/swedenconnect/ca/cmc/api/CMCCertificateModelBuilder.class */
public class CMCCertificateModelBuilder extends AbstractCertificateModelBuilder<CMCCertificateModelBuilder> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CMCCertificateModelBuilder.class);
    private final PublicKey publicKey;
    private final X509CertificateHolder issuer;
    private final String caAlgorithm;

    private CMCCertificateModelBuilder(PublicKey publicKey, X509CertificateHolder x509CertificateHolder, String str) {
        this.publicKey = publicKey;
        this.issuer = x509CertificateHolder;
        this.caAlgorithm = str;
    }

    public static CMCCertificateModelBuilder getInstance(PublicKey publicKey, X509CertificateHolder x509CertificateHolder, String str) {
        return new CMCCertificateModelBuilder(publicKey, x509CertificateHolder, str);
    }

    protected PublicKey getPublicKey() {
        return this.publicKey;
    }

    protected void addKeyIdentifierExtensionsModels(List<ExtensionModel> list) throws IOException {
        if (this.includeAki) {
            AuthorityKeyIdentifierModel authorityKeyIdentifierModel = null;
            try {
                byte[] keyIdentifier = SubjectKeyIdentifier.getInstance(this.issuer.getExtension(Extension.subjectKeyIdentifier).getParsedValue()).getKeyIdentifier();
                if (keyIdentifier != null && keyIdentifier.length > 0) {
                    authorityKeyIdentifierModel = new AuthorityKeyIdentifierModel(new AuthorityKeyIdentifier(keyIdentifier));
                }
            } catch (Exception e) {
            }
            if (authorityKeyIdentifierModel == null) {
                authorityKeyIdentifierModel = new AuthorityKeyIdentifierModel(new AuthorityKeyIdentifier(getSigAlgoMessageDigest(this.caAlgorithm).digest(this.issuer.getSubjectPublicKeyInfo().getEncoded())));
            }
            list.add(authorityKeyIdentifierModel);
        }
        if (this.includeSki) {
            list.add(new SubjectKeyIdentifierModel(getSigAlgoMessageDigest(this.caAlgorithm).digest(this.publicKey.getEncoded())));
        }
    }

    private MessageDigest getSigAlgoMessageDigest(String str) {
        MessageDigest messageDigest = null;
        try {
            messageDigest = CAAlgorithmRegistry.getMessageDigestInstance(str);
        } catch (NoSuchAlgorithmException e) {
            log.error("Illegal configured signature algorithm prevents retrieval of signature algorithm digest algorithm", e);
        }
        return messageDigest;
    }
}
