package io.github.stephenc.crypto.sscg;

import io.github.stephenc.crypto.sscg.internal.bc.asn1.ASN1Encodable;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.ASN1ObjectIdentifier;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x500.X500Name;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x500.X500NameBuilder;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x500.style.BCStyle;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x509.AlgorithmIdentifier;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x509.SubjectPublicKeyInfo;
import io.github.stephenc.crypto.sscg.internal.bc.asn1.x509.X509Extension;
import io.github.stephenc.crypto.sscg.internal.bc.cert.X509v3CertificateBuilder;
import io.github.stephenc.crypto.sscg.internal.bc.cert.jcajce.JcaX509ExtensionUtils;
import io.github.stephenc.crypto.sscg.internal.bc.crypto.params.RSAKeyParameters;
import io.github.stephenc.crypto.sscg.internal.bc.jcajce.provider.asymmetric.dsa.DSAUtil;
import io.github.stephenc.crypto.sscg.internal.bc.jcajce.provider.asymmetric.util.ECUtil;
import io.github.stephenc.crypto.sscg.internal.bc.jce.provider.BouncyCastleProvider;
import io.github.stephenc.crypto.sscg.internal.bc.operator.ContentSigner;
import io.github.stephenc.crypto.sscg.internal.bc.operator.DefaultDigestAlgorithmIdentifierFinder;
import io.github.stephenc.crypto.sscg.internal.bc.operator.DefaultSignatureAlgorithmIdentifierFinder;
import io.github.stephenc.crypto.sscg.internal.bc.operator.OperatorCreationException;
import io.github.stephenc.crypto.sscg.internal.bc.operator.bc.BcDSAContentSignerBuilder;
import io.github.stephenc.crypto.sscg.internal.bc.operator.bc.BcECContentSignerBuilder;
import io.github.stephenc.crypto.sscg.internal.bc.operator.bc.BcRSAContentSignerBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec;

/* loaded from: input_file:WEB-INF/lib/self-signed-cert-generator-1.0.0.jar:io/github/stephenc/crypto/sscg/SelfSignedCertificate.class */
public final class SelfSignedCertificate {
    private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
    private final KeyPair keyPair;
    private Date firstDate = new Date();
    private Date lastDate = new Date(this.firstDate.getTime() + TimeUnit.DAYS.toMillis(365));
    private X500NameBuilder subject = new X500NameBuilder(BCStyle.INSTANCE);
    private String hashAlg = "SHA1";

    private SelfSignedCertificate(KeyPair keyPair) {
        this.keyPair = keyPair;
    }

    public static SelfSignedCertificate forKeyPair(KeyPair keyPair) {
        return new SelfSignedCertificate(keyPair);
    }

    public SelfSignedCertificate validFrom(Date date) {
        this.firstDate = date == null ? new Date() : (Date) date.clone();
        return this;
    }

    public SelfSignedCertificate validUntil(Date date) {
        this.lastDate = date == null ? new Date(this.firstDate.getTime() + TimeUnit.DAYS.toMillis(365L)) : (Date) date.clone();
        return this;
    }

    public SelfSignedCertificate cn(String str) {
        this.subject.addRDN(BCStyle.CN, str);
        return this;
    }

    public SelfSignedCertificate c(String str) {
        this.subject.addRDN(BCStyle.C, str);
        return this;
    }

    public SelfSignedCertificate o(String str) {
        this.subject.addRDN(BCStyle.O, str);
        return this;
    }

    public SelfSignedCertificate ou(String str) {
        this.subject.addRDN(BCStyle.OU, str);
        return this;
    }

    public SelfSignedCertificate oid(String str, String str2) {
        this.subject.addRDN(new ASN1ObjectIdentifier(str), str2);
        return this;
    }

    public SelfSignedCertificate sha1() {
        this.hashAlg = "SHA1";
        return this;
    }

    public SelfSignedCertificate sha224() {
        this.hashAlg = "SHA224";
        return this;
    }

    public SelfSignedCertificate sha256() {
        this.hashAlg = McElieceCCA2ParameterSpec.DEFAULT_MD;
        return this;
    }

    public SelfSignedCertificate sha384() {
        this.hashAlg = "SHA384";
        return this;
    }

    public SelfSignedCertificate sha512() {
        this.hashAlg = "SHA512";
        return this;
    }

    public X509Certificate generate() throws IOException {
        ContentSigner build;
        try {
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(this.keyPair.getPublic().getEncoded());
            X500Name build2 = this.subject.build();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(build2, BigInteger.ONE, this.firstDate, this.lastDate, build2, subjectPublicKeyInfo);
            x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (ASN1Encodable) new JcaX509ExtensionUtils().createSubjectKeyIdentifier(subjectPublicKeyInfo));
            if (this.keyPair.getPrivate() instanceof RSAPrivateKey) {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) this.keyPair.getPrivate();
                AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(this.hashAlg + "withRSA");
                build = new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(new RSAKeyParameters(true, rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
            } else if (this.keyPair.getPrivate() instanceof DSAPrivateKey) {
                DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) this.keyPair.getPrivate();
                AlgorithmIdentifier find2 = new DefaultSignatureAlgorithmIdentifierFinder().find(this.hashAlg + "withDSA");
                build = new BcDSAContentSignerBuilder(find2, new DefaultDigestAlgorithmIdentifierFinder().find(find2)).build(DSAUtil.generatePrivateKeyParameter(dSAPrivateKey));
            } else {
                if (!(this.keyPair.getPrivate() instanceof ECPrivateKey)) {
                    throw new IOException("Unsupported key type");
                }
                ECPrivateKey eCPrivateKey = (ECPrivateKey) this.keyPair.getPrivate();
                AlgorithmIdentifier find3 = new DefaultSignatureAlgorithmIdentifierFinder().find(this.hashAlg + "withECDSA");
                build = new BcECContentSignerBuilder(find3, new DefaultDigestAlgorithmIdentifierFinder().find(find3)).build(ECUtil.generatePrivateKeyParameter(eCPrivateKey));
            }
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(build).getEncoded()));
        } catch (OperatorCreationException e) {
            throw new IOException("Failed to generate a certificate", e);
        } catch (InvalidKeyException e2) {
            throw new IOException("Failed to generate a certificate", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IOException("Failed to generate a certificate", e3);
        } catch (CertificateException e4) {
            throw new IOException("Failed to generate a certificate", e4);
        }
    }
}
