package com.cfca.util.pki.cert;

import com.cfca.util.pki.PKIConstant;
import com.cfca.util.pki.PKIException;
import com.cfca.util.pki.Parser;
import com.cfca.util.pki.asn1.ASN1EncodableVector;
import com.cfca.util.pki.asn1.DERBitString;
import com.cfca.util.pki.asn1.DERInteger;
import com.cfca.util.pki.asn1.DERNull;
import com.cfca.util.pki.asn1.DERObjectIdentifier;
import com.cfca.util.pki.asn1.DEROctetString;
import com.cfca.util.pki.asn1.DERSequence;
import com.cfca.util.pki.asn1.x509.AlgorithmIdentifier;
import com.cfca.util.pki.asn1.x509.TBSCertificateStructure;
import com.cfca.util.pki.asn1.x509.Time;
import com.cfca.util.pki.asn1.x509.V3TBSCertificateGenerator;
import com.cfca.util.pki.asn1.x509.X509Extension;
import com.cfca.util.pki.asn1.x509.X509Extensions;
import com.cfca.util.pki.asn1.x509.X509Name;
import com.cfca.util.pki.cipher.JKey;
import com.cfca.util.pki.cipher.JKeyPair;
import com.cfca.util.pki.cipher.Mechanism;
import com.cfca.util.pki.cipher.Session;
import com.cfca.util.pki.cipher.lib.JSoftLib;
import com.cfca.util.pki.extension.Extension;
import com.cfca.util.pki.extension.KeyUsageExt;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.Security;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/cfca/util/pki/cert/X509CertGenerator.class */
public class X509CertGenerator {
    private V3TBSCertificateGenerator tbsCertGen;
    private Hashtable extensionSet;
    private Mechanism mechanism = null;
    private AlgorithmIdentifier sigAlg = null;
    private String subject = null;
    private String issuer = null;
    private BigInteger serialNumber = null;
    private Date notBefore = null;
    private Date notAfter = null;
    private JKey pubKey = null;
    private DERBitString signature = null;
    private TBSCertificateStructure tbsCert = null;

    public X509CertGenerator() {
        this.tbsCertGen = null;
        this.extensionSet = null;
        this.tbsCertGen = new V3TBSCertificateGenerator();
        this.extensionSet = new Hashtable();
    }

    public void setSerialNumber(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = new BigInteger(str, 16);
        this.tbsCertGen.setSerialNumber(new DERInteger(this.serialNumber));
    }

    public void setSerialNumber(BigInteger bigInteger) throws PKIException {
        if (bigInteger == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        this.serialNumber = bigInteger;
        this.tbsCertGen.setSerialNumber(new DERInteger(bigInteger));
    }

    public void setSubject(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        this.subject = str;
        this.tbsCertGen.setSubject(new X509Name(str));
    }

    public void setIssuer(String str) throws PKIException {
        if (str == null || str.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        this.issuer = str;
        this.tbsCertGen.setIssuer(new X509Name(str));
    }

    public void setNotBefore(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
        }
        this.notBefore = date;
        this.tbsCertGen.setStartDate(new Time(date));
    }

    public void setNotAfter(Date date) throws PKIException {
        if (date == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
        }
        this.notAfter = date;
        this.tbsCertGen.setEndDate(new Time(date));
    }

    public void setPublicKey(JKey jKey) throws PKIException {
        if (jKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        this.pubKey = jKey;
        try {
            this.tbsCertGen.setSubjectPublicKeyInfo(Parser.key2SPKI(jKey));
        } catch (Exception e) {
            throw new PKIException("8503850304", PKIException.KEY_SPKI_DES, e);
        }
    }

    public void setSignatureAlg(String str) throws PKIException {
        if (str == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (str.equals("MD2withRSAEncryption")) {
            this.mechanism = new Mechanism("MD2withRSAEncryption");
        } else if (str.equals("MD5withRSAEncryption")) {
            this.mechanism = new Mechanism("MD5withRSAEncryption");
        } else if (str.equals("SHA1withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA1withRSAEncryption");
        } else if (str.equals("SHA256withRSAEncryption")) {
            this.mechanism = new Mechanism("SHA256withRSAEncryption");
        } else if (str.endsWith("SHA1withSM2")) {
            this.mechanism = new Mechanism("SHA1withSM2");
        } else if (str.endsWith("SHA256withSM2")) {
            this.mechanism = new Mechanism("SHA256withSM2");
        } else if (str.endsWith("SM3withSM2")) {
            this.mechanism = new Mechanism("SM3withSM2");
        } else {
            if (!str.endsWith("SHA1withDSA")) {
                throw new PKIException(PKIException.NONSUPPORT_SIGALG, new StringBuffer("不支持的签名算法: ").append(str).toString());
            }
            this.mechanism = new Mechanism("SHA1withDSA");
        }
        this.sigAlg = new AlgorithmIdentifier((DERObjectIdentifier) PKIConstant.sigAlgName2OID.get(str), new DERNull());
        this.tbsCertGen.setSignature(this.sigAlg);
    }

    public void setIssuerUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setIssuerUniqueID(new DERBitString(bArr));
        }
    }

    public void setSubjectUniqueID(byte[] bArr) {
        if (bArr != null) {
            this.tbsCertGen.setSubjectUniqueID(new DERBitString(bArr));
        }
    }

    public void addExtension(Extension extension) throws PKIException {
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
        try {
            this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
        } catch (PKIException e) {
            throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
        }
    }

    public void addUserEncodedExtension(com.cfca.util.pki.asn1.x509.Extension extension) throws PKIException {
        this.extensionSet.put(extension.getExtnID(), new X509Extension(extension.getCritical(), extension.getExtnValue()));
    }

    public void setExtensions(Vector vector) throws PKIException {
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            Extension extension = (Extension) vector.get(i);
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(extension.getOID());
            try {
                this.extensionSet.put(dERObjectIdentifier, new X509Extension(extension.getCritical(), new DEROctetString(extension.encode())));
            } catch (PKIException e) {
                throw new PKIException(PKIException.EXTENSION_ENCODE, PKIException.EXTENSION_ENCODE_DES, e);
            }
        }
    }

    public void setUserEncodedExtensions(Vector vector) throws PKIException {
        int size = vector.size();
        for (int i = 0; i < size; i++) {
            com.cfca.util.pki.asn1.x509.Extension extension = (com.cfca.util.pki.asn1.x509.Extension) vector.get(i);
            this.extensionSet.put(extension.getExtnID(), new X509Extension(extension.getCritical(), extension.getExtnValue()));
        }
    }

    public byte[] generateX509Cert(JKey jKey, Session session) throws PKIException {
        if (this.issuer == null || this.issuer.trim().length() == 0) {
            throw new PKIException(PKIException.ISSUER_NULL, PKIException.ISSUER_NULL_DES);
        }
        if (this.subject == null || this.subject.trim().length() == 0) {
            throw new PKIException(PKIException.SUBJECT_NULL, PKIException.SUBJECT_NULL_DES);
        }
        if (this.pubKey == null) {
            throw new PKIException(PKIException.PUB_KEY_NULL, PKIException.PUB_KEY_NULL_DES);
        }
        if (this.sigAlg == null) {
            throw new PKIException(PKIException.SIG_ALG_NULL, PKIException.SIG_ALG_NULL_DES);
        }
        if (this.serialNumber == null) {
            throw new PKIException(PKIException.SN_NULL, PKIException.SN_NULL_DES);
        }
        if (this.notBefore == null) {
            throw new PKIException(PKIException.NOT_BEFORE_NULL, PKIException.NOT_BEFORE_NULL_DES);
        }
        if (this.notAfter == null) {
            throw new PKIException(PKIException.NOT_AFTER_NULL, PKIException.NOT_AFTER_NULL_DES);
        }
        generateSignature(jKey, session);
        return constructCertificate();
    }

    private void generateSignature(JKey jKey, Session session) throws PKIException {
        if (this.extensionSet.size() > 0) {
            this.tbsCertGen.setExtensions(new X509Extensions(this.extensionSet));
        }
        this.tbsCert = this.tbsCertGen.generateTBSCertificate();
        try {
            try {
                this.signature = new DERBitString(session.sign(this.mechanism, jKey, Parser.writeDERObj2Bytes(this.tbsCert.getDERObject())));
            } catch (Exception e) {
                throw new PKIException("05", PKIException.SIGN_DES, e);
            }
        } catch (Exception e2) {
            throw new PKIException(PKIException.TBSCERT_BYTES, PKIException.TBSCERT_BYTES_DES, e2);
        }
    }

    private byte[] constructCertificate() throws PKIException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(this.tbsCert);
        aSN1EncodableVector.add(this.sigAlg);
        aSN1EncodableVector.add(this.signature);
        DERSequence dERSequence = new DERSequence(aSN1EncodableVector);
        try {
            return Parser.writeDERObj2Bytes(dERSequence.getDERObject());
        } catch (Exception e) {
            throw new PKIException(PKIException.CERT_BYTES, PKIException.CERT_BYTES_DES, e);
        }
    }

    public static void main(String[] strArr) {
        X509CertGenerator x509CertGenerator = new X509CertGenerator();
        try {
            Security.addProvider(new BouncyCastleProvider());
            JSoftLib jSoftLib = new JSoftLib();
            Mechanism mechanism = new Mechanism(Mechanism.RSA);
            Vector vector = new Vector();
            x509CertGenerator.setIssuer("O=CFCA Operation CA2,C=CN");
            x509CertGenerator.setIssuerUniqueID("1234567890".getBytes());
            x509CertGenerator.setNotAfter(new Date(System.currentTimeMillis() + 86400000));
            x509CertGenerator.setNotBefore(new Date());
            JKeyPair generateKeyPair = jSoftLib.generateKeyPair(mechanism, 1024);
            x509CertGenerator.setPublicKey(generateKeyPair.getPublicKey());
            x509CertGenerator.setSerialNumber(new BigInteger("000000000000000000000001", 16));
            x509CertGenerator.setSignatureAlg("SHA1withRSAEncryption");
            x509CertGenerator.setSubject("CN=041@weizao@中国金融认证中心@00000003,OU=enterprises,OU=SGCC,O=CFCA Operation CA2,C=CN");
            x509CertGenerator.setSubjectUniqueID("1234567890".getBytes());
            KeyUsageExt keyUsageExt = new KeyUsageExt();
            keyUsageExt.setCritical(false);
            keyUsageExt.addKeyUsage(KeyUsageExt.DATA_ENCIPHERMENT);
            keyUsageExt.addKeyUsage(KeyUsageExt.DECIPHER_ONLY);
            vector.add(keyUsageExt);
            x509CertGenerator.setExtensions(vector);
            byte[] generateX509Cert = x509CertGenerator.generateX509Cert(generateKeyPair.getPrivateKey(), jSoftLib);
            FileOutputStream fileOutputStream = new FileOutputStream("C:/testCert.cer");
            fileOutputStream.write(generateX509Cert);
            fileOutputStream.flush();
            fileOutputStream.close();
            if (new X509Cert(generateX509Cert).verify(generateKeyPair.getPublicKey(), jSoftLib)) {
                System.out.println("证书验证通过");
            }
        } catch (Exception e) {
        }
    }
}
