package com.biuqu.encryption.converter;

import com.biuqu.encryption.exception.EncryptionException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/biuqu/encryption/converter/X509CertificateBuilder.class */
public final class X509CertificateBuilder {
    private static final String SM2_SIGNATURE_ALG = "SM3WithSM2";
    private static final String RSA_SIGNATURE_ALG = "SHA512WithRSA";
    private long startTime;
    private long expireTime;
    private String signatureAlg;
    private X500Name issuer;
    private X500Name subject;
    private final KeyPair keyPair;

    public static X509CertificateBuilder builder(KeyPair keyPair) {
        if (null == keyPair) {
            throw new EncryptionException("unknown key pair to certificate.");
        }
        return new X509CertificateBuilder(keyPair);
    }

    public X509CertificateBuilder appendStartTime(long j) {
        this.startTime = j;
        return this;
    }

    public X509CertificateBuilder appendExpireTime(long j) {
        this.expireTime = j;
        return this;
    }

    public X509CertificateBuilder appendSignature(String str) {
        this.signatureAlg = str;
        return this;
    }

    public X509CertificateBuilder appendIssuer(X500Name x500Name) {
        this.issuer = x500Name;
        return this;
    }

    public X509CertificateBuilder appendSubject(X500Name x500Name) {
        this.subject = x500Name;
        return this;
    }

    public X509Certificate build() {
        X509v3CertificateBuilder buildX509CertBuilder = buildX509CertBuilder();
        try {
            buildX509CertBuilder.addExtension(Extension.keyUsage, false, new X509KeyUsage(192));
            buildX509CertBuilder.addExtension(Extension.extendedKeyUsage, false, defaultKeyUsage());
            buildX509CertBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
            buildX509CertBuilder.addExtension(MiscObjectIdentifiers.netscapeCertType, false, new NetscapeCertType(128));
            return new JcaX509CertificateConverter().setProvider("BC").getCertificate(buildX509CertBuilder.build(new JcaContentSignerBuilder(this.signatureAlg).setProvider("BC").build(this.keyPair.getPrivate())));
        } catch (Exception e) {
            throw new EncryptionException(e.getMessage());
        }
    }

    private X509v3CertificateBuilder buildX509CertBuilder() {
        if (this.startTime <= 0) {
            this.startTime = System.currentTimeMillis();
        }
        if (this.expireTime <= this.startTime) {
            this.expireTime = this.startTime + TimeUnit.DAYS.toMillis(1L);
        }
        if (this.issuer == null) {
            this.issuer = defaultName();
        }
        if (null == this.subject) {
            this.subject = defaultName();
        }
        PublicKey publicKey = this.keyPair.getPublic();
        if (null == this.signatureAlg) {
            this.signatureAlg = RSA_SIGNATURE_ALG;
            if (publicKey instanceof ECPublicKey) {
                this.signatureAlg = SM2_SIGNATURE_ALG;
            }
        }
        Date date = new Date(this.startTime);
        Date date2 = new Date(this.expireTime);
        return new JcaX509v3CertificateBuilder(this.issuer, BigInteger.valueOf(1L), date, date2, this.subject, publicKey);
    }

    private DERSequence defaultKeyUsage() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_emailProtection);
        return new DERSequence(aSN1EncodableVector);
    }

    private X500Name defaultName() {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.C, "CN");
        x500NameBuilder.addRDN(BCStyle.O, "BiuQu");
        x500NameBuilder.addRDN(BCStyle.ST, "GD");
        x500NameBuilder.addRDN(BCStyle.L, "ShenZhen");
        return x500NameBuilder.build();
    }

    private X509CertificateBuilder(KeyPair keyPair) {
        if (null == keyPair) {
            throw new EncryptionException("unknown key pair to certificate.");
        }
        this.keyPair = keyPair;
    }
}
