package com.koalii.cert;

import cn.hutool.crypto.KeyUtil;
import com.koalii.bc.asn1.ASN1EncodableVector;
import com.koalii.bc.asn1.ASN1InputStream;
import com.koalii.bc.asn1.ASN1OctetString;
import com.koalii.bc.asn1.ASN1Sequence;
import com.koalii.bc.asn1.DERBitString;
import com.koalii.bc.asn1.DEREncodable;
import com.koalii.bc.asn1.DERInteger;
import com.koalii.bc.asn1.DERNull;
import com.koalii.bc.asn1.DERObjectIdentifier;
import com.koalii.bc.asn1.DEROctetString;
import com.koalii.bc.asn1.DEROutputStream;
import com.koalii.bc.asn1.DERSequence;
import com.koalii.bc.asn1.DERUTCTime;
import com.koalii.bc.asn1.x509.AlgorithmIdentifier;
import com.koalii.bc.asn1.x509.BasicConstraints;
import com.koalii.bc.asn1.x509.KeyUsage;
import com.koalii.bc.asn1.x509.SubjectPublicKeyInfo;
import com.koalii.bc.asn1.x509.TBSCertificateStructure;
import com.koalii.bc.asn1.x509.Time;
import com.koalii.bc.asn1.x509.V3TBSCertificateGenerator;
import com.koalii.bc.asn1.x509.X509CertificateStructure;
import com.koalii.bc.asn1.x509.X509Extension;
import com.koalii.bc.asn1.x509.X509Extensions;
import com.koalii.bc.asn1.x509.X509Name;
import com.koalii.bc.util.encoders.Base64;
import com.koalii.openssl.PEMWriter;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Hashtable;

/* loaded from: input_file:BOOT-INF/lib/koalii_kgsp-1.0.jar:com/koalii/cert/X509CertGentor.class */
public class X509CertGentor {
    public static final int KeyUsage_CA = 6;
    public static final int KeyUsage_UserSign = 232;
    public static final int KeyUsage_UserEncy = 48;
    public static final int KeyUsage_User = 248;
    public static final int CertFile_Der = 0;
    public static final int CertFile_Base64 = 1;
    public static final int CertFile_Pem = 2;
    private V3TBSCertificateGenerator tbsGen;
    private X509Name subjectDn;
    private Hashtable extensions;
    private SecretStore issuerStore;

    public X509CertGentor() {
        this.extensions = null;
        this.tbsGen = new V3TBSCertificateGenerator();
        this.subjectDn = null;
        this.extensions = new Hashtable();
        this.issuerStore = null;
    }

    public X509CertGentor(SecretStore secretStore) {
        this.extensions = null;
        this.tbsGen = new V3TBSCertificateGenerator();
        this.subjectDn = null;
        this.extensions = new Hashtable();
        this.issuerStore = secretStore;
    }

    public void reset() {
        this.tbsGen = new V3TBSCertificateGenerator();
        this.subjectDn = null;
        this.extensions.clear();
        this.issuerStore = null;
    }

    public void setSubjectDN(String str) {
        this.subjectDn = X509NameUtil.toX509Name(str);
        this.tbsGen.setSubject(this.subjectDn);
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.tbsGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setPublicKey(PublicKey publicKey) {
        try {
            this.tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
        } catch (Exception e) {
            throw new IllegalArgumentException(new StringBuffer("unable to process key - ").append(e.toString()).toString());
        }
    }

    public void setNotBefore(Date date) {
        this.tbsGen.setStartDate(new DERUTCTime(date));
    }

    public void setNotBefore() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(10, -1);
        this.tbsGen.setStartDate(new DERUTCTime(calendar.getTime()));
    }

    public void setNotAfter(Date date) {
        this.tbsGen.setEndDate(new Time(date));
    }

    public void setValidPeriod(int i) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(10, -1);
        this.tbsGen.setStartDate(new DERUTCTime(calendar.getTime()));
        calendar.add(2, i);
        this.tbsGen.setEndDate(new DERUTCTime(calendar.getTime()));
    }

    public void addExtension(String str, boolean z, DEREncodable dEREncodable) {
        this.extensions.put(new DERObjectIdentifier(str), new X509Extension(z, new DEROctetString(dEREncodable)));
    }

    public void addKeyUsageExt(int i) {
        this.extensions.put(X509Extensions.KeyUsage, new X509Extension(true, (ASN1OctetString) new DEROctetString(new KeyUsage(i))));
    }

    public void addBasicConstraints(boolean z) {
        this.extensions.put(X509Extensions.BasicConstraints, new X509Extension(true, (ASN1OctetString) new DEROctetString(new BasicConstraints(z))));
    }

    public X509Certificate createX509Cert() throws X509CertException {
        this.tbsGen.setIssuer(X509NameUtil.toX509Name(this.issuerStore.getCert().getSubjectDN()));
        if (this.extensions != null) {
            this.tbsGen.setExtensions(new X509Extensions(this.extensions));
        }
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.5"), new DERNull());
        this.tbsGen.setSignature(algorithmIdentifier);
        TBSCertificateStructure generateTBSCertificate = this.tbsGen.generateTBSCertificate();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DEROutputStream(byteArrayOutputStream).writeObject(generateTBSCertificate);
            byte[] signData = this.issuerStore.signData(byteArrayOutputStream.toByteArray());
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(generateTBSCertificate);
            aSN1EncodableVector.add(algorithmIdentifier);
            aSN1EncodableVector.add(new DERBitString(signData));
            return (X509Certificate) CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509).generateCertificate(new ByteArrayInputStream(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)).getDEREncoded()));
        } catch (Exception e) {
            throw new X509CertException(new StringBuffer("exception encoding and sign TBS cert - ").append(e).toString());
        }
    }

    public X509Certificate createRootCert(KeyPair keyPair) throws X509CertException {
        this.tbsGen.setIssuer(this.subjectDn);
        try {
            this.tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(keyPair.getPublic().getEncoded())).readObject()));
            if (this.extensions != null) {
                this.tbsGen.setExtensions(new X509Extensions(this.extensions));
            }
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.5"), new DERNull());
            this.tbsGen.setSignature(algorithmIdentifier);
            TBSCertificateStructure generateTBSCertificate = this.tbsGen.generateTBSCertificate();
            this.issuerStore = new PfxStore();
            this.issuerStore.setKey(keyPair.getPrivate());
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new DEROutputStream(byteArrayOutputStream).writeObject(generateTBSCertificate);
                byte[] signData = this.issuerStore.signData(byteArrayOutputStream.toByteArray());
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(generateTBSCertificate);
                aSN1EncodableVector.add(algorithmIdentifier);
                aSN1EncodableVector.add(new DERBitString(signData));
                return (X509Certificate) CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509).generateCertificate(new ByteArrayInputStream(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)).getDEREncoded()));
            } catch (Exception e) {
                throw new X509CertException(new StringBuffer("exception encoding and sign TBS cert - ").append(e).toString());
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException(new StringBuffer("unable to process key - ").append(e2.toString()).toString());
        }
    }

    public X509Certificate getIssuerCert() {
        return this.issuerStore.getCert();
    }

    public static void saveX509CertToFile(X509Certificate x509Certificate, int i, String str) throws IOException {
        switch (i) {
            case 0:
                FileOutputStream fileOutputStream = new FileOutputStream(new StringBuffer(String.valueOf(str)).append(".cer").toString());
                try {
                    fileOutputStream.write(x509Certificate.getEncoded());
                } catch (Exception e) {
                }
                fileOutputStream.flush();
                fileOutputStream.close();
                return;
            case 1:
                FileWriter fileWriter = new FileWriter(new StringBuffer(String.valueOf(str)).append(".b64.cer").toString());
                try {
                    fileWriter.write(new String(Base64.encode(x509Certificate.getEncoded())));
                } catch (Exception e2) {
                }
                fileWriter.flush();
                fileWriter.close();
                return;
            case 2:
                PEMWriter pEMWriter = new PEMWriter(new BufferedWriter(new FileWriter(new StringBuffer(String.valueOf(str)).append(".pem").toString())));
                pEMWriter.writeObject(x509Certificate);
                pEMWriter.flush();
                pEMWriter.close();
                return;
            default:
                throw new IllegalArgumentException(new StringBuffer("save x509 cert to file ").append(str).append(" error.").toString());
        }
    }

    public static BigInteger generateDefaultSN() {
        return BigInteger.valueOf(System.currentTimeMillis() / 1000).multiply(BigInteger.valueOf(10000L)).add(BigInteger.valueOf(new SecureRandom().nextLong()).abs().mod(BigInteger.valueOf(10000L)));
    }

    public static KeyPair generateRsaKeyPair(int i) throws X509CertException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(i, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new X509CertException(e);
        }
    }
}
