package com.koalii.kgsp.core.cms;

import com.koalii.kgsp.bc.asn1.ASN1Encodable;
import com.koalii.kgsp.bc.asn1.x500.X500Name;
import com.koalii.kgsp.bc.asn1.x509.BasicConstraints;
import com.koalii.kgsp.bc.asn1.x509.ExtendedKeyUsage;
import com.koalii.kgsp.bc.asn1.x509.Extension;
import com.koalii.kgsp.bc.asn1.x509.KeyPurposeId;
import com.koalii.kgsp.bc.asn1.x509.KeyUsage;
import com.koalii.kgsp.bc.asn1.x509.SubjectPublicKeyInfo;
import com.koalii.kgsp.bc.cert.CertIOException;
import com.koalii.kgsp.bc.cert.X509CertificateHolder;
import com.koalii.kgsp.bc.cert.X509v3CertificateBuilder;
import com.koalii.kgsp.bc.crypto.params.AsymmetricKeyParameter;
import com.koalii.kgsp.bc.operator.ContentSigner;
import com.koalii.kgsp.bc.util.BigIntegers;
import com.koalii.kgsp.core.cert.KcKeyStore;
import com.koalii.kgsp.core.crypto.KcAsymmetricKeyPair;
import com.koalii.kgsp.core.exception.KcErrors;
import com.koalii.kgsp.core.exception.KcException;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Date;

/* loaded from: input_file:com/koalii/kgsp/core/cms/CertIssue.class */
public abstract class CertIssue {
    protected static final int keyUsageSign = 200;
    protected static final int keyUsageEncrypt = 48;
    protected static final int keyUsageAll = 248;
    protected static final int keyUsageRootCa = 250;
    protected X500Name certDn;
    protected int certValidDays = 365;
    protected int certSnByteSize = 8;
    protected BigInteger certSn = BigInteger.ZERO;
    protected int certKeyUsage = keyUsageAll;
    protected AsymmetricKeyParameter certPublicKey;
    protected X500Name issuerDn;
    protected AsymmetricKeyParameter issuerPublicKey;
    protected AsymmetricKeyParameter issuerPrivateKey;
    protected X509CertificateHolder issuerCert;

    public void resetForIssueCert() {
        this.certDn = null;
        this.certSn = BigInteger.ZERO;
        this.certPublicKey = null;
    }

    public void setCertDn(String str) {
        this.certDn = new X500Name(str);
    }

    public void setIssuerStore(KcKeyStore kcKeyStore) {
        this.issuerPublicKey = kcKeyStore.getPublicKey();
        this.issuerPrivateKey = kcKeyStore.getPrivateKey();
        this.issuerCert = kcKeyStore.getCert();
        if (null != this.issuerCert) {
            this.issuerDn = this.issuerCert.getSubject();
        }
    }

    public void setIssuerKeyPair(KcAsymmetricKeyPair kcAsymmetricKeyPair) {
        if (kcAsymmetricKeyPair.isKeyEmpty()) {
            kcAsymmetricKeyPair.generateKeyPair();
        }
        this.issuerPublicKey = kcAsymmetricKeyPair.getPublicKey();
        this.issuerPrivateKey = kcAsymmetricKeyPair.getPrivateKey();
    }

    public void setCertValidDays(int i) {
        if (i > 0) {
            this.certValidDays = i;
        }
    }

    public void setCertPublicKey(AsymmetricKeyParameter asymmetricKeyParameter) {
        this.certPublicKey = asymmetricKeyParameter;
    }

    public void setCertSnByteSize(int i) {
        if (i > 0) {
            this.certSnByteSize = i;
        }
    }

    public void setCertSn(String str) {
        this.certSn = new BigInteger(str);
    }

    public void setCertSn(byte[] bArr) {
        this.certSn = new BigInteger(BigIntegers.asUnsignedByteArray(new BigInteger(bArr)));
    }

    public void setCertSnHex(String str) {
        this.certSn = new BigInteger(str, 16);
    }

    public X509CertificateHolder issueSelfSignedCert() throws KcException {
        this.issuerDn = this.certDn;
        this.certPublicKey = this.issuerPublicKey;
        this.certKeyUsage = keyUsageRootCa;
        X509v3CertificateBuilder createCertBuilder = createCertBuilder();
        try {
            createCertBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(false));
            createCertBuilder.addExtension(Extension.extendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
            return createCertBuilder.build(buildSigner());
        } catch (CertIOException e) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_EXTENSION, "issuer self sign cert: add extension basicConstraints or extendedKeyUsage failed - " + this.certDn, e);
        }
    }

    public X509CertificateHolder issueCert() throws KcException {
        this.certKeyUsage = keyUsageAll;
        return createCertBuilder().build(buildSigner());
    }

    public X509CertificateHolder issueSignCert() throws KcException {
        this.certKeyUsage = 200;
        return createCertBuilder().build(buildSigner());
    }

    public X509CertificateHolder issueEncryptCert() throws KcException {
        this.certKeyUsage = 48;
        return createCertBuilder().build(buildSigner());
    }

    protected abstract ContentSigner buildSigner() throws KcException;

    protected abstract SubjectPublicKeyInfo generateSubjectPublicKeyInfo(AsymmetricKeyParameter asymmetricKeyParameter) throws KcException;

    protected BigInteger genarateCertSn() {
        if (this.certSn != BigInteger.ZERO) {
            return this.certSn;
        }
        byte[] bArr = new byte[this.certSnByteSize];
        new SecureRandom().nextBytes(bArr);
        this.certSn = new BigInteger(BigIntegers.asUnsignedByteArray(new BigInteger(bArr))).abs();
        return this.certSn;
    }

    protected X509v3CertificateBuilder createCertBuilder() throws KcException {
        checkCertInfo();
        BigInteger genarateCertSn = genarateCertSn();
        SubjectPublicKeyInfo generateSubjectPublicKeyInfo = generateSubjectPublicKeyInfo(this.certPublicKey);
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + (this.certValidDays * 24 * 3600 * 1000));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(this.issuerDn, genarateCertSn, date, date2, this.certDn, generateSubjectPublicKeyInfo);
        try {
            x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(this.certKeyUsage));
            return x509v3CertificateBuilder;
        } catch (Exception e) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_EXTENSION, "issue cert: add extension keyUsage failed - " + this.certDn, e);
        }
    }

    protected void checkCertInfo() throws KcException {
        if (null == this.certDn) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_DN_EMPTY, "issue cert: subject dn empty");
        }
        if (null == this.certPublicKey) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_PUBLIC_KEY_EMPTY, "issue cert: punlic key empty");
        }
        if (null == this.issuerPrivateKey) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_PRIVATE_KEY_EMPTY, "issue cert: private key empty");
        }
        if (null == this.issuerDn) {
            throw new KcException(KcErrors.ERROR_CORE_CERT_ISSUER_DN_EMPTY, "issue cert: issuer dn empty");
        }
    }
}
