package kz.akkamal.aksig;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import kz.akkamal.org.bouncycastle.asn1.ASN1Encodable;
import kz.akkamal.org.bouncycastle.asn1.ASN1EncodableVector;
import kz.akkamal.org.bouncycastle.asn1.ASN1InputStream;
import kz.akkamal.org.bouncycastle.asn1.DERBitString;
import kz.akkamal.org.bouncycastle.asn1.DEREncodable;
import kz.akkamal.org.bouncycastle.asn1.DERInteger;
import kz.akkamal.org.bouncycastle.asn1.DERObjectIdentifier;
import kz.akkamal.org.bouncycastle.asn1.DERSequence;
import kz.akkamal.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import kz.akkamal.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import kz.akkamal.org.bouncycastle.asn1.x509.TBSCertificateStructure;
import kz.akkamal.org.bouncycastle.asn1.x509.Time;
import kz.akkamal.org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import kz.akkamal.org.bouncycastle.asn1.x509.X509CertificateStructure;
import kz.akkamal.org.bouncycastle.asn1.x509.X509ExtensionsGenerator;

/* loaded from: classes.dex */
public class X509V3CertificateGenerator {
    private AlgorithmIdentifier sigAlgId;
    private DERObjectIdentifier sigOID;
    private V3TBSCertificateGenerator tbsGen = new V3TBSCertificateGenerator();
    private X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();

    private X509Certificate generateCertObject(TBSCertificateStructure tBSCertificateStructure, byte[] bArr) throws CertificateParsingException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(tBSCertificateStructure);
        aSN1EncodableVector.add(this.sigAlgId);
        aSN1EncodableVector.add(new DERBitString(bArr));
        return new X509CertificateObject(new X509CertificateStructure(new DERSequence(aSN1EncodableVector)));
    }

    public static X509Certificate generateSelfSignedCert(KeyPair keyPair, String str, String str2) {
        String str3;
        if (keyPair.getPrivate() instanceof Gost3410PrivateKey) {
            str3 = "ECGOST3410";
        } else {
            if (!(keyPair.getPrivate() instanceof RsaPrivateKey)) {
                throw new RuntimeException("Unsupported keys");
            }
            str3 = "Sha1WithRsa";
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setIssuerDN(new X509Principal(str2));
        x509V3CertificateGenerator.setSubjectDN(new X509Principal(str2));
        x509V3CertificateGenerator.setSignatureAlgorithm(str3);
        x509V3CertificateGenerator.setSerialNumber(new BigInteger("01"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis()));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + 5184000000L));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic(), str);
        try {
            return x509V3CertificateGenerator.generate(keyPair.getPrivate());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private TBSCertificateStructure generateTbsCert() {
        if (!this.extGenerator.isEmpty()) {
            this.tbsGen.setExtensions(this.extGenerator.generate());
        }
        return this.tbsGen.generateTBSCertificate();
    }

    public void addExtension(String str, boolean z, DEREncodable dEREncodable) {
        addExtension(new DERObjectIdentifier(str), z, dEREncodable);
    }

    public void addExtension(String str, boolean z, byte[] bArr) {
        addExtension(new DERObjectIdentifier(str), z, bArr);
    }

    public void addExtension(DERObjectIdentifier dERObjectIdentifier, boolean z, DEREncodable dEREncodable) {
        this.extGenerator.addExtension(dERObjectIdentifier, z, dEREncodable);
    }

    public void addExtension(DERObjectIdentifier dERObjectIdentifier, boolean z, byte[] bArr) {
        this.extGenerator.addExtension(dERObjectIdentifier, z, bArr);
    }

    public X509Certificate generate(PrivateKey privateKey) throws Exception {
        TBSCertificateStructure generateTbsCert = generateTbsCert();
        if (this.sigOID == null) {
            throw new IllegalStateException("no signature algorithm specified");
        }
        Signature signature = Signature.getInstance(this.sigOID.toString(), "AkSig");
        signature.initSign(privateKey);
        signature.update(generateTbsCert.getEncoded(ASN1Encodable.DER));
        return generateCertObject(generateTbsCert, signature.sign());
    }

    public void reset() {
        this.tbsGen = new V3TBSCertificateGenerator();
        this.extGenerator.reset();
    }

    public void setIssuerDN(X509Principal x509Principal) {
        this.tbsGen.setIssuer(x509Principal);
    }

    public void setNotAfter(Date date) {
        this.tbsGen.setEndDate(new Time(date));
    }

    public void setNotBefore(Date date) {
        this.tbsGen.setStartDate(new Time(date));
    }

    public void setPublicKey(PublicKey publicKey, String str) throws IllegalArgumentException {
        if (!(publicKey instanceof GeneralPublicKey)) {
            throw new IllegalArgumentException("Public Key type not supported");
        }
        try {
            this.tbsGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(new ASN1InputStream(((GeneralPublicKey) publicKey).getEncoded(str)).readObject()));
        } catch (Exception e) {
            throw new IllegalArgumentException("unable to process key", e);
        }
    }

    public void setSerialNumber(BigInteger bigInteger) {
        if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
            throw new IllegalArgumentException("serial number must be a positive integer");
        }
        this.tbsGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setSignatureAlgorithm(String str) throws IllegalArgumentException {
        String sigAlgOid = AkSigProv.getSigAlgOid(str);
        if (sigAlgOid == null) {
            throw new IllegalArgumentException("Unsupported algname");
        }
        this.sigOID = new DERObjectIdentifier(sigAlgOid);
        this.sigAlgId = new AlgorithmIdentifier(sigAlgOid);
        this.tbsGen.setSignature(this.sigAlgId);
    }

    public void setSubjectDN(X509Principal x509Principal) {
        this.tbsGen.setSubject(x509Principal);
    }
}
