package org.keycloak.crypto.elytron;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.DateTimeException;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.jboss.logging.Logger;
import org.keycloak.common.crypto.CertificateUtilsProvider;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.cert.AuthorityKeyIdentifierExtension;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.CertificatePoliciesExtension;
import org.wildfly.security.x500.cert.ExtendedKeyUsageExtension;
import org.wildfly.security.x500.cert.KeyUsage;
import org.wildfly.security.x500.cert.KeyUsageExtension;
import org.wildfly.security.x500.cert.SubjectKeyIdentifierExtension;
import org.wildfly.security.x500.cert.X509CertificateBuilder;
import org.wildfly.security.x500.cert.X509CertificateExtension;
import org.wildfly.security.x500.cert.util.KeyUtil;

/* loaded from: input_file:org/keycloak/crypto/elytron/ElytronCertificateUtilsProvider.class */
public class ElytronCertificateUtilsProvider implements CertificateUtilsProvider {
    Logger log = Logger.getLogger(getClass());

    public X509Certificate generateV3Certificate(KeyPair keyPair, PrivateKey privateKey, X509Certificate x509Certificate, String str) throws Exception {
        try {
            X500Principal subjectToX500Principle = subjectToX500Principle(str);
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            ZonedDateTime ofInstant = ZonedDateTime.ofInstant(new Date(System.currentTimeMillis()).toInstant(), ZoneId.systemDefault());
            Calendar calendar = Calendar.getInstance();
            calendar.add(1, 3);
            ZonedDateTime ofInstant2 = ZonedDateTime.ofInstant(new Date(calendar.getTime().getTime()).toInstant(), ZoneId.systemDefault());
            BigInteger valueOf = BigInteger.valueOf(Math.abs(SecureRandom.getInstance("SHA1PRNG").nextInt()));
            ArrayList arrayList = new ArrayList();
            arrayList.add("1.3.6.1.5.5.7.3.4");
            arrayList.add("1.3.6.1.5.5.7.3.1");
            X509CertificateBuilder addExtension = new X509CertificateBuilder().setSubjectDn(subjectToX500Principle).setIssuerDn(subjectX500Principal).setNotValidBefore(ofInstant).setNotValidAfter(ofInstant2).setPublicKey(keyPair.getPublic()).setSerialNumber(valueOf).setSigningKey(privateKey).addExtension(new SubjectKeyIdentifierExtension(KeyUtil.getKeyIdentifier(keyPair.getPublic()))).addExtension(new AuthorityKeyIdentifierExtension(KeyUtil.getKeyIdentifier(x509Certificate.getPublicKey()), Collections.singletonList(new GeneralName.DirectoryName(x509Certificate.getIssuerX500Principal().getName())), x509Certificate.getSerialNumber())).addExtension(new KeyUsageExtension(new KeyUsage[]{KeyUsage.digitalSignature, KeyUsage.keyCertSign, KeyUsage.cRLSign})).addExtension(new ExtendedKeyUsageExtension(false, arrayList)).addExtension(new BasicConstraintsExtension(true, true, 0));
            String algorithm = privateKey.getAlgorithm();
            boolean z = -1;
            switch (algorithm.hashCode()) {
                case 2206:
                    if (algorithm.equals("EC")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    addExtension.setSignatureAlgorithmName("SHA256withECDSA");
                    break;
                default:
                    addExtension.setSignatureAlgorithmName("SHA256withRSA");
                    break;
            }
            return addExtension.build();
        } catch (Exception e) {
            throw new RuntimeException("Error creating X509v3Certificate.", e);
        }
    }

    public X509Certificate generateV1SelfSignedCertificate(KeyPair keyPair, String str) {
        return generateV1SelfSignedCertificate(keyPair, str, BigInteger.valueOf(System.currentTimeMillis()));
    }

    public X509Certificate generateV1SelfSignedCertificate(KeyPair keyPair, String str, BigInteger bigInteger) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(1, 10);
        return generateV1SelfSignedCertificate(keyPair, str, bigInteger, calendar.getTime());
    }

    public X509Certificate generateV1SelfSignedCertificate(KeyPair keyPair, String str, BigInteger bigInteger, Date date) {
        try {
            X500Principal subjectToX500Principle = subjectToX500Principle(str);
            X509CertificateBuilder serialNumber = new X509CertificateBuilder().setSubjectDn(subjectToX500Principle).setIssuerDn(subjectToX500Principle).setNotValidBefore(ZonedDateTime.ofInstant(new Date(System.currentTimeMillis() - 100000).toInstant(), ZoneId.systemDefault())).setNotValidAfter(ZonedDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault())).setSigningKey(keyPair.getPrivate()).setPublicKey(keyPair.getPublic()).setSerialNumber(bigInteger);
            String algorithm = keyPair.getPrivate().getAlgorithm();
            boolean z = -1;
            switch (algorithm.hashCode()) {
                case 2206:
                    if (algorithm.equals("EC")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    serialNumber.setSignatureAlgorithmName("SHA256withECDSA");
                    break;
                default:
                    serialNumber.setSignatureAlgorithmName("SHA256withRSA");
                    break;
            }
            return serialNumber.build();
        } catch (Exception e) {
            throw new RuntimeException("Error creating X509v1Certificate.", e);
        }
    }

    private static X500Principal subjectToX500Principle(String str) {
        if (!str.startsWith("CN=")) {
            str = "CN=" + str;
        }
        return new X500Principal(str);
    }

    public List<String> getCertificatePolicyList(X509Certificate x509Certificate) throws GeneralSecurityException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.32");
        System.out.println("Policy: " + new String(extensionValue));
        DERDecoder dERDecoder = new DERDecoder(extensionValue);
        System.out.println("type " + dERDecoder.peekType());
        DERDecoder dERDecoder2 = new DERDecoder(dERDecoder.decodeOctetString());
        ArrayList arrayList = new ArrayList();
        while (dERDecoder2.hasNextElement()) {
            switch (dERDecoder2.peekType()) {
                case 6:
                    arrayList.add(dERDecoder2.decodeObjectIdentifier());
                    dERDecoder2.endSequence();
                    break;
                case 48:
                    dERDecoder2.startSequence();
                    break;
                default:
                    dERDecoder2.skipElement();
                    break;
            }
        }
        return arrayList;
    }

    public List<String> getCRLDistributionPoints(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        DERDecoder dERDecoder = new DERDecoder(new DERDecoder(extensionValue).decodeOctetString());
        while (dERDecoder.hasNextElement()) {
            switch (dERDecoder.peekType()) {
                case 12:
                    arrayList.add(dERDecoder.decodeUtf8String());
                    break;
                case 48:
                    dERDecoder.startSequence();
                    break;
                case 134:
                    dERDecoder.decodeImplicit(134);
                    arrayList.add(dERDecoder.decodeOctetStringAsString());
                    this.log.debug("Adding Dist point name: " + ((String) arrayList.get(arrayList.size() - 1)));
                    break;
                case 160:
                    dERDecoder.startExplicit(160);
                    break;
                default:
                    dERDecoder.skipElement();
                    break;
            }
            try {
                if (!dERDecoder.hasNextElement() && dERDecoder.peekType() == 48) {
                    dERDecoder.startSequence();
                } else if (!dERDecoder.hasNextElement() && dERDecoder.peekType() == 160) {
                    dERDecoder.startExplicit(160);
                }
            } catch (Exception e) {
                this.log.warn("There is an issue parsing the certificate for Distribution Points", e);
            }
        }
        return arrayList;
    }

    public X509Certificate createServicesTestCertificate(String str, Date date, Date date2, KeyPair keyPair, String... strArr) {
        try {
            X500Principal subjectToX500Principle = subjectToX500Principle(str);
            X500Principal subjectToX500Principle2 = subjectToX500Principle(str);
            ZonedDateTime ofInstant = ZonedDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault());
            return new X509CertificateBuilder().setSubjectDn(subjectToX500Principle).setIssuerDn(subjectToX500Principle2).setNotValidBefore(ofInstant).setNotValidAfter(ZonedDateTime.ofInstant(date2.toInstant(), ZoneId.systemDefault())).setSigningKey(keyPair.getPrivate()).setPublicKey(keyPair.getPublic()).addExtension(createPoliciesExtension(strArr)).setSignatureAlgorithmName("SHA256withRSA").build();
        } catch (CertificateException | DateTimeException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private X509CertificateExtension createPoliciesExtension(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(new CertificatePoliciesExtension.PolicyInformation(str));
        }
        return new CertificatePoliciesExtension(false, arrayList);
    }
}
