package cfca.sadk.x509.certificate;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.asn1.parser.ASN1Parser;
import cfca.sadk.lib.crypto.Session;
import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DERNull;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.asn1.x500.X500Name;
import cfca.sadk.org.bouncycastle.asn1.x500.X500NameStyle;
import cfca.sadk.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import cfca.sadk.org.bouncycastle.asn1.x509.Extension;
import cfca.sadk.org.bouncycastle.asn1.x509.Extensions;
import cfca.sadk.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import cfca.sadk.org.bouncycastle.asn1.x509.TBSCertificate;
import cfca.sadk.org.bouncycastle.asn1.x509.Time;
import cfca.sadk.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;

/* loaded from: input_file:BOOT-INF/lib/sadk-3.2.0.5.jar:cfca/sadk/x509/certificate/X509CertGenerator.class */
public class X509CertGenerator {
    private V3TBSCertificateGenerator tbsCertGen;
    private Hashtable extensionSet;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private String subject = null;
    private String issuer = null;
    private BigInteger serialNumber = null;
    private Date notBefore = null;
    private Date notAfter = null;
    private PublicKey pubKey = null;
    private DERBitString signature = null;
    private TBSCertificate tbsCert = null;

    public X509CertGenerator() {
        this.tbsCertGen = null;
        this.extensionSet = null;
        this.tbsCertGen = new V3TBSCertificateGenerator();
        this.extensionSet = new Hashtable();
    }

    public void setSerialNumber(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = new BigInteger(str, 16);
        this.tbsCertGen.setSerialNumber(new ASN1Integer(this.serialNumber));
    }

    public void setSerialNumber(BigInteger bigInteger) throws PKIException {
        if (bigInteger == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = bigInteger;
        this.tbsCertGen.setSerialNumber(new ASN1Integer(bigInteger));
    }

    public void setSubject(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.subject = str;
        this.tbsCertGen.setSubject(new X500Name(str));
    }

    public void setSubject(X500NameStyle x500NameStyle, String str) throws PKIException {
        if (x500NameStyle == null) {
            throw new PKIException("style is null");
        }
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.subject = str;
        this.tbsCertGen.setSubject(new X500Name(x500NameStyle, str));
    }

    public void setIssuer(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.issuer = str;
        this.tbsCertGen.setIssuer(new X500Name(str));
    }

    public void setIssuer(X500NameStyle x500NameStyle, String str) throws PKIException {
        if (x500NameStyle == null) {
            throw new PKIException("style is null");
        }
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.issuer = str;
        this.tbsCertGen.setIssuer(new X500Name(x500NameStyle, str));
    }

    public void setNotBefore(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
        }
        this.notBefore = date;
        this.tbsCertGen.setStartDate(new Time(date));
    }

    public void setNotAfter(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
        }
        this.notAfter = date;
        this.tbsCertGen.setEndDate(new Time(date));
    }

    public void setPublicKey(PublicKey publicKey) throws PKIException {
        if (publicKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        this.pubKey = publicKey;
        try {
            this.tbsCertGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        } catch (Exception e) {
            throw new PKIException(new StringBuffer().append(PKIException.PARSER).append(PKIException.KEY_SPKI).toString(), PKIException.KEY_SPKI_DES, e);
        }
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (str.equals(Mechanism.SHA1_RSA)) {
            this.mechanism = new Mechanism(Mechanism.SHA1_RSA);
        } else if (str.equals(Mechanism.SHA256_RSA)) {
            this.mechanism = new Mechanism(Mechanism.SHA256_RSA);
        } else if (str.endsWith(Mechanism.SHA512_RSA)) {
            this.mechanism = new Mechanism(Mechanism.SHA512_RSA);
        } else {
            if (!str.endsWith(Mechanism.SM3_SM2)) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, new StringBuffer().append(PKIException.NONSUPPORT_SIGALG_DES).append(": ").append(str).toString());
            }
            this.mechanism = new Mechanism(Mechanism.SM3_SM2);
        }
        this.sigAlg = new AlgorithmIdentifier((ASN1ObjectIdentifier) Mechanism.ALGOIDMap.get(str), new DERNull());
        this.tbsCertGen.setSignature(this.sigAlg);
    }

    public void setIssuerUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setIssuerUniqueID(new DERBitString(bArr));
        }
    }

    public void setSubjectUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setSubjectUniqueID(new DERBitString(bArr));
        }
    }

    public void addExtension(Extension extension) throws PKIException {
        this.extensionSet.put(extension.getExtnId(), extension);
    }

    private Extensions generaterExtensions() {
        if (this.extensionSet == null) {
            return null;
        }
        Iterator it = this.extensionSet.entrySet().iterator();
        Vector vector = new Vector();
        while (it.hasNext()) {
            vector.add(((Map.Entry) it.next()).getValue());
        }
        Extension[] extensionArr = new Extension[vector.size()];
        vector.toArray(extensionArr);
        return new Extensions(extensionArr);
    }

    public byte[] generateX509Cert(PrivateKey privateKey, Session session) throws PKIException {
        if (this.issuer == null || this.issuer.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        if (this.subject == null || this.subject.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        if (this.pubKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        if (this.sigAlg == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (this.serialNumber == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        if (this.notBefore == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
        }
        if (this.notAfter == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
        }
        generateSignature(privateKey, session);
        return constructCertificate();
    }

    private void generateSignature(PrivateKey privateKey, Session session) throws PKIException {
        if (this.extensionSet.size() > 0) {
            this.tbsCertGen.setExtensions(generaterExtensions());
        }
        this.tbsCert = this.tbsCertGen.generateTBSCertificate();
        try {
            try {
                this.signature = new DERBitString(session.sign(this.mechanism, privateKey, ASN1Parser.parseDERObj2Bytes(this.tbsCert)));
            } catch (Exception e) {
                throw new PKIException(PKIException.SIGN, PKIException.SIGN_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException(PKIException.TBSCERT_BYTES, PKIException.TBSCERT_BYTES_DES, e2);
        }
    }

    private byte[] constructCertificate() throws PKIException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.tbsCert);
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(this.signature);
        try {
            return ASN1Parser.parseDERObj2Bytes(new DERSequence(aSN1EncodableVector));
        } catch (Exception e) {
            throw new PKIException(PKIException.CERT_BYTES, PKIException.CERT_BYTES_DES, e);
        }
    }
}
