package de.adorsys.sts.cryptoutils;

import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;

/* loaded from: input_file:BOOT-INF/lib/sts-crypto-utils-0.29.0.jar:de/adorsys/sts/cryptoutils/CaSignedCertificateBuilder.class */
public class CaSignedCertificateBuilder {
    private boolean createCaCert;
    private X500Name subjectDN;
    private boolean subjectOnlyInAlternativeName;
    private Integer notAfterInDays;
    private X509CertificateHolder subjectSampleCertificate;
    private X509CertificateHolder issuerCertificate;
    private GeneralNames subjectAltNames;
    private AuthorityInformationAccess authorityInformationAccess;
    private String signatureAlgo;
    private PublicKey subjectPublicKey;
    private Integer notBeforeInDays = 0;
    private int keyUsage = -1;
    private boolean keyUsageSet = false;
    boolean dirty = false;

    public X509CertificateHolder build(PrivateKey privateKey) {
        X500Name subject;
        BasicConstraints basicConstraints;
        Extension extension;
        if (this.dirty) {
            throw new IllegalStateException("Builder can not be reused");
        }
        this.dirty = true;
        if (StringUtils.isBlank(this.signatureAlgo)) {
            String algorithm = privateKey.getAlgorithm();
            if (StringUtils.equalsAnyIgnoreCase("DSA", algorithm)) {
                this.signatureAlgo = "SHA256withDSA";
            } else if (StringUtils.equals("RSA", algorithm)) {
                this.signatureAlgo = "SHA256WithRSA";
            }
        }
        Date date = new Date();
        Date addDays = this.notAfterInDays != null ? DateUtils.addDays(date, this.notAfterInDays.intValue()) : null;
        Date addDays2 = this.notBeforeInDays != null ? DateUtils.addDays(date, this.notBeforeInDays.intValue()) : null;
        if (this.subjectSampleCertificate != null) {
            this.subjectPublicKey = V3CertificateUtils.extractPublicKey(this.subjectSampleCertificate);
            if (this.subjectDN == null) {
                this.subjectDN = this.subjectSampleCertificate.getSubject();
            }
            if (addDays == null) {
                addDays = this.subjectSampleCertificate.getNotAfter();
            }
            if (addDays2 == null) {
                addDays2 = this.subjectSampleCertificate.getNotBefore();
            }
            if (!this.keyUsageSet) {
                copyKeyUsage(this.subjectSampleCertificate);
            }
            if (this.subjectAltNames == null && (extension = this.subjectSampleCertificate.getExtension(X509Extension.subjectAlternativeName)) != null) {
                this.subjectAltNames = GeneralNames.getInstance(extension.getParsedValue());
            }
        }
        List<String> filterNull = BatchValidator.filterNull(ListOfKeyValueBuilder.newBuilder().add("X509CertificateBuilder_missing_subject_DN", this.subjectDN).add("X509CertificateBuilder_missing_subject_publicKey", this.subjectPublicKey).add("X509CertificateBuilder_missing_validity_date_notBefore", addDays2).add("X509CertificateBuilder_missing_validity_date_notAfter", addDays).build());
        if (filterNull == null) {
            filterNull = new ArrayList();
        }
        if (this.issuerCertificate == null) {
            subject = this.subjectDN;
            if (this.createCaCert) {
                basicConstraints = new BasicConstraints(true);
                this.subjectOnlyInAlternativeName = false;
            } else {
                basicConstraints = new BasicConstraints(false);
            }
        } else {
            if (!CheckCaCertificate.isCaCertificate(this.issuerCertificate)) {
                filterNull.add("X509CertificateBuilder_issuerCert_notCaCert");
            }
            subject = this.issuerCertificate.getSubject();
            if (this.createCaCert) {
                this.subjectOnlyInAlternativeName = false;
                BigInteger pathLenConstraint = BasicConstraints.getInstance(this.issuerCertificate.getExtension(X509Extension.basicConstraints).getParsedValue()).getPathLenConstraint();
                basicConstraints = new BasicConstraints((pathLenConstraint == null ? BigInteger.ONE : pathLenConstraint.add(BigInteger.ONE)).intValue());
                resetKeyUsage();
                for (int i : KeyUsageUtils.getCaKeyUsages()) {
                    withKeyUsage(i);
                }
            } else {
                basicConstraints = new BasicConstraints(false);
            }
        }
        BigInteger uniqueSerial = SerialNumberGenerator.uniqueSerial();
        if (this.subjectOnlyInAlternativeName && this.subjectAltNames != null) {
            filterNull.remove("X509CertificateBuilder_missing_subject_DN");
            this.subjectDN = new X500Name("cn=");
        }
        if (!filterNull.isEmpty()) {
            throw new IllegalArgumentException("Fields can not be null: " + filterNull);
        }
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject, uniqueSerial, addDays2, addDays, this.subjectDN, this.subjectPublicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = V3CertificateUtils.getJcaX509ExtensionUtils();
        try {
            jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, (ASN1Encodable) basicConstraints);
            jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(this.subjectPublicKey));
            if (this.issuerCertificate == null) {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(this.subjectPublicKey));
            } else {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(this.issuerCertificate));
            }
            if (this.keyUsageSet) {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(this.keyUsage));
            }
            if (this.subjectAltNames != null) {
                if (this.subjectOnlyInAlternativeName) {
                    jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, true, (ASN1Encodable) this.subjectAltNames);
                } else {
                    jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, (ASN1Encodable) this.subjectAltNames);
                }
            }
            if (this.authorityInformationAccess != null) {
                jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityInfoAccess, false, (ASN1Encodable) this.authorityInformationAccess);
            }
            return jcaX509v3CertificateBuilder.build(V3CertificateUtils.getContentSigner(privateKey, this.signatureAlgo));
        } catch (CertIOException e) {
            throw new IllegalStateException(e);
        }
    }

    private void copyKeyUsage(X509CertificateHolder x509CertificateHolder) {
        int keyUsage = KeyUsageUtils.getKeyUsage(x509CertificateHolder);
        if (keyUsage != -1) {
            withKeyUsage(keyUsage);
        }
    }

    public CaSignedCertificateBuilder withSignatureAlgo(String str) {
        this.signatureAlgo = str;
        return this;
    }

    public CaSignedCertificateBuilder withCa(boolean z) {
        this.createCaCert = z;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectDN(X500Name x500Name) {
        this.subjectDN = x500Name;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectPublicKey(PublicKey publicKey) {
        this.subjectPublicKey = publicKey;
        return this;
    }

    public CaSignedCertificateBuilder withNotAfterInDays(Integer num) {
        this.notAfterInDays = num;
        return this;
    }

    public CaSignedCertificateBuilder withNotBeforeInDays(Integer num) {
        this.notBeforeInDays = num;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectSampleCertificate(X509CertificateHolder x509CertificateHolder) {
        this.subjectSampleCertificate = x509CertificateHolder;
        return this;
    }

    public CaSignedCertificateBuilder withIssuerCertificate(X509CertificateHolder x509CertificateHolder) {
        if (!CheckCaCertificate.isCaCertificate(x509CertificateHolder)) {
            throw new IllegalArgumentException("Invalid issuer certificate");
        }
        this.issuerCertificate = x509CertificateHolder;
        return this;
    }

    public CaSignedCertificateBuilder resetKeyUsage() {
        this.keyUsageSet = false;
        this.keyUsage = -1;
        return this;
    }

    public CaSignedCertificateBuilder withKeyUsage(int i) {
        if (this.keyUsageSet) {
            this.keyUsage |= i;
        } else {
            this.keyUsage = i;
            this.keyUsageSet = true;
        }
        return this;
    }

    public CaSignedCertificateBuilder withSubjectAltNames(GeneralNames generalNames) {
        if (this.subjectAltNames == null) {
            this.subjectAltNames = new GeneralNames(generalNames.getNames());
        } else {
            ArrayList arrayList = new ArrayList();
            for (GeneralName generalName : this.subjectAltNames.getNames()) {
                if (!arrayList.contains(generalName)) {
                    arrayList.add(generalName);
                }
            }
            for (GeneralName generalName2 : generalNames.getNames()) {
                if (!arrayList.contains(generalName2)) {
                    arrayList.add(generalName2);
                }
            }
            this.subjectAltNames = new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()]));
        }
        return this;
    }

    public CaSignedCertificateBuilder withSubjectAltName(GeneralName generalName) {
        if (this.subjectAltNames == null) {
            this.subjectAltNames = new GeneralNames(generalName);
        } else {
            ArrayList arrayList = new ArrayList();
            for (GeneralName generalName2 : this.subjectAltNames.getNames()) {
                if (!arrayList.contains(generalName2)) {
                    arrayList.add(generalName2);
                }
            }
            arrayList.add(generalName);
            this.subjectAltNames = new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()]));
        }
        return this;
    }

    public CaSignedCertificateBuilder withAuthorityInformationAccess(AuthorityInformationAccess authorityInformationAccess) {
        this.authorityInformationAccess = authorityInformationAccess;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectOnlyInAlternativeName(boolean z) {
        this.subjectOnlyInAlternativeName = z;
        return this;
    }
}
