package gurux.dlms.asn;

import gurux.dlms.GXByteBuffer;
import gurux.dlms.asn.enums.HashAlgorithm;
import gurux.dlms.asn.enums.KeyUsage;
import gurux.dlms.asn.enums.X509Certificate;
import gurux.dlms.internal.GXCommon;
import gurux.dlms.objects.GXDLMSSecuritySetup;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:gurux/dlms/asn/GXx509Certificate.class */
public class GXx509Certificate {
    private byte[] subjectKeyIdentifier;
    private byte[] authorityKeyIdentifier;
    private boolean basicConstraints;
    private HashAlgorithm signatureAlgorithm;
    private Object signatureParameters;
    private PublicKey publicKey;
    private HashAlgorithm algorithm;
    private Object parameters;
    private byte[] signature;
    private String subject;
    private String issuer;
    private GXAsn1Integer serialNumber;
    private CertificateVersion version;
    private Date validFrom;
    private Date validTo;
    private Set<KeyUsage> keyUsage;

    public GXx509Certificate() {
        this.keyUsage = new HashSet();
        this.version = CertificateVersion.V3;
    }

    public GXx509Certificate(String str) {
        this.keyUsage = new HashSet();
        init(GXCommon.fromBase64(str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").trim()));
    }

    static String getAlgorithm(String str) {
        if (str.endsWith("RSA")) {
            return "RSA";
        }
        if (str.endsWith("ECDSA")) {
            return "EC";
        }
        throw new IllegalStateException("Unknown algorithm:" + str);
    }

    private void init(byte[] bArr) {
        GXAsn1Sequence gXAsn1Sequence = (GXAsn1Sequence) GXAsn1Converter.fromByteArray(bArr);
        if (gXAsn1Sequence.size() != 3) {
            throw new IllegalArgumentException("Wrong number of elements in sequence.");
        }
        GXAsn1Sequence gXAsn1Sequence2 = (GXAsn1Sequence) gXAsn1Sequence.get(0);
        this.version = CertificateVersion.forValue(((Number) ((GXAsn1Context) gXAsn1Sequence2.get(0)).get(0)).byteValue());
        this.serialNumber = (GXAsn1Integer) gXAsn1Sequence2.get(1);
        this.algorithm = HashAlgorithm.forValue(((GXAsn1Sequence) gXAsn1Sequence2.get(2)).get(0).toString());
        if (((GXAsn1Sequence) gXAsn1Sequence2.get(2)).size() > 1) {
            this.parameters = ((GXAsn1Sequence) gXAsn1Sequence2.get(2)).get(1);
        }
        this.issuer = GXAsn1Converter.getSubject((GXAsn1Sequence) gXAsn1Sequence2.get(3));
        this.validFrom = (Date) ((GXAsn1Sequence) gXAsn1Sequence2.get(4)).get(0);
        this.validTo = (Date) ((GXAsn1Sequence) gXAsn1Sequence2.get(4)).get(1);
        this.subject = GXAsn1Converter.getSubject((GXAsn1Sequence) gXAsn1Sequence2.get(5));
        GXAsn1Sequence gXAsn1Sequence3 = (GXAsn1Sequence) gXAsn1Sequence2.get(6);
        if (gXAsn1Sequence2.size() > 7) {
            Iterator<Object> it = ((GXAsn1Sequence) ((GXAsn1Context) gXAsn1Sequence2.get(7)).get(0)).iterator();
            while (it.hasNext()) {
                GXAsn1Sequence gXAsn1Sequence4 = (GXAsn1Sequence) it.next();
                GXAsn1ObjectIdentifier gXAsn1ObjectIdentifier = (GXAsn1ObjectIdentifier) gXAsn1Sequence4.get(0);
                Object obj = gXAsn1Sequence4.get(1);
                X509Certificate forValue = X509Certificate.forValue(gXAsn1ObjectIdentifier.toString());
                switch (forValue) {
                    case SUBJECT_KEY_IDENTIFIER:
                        this.subjectKeyIdentifier = (byte[]) obj;
                        break;
                    case AUTHORITY_KEY_IDENTIFIER:
                        this.authorityKeyIdentifier = (byte[]) ((GXAsn1Sequence) obj).get(0);
                        break;
                    case KEY_USAGE:
                        if (obj instanceof GXAsn1BitString) {
                            this.keyUsage = KeyUsage.forValue(((GXAsn1BitString) obj).getValue()[0] & 255);
                            break;
                        } else {
                            if (!(obj instanceof Boolean)) {
                                throw new IllegalStateException("Invalid key usage.");
                            }
                            this.keyUsage = KeyUsage.forValue(((GXAsn1BitString) gXAsn1Sequence4.get(2)).getValue()[0] & 255);
                            break;
                        }
                    default:
                        System.out.println("Unknown extensions: " + forValue.toString());
                        break;
                }
            }
        }
        try {
            try {
                this.publicKey = KeyFactory.getInstance(getAlgorithm(this.algorithm.toString())).generatePublic(new X509EncodedKeySpec(GXAsn1Converter.toByteArray(gXAsn1Sequence3)));
                this.signatureAlgorithm = HashAlgorithm.forValue(((GXAsn1Sequence) gXAsn1Sequence.get(1)).get(0).toString());
                if (((GXAsn1Sequence) gXAsn1Sequence.get(1)).size() > 1) {
                    this.signatureParameters = ((GXAsn1Sequence) gXAsn1Sequence.get(1)).get(1);
                }
                this.signature = ((GXAsn1BitString) gXAsn1Sequence.get(2)).getValue();
            } catch (InvalidKeySpecException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(this.algorithm.name().substring(0, 2) + "key factory not present in runtime");
        }
    }

    public GXx509Certificate(byte[] bArr) {
        this.keyUsage = new HashSet();
        init(bArr);
    }

    public final String getSubject() {
        return this.subject;
    }

    public final void setSubject(String str) {
        this.subject = str;
    }

    public final String getIssuer() {
        return this.issuer;
    }

    public final void setIssuer(String str) {
        this.issuer = str;
    }

    public final GXAsn1Integer getSerialNumber() {
        return this.serialNumber;
    }

    public final void setSerialNumber(GXAsn1Integer gXAsn1Integer) {
        this.serialNumber = gXAsn1Integer;
    }

    public final CertificateVersion getVersion() {
        return this.version;
    }

    public final void setVersion(CertificateVersion certificateVersion) {
        this.version = certificateVersion;
    }

    public final Date getValidFrom() {
        return this.validFrom;
    }

    public final void setValidFrom(Date date) {
        this.validFrom = date;
    }

    public final Date getValidTo() {
        return this.validTo;
    }

    public final void setValidTo(Date date) {
        this.validTo = date;
    }

    public final HashAlgorithm getAlgorithm() {
        return this.algorithm;
    }

    public final void setAlgorithm(HashAlgorithm hashAlgorithm) {
        this.algorithm = hashAlgorithm;
    }

    public final Object getParameters() {
        return this.parameters;
    }

    public final void setParameters(Object obj) {
        this.parameters = obj;
    }

    public final PublicKey getPublicKey() {
        return this.publicKey;
    }

    public final void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public final byte[] getSignature() {
        return this.signature;
    }

    public final void setSignature(byte[] bArr) {
        this.signature = bArr;
    }

    private Object[] getdata() {
        Object[] objArr;
        GXAsn1ObjectIdentifier gXAsn1ObjectIdentifier = new GXAsn1ObjectIdentifier(this.algorithm.getValue());
        GXAsn1Context gXAsn1Context = new GXAsn1Context();
        gXAsn1Context.add(Byte.valueOf(this.version.getValue()));
        Object fromByteArray = GXAsn1Converter.fromByteArray(this.publicKey.getEncoded());
        GXAsn1Sequence gXAsn1Sequence = new GXAsn1Sequence();
        if (this.subjectKeyIdentifier != null) {
            GXAsn1Sequence gXAsn1Sequence2 = new GXAsn1Sequence();
            gXAsn1Sequence2.add(new GXAsn1ObjectIdentifier(X509Certificate.SUBJECT_KEY_IDENTIFIER.getValue()));
            GXByteBuffer gXByteBuffer = new GXByteBuffer();
            gXByteBuffer.setUInt8(4);
            GXCommon.setObjectCount(this.subjectKeyIdentifier.length, gXByteBuffer);
            gXByteBuffer.set(this.subjectKeyIdentifier);
            gXAsn1Sequence2.add(gXByteBuffer.array());
            gXAsn1Sequence.add(gXAsn1Sequence2);
        }
        if (this.authorityKeyIdentifier != null) {
            GXAsn1Sequence gXAsn1Sequence3 = new GXAsn1Sequence();
            gXAsn1Sequence3.add(new GXAsn1ObjectIdentifier(X509Certificate.AUTHORITY_KEY_IDENTIFIER.getValue()));
            GXAsn1Sequence gXAsn1Sequence4 = new GXAsn1Sequence();
            gXAsn1Sequence4.add(this.authorityKeyIdentifier);
            gXAsn1Sequence3.add(GXAsn1Converter.toByteArray(gXAsn1Sequence4));
            gXAsn1Sequence.add(gXAsn1Sequence3);
        }
        if (this.basicConstraints) {
            GXAsn1Sequence gXAsn1Sequence5 = new GXAsn1Sequence();
            gXAsn1Sequence5.add(new GXAsn1ObjectIdentifier(X509Certificate.BASIC_CONSTRAINTS.getValue()));
            GXAsn1Sequence gXAsn1Sequence6 = new GXAsn1Sequence();
            gXAsn1Sequence6.add(Boolean.valueOf(this.basicConstraints));
            gXAsn1Sequence5.add(GXAsn1Converter.toByteArray(gXAsn1Sequence6));
            gXAsn1Sequence.add(gXAsn1Sequence5);
        }
        if (this.keyUsage != null && !this.keyUsage.isEmpty()) {
            GXAsn1Sequence gXAsn1Sequence7 = new GXAsn1Sequence();
            gXAsn1Sequence7.add(new GXAsn1ObjectIdentifier(X509Certificate.KEY_USAGE.getValue()));
            int i = 0;
            int i2 = 128;
            Iterator<KeyUsage> it = this.keyUsage.iterator();
            while (it.hasNext()) {
                int value = it.next().getValue();
                i |= value;
                if (value < i2) {
                    i2 = value;
                }
            }
            int i3 = 7;
            while (true) {
                int i4 = i2 >> 2;
                i2 = i4;
                if (i4 == 0) {
                    break;
                }
                i3--;
            }
            gXAsn1Sequence7.add(GXAsn1Converter.toByteArray(new GXAsn1BitString(new byte[]{(byte) i3, (byte) i})));
            gXAsn1Sequence.add(gXAsn1Sequence7);
        }
        GXAsn1Sequence gXAsn1Sequence8 = new GXAsn1Sequence();
        gXAsn1Sequence8.add(this.validFrom);
        gXAsn1Sequence8.add(this.validTo);
        if (gXAsn1Sequence.isEmpty()) {
            objArr = new Object[]{gXAsn1Context, this.serialNumber, new Object[]{gXAsn1ObjectIdentifier, this.parameters}, GXAsn1Converter.encodeSubject(this.issuer), gXAsn1Sequence8, GXAsn1Converter.encodeSubject(this.subject), fromByteArray};
        } else {
            GXAsn1Context gXAsn1Context2 = new GXAsn1Context();
            gXAsn1Context2.setIndex(3);
            gXAsn1Context2.add(gXAsn1Sequence);
            objArr = new Object[]{gXAsn1Context, this.serialNumber, new Object[]{gXAsn1ObjectIdentifier, this.parameters}, GXAsn1Converter.encodeSubject(this.issuer), gXAsn1Sequence8, GXAsn1Converter.encodeSubject(this.subject), fromByteArray, gXAsn1Context2};
        }
        return objArr;
    }

    public final byte[] getEncoded() {
        return GXAsn1Converter.toByteArray(new Object[]{getdata(), new Object[]{new GXAsn1ObjectIdentifier(this.signatureAlgorithm.getValue()), this.signatureParameters}, new GXAsn1BitString(this.signature, 0)});
    }

    public void sign(KeyPair keyPair, HashAlgorithm hashAlgorithm) {
        byte[] byteArray = GXAsn1Converter.toByteArray(getdata());
        try {
            Signature signature = Signature.getInstance(hashAlgorithm.toString());
            signature.initSign(keyPair.getPrivate());
            signature.update(byteArray);
            this.signatureAlgorithm = hashAlgorithm;
            this.signature = signature.sign();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("Version: ");
        sb.append(this.version.toString());
        sb.append("\r\n");
        sb.append("Subject: ");
        sb.append(this.subject);
        sb.append("\r\n");
        sb.append("Signature Algorithm: ");
        if (this.algorithm != null) {
            sb.append(this.algorithm.toString());
            sb.append(", OID = ");
            sb.append(this.algorithm.getValue());
        }
        sb.append("\r\n");
        sb.append("Key: ");
        if (this.publicKey != null) {
            sb.append(this.publicKey.toString());
        }
        sb.append("\r\n");
        sb.append("Validity: [From: ");
        sb.append(this.validFrom.toString());
        sb.append(", \r\n");
        sb.append("To: ");
        sb.append(this.validTo.toString());
        sb.append("]\r\n");
        sb.append("Issuer: ");
        sb.append(this.issuer);
        sb.append("\r\n");
        sb.append("SerialNumber: ");
        sb.append(this.serialNumber);
        sb.append("\r\n");
        sb.append("Algorithm: ");
        if (this.signatureAlgorithm != null) {
            sb.append(this.signatureAlgorithm.toString());
        }
        sb.append("\r\n");
        sb.append("Signature: ");
        sb.append(GXCommon.toHex(this.signature));
        sb.append("\r\n");
        return sb.toString();
    }

    public static GXx509Certificate createSelfSignedCertificate(KeyPair keyPair, Date date, Date date2, String str, String str2, Set<KeyUsage> set) {
        GXx509Certificate gXx509Certificate = new GXx509Certificate();
        gXx509Certificate.setSerialNumber(new GXAsn1Integer(new BigInteger(64, new SecureRandom()).toByteArray()));
        gXx509Certificate.setVersion(CertificateVersion.V3);
        gXx509Certificate.setAlgorithm(HashAlgorithm.SHA256withECDSA);
        gXx509Certificate.setValidFrom(date);
        gXx509Certificate.setKeyUsage(set);
        gXx509Certificate.setValidTo(date2);
        gXx509Certificate.setSubject(str);
        gXx509Certificate.setIssuer(str2);
        gXx509Certificate.setPublicKey(keyPair.getPublic());
        gXx509Certificate.sign(keyPair, HashAlgorithm.SHA256withECDSA);
        return gXx509Certificate;
    }

    public static GXx509Certificate createSelfSignedCertificate(KeyPair keyPair, Date date, Date date2, byte[] bArr, String str, Set<KeyUsage> set) {
        return createSelfSignedCertificate(keyPair, date, date2, GXDLMSSecuritySetup.systemTitleToSubject(bArr), str, set);
    }

    public Set<KeyUsage> getKeyUsage() {
        return this.keyUsage;
    }

    public void setKeyUsage(Set<KeyUsage> set) {
        this.keyUsage = set;
    }

    public byte[] getSubjectKeyIdentifier() {
        return this.subjectKeyIdentifier;
    }

    public void setSubjectKeyIdentifier(byte[] bArr) {
        this.subjectKeyIdentifier = bArr;
    }

    public byte[] getAuthorityKeyIdentifier() {
        return this.authorityKeyIdentifier;
    }

    public void setAuthorityKeyIdentifier(byte[] bArr) {
        this.authorityKeyIdentifier = bArr;
    }

    public boolean isBasicConstraints() {
        return this.basicConstraints;
    }

    public void setBasicConstraints(boolean z) {
        this.basicConstraints = z;
    }

    public static GXx509Certificate load(Path path) throws IOException {
        return new GXx509Certificate(new String(Files.readAllBytes(path)));
    }

    public void save(Path path) throws IOException {
        StringBuilder sb = new StringBuilder();
        if (this.publicKey == null) {
            throw new IllegalArgumentException("Public or private key is not set.");
        }
        sb.append("-----BEGIN CERTIFICATE-----" + System.lineSeparator());
        sb.append(GXCommon.toBase64(getEncoded()));
        sb.append(System.lineSeparator() + "-----END CERTIFICATE-----");
        Files.write(path, sb.toString().getBytes(), StandardOpenOption.CREATE);
    }
}
