package de.governikus.autent.key.utils;

import de.governikus.autent.key.utils.exceptions.CertificateCreationException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/autent-key-utils-4.0.14.jar:de/governikus/autent/key/utils/CertificateCreator.class */
public class CertificateCreator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateCreator.class);

    public static X509Certificate createX509SelfSignedCertificate(KeyPair keyPair, DistinguishedName distinguishedName) {
        try {
            if (log.isTraceEnabled()) {
                log.trace("starting creation of the self-signed-certificate");
            }
            return createSignedX509Certificate(distinguishedName, distinguishedName, new Date(), new Date(System.currentTimeMillis() + 31536000000L), keyPair.getPrivate(), keyPair.getPublic());
        } catch (Exception e) {
            throw new CertificateCreationException(e);
        }
    }

    public static X509Certificate createX509SelfSignedCertificate(KeyPair keyPair, DistinguishedName distinguishedName, Date date, Date date2) {
        try {
            if (log.isTraceEnabled()) {
                log.trace("starting creation of the self-signed-certificate");
            }
            return createSignedX509Certificate(distinguishedName, distinguishedName, date, date2, keyPair.getPrivate(), keyPair.getPublic());
        } catch (Exception e) {
            throw new CertificateCreationException(e);
        }
    }

    public static X509Certificate createSignedCertificate(DistinguishedName distinguishedName, DistinguishedName distinguishedName2, PrivateKey privateKey, PublicKey publicKey) {
        if (log.isTraceEnabled()) {
            log.trace("starting creation of the self-signed-certificate");
        }
        return createSignedX509Certificate(distinguishedName, distinguishedName2, new Date(), new Date(System.currentTimeMillis() + 31536000000L), privateKey, publicKey);
    }

    public static X509Certificate createSignedX509Certificate(DistinguishedName distinguishedName, DistinguishedName distinguishedName2, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey) {
        if (log.isTraceEnabled()) {
            log.trace("starting creation of the certificate");
        }
        X500Name x500Name = distinguishedName.toX500Name();
        X500Name x500Name2 = distinguishedName2.toX500Name();
        if (log.isDebugEnabled()) {
            log.debug("certificate issuer: " + distinguishedName2.toString());
            log.debug("certificate subject: " + distinguishedName.toString());
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(publicKey.getEncoded()));
        BigInteger bigInteger = new BigInteger(130, new SecureRandom());
        try {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(SecurityProvider.BOUNCY_CASTLE_PROVIDER).getCertificate(new X509v3CertificateBuilder(x500Name2, bigInteger, date, date2, x500Name, subjectPublicKeyInfo).build(new JcaContentSignerBuilder(JCAConstants.SIGNATURE_RSA_SHA256).setProvider(SecurityProvider.BOUNCY_CASTLE_PROVIDER).build(privateKey)));
            if (log.isTraceEnabled()) {
                log.trace("creation of the certificate was successful.");
            }
            if (log.isDebugEnabled()) {
                log.debug("serialnumber of the new certificate: " + bigInteger);
                log.debug("certificate will be valid from: " + date + "\t to \t" + date2);
            }
            return certificate;
        } catch (CertificateException | OperatorCreationException e) {
            throw new CertificateCreationException(e);
        }
    }

    public static X509Certificate createSignedX509Certificate(DistinguishedName distinguishedName, X500Name x500Name, Date date, Date date2, PrivateKey privateKey, PublicKey publicKey) {
        if (log.isTraceEnabled()) {
            log.trace("starting creation of the certificate");
        }
        X500Name x500Name2 = distinguishedName.toX500Name();
        if (log.isDebugEnabled()) {
            log.debug("certificate issuer: " + x500Name.toString());
            log.debug("certificate subject: " + distinguishedName.toString());
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(publicKey.getEncoded()));
        BigInteger bigInteger = new BigInteger(130, new SecureRandom());
        try {
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(SecurityProvider.BOUNCY_CASTLE_PROVIDER).getCertificate(new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, x500Name2, subjectPublicKeyInfo).build(new JcaContentSignerBuilder(JCAConstants.SIGNATURE_RSA_SHA256).setProvider(SecurityProvider.BOUNCY_CASTLE_PROVIDER).build(privateKey)));
            if (log.isTraceEnabled()) {
                log.trace("creation of the certificate was successful.");
            }
            if (log.isDebugEnabled()) {
                log.debug("serialnumber of the new certificate: " + bigInteger);
                log.debug("certificate will be valid from: " + date + "\t to \t" + date2);
            }
            return certificate;
        } catch (CertificateException | OperatorCreationException e) {
            throw new CertificateCreationException(e);
        }
    }

    private CertificateCreator() {
    }
}
