package com.icbc.hsm.software.cert;

import com.icbc.bcpkix.org.bouncycastle.cert.X509CertificateHolder;
import com.icbc.bcpkix.org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import com.icbc.bcpkix.org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import com.icbc.bcprov.org.bouncycastle.asn1.x500.X500Name;
import com.icbc.bcprov.org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.icbc.bcprov.org.bouncycastle.util.io.pem.PemObject;
import com.icbc.bcprov.org.bouncycastle.util.io.pem.PemWriter;
import com.icbc.hsm.software.basic.HsmKeyParameter;
import com.icbc.hsm.software.parms.ClearKeyParameter;
import com.icbc.hsm.software.parms.icbc.IcbcAsymmetricKeyParameter;
import com.icbc.hsm.utils.AlgorithmConstants;
import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.util.Date;

/* loaded from: input_file:com/icbc/hsm/software/cert/CertificateBuilder.class */
public class CertificateBuilder {
    private BigInteger serial;
    private Date notBefore;
    private Date notAfter;
    private X500Name issuer = null;
    private X500Name subject = null;
    private HsmKeyParameter issuerPrivateKey = null;

    public CertificateBuilder() {
        this.serial = null;
        this.notBefore = null;
        this.notAfter = null;
        this.serial = BigInteger.valueOf(System.currentTimeMillis());
        this.notBefore = new Date(System.currentTimeMillis() - 50000);
        this.notAfter = new Date(System.currentTimeMillis() + 5000000000000L);
    }

    public void setIssuer(X500Name x500Name) {
        if (x500Name != null) {
            this.issuer = x500Name;
        }
    }

    public void setSubject(X500Name x500Name) {
        if (x500Name != null) {
            this.subject = x500Name;
        }
    }

    public void setSerial(BigInteger bigInteger) {
        if (bigInteger != null) {
            this.serial = bigInteger;
        }
    }

    public void setValidDate(Date date, Date date2) {
        if (date != null) {
            this.notBefore = date;
        }
        if (date2 != null) {
            this.notAfter = date2;
        }
    }

    public void setIssuerPrivateKey(HsmKeyParameter hsmKeyParameter) {
        if (hsmKeyParameter != null) {
            this.issuerPrivateKey = hsmKeyParameter;
        }
    }

    public String generateCertificate(HsmKeyParameter hsmKeyParameter) throws Exception {
        AsymmetricKeyParameter asymmetricKeyParameter = null;
        AsymmetricKeyParameter asymmetricKeyParameter2 = null;
        boolean z = false;
        if (hsmKeyParameter instanceof ClearKeyParameter) {
            try {
                asymmetricKeyParameter = (AsymmetricKeyParameter) ((ClearKeyParameter) hsmKeyParameter).getBCkey();
            } catch (Exception e) {
                e.printStackTrace();
                throw new Exception("subject PublicKey error!");
            }
        }
        if (this.issuerPrivateKey instanceof ClearKeyParameter) {
            try {
                asymmetricKeyParameter2 = (AsymmetricKeyParameter) ((ClearKeyParameter) this.issuerPrivateKey).getBCkey();
                if (AlgorithmConstants.SM2.equalsIgnoreCase(((ClearKeyParameter) this.issuerPrivateKey).getAlgorithm())) {
                    z = true;
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new Exception("issuer PrivateKey error!");
            }
        } else if (this.issuerPrivateKey instanceof IcbcAsymmetricKeyParameter) {
            try {
                asymmetricKeyParameter2 = (AsymmetricKeyParameter) this.issuerPrivateKey.getBCkey();
            } catch (Exception e3) {
                e3.printStackTrace();
                throw new Exception("issuer Private Key error!");
            }
        }
        X509CertificateHolder build = new BcX509v3CertificateBuilder(this.issuer, this.serial, this.notBefore, this.notAfter, this.subject, asymmetricKeyParameter).build((z ? new IcbcContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(AlgorithmConstants.SM3withSM2), new DefaultDigestAlgorithmIdentifierFinder().find(AlgorithmConstants.SM3)) : new BcRSAContentSignerBuilder(new DefaultSignatureAlgorithmIdentifierFinder().find(AlgorithmConstants.SHA256withRSA), new DefaultDigestAlgorithmIdentifierFinder().find("SHA256"))).build(asymmetricKeyParameter2));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
        try {
            pemWriter.writeObject(new PemObject("CERTIFICATE", build.getEncoded()));
            pemWriter.close();
            return byteArrayOutputStream.toString();
        } catch (Exception e4) {
            throw new CertificateEncodingException("can't encode certificate to PEM");
        }
    }
}
