package com.xdja.pki.issue;

import com.xdja.pki.asn1.issue.TBSIssue;
import com.xdja.pki.ldap.X509Utils;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.Signature;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:WEB-INF/lib/ldap-manager-0.0.1-SNAPSHOT.jar:com/xdja/pki/issue/BasicPkixIssueBuilder.class */
public class BasicPkixIssueBuilder {
    protected KeyPair keyPair;
    protected X509Certificate certificate;

    public BasicPkixIssueBuilder(KeyPair keyPair, X509Certificate x509Certificate) {
        this.keyPair = keyPair;
        this.certificate = x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Signature getSignature(TBSIssue tBSIssue) throws Exception {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3);
        java.security.Signature signature = java.security.Signature.getInstance("SM3withSM2", BouncyCastleProvider.PROVIDER_NAME);
        signature.initSign(this.keyPair.getPrivate());
        signature.update(tBSIssue.getEncoded(ASN1Encoding.DER));
        signature.update(algorithmIdentifier.getEncoded(ASN1Encoding.DER));
        return new Signature(algorithmIdentifier, new DERBitString(signature.sign()), X509Utils.toSequence(new Certificate[]{X509Utils.convertCertificate(this.certificate)}));
    }
}
