package com.foilen.smalltools.crypt.cert;

import com.foilen.smalltools.crypt.asymmetric.AsymmetricKeys;
import com.foilen.smalltools.crypt.asymmetric.RSACrypt;
import com.foilen.smalltools.crypt.asymmetric.RSAKeyDetails;
import com.foilen.smalltools.exception.SmallToolsException;
import com.foilen.smalltools.hash.HashSha1;
import com.foilen.smalltools.tools.AssertTools;
import com.foilen.smalltools.tools.CloseableTools;
import com.foilen.smalltools.tools.DateTools;
import com.foilen.smalltools.tools.FileTools;
import java.io.ByteArrayOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.io.Writer;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import javax.security.cert.X509Certificate;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.x500.AttributeTypeAndValue;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openssl.MiscPEMGenerator;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemReader;
import org.spongycastle.util.io.pem.PemWriter;

/* loaded from: input_file:com/foilen/smalltools/crypt/cert/RSACertificate.class */
public class RSACertificate {
    private static String OID_COMMON_NAME;
    private static RSACrypt rsaCrypt;
    private X509CertificateHolder certificateHolder;
    private AsymmetricKeys keysForSigning;

    public static RSACertificate loadPemFromFile(String str) {
        return loadPemFromString(FileTools.getFileAsString(str));
    }

    public static RSACertificate loadPemFromString(String str) {
        RSACertificate rSACertificate = new RSACertificate();
        PemReader pemReader = null;
        try {
            try {
                rSACertificate.keysForSigning = rsaCrypt.loadKeysPemFromString(str);
                pemReader = new PemReader(new StringReader(str));
                while (true) {
                    PemObject readPemObject = pemReader.readPemObject();
                    if (readPemObject == null) {
                        CloseableTools.close(pemReader);
                        return rSACertificate;
                    }
                    if ("CERTIFICATE".equals(readPemObject.getType())) {
                        rSACertificate.certificateHolder = new X509CertificateHolder(readPemObject.getContent());
                    }
                }
            } catch (Exception e) {
                throw new SmallToolsException("Problem loading the certificate", e);
            }
        } catch (Throwable th) {
            CloseableTools.close(pemReader);
            throw th;
        }
    }

    public RSACertificate() {
    }

    public RSACertificate(AsymmetricKeys asymmetricKeys) {
        this.keysForSigning = asymmetricKeys;
    }

    public RSACertificate(X509Certificate x509Certificate) {
        try {
            this.certificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new SmallToolsException("Problem setting the certificate", e);
        }
    }

    public RSACertificate(java.security.cert.X509Certificate x509Certificate) {
        try {
            this.certificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new SmallToolsException("Problem setting the certificate", e);
        }
    }

    public RSACertificate(X509CertificateHolder x509CertificateHolder) {
        this.certificateHolder = x509CertificateHolder;
    }

    public RSACertificate(X509CertificateHolder x509CertificateHolder, AsymmetricKeys asymmetricKeys) {
        this.certificateHolder = x509CertificateHolder;
        this.keysForSigning = asymmetricKeys;
    }

    public java.security.cert.X509Certificate getCertificate() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        try {
            return new JcaX509CertificateConverter().getCertificate(this.certificateHolder);
        } catch (CertificateException e) {
            throw new SmallToolsException("Could not convert the certificate", e);
        }
    }

    public X509CertificateHolder getCertificateHolder() {
        return this.certificateHolder;
    }

    public String getCommonName() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        for (RDN rdn : this.certificateHolder.getSubject().getRDNs()) {
            AttributeTypeAndValue first = rdn.getFirst();
            if (OID_COMMON_NAME.equals(first.getType().toString())) {
                return first.getValue().toString();
            }
        }
        return null;
    }

    public Set<String> getCommonNames() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        X500Name subject = this.certificateHolder.getSubject();
        HashSet hashSet = new HashSet();
        for (RDN rdn : subject.getRDNs()) {
            ASN1Set aSN1Primitive = rdn.toASN1Primitive();
            if (aSN1Primitive instanceof ASN1Set) {
                ASN1Set aSN1Set = aSN1Primitive;
                for (int i = 0; i < aSN1Set.size(); i++) {
                    AttributeTypeAndValue attributeTypeAndValue = AttributeTypeAndValue.getInstance(aSN1Set.getObjectAt(i));
                    if (OID_COMMON_NAME.equals(attributeTypeAndValue.getType().toString())) {
                        hashSet.add(attributeTypeAndValue.getValue().toString());
                    }
                }
            }
        }
        return hashSet;
    }

    public Date getEndDate() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        return this.certificateHolder.getNotAfter();
    }

    public AsymmetricKeys getKeysForSigning() {
        if (this.certificateHolder != null) {
            if (this.keysForSigning == null) {
                this.keysForSigning = new AsymmetricKeys();
            }
            if (this.keysForSigning.getPublicKey() == null) {
                RSAPublicKey rSAPublicKey = (RSAPublicKey) getCertificate().getPublicKey();
                this.keysForSigning.setPublicKey(new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            }
        }
        return this.keysForSigning;
    }

    public Date getStartDate() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        return this.certificateHolder.getNotBefore();
    }

    public String getThumbprint() {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        try {
            return HashSha1.hashBytes(this.certificateHolder.getEncoded());
        } catch (IOException e) {
            throw new SmallToolsException("Problem getting the thumbprint", e);
        }
    }

    public boolean isValidDate() {
        return isValidDate(new Date());
    }

    public boolean isValidDate(Date date) {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        return DateTools.isAfter(date, this.certificateHolder.getNotBefore()) && DateTools.isBefore(date, this.certificateHolder.getNotAfter());
    }

    public boolean isValidSignature(AsymmetricKeyParameter asymmetricKeyParameter) {
        try {
            return this.certificateHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(asymmetricKeyParameter));
        } catch (Exception e) {
            throw new SmallToolsException("Problem validating the certificate", e);
        }
    }

    public boolean isValidSignature(AsymmetricKeys asymmetricKeys) {
        try {
            return this.certificateHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(asymmetricKeys.getPublicKey()));
        } catch (Exception e) {
            throw new SmallToolsException("Problem validating the certificate", e);
        }
    }

    public boolean isValidSignature(RSACertificate rSACertificate) {
        try {
            return this.certificateHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(rSACertificate.certificateHolder));
        } catch (Exception e) {
            throw new SmallToolsException("Problem validating the certificate", e);
        }
    }

    public void saveCertificatePem(String str) {
        try {
            saveCertificatePem(new FileWriter(str));
        } catch (IOException e) {
            throw new SmallToolsException("Could not save cert", e);
        }
    }

    public void saveCertificatePem(Writer writer) {
        AssertTools.assertNotNull(this.certificateHolder, "The certificate is not set");
        PemWriter pemWriter = null;
        try {
            try {
                pemWriter = new PemWriter(writer);
                pemWriter.writeObject(new MiscPEMGenerator(this.certificateHolder));
                CloseableTools.close(pemWriter);
            } catch (Exception e) {
                throw new SmallToolsException("Could not save cert", e);
            }
        } catch (Throwable th) {
            CloseableTools.close(pemWriter);
            throw th;
        }
    }

    public String saveCertificatePemAsString() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        saveCertificatePem(new OutputStreamWriter(byteArrayOutputStream));
        return byteArrayOutputStream.toString();
    }

    public RSACertificate selfSign(CertificateDetails certificateDetails) {
        AssertTools.assertNotNull(this.keysForSigning, "The keysForSigning is not set");
        AssertTools.assertNull(this.certificateHolder, "The certificate already exists");
        try {
            RSAKeyDetails retrieveKeyDetails = rsaCrypt.retrieveKeyDetails(this.keysForSigning);
            PrivateKey jcaPrivateKey = retrieveKeyDetails.getJcaPrivateKey();
            PublicKey jcaPublicKey = retrieveKeyDetails.getJcaPublicKey();
            ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").setProvider("SC").build(jcaPrivateKey);
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(jcaPublicKey.getEncoded());
            Date startDate = certificateDetails.getStartDate();
            Date endDate = certificateDetails.getEndDate();
            BigInteger serial = certificateDetails.getSerial();
            X500Name x500Name = new X500Name("CN=" + certificateDetails.getCommonName());
            this.certificateHolder = new X509v3CertificateBuilder(x500Name, serial, startDate, endDate, x500Name, subjectPublicKeyInfo).build(build);
            return this;
        } catch (Exception e) {
            throw new SmallToolsException("Problem signing the key", e);
        }
    }

    public RSACertificate setCertificateHolder(X509CertificateHolder x509CertificateHolder) {
        this.certificateHolder = x509CertificateHolder;
        return this;
    }

    public RSACertificate setKeysForSigning(AsymmetricKeys asymmetricKeys) {
        this.keysForSigning = asymmetricKeys;
        return this;
    }

    public RSACertificate signPublicKey(AsymmetricKeys asymmetricKeys, CertificateDetails certificateDetails) {
        try {
            PrivateKey jcaPrivateKey = rsaCrypt.retrieveKeyDetails(this.keysForSigning).getJcaPrivateKey();
            PublicKey jcaPublicKey = rsaCrypt.retrieveKeyDetails(asymmetricKeys).getJcaPublicKey();
            ContentSigner build = new JcaContentSignerBuilder("SHA256withRSA").setProvider("SC").build(jcaPrivateKey);
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(jcaPublicKey.getEncoded());
            return new RSACertificate(new X509v3CertificateBuilder(new X500Name("CN=" + getCommonName()), certificateDetails.getSerial(), certificateDetails.getStartDate(), certificateDetails.getEndDate(), new X500Name("CN=" + certificateDetails.getCommonName()), subjectPublicKeyInfo).build(build), asymmetricKeys);
        } catch (Exception e) {
            throw new SmallToolsException("Problem signing the key", e);
        }
    }

    static {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        if (Security.getProvider(bouncyCastleProvider.getName()) == null) {
            Security.addProvider(bouncyCastleProvider);
        }
        OID_COMMON_NAME = "2.5.4.3";
        rsaCrypt = new RSACrypt();
    }
}
