package com.solidpass.saaspass.certificate;

import com.spcastle.asn1.x509.AlgorithmIdentifier;
import com.spcastle.asn1.x509.Certificate;
import com.spcastle.cert.X509v3CertificateBuilder;
import com.spcastle.cert.jcajce.JcaX509CertificateHolder;
import com.spcastle.crypto.params.RSAPrivateCrtKeyParameters;
import com.spcastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import com.spcastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import com.spcastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import com.spcastle.operator.OperatorCreationException;
import com.spcastle.operator.bc.BcRSAContentSignerBuilder;
import com.spcastle.pkcs.PKCS10CertificationRequest;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Calendar;
import java.util.Date;

/* loaded from: classes.dex */
public class ServerCSR {
    private static final int VALIDITYOFCERTIFICATE = 365;
    private final X509Certificate certificateCA;
    private final RSAPrivateCrtKeyParameters privKeyCA;

    public ServerCSR(String str, String str2, String str3) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeyException, NoSuchProviderException, SignatureException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream(new File(str)), str2.toCharArray());
        keyStore.aliases();
        Key key = keyStore.getKey(str3, str2.toCharArray());
        if (key == null) {
            throw new RuntimeException("Got null key from keystore!");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
        this.privKeyCA = new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str3);
        this.certificateCA = x509Certificate;
        if (x509Certificate == null) {
            throw new RuntimeException("Got null cert from keystore!");
        }
        x509Certificate.verify(x509Certificate.getPublicKey());
    }

    public boolean createCertificateChain(String str, String str2, String str3) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, CertificateException, SignatureException, KeyStoreException, OperatorCreationException {
        PrivatePublicKeyPair<PrivateKey, PublicKey> upKeyPair = ClientCSR.setUpKeyPair();
        PrivateKey privateKey = upKeyPair.getPrivateKey();
        X509Certificate signTheCSR = signTheCSR(ClientCSR.generateRequest(upKeyPair, str3));
        signTheCSR.checkValidity(new Date());
        signTheCSR.verify(this.certificateCA.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        keyStore.setKeyEntry("ClientCertKey", privateKey, str2.toCharArray(), new X509Certificate[]{signTheCSR, this.certificateCA});
        keyStore.store(new FileOutputStream(str), str2.toCharArray());
        return true;
    }

    public X509Certificate signTheCSR(PKCS10CertificationRequest pKCS10CertificationRequest) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, VALIDITYOFCERTIFICATE);
        Date date = new Date(System.currentTimeMillis());
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
        Certificate aSN1Structure = new X509v3CertificateBuilder(new JcaX509CertificateHolder(this.certificateCA).getSubject(), BigInteger.valueOf(System.currentTimeMillis()), date, calendar.getTime(), pKCS10CertificationRequest.getSubject(), pKCS10CertificationRequest.getSubjectPublicKeyInfo()).build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(this.privKeyCA)).toASN1Structure();
        CertificateFactory certificateFactory = new CertificateFactory();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(aSN1Structure.getEncoded());
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.engineGenerateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }
}
