package org.xwiki.crypto.pkix.internal;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Calendar;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters;
import org.xwiki.crypto.pkix.CertificateGenerator;
import org.xwiki.crypto.pkix.CertifyingSigner;
import org.xwiki.crypto.pkix.params.CertificateParameters;
import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
import org.xwiki.crypto.pkix.params.PrincipalIndentifier;
import org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters;
import org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters;
import org.xwiki.crypto.signer.Signer;
import org.xwiki.crypto.signer.SignerFactory;

/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-pkix-10.0.jar:org/xwiki/crypto/pkix/internal/AbstractBcX509CertificateGenerator.class */
public abstract class AbstractBcX509CertificateGenerator implements CertificateGenerator {
    private final Signer signer;
    private final int validity;
    private final SignerFactory signerFactory;
    private final SecureRandom random;

    public AbstractBcX509CertificateGenerator(Signer signer, X509CertificateGenerationParameters x509CertificateGenerationParameters, SignerFactory signerFactory, SecureRandom secureRandom) {
        this.signer = signer;
        this.validity = x509CertificateGenerationParameters.getValidity();
        this.signerFactory = signerFactory;
        this.random = secureRandom;
    }

    protected abstract BcX509TBSCertificateBuilder getTBSCertificateBuilder();

    protected void extendsTBSCertificate(BcX509TBSCertificateBuilder bcX509TBSCertificateBuilder, CertifiedPublicKey certifiedPublicKey, PrincipalIndentifier principalIndentifier, PublicKeyParameters publicKeyParameters, X509CertificateParameters x509CertificateParameters) throws IOException {
    }

    public TBSCertificate buildTBSCertificate(PrincipalIndentifier principalIndentifier, PublicKeyParameters publicKeyParameters, X509CertificateParameters x509CertificateParameters) throws IOException {
        PrincipalIndentifier principalIndentifier2;
        CertifiedPublicKey certifiedPublicKey = null;
        if (this.signer instanceof CertifyingSigner) {
            certifiedPublicKey = ((CertifyingSigner) this.signer).getCertifier();
            principalIndentifier2 = certifiedPublicKey.getSubject();
        } else {
            principalIndentifier2 = principalIndentifier;
        }
        BcX509TBSCertificateBuilder tBSCertificateBuilder = getTBSCertificateBuilder();
        tBSCertificateBuilder.setSerialNumber(new BigInteger(128, this.random)).setIssuer(principalIndentifier2);
        addValidityDates(tBSCertificateBuilder);
        extendsTBSCertificate(tBSCertificateBuilder, certifiedPublicKey, principalIndentifier, publicKeyParameters, x509CertificateParameters);
        return tBSCertificateBuilder.setSubject(principalIndentifier).setSubjectPublicKeyInfo(publicKeyParameters).setSignature(this.signer).build();
    }

    @Override // org.xwiki.crypto.pkix.CertificateGenerator
    public CertifiedPublicKey generate(PrincipalIndentifier principalIndentifier, PublicKeyParameters publicKeyParameters, CertificateParameters certificateParameters) throws IOException, GeneralSecurityException {
        if (!(certificateParameters instanceof X509CertificateParameters)) {
            throw new IllegalArgumentException("Invalid parameters for X.509 certificate: " + certificateParameters.getClass().getName());
        }
        TBSCertificate buildTBSCertificate = buildTBSCertificate(principalIndentifier, publicKeyParameters, (X509CertificateParameters) certificateParameters);
        return new BcX509CertifiedPublicKey(BcUtils.getX509CertificateHolder(buildTBSCertificate, BcUtils.updateDEREncodedObject(this.signer, buildTBSCertificate).generate()), this.signerFactory);
    }

    private void addValidityDates(BcX509TBSCertificateBuilder bcX509TBSCertificateBuilder) {
        Calendar calendar = Calendar.getInstance();
        calendar.set(10, 0);
        calendar.set(12, 0);
        calendar.set(13, 0);
        bcX509TBSCertificateBuilder.setStartDate(calendar.getTime());
        calendar.add(5, this.validity);
        bcX509TBSCertificateBuilder.setEndDate(calendar.getTime());
    }
}
