package org.globus.gsi.bc;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.Random;
import java.util.TimeZone;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.globus.gsi.CertUtil;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.X509ExtensionSet;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
import org.globus.gsi.proxy.ext.ProxyPolicy;

/* loaded from: input_file:org/globus/gsi/bc/BouncyCastleCertProcessingFactory.class */
public class BouncyCastleCertProcessingFactory {
    private static BouncyCastleCertProcessingFactory factory;

    protected BouncyCastleCertProcessingFactory() {
    }

    public static synchronized BouncyCastleCertProcessingFactory getDefault() {
        if (factory == null) {
            factory = new BouncyCastleCertProcessingFactory();
        }
        return factory;
    }

    public X509Certificate createCertificate(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, int i2) throws IOException, GeneralSecurityException {
        return createCertificate(inputStream, x509Certificate, privateKey, i, i2, (X509ExtensionSet) null, (String) null);
    }

    public X509Certificate createCertificate(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, int i2, X509ExtensionSet x509ExtensionSet) throws IOException, GeneralSecurityException {
        return createCertificate(inputStream, x509Certificate, privateKey, i, i2, x509ExtensionSet, (String) null);
    }

    public X509Certificate createCertificate(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, int i2, X509ExtensionSet x509ExtensionSet, String str) throws IOException, GeneralSecurityException {
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(new DERInputStream(inputStream).readObject());
        if (pKCS10CertificationRequest.verify()) {
            return createProxyCertificate(x509Certificate, privateKey, pKCS10CertificationRequest.getPublicKey(), i, i2, x509ExtensionSet, str);
        }
        throw new GeneralSecurityException("Certificate request verification failed!");
    }

    public X509Certificate loadCertificate(InputStream inputStream) throws IOException, GeneralSecurityException {
        return new X509CertificateObject(new X509CertificateStructure(ASN1Sequence.getInstance(new DERInputStream(inputStream).readObject())));
    }

    public GlobusCredential createCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3) throws GeneralSecurityException {
        return createCredential(x509CertificateArr, privateKey, i, i2, i3, (X509ExtensionSet) null, (String) null);
    }

    public GlobusCredential createCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3, X509ExtensionSet x509ExtensionSet) throws GeneralSecurityException {
        return createCredential(x509CertificateArr, privateKey, i, i2, i3, x509ExtensionSet, (String) null);
    }

    public GlobusCredential createCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3, X509ExtensionSet x509ExtensionSet, String str) throws GeneralSecurityException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(i);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        X509Certificate createProxyCertificate = createProxyCertificate(x509CertificateArr[0], privateKey, genKeyPair.getPublic(), i2, i3, x509ExtensionSet, str);
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
        x509CertificateArr2[0] = createProxyCertificate;
        System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 1, x509CertificateArr.length);
        return new GlobusCredential(genKeyPair.getPrivate(), x509CertificateArr2);
    }

    public byte[] createCertificateRequest(String str, KeyPair keyPair) throws GeneralSecurityException {
        return createCertificateRequest(new X509Name(str), "MD5WithRSAEncryption", keyPair);
    }

    public byte[] createCertificateRequest(X509Certificate x509Certificate, KeyPair keyPair) throws GeneralSecurityException {
        return createCertificateRequest(new X509Name(new StringBuffer().append(x509Certificate.getSubjectDN().getName()).append(",CN=proxy").toString()), x509Certificate.getSigAlgName(), keyPair);
    }

    public byte[] createCertificateRequest(X509Name x509Name, String str, KeyPair keyPair) throws GeneralSecurityException {
        return new PKCS10CertificationRequest(str, x509Name, keyPair.getPublic(), (ASN1Set) null, keyPair.getPrivate()).getEncoded();
    }

    protected X509Certificate createProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, int i2, X509ExtensionSet x509ExtensionSet, String str) throws GeneralSecurityException {
        String str2;
        BigInteger serialNumber;
        X509Extension extension;
        ProxyPolicy proxyPolicy;
        if (i2 == 2) {
            int certificateType = BouncyCastleUtil.getCertificateType(x509Certificate);
            if (CertUtil.isGsi3Proxy(certificateType)) {
                i2 = 15;
            } else if (CertUtil.isGsi2Proxy(certificateType)) {
                i2 = 11;
            } else {
                i2 = CertUtil.isGsi3Enabled() ? 15 : 11;
            }
        } else if (i2 == 3) {
            int certificateType2 = BouncyCastleUtil.getCertificateType(x509Certificate);
            if (CertUtil.isGsi3Proxy(certificateType2)) {
                i2 = 14;
            } else if (CertUtil.isGsi2Proxy(certificateType2)) {
                i2 = 10;
            } else {
                i2 = CertUtil.isGsi3Enabled() ? 14 : 10;
            }
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        if (CertUtil.isGsi3Proxy(i2)) {
            Random random = new Random();
            str2 = String.valueOf(Math.abs(random.nextInt()));
            serialNumber = new BigInteger(20, random);
            org.globus.gsi.X509Extension x509Extension = x509ExtensionSet != null ? x509ExtensionSet.get(ProxyCertInfo.OID.getId()) : null;
            if (x509Extension == null) {
                if (i2 == 14) {
                    proxyPolicy = new ProxyPolicy(ProxyPolicy.IMPERSONATION);
                } else if (i2 == 13) {
                    proxyPolicy = new ProxyPolicy(ProxyPolicy.INDEPENDENT);
                } else {
                    if (i2 != 15) {
                        if (i2 == 12) {
                            throw new IllegalArgumentException("Restricted proxy requires ProxyCertInfo extension");
                        }
                        throw new IllegalArgumentException("Invalid proxyType");
                    }
                    proxyPolicy = new ProxyPolicy(ProxyPolicy.LIMITED);
                }
                x509Extension = new ProxyCertInfoExtension(new ProxyCertInfo(proxyPolicy));
            }
            try {
                x509V3CertificateGenerator.addExtension(x509Extension.getOid(), x509Extension.isCritical(), x509Extension.getValue());
                X509Extensions extensions = BouncyCastleUtil.getTBSCertificateStructure(x509Certificate).getExtensions();
                if (extensions != null && (extension = extensions.getExtension(X509Extensions.KeyUsage)) != null) {
                    if (x509ExtensionSet != null && x509ExtensionSet.get(X509Extensions.KeyUsage.getId()) != null) {
                        throw new GeneralSecurityException("KeyUsage extension present in X509ExtensionSet and in issuer certificate.");
                    }
                    DERBitString extensionObject = BouncyCastleUtil.getExtensionObject(extension);
                    byte[] bytes = extensionObject.getBytes();
                    if ((bytes[0] & 64) != 0) {
                        bytes[0] = (byte) (bytes[0] ^ 64);
                    }
                    if ((bytes[0] & 4) != 0) {
                        bytes[0] = (byte) (bytes[0] ^ 4);
                    }
                    x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, extension.isCritical(), new DERBitString(bytes, extensionObject.getPadBits()));
                }
            } catch (IOException e) {
                throw new GeneralSecurityException(e.getMessage());
            }
        } else if (i2 == 11) {
            str2 = "limited proxy";
            serialNumber = x509Certificate.getSerialNumber();
        } else {
            if (i2 != 10) {
                throw new IllegalArgumentException(new StringBuffer().append("Unsupported proxyType : ").append(i2).toString());
            }
            str2 = "proxy";
            serialNumber = x509Certificate.getSerialNumber();
        }
        if (x509ExtensionSet != null) {
            for (String str3 : x509ExtensionSet.oidSet()) {
                if (!str3.equals(ProxyCertInfo.OID.getId())) {
                    org.globus.gsi.X509Extension x509Extension2 = x509ExtensionSet.get(str3);
                    x509V3CertificateGenerator.addExtension(x509Extension2.getOid(), x509Extension2.isCritical(), x509Extension2.getValue());
                }
            }
        }
        X509Name subjectDN = x509Certificate.getSubjectDN();
        X509NameHelper x509NameHelper = new X509NameHelper(subjectDN);
        X509NameHelper x509NameHelper2 = new X509NameHelper(subjectDN);
        x509NameHelper2.add(X509Name.CN, str == null ? str2 : str);
        x509V3CertificateGenerator.setSubjectDN(x509NameHelper2.getAsName());
        x509V3CertificateGenerator.setIssuerDN(x509NameHelper.getAsName());
        x509V3CertificateGenerator.setSerialNumber(serialNumber);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -5);
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        if (i <= 0) {
            x509V3CertificateGenerator.setNotAfter(x509Certificate.getNotAfter());
        } else {
            gregorianCalendar.add(12, 5);
            gregorianCalendar.add(13, i);
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
        }
        return x509V3CertificateGenerator.generateX509Certificate(privateKey);
    }

    private X509ExtensionSet createExtensionSet(ProxyCertInfo proxyCertInfo) {
        X509ExtensionSet x509ExtensionSet = null;
        if (proxyCertInfo != null) {
            x509ExtensionSet = new X509ExtensionSet();
            x509ExtensionSet.add(new ProxyCertInfoExtension(proxyCertInfo));
        }
        return x509ExtensionSet;
    }

    protected X509Certificate createProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, int i2, ProxyCertInfo proxyCertInfo, String str) throws GeneralSecurityException {
        return createProxyCertificate(x509Certificate, privateKey, publicKey, i, i2, createExtensionSet(proxyCertInfo), str);
    }

    public GlobusCredential createCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3, ProxyCertInfo proxyCertInfo, String str) throws GeneralSecurityException {
        return createCredential(x509CertificateArr, privateKey, i, i2, i3, createExtensionSet(proxyCertInfo), str);
    }

    public GlobusCredential createCredential(X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, int i3, ProxyCertInfo proxyCertInfo) throws GeneralSecurityException {
        return createCredential(x509CertificateArr, privateKey, i, i2, i3, proxyCertInfo, (String) null);
    }

    public X509Certificate createCertificate(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, int i2, ProxyCertInfo proxyCertInfo, String str) throws IOException, GeneralSecurityException {
        return createCertificate(inputStream, x509Certificate, privateKey, i, i2, createExtensionSet(proxyCertInfo), str);
    }

    public X509Certificate createCertificate(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, int i2, ProxyCertInfo proxyCertInfo) throws IOException, GeneralSecurityException {
        return createCertificate(inputStream, x509Certificate, privateKey, i, i2, proxyCertInfo, (String) null);
    }
}
