package pl.assecods.tools.csr;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.assecods.tools.csr.constants.HashAlgorithmEnum;
import pl.assecods.tools.csr.constants.KeyAlgorithmEnum;
import pl.assecods.tools.csr.constants.SignatureAlgorithmEnum;
import pl.assecods.tools.utils.PemUtils;

/* loaded from: input_file:BOOT-INF/classes/pl/assecods/tools/csr/PKCS10CertificationRequestGenerator.class */
public class PKCS10CertificationRequestGenerator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PKCS10CertificationRequestGenerator.class);
    private static final String RSA_KEY_ALGORITHM_ALIAS = "RSA";
    private static final String EC_KEY_ALGORITHM_ALIAS = "ECDSA";
    private X509Name subjectName;
    private X509Extensions extensions;
    private CertificationRequest certificationRequest;
    private KeyPair keyPair;

    public PKCS10CertificationRequestGenerator(X509Name x509Name) {
        this(x509Name, null);
    }

    public PKCS10CertificationRequestGenerator(X509Name x509Name, X509Extensions x509Extensions) {
        if (x509Name == null) {
            throw new IllegalArgumentException("subjectName is null");
        }
        this.subjectName = x509Name;
        this.extensions = x509Extensions;
    }

    public void generate(KeyAlgorithmEnum keyAlgorithmEnum, int i, HashAlgorithmEnum hashAlgorithmEnum) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        String keyAlgorithmEnum2 = keyAlgorithmEnum == KeyAlgorithmEnum.EC ? EC_KEY_ALGORITHM_ALIAS : keyAlgorithmEnum.toString();
        String signatureAlgorithmEnum = getSignatureAlgorithm(keyAlgorithmEnum, hashAlgorithmEnum).toString();
        this.keyPair = generateKey(keyAlgorithmEnum2, i);
        this.certificationRequest = generateCsr(this.keyPair, this.subjectName, this.extensions, signatureAlgorithmEnum);
    }

    protected PKCS10CertificationRequest generateCsr(KeyPair keyPair, X509Name x509Name, X509Extensions x509Extensions, String str) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        DERSet dERSet = null;
        if (x509Extensions != null) {
            dERSet = new DERSet(new Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(x509Extensions)));
        }
        if (keyPair.getPublic() instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
            LOG.info("Generating CSR for: '{}' with algorithm: '{}' and key length: '{}'", x509Name, rSAPublicKey.getAlgorithm(), Integer.valueOf(rSAPublicKey.getModulus().bitLength()));
        } else if (keyPair.getPublic() instanceof JCEECPublicKey) {
            JCEECPublicKey jCEECPublicKey = (JCEECPublicKey) keyPair.getPublic();
            LOG.info("Generating CSR for: '{}' with algorithm: '{}' and key length: '{}'", x509Name, jCEECPublicKey.getAlgorithm(), Integer.valueOf(jCEECPublicKey.getParameters().getN().bitLength()));
        }
        return new PKCS10CertificationRequest(str, x509Name, keyPair.getPublic(), dERSet, keyPair.getPrivate());
    }

    protected KeyPair generateKey(String str, int i) throws NoSuchAlgorithmException {
        return getKeyPairGenerator(str, i).generateKeyPair();
    }

    private KeyPairGenerator getKeyPairGenerator(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i, SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM));
        return keyPairGenerator;
    }

    private SignatureAlgorithmEnum getSignatureAlgorithm(KeyAlgorithmEnum keyAlgorithmEnum, HashAlgorithmEnum hashAlgorithmEnum) {
        if (KeyAlgorithmEnum.RSA == keyAlgorithmEnum) {
            if (HashAlgorithmEnum.SHA1 == hashAlgorithmEnum) {
                return SignatureAlgorithmEnum.SHA1WITHRSA;
            }
            if (HashAlgorithmEnum.SHA256 == hashAlgorithmEnum) {
                return SignatureAlgorithmEnum.SHA256WITHRSA;
            }
        } else if (KeyAlgorithmEnum.EC == keyAlgorithmEnum) {
            if (HashAlgorithmEnum.SHA1 == hashAlgorithmEnum) {
                return SignatureAlgorithmEnum.SHA1WITHECDSA;
            }
            if (HashAlgorithmEnum.SHA256 == hashAlgorithmEnum) {
                return SignatureAlgorithmEnum.SHA256WITHECDSA;
            }
        }
        throw new IllegalArgumentException("Nieznany algorytm podpisu dla algorytmu klucza " + keyAlgorithmEnum + " i funkcji skrotu: " + hashAlgorithmEnum);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String csrToPem(CertificationRequest certificationRequest) throws IOException {
        return PemUtils.toPEM(certificationRequest);
    }

    public CertificationRequest getCertificationRequest() {
        return this.certificationRequest;
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }
}
