package com.axelor.apps.account.ebics.certificate;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: input_file:com/axelor/apps/account/ebics/certificate/X509Generator.class */
public class X509Generator {
    private static SimpleDateFormat sdfSerial = new SimpleDateFormat("yyyyMMddHHmmssSSS");

    public X509Certificate generateA005Certificate(KeyPair keyPair, String str, Date date, Date date2) throws GeneralSecurityException, IOException {
        return generate(keyPair, str, date, date2, 1);
    }

    public X509Certificate generateX002Certificate(KeyPair keyPair, String str, Date date, Date date2) throws GeneralSecurityException, IOException {
        return generate(keyPair, str, date, date2, 2);
    }

    public X509Certificate generateE002Certificate(KeyPair keyPair, String str, Date date, Date date2) throws GeneralSecurityException, IOException {
        return generate(keyPair, str, date, date2, 3);
    }

    public X509Certificate generate(KeyPair keyPair, String str, Date date, Date date2, int i) throws GeneralSecurityException, IOException {
        BigInteger valueOf = BigInteger.valueOf(generateSerial());
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(valueOf);
        x509V3CertificateGenerator.setIssuerDN(new X509Principal(str));
        x509V3CertificateGenerator.setNotBefore(date);
        x509V3CertificateGenerator.setNotAfter(date2);
        x509V3CertificateGenerator.setSubjectDN(new X509Principal(str));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm(X509Constants.SIGNATURE_ALGORITHM);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, getSubjectKeyIdentifier(keyPair.getPublic()));
        x509V3CertificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, getAuthorityKeyIdentifier(keyPair.getPublic(), str, valueOf));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new DERSequence(aSN1EncodableVector)));
        switch (i) {
            case 1:
                x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(64));
                break;
            case 2:
                x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(128));
                break;
            case 3:
                x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(8));
                break;
            default:
                x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, false, new KeyUsage(160));
                break;
        }
        X509Certificate generate = x509V3CertificateGenerator.generate(keyPair.getPrivate(), "BC", new SecureRandom());
        generate.checkValidity(new Date());
        generate.verify(keyPair.getPublic());
        return generate;
    }

    private AuthorityKeyIdentifier getAuthorityKeyIdentifier(PublicKey publicKey, String str, BigInteger bigInteger) throws IOException {
        SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new GeneralName(new X509Name(str)));
        return new AuthorityKeyIdentifier(subjectPublicKeyInfo, GeneralNames.getInstance(new DERSequence(aSN1EncodableVector)), bigInteger);
    }

    private SubjectKeyIdentifier getSubjectKeyIdentifier(PublicKey publicKey) throws IOException {
        return new SubjectKeyIdentifier(new SubjectPublicKeyInfo(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()));
    }

    private long generateSerial() {
        return Long.valueOf(sdfSerial.format(new Date())).longValue();
    }

    static {
        sdfSerial.setTimeZone(TimeZone.getTimeZone("UTC"));
    }
}
