package com.baltimore.jpkiplus.x509;

import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.coders.DERCoder;
import com.baltimore.jcrypto.mpa.mpa_num;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jpkiplus.x509.extensions.AuthorityKeyIdentifier;
import com.baltimore.jpkiplus.x509.extensions.SubjectKeyIdentifier;
import com.baltimore.jpkiplus.x509.utils.TBSCertificate;
import com.baltimore.jpkiplus.x509.utils.Validity;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/x509/JCRYPTO_X509CertificateGenerator.class */
public class JCRYPTO_X509CertificateGenerator {
    private PrivateKey a;
    private Name b;
    private AlgorithmIdentifier c;
    private SecureRandom d;
    private String e;
    private boolean[] f;
    private SubjectKeyIdentifier g;
    private boolean h;

    public JCRYPTO_X509CertificateGenerator(PrivateKey privateKey, Name name) throws CertificateException, NoSuchAlgorithmException {
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = true;
        a(privateKey);
        this.b = name;
    }

    public JCRYPTO_X509CertificateGenerator(PrivateKey privateKey, Name name, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, SecureRandom secureRandom, boolean[] zArr) throws CertificateException, NoSuchAlgorithmException {
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = true;
        a(privateKey, aSN1ObjectIdentifier);
        this.b = name;
        this.e = str;
        this.d = secureRandom;
        setIssuerUniqueID(zArr);
    }

    public JCRYPTO_X509CertificateGenerator(PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException {
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = true;
        a(privateKey);
        JCRYPTO_X509Certificate cast = JCRYPTO_X509Certificate.cast(x509Certificate);
        this.b = new Name(cast.getSubjectDN());
        setIssuerUniqueID(cast.getSubjectUniqueID());
        if (cast.getSubjectKeyIdentifier() != null) {
            this.g = cast.getSubjectKeyIdentifier();
        }
    }

    public void setCheckSignature(boolean z) {
        this.h = z;
    }

    private void a(PrivateKey privateKey) throws NoSuchAlgorithmException {
        a(privateKey, OIDs.sha1);
    }

    private void a(PrivateKey privateKey, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws NoSuchAlgorithmException {
        this.a = privateKey;
        if (aSN1ObjectIdentifier == null) {
            this.c = AlgorithmIdentifier.getSignatureAlgorithmIdentifier(privateKey);
        } else {
            this.c = AlgorithmIdentifier.getSignatureAlgorithmIdentifier(privateKey, aSN1ObjectIdentifier);
        }
    }

    public void setIssuerUniqueID(boolean[] zArr) {
        if (zArr != null) {
            this.f = (boolean[]) zArr.clone();
        } else {
            this.f = null;
        }
    }

    public void setProvider(String str) {
        this.e = str;
    }

    public void setSecureRandom(SecureRandom secureRandom) {
        this.d = secureRandom;
    }

    public JCRYPTO_X509Certificate sign(JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest) throws CertificateException {
        return sign(jCRYPTO_X509CertRequest, null, null, null, true, null);
    }

    public JCRYPTO_X509Certificate sign(JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest, Validity validity) throws CertificateException {
        return sign(jCRYPTO_X509CertRequest, null, validity, null, true, null);
    }

    public JCRYPTO_X509Certificate sign(JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest, Validity validity, JCRYPTO_X509Extensions jCRYPTO_X509Extensions) throws CertificateException {
        return sign(jCRYPTO_X509CertRequest, null, validity, jCRYPTO_X509Extensions, true, null);
    }

    public JCRYPTO_X509Certificate sign(JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest, BigInteger bigInteger, Validity validity, JCRYPTO_X509Extensions jCRYPTO_X509Extensions, boolean z, boolean[] zArr) throws CertificateException {
        try {
            JCRYPTO_X509Extensions jCRYPTO_X509Extensions2 = null;
            if (this.h && jCRYPTO_X509CertRequest.isSigned()) {
                try {
                    if (!jCRYPTO_X509CertRequest.verify()) {
                        throw new CertificateException("The PKCS #10 certificate request does not verify.");
                    }
                } catch (CertificateException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new CertificateException(new StringBuffer("Problem with certificate request ").append(e2.getMessage()).toString());
                }
            }
            mpa_num mpa_numVar = bigInteger == null ? new mpa_num(Utils.toBytes(System.currentTimeMillis())) : mpa_num.convertTompa_num(bigInteger);
            Validity validity2 = validity == null ? new Validity(1) : validity;
            JCRYPTO_X509Extensions jCRYPTO_X509Extensions3 = null;
            if (z) {
                jCRYPTO_X509Extensions3 = jCRYPTO_X509CertRequest.getExtensions();
            }
            if (jCRYPTO_X509Extensions != null || jCRYPTO_X509Extensions3 != null || this.g != null) {
                jCRYPTO_X509Extensions2 = new JCRYPTO_X509Extensions();
            }
            if (jCRYPTO_X509Extensions != null) {
                jCRYPTO_X509Extensions2.addExtensions(jCRYPTO_X509Extensions);
            }
            if (jCRYPTO_X509Extensions3 != null) {
                jCRYPTO_X509Extensions2.addExtensions(jCRYPTO_X509Extensions3);
            }
            if (this.g != null) {
                jCRYPTO_X509Extensions2.addExtension(new AuthorityKeyIdentifier(this.g));
            }
            TBSCertificate tBSCertificate = new TBSCertificate(0, mpa_numVar, this.c, this.b, validity2, jCRYPTO_X509CertRequest.getName(), jCRYPTO_X509CertRequest.getSubjectPublicKeyInfo(), this.f, zArr, jCRYPTO_X509Extensions2);
            String stringFromOID = OIDs.getStringFromOID(this.c.getAlgorithm());
            if (stringFromOID == null) {
                throw new CertificateException("JCRYPTO_X509Certificate::sign(PrivateKey) - The Signature Algorithm is not one of the available signature algorithms.");
            }
            Signature signature = this.e == null ? Signature.getInstance(stringFromOID) : Signature.getInstance(stringFromOID, this.e);
            if (this.d == null) {
                signature.initSign(this.a);
            } else {
                signature.initSign(this.a, this.d);
            }
            signature.update(DERCoder.encode(tBSCertificate));
            return new JCRYPTO_X509Certificate(tBSCertificate, this.c, signature.sign());
        } catch (Exception e3) {
            throw new CertificateException(e3.getMessage());
        }
    }
}
