package de.adorsys.keymanagement.bouncycastle.adapter.services.deprecated.generator;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;

/* loaded from: input_file:BOOT-INF/lib/bouncycastle-adapter-0.0.4.jar:de/adorsys/keymanagement/bouncycastle/adapter/services/deprecated/generator/CaSignedCertificateBuilder.class */
public class CaSignedCertificateBuilder {
    private boolean createCaCert;
    private X500Name subjectDN;
    private Integer notAfterInDays;
    private String signatureAlgo;
    private PublicKey subjectPublicKey;
    private Integer notBeforeInDays = 0;
    private int keyUsage = -1;
    private boolean keyUsageSet = false;
    boolean dirty = false;

    public X509CertificateHolder build(PrivateKey privateKey) {
        if (this.dirty) {
            throw new IllegalStateException("Builder can not be reused");
        }
        this.dirty = true;
        this.signatureAlgo = autodetectAlgorithm(privateKey);
        Date date = new Date();
        Date addDays = this.notAfterInDays != null ? DateUtils.addDays(date, this.notAfterInDays.intValue()) : null;
        Date addDays2 = this.notBeforeInDays != null ? DateUtils.addDays(date, this.notBeforeInDays.intValue()) : null;
        List<String> filterNull = BatchValidator.filterNull(ListOfKeyValueBuilder.newBuilder().add("X509CertificateBuilder_missing_subject_DN", this.subjectDN).add("X509CertificateBuilder_missing_subject_publicKey", this.subjectPublicKey).add("X509CertificateBuilder_missing_validity_date_notBefore", addDays2).add("X509CertificateBuilder_missing_validity_date_notAfter", addDays).build());
        if (filterNull != null && !filterNull.isEmpty()) {
            throw new IllegalArgumentException("Fields can not be null: " + filterNull);
        }
        X500Name x500Name = this.subjectDN;
        BasicConstraints basicConstraints = this.createCaCert ? new BasicConstraints(true) : new BasicConstraints(false);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, SerialNumberGenerator.uniqueSerial(), addDays2, addDays, this.subjectDN, this.subjectPublicKey);
        JcaX509ExtensionUtils jcaX509ExtensionUtils = V3CertificateUtils.getJcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) basicConstraints);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(this.subjectPublicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(this.subjectPublicKey));
        if (this.keyUsageSet) {
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(this.keyUsage));
        }
        return jcaX509v3CertificateBuilder.build(V3CertificateUtils.getContentSigner(privateKey, this.signatureAlgo));
    }

    private String autodetectAlgorithm(PrivateKey privateKey) {
        if (null != this.signatureAlgo && !this.signatureAlgo.isEmpty()) {
            return null;
        }
        String algorithm = privateKey.getAlgorithm();
        if (StringUtils.equalsAnyIgnoreCase("DSA", algorithm)) {
            return "SHA256withDSA";
        }
        if (StringUtils.equals("RSA", algorithm)) {
            return "SHA256WithRSA";
        }
        return null;
    }

    public CaSignedCertificateBuilder withCa(boolean z) {
        this.createCaCert = z;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectDN(X500Name x500Name) {
        this.subjectDN = x500Name;
        return this;
    }

    public CaSignedCertificateBuilder withSubjectPublicKey(PublicKey publicKey) {
        this.subjectPublicKey = publicKey;
        return this;
    }

    public CaSignedCertificateBuilder withNotAfterInDays(Integer num) {
        this.notAfterInDays = num;
        return this;
    }

    public CaSignedCertificateBuilder withNotBeforeInDays(Integer num) {
        this.notBeforeInDays = num;
        return this;
    }

    public CaSignedCertificateBuilder withKeyUsage(int i) {
        if (this.keyUsageSet) {
            this.keyUsage |= i;
        } else {
            this.keyUsage = i;
            this.keyUsageSet = true;
        }
        return this;
    }
}
