package com.xdja.pki.ca.core.ca.util.gm.cert;

import com.xdja.pki.ca.core.ca.util.gm.BCECUtil;
import com.xdja.pki.ldap.CryptoTypeStr;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:WEB-INF/lib/ca-core-0.0.2-SNAPSHOT.jar:com/xdja/pki/ca/core/ca/util/gm/cert/SM2X509CertMaker.class */
public class SM2X509CertMaker {
    public static final String SIGN_ALGO_SM3WITHSM2 = "SM3withSM2";
    private long certExpire;
    private X500Name issuerDN;
    private CertSNAllocator snAllocator;
    private KeyPair issuerKeyPair;

    public static DistributionPoint genDistributionPointUrl(String str) {
        return new DistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(6, str))), (ReasonFlags) null, (GeneralNames) null);
    }

    public X509Certificate generateRootCert(PublicKey publicKey, PrivateKey privateKey, String str, Long l) throws Exception {
        X500Name x500Name = new X500Name("CN=sushi,O=XDJA,C=CN");
        BigInteger bigInteger = new BigInteger("1");
        Time time = new Time(new Date());
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, time, time, x500Name, new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.156.197.1.301")).getParameters()), publicKey.getEncoded()));
        KeyUsage keyUsage = new KeyUsage(2 + 4);
        x509v3CertificateBuilder.addExtension(Extension.cRLDistributionPoints, true, new CRLDistPoint(new DistributionPoint[]{genDistributionPointUrl("http://127.0.0.1/testCRL")}));
        x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        x509v3CertificateBuilder.addExtension(Extension.keyUsage, true, keyUsage);
        x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, true, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())));
        return new JcaX509CertificateConverter().setProvider(CryptoTypeStr.BC).getCertificate(x509v3CertificateBuilder.build(makeContentSignerBuilder(publicKey).build(privateKey)));
    }

    public SM2X509CertMaker(KeyPair keyPair, long j, X500Name x500Name, CertSNAllocator certSNAllocator) {
        this.issuerKeyPair = keyPair;
        this.certExpire = j;
        this.issuerDN = x500Name;
        this.snAllocator = certSNAllocator;
    }

    public X509Certificate makeCertificate(boolean z, KeyUsage keyUsage, byte[] bArr) throws Exception {
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(bArr);
        BCECPublicKey createPublicKeyFromSubjectPublicKeyInfo = BCECUtil.createPublicKeyFromSubjectPublicKeyInfo(pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        PrivateKey privateKey = this.issuerKeyPair.getPrivate();
        PublicKey publicKey = this.issuerKeyPair.getPublic();
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.issuerDN, this.snAllocator.incrementAndGet(), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + this.certExpire), pKCS10CertificationRequest.getSubject(), createPublicKeyFromSubjectPublicKeyInfo);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(createPublicKeyFromSubjectPublicKeyInfo.getEncoded())));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(z));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, keyUsage);
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(CryptoTypeStr.BC).getCertificate(jcaX509v3CertificateBuilder.build(makeContentSignerBuilder(publicKey).build(privateKey)));
        certificate.checkValidity(new Date());
        certificate.verify(publicKey);
        return certificate;
    }

    private JcaContentSignerBuilder makeContentSignerBuilder(PublicKey publicKey) throws Exception {
        if (!publicKey.getAlgorithm().equals(CertUtil.SM2_BC_NAME)) {
            throw new Exception("Unsupported PublicKey Algorithm:" + publicKey.getAlgorithm());
        }
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SM3withSM2");
        jcaContentSignerBuilder.setProvider(CryptoTypeStr.BC);
        return jcaContentSignerBuilder;
    }
}
