package com.pcbsys.foundation.drivers.jdk.ibm;

import com.ibm.security.util.DerOutputStream;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateVersion;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.DNSName;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.GeneralNamesException;
import com.ibm.security.x509.IPAddressName;
import com.ibm.security.x509.IssuerAlternativeNameExtension;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import com.pcbsys.foundation.drivers.jdk.fAbstractCertGenerator;
import com.pcbsys.foundation.utils.fSystemConfiguration;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:com/pcbsys/foundation/drivers/jdk/ibm/fCertGeneratorImpl.class */
public class fCertGeneratorImpl extends fAbstractCertGenerator {
    private CertificateExtensions myCertExtensions = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/pcbsys/foundation/drivers/jdk/ibm/fCertGeneratorImpl$CustomX500Signer.class */
    public static final class CustomX500Signer {
        private transient Signature mySignature;
        private transient X500Name mySigningAgent;
        private AlgorithmId myAlgorithmID;

        public void update(byte[] bArr, int i, int i2) throws SignatureException {
            this.mySignature.update(bArr, i, i2);
        }

        public byte[] sign() throws SignatureException {
            return this.mySignature.sign();
        }

        public AlgorithmId getAlgorithmId() {
            return this.myAlgorithmID;
        }

        public X500Name getSigner() {
            return this.mySigningAgent;
        }

        CustomX500Signer(Signature signature, X500Name x500Name) {
            if (signature == null || x500Name == null) {
                throw new IllegalArgumentException("NULL parameters are not allowed!");
            }
            this.mySignature = signature;
            this.mySigningAgent = x500Name;
            try {
                this.myAlgorithmID = AlgorithmId.get(signature.getAlgorithm());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("An internal signing error occurred: " + e.getMessage());
            }
        }
    }

    @Override // com.pcbsys.foundation.drivers.jdk.fCertGenerator
    public X509Certificate getSelfCertificate(String str, String str2, String str3, String str4, String str5, String str6, long j) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException, IOException {
        if (str == null) {
            throw new RuntimeException("Empty CN specified");
        }
        String[] split = str.split(",");
        if (split.length > 1) {
            this.myCertExtensions = new CertificateExtensions();
            GeneralNames generalNames = new GeneralNames();
            for (String str7 : split) {
                if (!str7.equals(split[0])) {
                    try {
                        generalNames.add(createGeneralName(str7));
                    } catch (Exception e) {
                        throw new CertificateExpiredException(e.getMessage());
                    }
                }
            }
            try {
                DerOutputStream derOutputStream = new DerOutputStream();
                generalNames.encode(derOutputStream);
                if (this.isSAN) {
                    this.myCertExtensions.set("SubjectAlternativeName", new SubjectAlternativeNameExtension(Boolean.valueOf(this.isCritical), derOutputStream.toByteArray()));
                } else {
                    this.myCertExtensions.set("IssuerAlternativeName", new IssuerAlternativeNameExtension(Boolean.valueOf(this.isCritical), derOutputStream.toByteArray()));
                }
            } catch (GeneralNamesException e2) {
                e2.printStackTrace();
                throw new CertificateException((Throwable) e2);
            }
        }
        return getSelfCertificate(new X500Name(split[0], str2, str3, str4, str5, str6), j);
    }

    private GeneralName createGeneralName(String str) throws Exception {
        return new GeneralName(isIPAddress(str) ? new IPAddressName(str) : new DNSName(str));
    }

    X509Certificate getSelfCertificate(X500Name x500Name, Date date, long j) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            CustomX500Signer customSigner = getCustomSigner(x500Name);
            Date date2 = new Date();
            date2.setTime(date.getTime() + (j * 1000));
            CertificateValidity certificateValidity = new CertificateValidity(date, date2);
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set("version", new CertificateVersion(2));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (date.getTime() / 1000)));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(customSigner.getAlgorithmId()));
            x509CertInfo.set("subject", x500Name);
            x509CertInfo.set("key", new CertificateX509Key(this.myPublicKey));
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("issuer", customSigner.getSigner());
            if (fSystemConfiguration.getProperty("sun.security.internal.keytool.skid") != null) {
                if (this.myCertExtensions == null) {
                    this.myCertExtensions = new CertificateExtensions();
                }
                this.myCertExtensions.set("SubjectKeyIdentifier", new SubjectKeyIdentifierExtension(new KeyIdentifier(this.myPublicKey.getEncoded()).getIdentifier()));
                x509CertInfo.set("extensions", this.myCertExtensions);
            } else if (this.myCertExtensions != null) {
                x509CertInfo.set("extensions", this.myCertExtensions);
            }
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(this.myPrivateKey, this.mySignatureAlgorithm);
            return x509CertImpl;
        } catch (IOException e) {
            throw new CertificateEncodingException("getSelfCertificate Error: " + e.getMessage());
        }
    }

    X509Certificate getSelfCertificate(X500Name x500Name, long j) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        return getSelfCertificate(x500Name, new Date(), j);
    }

    private CustomX500Signer getCustomSigner(X500Name x500Name) throws InvalidKeyException, NoSuchAlgorithmException {
        Signature signature = Signature.getInstance(this.mySignatureAlgorithm);
        signature.initSign(this.myPrivateKey);
        return new CustomX500Signer(signature, x500Name);
    }
}
