package com.ibm.security.certclient.util;

import com.ibm.misc.Debug;
import com.ibm.security.certclient.base.PkCertConstants;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.certclient.base.PkNLSConstants;
import com.ibm.security.certclient.base.PkRejectionException;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcs9.PKCS9;
import com.ibm.security.pkcsutil.PKCSAttribute;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertAttrSet;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateIssuerName;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateSubjectName;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateVersion;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.Extension;
import com.ibm.security.x509.KeyUsageExtension;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.21.jar:com/ibm/security/certclient/util/Pk10CertFactory.class */
public final class Pk10CertFactory {
    private static Debug debug = Debug.getInstance("keycertmanage");
    private static final Object className = "com.ibm.security.certclient.Pk10CertFactory";

    /* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.21.jar:com/ibm/security/certclient/util/Pk10CertFactory$Pk10CertImpl.class */
    private static final class Pk10CertImpl implements Pk10Certificate, PkConstants {
        private static Debug debug = Debug.getInstance("keycertmanage");
        private static final Object className = "com.ibm.security.certclient.Pk10CertImpl";
        private X509Certificate newCert;
        private CertificationRequest cr;
        private PrivateKey signingKey;
        X500Name subjectName;
        X500Name issuerName;
        int version;
        BigInteger serial_number;
        private PublicKey publicKey;
        private int newCertValidityPeriod;
        Date notAfterDate;
        AlgorithmId algId;
        SubjectAlternativeNameExtension subjectAlternativeNameExtension = null;
        SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = null;
        KeyUsageExtension keyUsageExtension = null;
        ExtKeyUsageExtension extKeyUsageExtension = null;

        Pk10CertImpl(String str, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey, String str2) throws PkRejectionException {
            validate(date, i, x509Certificate, privateKey);
            this.cr = getCertificationRequest(str);
            this.newCert = buildX509Cert(this.cr, date, i, x509Certificate, privateKey, str2);
            if (debug != null) {
                System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  The generated certificate is: \n" + this.newCert.toString() + "\n");
            }
        }

        Pk10CertImpl(byte[] bArr, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey, String str) throws PkRejectionException {
            validate(date, i, x509Certificate, privateKey);
            this.cr = getCertificationRequest(bArr);
            this.newCert = buildX509Cert(this.cr, date, i, x509Certificate, privateKey, str);
            if (debug != null) {
                System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  The generated certificate is: \n" + this.newCert.toString() + "\n");
            }
        }

        @Deprecated
        Pk10CertImpl(String str, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
            validate(date, i, x509Certificate, privateKey);
            this.cr = getCertificationRequest(str);
            this.newCert = buildX509Cert(this.cr, date, i, x509Certificate, privateKey);
            if (debug != null) {
                System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  The generated certificate is: \n" + this.newCert.toString() + "\n");
            }
        }

        @Deprecated
        Pk10CertImpl(byte[] bArr, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
            validate(date, i, x509Certificate, privateKey);
            this.cr = getCertificationRequest(bArr);
            this.newCert = buildX509Cert(this.cr, date, i, x509Certificate, privateKey);
            if (debug != null) {
                System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  The generated certificate is: \n" + this.newCert.toString() + "\n");
            }
        }

        private CertificationRequest getCertificationRequest(byte[] bArr) throws PkRejectionException {
            if (bArr == null) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  Null PKCS10CertificateRequest received");
                }
                throw new PkRejectionException(PkNLSConstants.EE_INITIAL_CERT_REQUEST_MISSING);
            }
            try {
                CertificationRequest certificationRequest = new CertificationRequest(bArr);
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  The input PKCS10 certificate request is: \n" + certificationRequest.toString() + "\n");
                }
                return certificationRequest;
            } catch (IOException e) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  The following exception was thrown:");
                    System.out.println(e.toString());
                    e.printStackTrace();
                }
                throw new PkRejectionException(PkNLSConstants.FILE_IO_FAILED, e);
            }
        }

        private CertificationRequest getCertificationRequest(String str) throws PkRejectionException {
            if (str == null || str.length() <= 0) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  Null PKCS10CertificateRequest file name received");
                }
                throw new PkRejectionException(PkNLSConstants.EE_INITIAL_CERT_REQUEST_MISSING);
            }
            try {
                CertificationRequest certificationRequest = new CertificationRequest(str, true);
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  The input PKCS10 certificate request is: \n" + certificationRequest.toString() + "\n");
                }
                return certificationRequest;
            } catch (IOException e) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  The following exception was thrown:");
                    System.out.println(e.toString());
                    e.printStackTrace();
                }
                throw new PkRejectionException(PkNLSConstants.FILE_IO_FAILED, e);
            }
        }

        private void validate(Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
            this.signingKey = privateKey;
            if (this.signingKey == null) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  Null signingKey received");
                }
                throw new PkRejectionException(PkNLSConstants.EE_MISSING_PRIVATE_KEY);
            }
            if (x509Certificate == null) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  Null signingCert received");
                }
                throw new PkRejectionException("signingCert is null");
            }
            if (i <= 0) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(byte[], PrivateKey):  The validityPeriod argument is <= 0 days");
                }
                throw new PkRejectionException(PkNLSConstants.VALIDITY_PERIOD_NOT_ALLOWED);
            }
            if (date == null) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  Pk10CertImpl(String, PrivateKey):  The notBeforeDate is null.");
                }
                throw new PkRejectionException("notBeforeDate is null.");
            }
        }

        @Deprecated
        private X509CertImpl buildX509Cert(CertificationRequest certificationRequest, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
            if (debug != null) {
                System.out.println("\n\nPk10CertFactory.java:  buildX509Cert():  METHOD ENTRY");
            }
            return buildX509Cert(certificationRequest, date, i, x509Certificate, privateKey, privateKey instanceof RSAPrivateKey ? PkConstants.SHA1_WITH_RSA : PkConstants.SHA1_WITH_DSA);
        }

        private X509CertImpl buildX509Cert(CertificationRequest certificationRequest, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey, String str) throws PkRejectionException {
            if (debug != null) {
                System.out.println("\n\nPk10CertFactory.java:  buildX509Cert():  METHOD ENTRY");
            }
            X509CertInfo x509CertInfo = new X509CertInfo();
            CertificationRequestInfo certRequestInfo = certificationRequest.getCertRequestInfo();
            try {
                this.version = 2;
                x509CertInfo.set("version", new CertificateVersion(this.version));
                this.subjectName = certRequestInfo.getSubjectName();
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The subjectName taken from the CertificationRequest is:  " + this.subjectName);
                }
                x509CertInfo.set("subject", new CertificateSubjectName(this.subjectName));
                this.publicKey = certRequestInfo.getSubjectPublicKeyInfo();
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The PublicKey taken from the CertificationRequest is:  " + this.publicKey.toString());
                }
                x509CertInfo.set("key", new CertificateX509Key(this.publicKey));
                this.issuerName = new X500Name(x509Certificate.getSubjectDN().getName());
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The issuerName which will be used is:  " + this.issuerName);
                }
                x509CertInfo.set("issuer", new CertificateIssuerName(this.issuerName));
                this.notAfterDate = new Date();
                this.newCertValidityPeriod = i;
                this.notAfterDate.setTime(date.getTime() + (i * 24 * 60 * 60 * 1000));
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  notBeforeDate = " + date.toString());
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  notAfterDate  = " + this.notAfterDate.toString());
                }
                x509CertInfo.set("validity", new CertificateValidity(date, this.notAfterDate));
                this.serial_number = BigInteger.valueOf(System.nanoTime());
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The serial number which will be used is:  " + this.serial_number);
                }
                x509CertInfo.set("serialNumber", new CertificateSerialNumber(this.serial_number));
                try {
                    this.algId = AlgorithmId.get(str);
                    if (debug != null) {
                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  The name of the signing algorithmId which will be used is:  " + this.algId.getName());
                    }
                    x509CertInfo.set("algorithmID", new CertificateAlgorithmId(this.algId));
                    PKCSAttribute[] attributes = certRequestInfo.getAttributes().getAttributes();
                    if (debug != null) {
                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  Entering loop to process all PKCSAttributes within the CertificateRequestInfo.");
                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  The number of PKCSAttributes is:  " + attributes.length);
                    }
                    this.subjectAlternativeNameExtension = null;
                    this.subjectKeyIdentifierExtension = null;
                    this.keyUsageExtension = null;
                    this.extKeyUsageExtension = null;
                    for (int i2 = 0; i2 < attributes.length; i2++) {
                        if (debug != null) {
                            System.out.println("Pk10CertFactory.java:  buildX509Cert():  The next PKCSAttibute to be processed is:");
                            System.out.println(attributes[i2].toString() + "\n\n");
                        }
                        ObjectIdentifier attributeId = attributes[i2].getAttributeId();
                        if (debug != null) {
                            System.out.println("Pk10CertFactory.java:  buildX509Cert():  The OID of this PKCSAttribute above is:  " + attributeId.toString());
                        }
                        if (PKCS9.getName(attributeId) == PKCS9.EXTENSION_REQUEST_STR || attributeId.toString() == "1.2.840.113549.1.9.14") {
                            if (debug != null) {
                                System.out.println("Pk10CertFactory.java:  buildX509Cert():  The PKCSAttribute above is an 'ExtensionRequest'.");
                            }
                            Enumeration<Extension> elements = ((CertificateExtensions) attributes[i2].getAttributeValue()).getElements();
                            while (elements.hasMoreElements()) {
                                Object nextElement = elements.nextElement();
                                if (debug != null) {
                                    System.out.println("\n\nPk10CertFactory.java:  buildX509Cert():  The next object retrieved from the ExtensionRequest is:  ");
                                    System.out.println(nextElement.toString());
                                }
                                if (nextElement instanceof CertAttrSet) {
                                    String str2 = PkCertConstants.CERT_EXT + ((CertAttrSet) nextElement).getName();
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  This is an extension whose name is recognized.  Its name is:  " + str2);
                                    }
                                } else {
                                    ((Extension) nextElement).getExtensionId().toString();
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  This is an extension whose name isn't recognized.");
                                    }
                                }
                                if (nextElement instanceof SubjectAlternativeNameExtension) {
                                    this.subjectAlternativeNameExtension = (SubjectAlternativeNameExtension) nextElement;
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  It is a SubjectAlternativeNameExtension.");
                                    }
                                } else if (nextElement instanceof SubjectKeyIdentifierExtension) {
                                    this.subjectKeyIdentifierExtension = (SubjectKeyIdentifierExtension) nextElement;
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  It is a SubjectKeyIdentifierExtension.");
                                    }
                                } else if (nextElement instanceof KeyUsageExtension) {
                                    this.keyUsageExtension = (KeyUsageExtension) nextElement;
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  It is a KeyUsageExtension.");
                                    }
                                } else if (nextElement instanceof ExtKeyUsageExtension) {
                                    this.extKeyUsageExtension = (ExtKeyUsageExtension) nextElement;
                                    if (debug != null) {
                                        System.out.println("Pk10CertFactory.java:  buildX509Cert():  It is a ExtKeyUsageExtension.");
                                    }
                                } else if (debug != null) {
                                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The following extension lifted from the ExtensionRequest was not recognized or processed:");
                                    System.out.println(nextElement.toString());
                                }
                            }
                        }
                    }
                    CertificateExtensions certificateExtensions = new CertificateExtensions();
                    if (this.subjectAlternativeNameExtension != null) {
                        certificateExtensions.set("x509.info.extensions.SubjectAlternativeName", this.subjectAlternativeNameExtension);
                    }
                    if (this.subjectKeyIdentifierExtension != null) {
                        certificateExtensions.set("x509.info.extensions.SubjectKeyIdentifier", this.subjectKeyIdentifierExtension);
                    }
                    if (this.keyUsageExtension != null) {
                        certificateExtensions.set("x509.info.extensions.KeyUsage", this.keyUsageExtension);
                    }
                    if (this.extKeyUsageExtension != null) {
                        certificateExtensions.set("x509.info.extensions.ExtKeyUsage", this.extKeyUsageExtension);
                    }
                    x509CertInfo.set("extensions", certificateExtensions);
                    if (debug != null) {
                        System.out.println("\n\nPk10CertFactory.java:  buildX509Cert():  The X509CertInfo built from the CertificationRequest is:");
                        System.out.println(x509CertInfo.toString());
                    }
                    try {
                        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
                        try {
                            if (debug != null) {
                                System.out.println("\nPk10CertFactory.java:  buildX509Cert():  The signingKey is a  DSA key.");
                            }
                            x509CertImpl.sign(privateKey, str);
                            if (debug != null) {
                                System.out.println("\n\nPk10CertFactory.java:  buildX509Cert():  The signed X509CertImpl object being returned (after signing) is:");
                                System.out.println(x509CertImpl.toString());
                                System.out.println("Pk10CertFactory.java:  buildX509Cert():  METHOD EXIT \n\n");
                            }
                            return x509CertImpl;
                        } catch (Exception e) {
                            if (debug != null) {
                                System.out.println("Pk10CertFactory.java:  buildX509Cert():  Exception thrown while signing the X509CertImpl object.");
                                System.out.println("Pk10CertFactory.java:  buildX509Cert():  The exception is:  " + e.toString());
                            }
                            e.printStackTrace();
                            throw new PkRejectionException("Exception thrown while signing the X509CertImpl object.", e);
                        }
                    } catch (Exception e2) {
                        if (debug != null) {
                            System.out.println("Pk10CertFactory.java:  buildX509Cert():  Exception thrown while creating X509CertImpl object from the X509CertInfo object.");
                            System.out.println("Pk10CertFactory.java:  buildX509Cert():  The exception is:  " + e2.toString());
                        }
                        e2.printStackTrace();
                        throw new PkRejectionException("Exception thrown while creating the X509CertImpl object from the X509CertInfo object.", e2);
                    }
                } catch (NoSuchAlgorithmException e3) {
                    if (debug != null) {
                        System.out.println("Pk10CertFactory.java:  buildX509Cert(): unrecognized algorithm name for :" + str);
                    }
                    throw new PkRejectionException(PkNLSConstants.INCORRECT_SIGNATURE_ALGORITHM, e3);
                }
            } catch (Exception e4) {
                if (debug != null) {
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  Exception thrown while building X509CertInfo object.");
                    System.out.println("Pk10CertFactory.java:  buildX509Cert():  The exception is:  " + e4.toString());
                }
                e4.printStackTrace();
                throw new PkRejectionException(PkNLSConstants.INVALID_ATTRIBUTE, e4);
            }
        }

        @Override // com.ibm.security.certclient.util.Pk10Certificate
        public X509Certificate getCertificate() {
            return this.newCert;
        }

        @Override // com.ibm.security.certclient.util.Pk10Certificate
        public PublicKey getPublicKey() {
            return this.newCert.getPublicKey();
        }

        @Override // com.ibm.security.certclient.util.Pk10Certificate
        public String getSubjectName() {
            return this.newCert.getSubjectDN().getName();
        }

        @Override // com.ibm.security.certclient.util.Pk10Certificate
        public String getSigAlg() {
            return this.newCert.getSigAlgName();
        }

        @Override // com.ibm.security.certclient.util.Pk10Certificate
        public byte[] getSubjectKeyIdentifier() {
            return this.subjectKeyIdentifierExtension.getExtensionValue();
        }
    }

    private Pk10CertFactory() {
        throw new UnsupportedOperationException();
    }

    @Deprecated
    public static Pk10Certificate newCert(String str, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
        return new Pk10CertImpl(str, date, i, x509Certificate, privateKey);
    }

    @Deprecated
    public static Pk10Certificate newCert(byte[] bArr, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey) throws PkRejectionException {
        return new Pk10CertImpl(bArr, date, i, x509Certificate, privateKey);
    }

    public static Pk10Certificate newCert(String str, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey, String str2) throws PkRejectionException {
        return new Pk10CertImpl(str, date, i, x509Certificate, privateKey, str2);
    }

    public static Pk10Certificate newCert(byte[] bArr, Date date, int i, X509Certificate x509Certificate, PrivateKey privateKey, String str) throws PkRejectionException {
        return new Pk10CertImpl(bArr, date, i, x509Certificate, privateKey, str);
    }
}
