package eu.europa.esig.dss.pki.jaxb.builder;

import eu.europa.esig.dss.enumerations.CertificatePolicy;
import eu.europa.esig.dss.enumerations.KeyUsageBit;
import eu.europa.esig.dss.enumerations.OidDescription;
import eu.europa.esig.dss.enumerations.QCType;
import eu.europa.esig.dss.enumerations.QCTypeEnum;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.OID;
import eu.europa.esig.dss.utils.Utils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.qualified.ETSIQCObjectIdentifiers;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:BOOT-INF/lib/dss-pki-factory-jaxb-6.1.jar:eu/europa/esig/dss/pki/jaxb/builder/X509CertificateBuilder.class */
public class X509CertificateBuilder {
    private X500Name subjectName;
    private BigInteger serialNumber;
    private PublicKey publicKey;
    private Date notBefore;
    private Date notAfter;
    private X500Name issuerName;
    private PrivateKey issuerKey;
    private SignatureAlgorithm signatureAlgorithm;
    private boolean ca;
    private List<KeyUsageBit> keyUsages;
    private List<String> extendedKeyUsages;
    private String caIssuersUrl;
    private String ocspUrl;
    private String crlUrl;
    private List<String> certificatePolicies;
    private List<String> qcStatements;
    private List<String> qcTypes;
    private List<String> qcCClegislations;
    private boolean ocspNoCheck;

    public X509CertificateBuilder subject(X500Name x500Name, BigInteger bigInteger, PublicKey publicKey) {
        Objects.requireNonNull(x500Name, "SubjectName cannot be null!");
        Objects.requireNonNull(bigInteger, "SerialNumber cannot be null!");
        Objects.requireNonNull(publicKey, "PublicKey cannot be null!");
        this.subjectName = x500Name;
        this.serialNumber = bigInteger;
        this.publicKey = publicKey;
        return this;
    }

    public X509CertificateBuilder issuer(X500Name x500Name, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) {
        Objects.requireNonNull(x500Name, "IssuerName cannot be null!");
        Objects.requireNonNull(this.serialNumber, "SerialNumber cannot be null!");
        Objects.requireNonNull(this.publicKey, "PublicKey cannot be null!");
        this.issuerName = x500Name;
        this.issuerKey = privateKey;
        this.signatureAlgorithm = signatureAlgorithm;
        return this;
    }

    public X509CertificateBuilder issuer(CertificateToken certificateToken, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) {
        Objects.requireNonNull(certificateToken, "CertificateToken cannot be null!");
        return issuer(DSSASN1Utils.getX509CertificateHolder(certificateToken).getSubject(), privateKey, signatureAlgorithm);
    }

    public X509CertificateBuilder notBefore(Date date) {
        Objects.requireNonNull(date, "NotBefore shall be defined!");
        this.notBefore = date;
        return this;
    }

    public X509CertificateBuilder notAfter(Date date) {
        Objects.requireNonNull(date, "NotAfter shall be defined!");
        this.notAfter = date;
        return this;
    }

    public X509CertificateBuilder keyUsages(List<KeyUsageBit> list) {
        this.keyUsages = list;
        return this;
    }

    public X509CertificateBuilder certificatePolicies(List<String> list) {
        this.certificatePolicies = list;
        return this;
    }

    public X509CertificateBuilder qcStatements(List<String> list) {
        this.qcStatements = list;
        return this;
    }

    public X509CertificateBuilder qcTypes(List<String> list) {
        this.qcTypes = list;
        return this;
    }

    public X509CertificateBuilder qcCClegislations(List<String> list) {
        this.qcCClegislations = list;
        return this;
    }

    public X509CertificateBuilder ca(boolean z) {
        this.ca = z;
        return this;
    }

    public X509CertificateBuilder ocspNoCheck(boolean z) {
        this.ocspNoCheck = z;
        return this;
    }

    public X509CertificateBuilder extendedKeyUsages(List<String> list) {
        this.extendedKeyUsages = list;
        return this;
    }

    public X509CertificateBuilder crl(String str) {
        this.crlUrl = str;
        return this;
    }

    public X509CertificateBuilder ocsp(String str) {
        this.ocspUrl = str;
        return this;
    }

    public X509CertificateBuilder caIssuers(String str) {
        this.caIssuersUrl = str;
        return this;
    }

    public CertificateToken build() throws OperatorCreationException, IOException {
        Objects.requireNonNull(this.subjectName, "SubjectName shall be defined!");
        Objects.requireNonNull(this.serialNumber, "SerialNumber shall be defined!");
        Objects.requireNonNull(this.publicKey, "PublicKey shall be defined!");
        Objects.requireNonNull(this.issuerName, "IssuerName shall be defined!");
        Objects.requireNonNull(this.issuerKey, "Issuer's private key shall be defined!");
        Objects.requireNonNull(this.signatureAlgorithm, "SignatureAlgorithm shall be defined!");
        ContentSigner build = new JcaContentSignerBuilder(this.signatureAlgorithm.getJCEId()).build(this.issuerKey);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(this.issuerName, this.serialNumber, this.notBefore, this.notAfter, this.subjectName, SubjectPublicKeyInfo.getInstance(this.publicKey.getEncoded()));
        if (this.keyUsages != null) {
            addKeyUsageExtension(x509v3CertificateBuilder);
        }
        if (this.certificatePolicies != null) {
            addCertificatePolicies(x509v3CertificateBuilder);
        }
        if (this.qcStatements != null || this.qcTypes != null || this.qcCClegislations != null) {
            addQCStatementIds(x509v3CertificateBuilder);
        }
        if (this.extendedKeyUsages != null) {
            addExtendedKeyUsageExtension(x509v3CertificateBuilder);
        }
        if (this.crlUrl != null) {
            addCRLExtension(x509v3CertificateBuilder);
        }
        if (this.ocspUrl != null || this.caIssuersUrl != null) {
            addAIAExtension(x509v3CertificateBuilder);
        }
        addSKI(x509v3CertificateBuilder);
        if (this.ca) {
            addBasicConstraint(x509v3CertificateBuilder);
        }
        if (this.ocspNoCheck) {
            addOCSPNoCheck(x509v3CertificateBuilder);
        }
        return DSSUtils.loadCertificate(x509v3CertificateBuilder.build(build).getEncoded());
    }

    private void addKeyUsageExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        int i = 0;
        Iterator<KeyUsageBit> it = this.keyUsages.iterator();
        while (it.hasNext()) {
            i |= it.next().getBit();
        }
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(i));
    }

    private void addExtendedKeyUsageExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage((KeyPurposeId[]) this.extendedKeyUsages.stream().map(str -> {
            return KeyPurposeId.getInstance(new ASN1ObjectIdentifier(str));
        }).toArray(i -> {
            return new KeyPurposeId[i];
        })));
    }

    private void addCertificatePolicies(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        if (Utils.isCollectionNotEmpty(this.certificatePolicies)) {
            PolicyInformation[] policyInformationArr = new PolicyInformation[Utils.collectionSize(this.certificatePolicies)];
            int i = 0;
            Iterator<String> it = this.certificatePolicies.iterator();
            while (it.hasNext()) {
                policyInformationArr[i] = new PolicyInformation(getPolicyOid(it.next()));
                i++;
            }
            x509v3CertificateBuilder.addExtension(Extension.certificatePolicies, true, (ASN1Encodable) new CertificatePolicies(policyInformationArr));
        }
    }

    private ASN1ObjectIdentifier getPolicyOid(String str) {
        try {
            return new ASN1ObjectIdentifier(CertificatePolicy.valueOf(str.toUpperCase()).getOid());
        } catch (IllegalArgumentException e) {
            return new ASN1ObjectIdentifier(str);
        }
    }

    private void addQCStatementIds(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        if (Utils.isCollectionNotEmpty(this.qcStatements) || Utils.isCollectionNotEmpty(this.qcTypes) || Utils.isCollectionNotEmpty(this.qcCClegislations)) {
            x509v3CertificateBuilder.addExtension(Extension.qCStatements, false, (ASN1Encodable) getQCStatementsIds());
        }
    }

    private ASN1Sequence getQCStatementsIds() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (Utils.isCollectionNotEmpty(this.qcStatements)) {
            Iterator<String> it = this.qcStatements.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new DERSequence(getQcStatementOid(it.next())));
            }
        }
        if (Utils.isCollectionNotEmpty(this.qcTypes)) {
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            Iterator<String> it2 = this.qcTypes.iterator();
            while (it2.hasNext()) {
                aSN1EncodableVector2.add(getQcTypeOid(it2.next()));
            }
            aSN1EncodableVector.add(new QCStatement(ETSIQCObjectIdentifiers.id_etsi_qcs_QcType, new DERSequence(aSN1EncodableVector2)));
        }
        if (Utils.isCollectionNotEmpty(this.qcCClegislations)) {
            ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
            Iterator<String> it3 = this.qcCClegislations.iterator();
            while (it3.hasNext()) {
                aSN1EncodableVector3.add(new DERPrintableString(it3.next()));
            }
            aSN1EncodableVector.add(new QCStatement(OID.id_etsi_qcs_QcCClegislation, new DERSequence(aSN1EncodableVector3)));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    private ASN1ObjectIdentifier getQcStatementOid(String str) {
        eu.europa.esig.dss.enumerations.QCStatement forLabel = eu.europa.esig.dss.enumerations.QCStatement.forLabel(str);
        if (forLabel == null) {
            forLabel = eu.europa.esig.dss.enumerations.QCStatement.forOID(str);
        }
        if (forLabel == null) {
            forLabel = eu.europa.esig.dss.enumerations.QCStatement.valueOf(str.toUpperCase());
        }
        return forLabel != null ? new ASN1ObjectIdentifier(forLabel.getOid()) : new ASN1ObjectIdentifier(str);
    }

    private ASN1ObjectIdentifier getQcTypeOid(String str) {
        OidDescription forLabel = QCTypeEnum.forLabel(str);
        if (forLabel == null) {
            forLabel = QCType.fromOid(str);
        }
        return new ASN1ObjectIdentifier(forLabel.getOid());
    }

    private void addAIAExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        ArrayList arrayList = new ArrayList();
        if (this.ocspUrl != null) {
            arrayList.add(new AccessDescription(AccessDescription.id_ad_ocsp, new GeneralName(6, new DERIA5String(this.ocspUrl))));
        }
        if (this.caIssuersUrl != null) {
            arrayList.add(new AccessDescription(AccessDescription.id_ad_caIssuers, new GeneralName(6, new DERIA5String(this.caIssuersUrl))));
        }
        if (arrayList.size() <= 1) {
            x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, (ASN1Encodable) new AuthorityInformationAccess((AccessDescription) arrayList.get(0)));
        } else {
            x509v3CertificateBuilder.addExtension(Extension.authorityInfoAccess, false, (ASN1Encodable) new AuthorityInformationAccess((AccessDescription[]) arrayList.toArray(new AccessDescription[0])));
        }
    }

    private void addCRLExtension(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, false, (ASN1Encodable) new DERSequence(new DistributionPoint(new DistributionPointName(0, GeneralNames.getInstance(new DERSequence(new GeneralName(6, new DERIA5String(this.crlUrl))))), null, null)));
    }

    private void addSKI(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) new SubjectKeyIdentifier(DSSASN1Utils.computeSkiFromCertPublicKey(this.publicKey)));
    }

    private void addBasicConstraint(X509v3CertificateBuilder x509v3CertificateBuilder) throws CertIOException {
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
    }

    private void addOCSPNoCheck(X509v3CertificateBuilder x509v3CertificateBuilder) throws IOException {
        x509v3CertificateBuilder.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nocheck, false, (ASN1Encodable) DERNull.INSTANCE);
    }
}
