package kz.akkamal.akcrypto.x509;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import kz.akkamal.akcrypto.jce.X509CertificateObject;
import kz.akkamal.essclia.aktest.profile.ks.AKKeyStoreSign;
import kz.akkamal.org.bouncycastle.asn1.ASN1Encodable;
import kz.akkamal.org.bouncycastle.asn1.ASN1EncodableVector;
import kz.akkamal.org.bouncycastle.asn1.ASN1InputStream;
import kz.akkamal.org.bouncycastle.asn1.DERBitString;
import kz.akkamal.org.bouncycastle.asn1.DEREncodable;
import kz.akkamal.org.bouncycastle.asn1.DERInteger;
import kz.akkamal.org.bouncycastle.asn1.DERNull;
import kz.akkamal.org.bouncycastle.asn1.DERObjectIdentifier;
import kz.akkamal.org.bouncycastle.asn1.DERSequence;
import kz.akkamal.org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.gamma.GammaTechObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import kz.akkamal.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import kz.akkamal.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import kz.akkamal.org.bouncycastle.asn1.x509.TBSCertificateStructure;
import kz.akkamal.org.bouncycastle.asn1.x509.Time;
import kz.akkamal.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import kz.akkamal.org.bouncycastle.asn1.x509.X509CertificateStructure;
import kz.akkamal.org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import kz.akkamal.org.bouncycastle.asn1.x509.X509Name;

/* loaded from: classes.dex */
public class X509V3CertificateGenerator {
    private static HashMap<String, DERObjectIdentifier> algs = new HashMap<>();
    private static HashSet<String> noParams;
    private AlgorithmIdentifier sigAlgId;
    private DERObjectIdentifier sigOID;
    private V3TBSCertificateGenerator tbsGen = new V3TBSCertificateGenerator();
    private X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();

    static {
        algs.put("ECGOST3410".toLowerCase(), CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
        algs.put(AKKeyStoreSign.ALG_SIGN_GOST_TUMAR.toLowerCase(), GammaTechObjectIdentifiers.ecgost3410);
        algs.put("SHA1withRSA".toLowerCase(), PKCSObjectIdentifiers.sha1WithRSAEncryption);
        algs.put("SHA256withRSA".toLowerCase(), PKCSObjectIdentifiers.sha256WithRSAEncryption);
        noParams = new HashSet<>();
        noParams.add("ECGOST3410".toLowerCase());
        noParams.add(AKKeyStoreSign.ALG_SIGN_GOST_TUMAR.toLowerCase());
    }

    private DERBitString booleanToBitString(boolean[] zArr) {
        byte[] bArr = new byte[(zArr.length + 7) / 8];
        for (int i = 0; i != zArr.length; i++) {
            int i2 = i / 8;
            bArr[i2] = (byte) ((zArr[i] ? 1 << (7 - (i % 8)) : 0) | bArr[i2]);
        }
        int length = zArr.length % 8;
        return length == 0 ? new DERBitString(bArr) : new DERBitString(bArr, 8 - length);
    }

    private X509Certificate generateJcaObject(TBSCertificateStructure tBSCertificateStructure, byte[] bArr) throws CertificateParsingException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(tBSCertificateStructure);
        aSN1EncodableVector.add(this.sigAlgId);
        aSN1EncodableVector.add(new DERBitString(bArr));
        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)));
    }

    public static X509Certificate generateSelfSignedCert(KeyPair keyPair, String str) {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setIssuerDN(new X509Name(str));
        x509V3CertificateGenerator.setSubjectDN(new X509Name(str));
        if (keyPair.getPrivate().getAlgorithm().equals("RSA")) {
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA1withRSA");
        } else {
            x509V3CertificateGenerator.setSignatureAlgorithm("ECGOST3410");
        }
        x509V3CertificateGenerator.setSerialNumber(new BigInteger("01"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 5184000000L));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        try {
            return x509V3CertificateGenerator.generate(keyPair.getPrivate());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private TBSCertificateStructure generateTbsCert() {
        if (!this.extGenerator.isEmpty()) {
            this.tbsGen.setExtensions(this.extGenerator.generate());
        }
        return this.tbsGen.generateTBSCertificate();
    }

    public void addExtension(String str, boolean z, DEREncodable dEREncodable) {
        addExtension(new DERObjectIdentifier(str), z, dEREncodable);
    }

    public void addExtension(String str, boolean z, byte[] bArr) {
        addExtension(new DERObjectIdentifier(str), z, bArr);
    }

    public void addExtension(DERObjectIdentifier dERObjectIdentifier, boolean z, DEREncodable dEREncodable) {
        this.extGenerator.addExtension(dERObjectIdentifier, z, dEREncodable);
    }

    public void addExtension(DERObjectIdentifier dERObjectIdentifier, boolean z, byte[] bArr) {
        this.extGenerator.addExtension(dERObjectIdentifier, z, bArr);
    }

    public X509Certificate generate(PrivateKey privateKey) throws Exception {
        TBSCertificateStructure generateTbsCert = generateTbsCert();
        if (this.sigOID == null) {
            throw new IllegalStateException("no signature algorithm specified");
        }
        Signature signature = Signature.getInstance(this.sigOID.toString());
        signature.initSign(privateKey);
        signature.update(generateTbsCert.getEncoded(ASN1Encodable.DER));
        return generateJcaObject(generateTbsCert, signature.sign());
    }

    public void reset() {
        this.tbsGen = new V3TBSCertificateGenerator();
        this.extGenerator.reset();
    }

    public void setIssuerDN(X509Name x509Name) {
        this.tbsGen.setIssuer(x509Name);
    }

    public void setIssuerUniqueID(boolean[] zArr) {
        this.tbsGen.setIssuerUniqueID(booleanToBitString(zArr));
    }

    public void setNotAfter(Date date) {
        this.tbsGen.setEndDate(new Time(date));
    }

    public void setNotBefore(Date date) {
        this.tbsGen.setStartDate(new Time(date));
    }

    public void setPublicKey(PublicKey publicKey) throws IllegalArgumentException {
        try {
            this.tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(publicKey.getEncoded()).readObject()));
        } catch (Exception e) {
            throw new IllegalArgumentException("unable to process key - " + e.toString());
        }
    }

    public void setSerialNumber(BigInteger bigInteger) {
        if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
            throw new IllegalArgumentException("serial number must be a positive integer");
        }
        this.tbsGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setSignatureAlgorithm(String str) {
        try {
            this.sigOID = algs.get(str.toLowerCase());
            if (this.sigOID == null) {
                throw new Exception("Unknown sign type");
            }
            if (noParams.contains(str.toLowerCase())) {
                this.sigAlgId = new AlgorithmIdentifier(this.sigOID);
            } else {
                this.sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());
            }
            this.tbsGen.setSignature(this.sigAlgId);
        } catch (Exception e) {
            throw new IllegalArgumentException("Unknown signature type requested: " + str);
        }
    }

    public void setSubjectDN(X509Name x509Name) {
        this.tbsGen.setSubject(x509Name);
    }

    public void setSubjectUniqueID(boolean[] zArr) {
        this.tbsGen.setSubjectUniqueID(booleanToBitString(zArr));
    }
}
