package org.astrogrid.security.rfc3820;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Random;
import java.util.TimeZone;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.globus.gsi.X509Extension;
import org.globus.gsi.X509ExtensionSet;
import org.globus.gsi.bc.BouncyCastleUtil;
import org.globus.gsi.proxy.ext.GlobusProxyCertInfoExtension;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
import org.globus.gsi.proxy.ext.ProxyPolicy;

/* loaded from: input_file:org/astrogrid/security/rfc3820/ProxyCertificateFactory.class */
public class ProxyCertificateFactory {
    static final /* synthetic */ boolean $assertionsDisabled;

    public X509Certificate createProxyCertificate(X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, int i, boolean z) throws GeneralSecurityException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        ProxyCertInfo proxyCertInfo = new ProxyCertInfo(new ProxyPolicy(ProxyPolicy.IMPERSONATION));
        X509Extension proxyCertInfoExtension = z ? new ProxyCertInfoExtension(proxyCertInfo) : new GlobusProxyCertInfoExtension(proxyCertInfo);
        x509V3CertificateGenerator.addExtension(proxyCertInfoExtension.getOid(), proxyCertInfoExtension.isCritical(), proxyCertInfoExtension.getValue());
        addKeyUsageExtension(x509Certificate, x509V3CertificateGenerator);
        Random random = new Random();
        x509V3CertificateGenerator.setSubjectDN(new X500Principal("CN=" + String.valueOf(Math.abs(random.nextInt())) + "," + x509Certificate.getSubjectX500Principal().getName("RFC2253")));
        x509V3CertificateGenerator.setIssuerDN(x509Certificate.getSubjectX500Principal());
        x509V3CertificateGenerator.setSerialNumber(new BigInteger(20, random));
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm(x509Certificate.getSigAlgName());
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("GMT"));
        gregorianCalendar.add(12, -5);
        x509V3CertificateGenerator.setNotBefore(gregorianCalendar.getTime());
        if (i <= 0) {
            x509V3CertificateGenerator.setNotAfter(x509Certificate.getNotAfter());
        } else {
            gregorianCalendar.add(12, 5);
            gregorianCalendar.add(13, i);
            x509V3CertificateGenerator.setNotAfter(gregorianCalendar.getTime());
        }
        return x509V3CertificateGenerator.generate(privateKey);
    }

    public void extendCertificateChain(List<X509Certificate> list, PrivateKey privateKey, PublicKey publicKey, int i, boolean z) throws GeneralSecurityException {
        if (!$assertionsDisabled && list == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && list.size() <= 0) {
            throw new AssertionError();
        }
        list.add(0, createProxyCertificate(list.get(0), privateKey, publicKey, i, z));
    }

    private X509ExtensionSet createExtensionSet(ProxyCertInfo proxyCertInfo) {
        X509ExtensionSet x509ExtensionSet = null;
        if (proxyCertInfo != null) {
            x509ExtensionSet = new X509ExtensionSet();
            x509ExtensionSet.add(new ProxyCertInfoExtension(proxyCertInfo));
        }
        return x509ExtensionSet;
    }

    private void addKeyUsageExtension(X509Certificate x509Certificate, X509V3CertificateGenerator x509V3CertificateGenerator) throws GeneralSecurityException {
        org.bouncycastle.asn1.x509.X509Extension extension;
        try {
            X509Extensions extensions = BouncyCastleUtil.getTBSCertificateStructure(x509Certificate).getExtensions();
            if (extensions != null && (extension = extensions.getExtension(X509Extensions.KeyUsage)) != null) {
                DERBitString dERBitString = (DERBitString) BouncyCastleUtil.getExtensionObject(extension);
                byte[] bytes = dERBitString.getBytes();
                if ((bytes[0] & 64) != 0) {
                    bytes[0] = (byte) (bytes[0] ^ 64);
                }
                if ((bytes[0] & 4) != 0) {
                    bytes[0] = (byte) (bytes[0] ^ 4);
                }
                x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, extension.isCritical(), new DERBitString(bytes, dERBitString.getPadBits()));
            }
        } catch (IOException e) {
            throw new GeneralSecurityException(e.getMessage());
        }
    }

    static {
        $assertionsDisabled = !ProxyCertificateFactory.class.desiredAssertionStatus();
    }
}
