package org.apache.brooklyn.util.core.crypto;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.brooklyn.core.internal.BrooklynInitialization;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: input_file:org/apache/brooklyn/util/core/crypto/FluentKeySigner.class */
public class FluentKeySigner {
    protected X500Principal issuerPrincipal;
    protected KeyPair issuerKey;
    protected SecureRandom srand;
    protected Date validityStartDate;
    protected Date validityEndDate;
    protected BigInteger serialNumber;
    protected String signatureAlgorithm;
    protected AuthorityKeyIdentifier authorityKeyIdentifier;
    protected X509Certificate authorityCertificate;

    public FluentKeySigner(X500Principal x500Principal, KeyPair keyPair) {
        this.srand = new SecureRandom();
        this.signatureAlgorithm = "SHA256WithRSAEncryption";
        this.issuerPrincipal = x500Principal;
        this.issuerKey = keyPair;
        validFromDaysAgo(7L);
        validForYears(10L);
    }

    public FluentKeySigner(String str, KeyPair keyPair) {
        this(SecureKeys.getX500PrincipalWithCommonName(str), keyPair);
    }

    public FluentKeySigner(String str) {
        this(str, SecureKeys.newKeyPair());
    }

    public FluentKeySigner(X509Certificate x509Certificate, KeyPair keyPair) {
        this(x509Certificate.getIssuerX500Principal(), keyPair);
        authorityCertificate(x509Certificate);
    }

    public KeyPair getKey() {
        return this.issuerKey;
    }

    public X500Principal getPrincipal() {
        return this.issuerPrincipal;
    }

    public String getCommonName() {
        return (String) new X509Principal(this.issuerPrincipal.getName()).getValues(X509Name.CN).elementAt(0);
    }

    public X509Certificate getAuthorityCertificate() {
        return this.authorityCertificate;
    }

    public FluentKeySigner validFromDaysAgo(long j) {
        return validFrom(new Date(((System.currentTimeMillis() / 86400000) - j) * 1000 * 60 * 60 * 24));
    }

    public FluentKeySigner validFrom(Date date) {
        this.validityStartDate = date;
        return this;
    }

    public FluentKeySigner validForYears(long j) {
        return validUntil(new Date(((System.currentTimeMillis() / 86400000) + (365 * j)) * 1000 * 60 * 60 * 24));
    }

    public FluentKeySigner validUntil(Date date) {
        this.validityEndDate = date;
        return this;
    }

    public FluentKeySigner serialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger;
        return this;
    }

    public FluentKeySigner signatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
        return this;
    }

    public FluentKeySigner authorityCertificate(X509Certificate x509Certificate) {
        try {
            authorityKeyIdentifier(new AuthorityKeyIdentifierStructure(x509Certificate));
            this.authorityCertificate = x509Certificate;
            return this;
        } catch (CertificateParsingException e) {
            throw Exceptions.propagate(e);
        }
    }

    public FluentKeySigner authorityKeyIdentifier(AuthorityKeyIdentifier authorityKeyIdentifier) {
        this.authorityKeyIdentifier = authorityKeyIdentifier;
        return this;
    }

    public FluentKeySigner selfsign() {
        if (this.authorityCertificate != null) {
            throw new IllegalStateException("Signer already has certificate");
        }
        authorityCertificate(newCertificateFor(getCommonName(), getKey()));
        return this;
    }

    public X509Certificate newCertificateFor(X500Principal x500Principal, PublicKey publicKey) {
        try {
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(this.serialNumber != null ? this.serialNumber : BigInteger.valueOf(this.srand.nextLong()).abs().add(BigInteger.ONE));
            x509V3CertificateGenerator.setIssuerDN(this.issuerPrincipal);
            x509V3CertificateGenerator.setNotBefore(this.validityStartDate);
            x509V3CertificateGenerator.setNotAfter(this.validityEndDate);
            x509V3CertificateGenerator.setSignatureAlgorithm(this.signatureAlgorithm);
            x509V3CertificateGenerator.setSubjectDN(x500Principal);
            x509V3CertificateGenerator.setPublicKey(publicKey);
            x509V3CertificateGenerator.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(publicKey));
            if (this.authorityKeyIdentifier != null) {
                x509V3CertificateGenerator.addExtension(X509Extension.authorityKeyIdentifier, false, this.authorityKeyIdentifier);
            }
            return x509V3CertificateGenerator.generate(this.issuerKey.getPrivate(), "BC");
        } catch (Exception e) {
            throw Exceptions.propagate(e);
        }
    }

    public X509Certificate newCertificateFor(String str, PublicKey publicKey) {
        return newCertificateFor(SecureKeys.getX500PrincipalWithCommonName(str), publicKey);
    }

    public X509Certificate newCertificateFor(String str, KeyPair keyPair) {
        return newCertificateFor(str, keyPair.getPublic());
    }

    static {
        BrooklynInitialization.initSecureKeysBouncyCastleProvider();
    }
}
