package org.openscdp.pkidm.cvc;

import de.cardcontact.opencard.eac.CardVerifiableCertificate;
import de.cardcontact.opencard.eac.cvc.CVCertificateGenerator;
import de.cardcontact.opencard.eac.cvc.CertificateEffectiveDate;
import de.cardcontact.opencard.eac.cvc.CertificateHolderAuthorizationTemplate;
import de.cardcontact.opencard.eac.cvc.CertificationAuthorityReference;
import de.cardcontact.tlv.ObjectIdentifier;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.time.LocalDate;
import org.openscdp.pkidb.dto.HolderDTO;
import org.openscdp.pkidb.dto.SignerDTO;

/* loaded from: input_file:org/openscdp/pkidm/cvc/CVCCA.class */
public class CVCCA {
    private CardVerifiableCertificate rootCACert;
    private CardVerifiableCertificate caCert;
    private SignerDTO signer;
    private CVCertificateStore store;

    public CVCCA(CVCertificateStore cVCertificateStore, String str) throws Exception {
        this.store = cVCertificateStore;
        initializeCA(str);
    }

    private void initializeCA(String str) throws Exception {
        this.rootCACert = new CardVerifiableCertificate(this.store.getCurrentCertificate(str.substring(0, str.lastIndexOf("/"))).getBytes());
        HolderDTO holder = this.store.getHolder(str);
        this.caCert = new CardVerifiableCertificate(this.store.getCurrentCertificate(holder).getBytes());
        this.rootCACert.verify(this.rootCACert);
        this.caCert.verify(this.rootCACert);
        this.signer = this.store.getSigner(holder, this.caCert.getCertificateHolderReference());
    }

    public CardVerifiableCertificate getCACert() {
        return this.caCert;
    }

    public CardVerifiableCertificate getRootCert() {
        return this.rootCACert;
    }

    public String getPath() {
        return "/" + this.rootCACert.getCertificateHolderReference().getHolder() + "/" + this.caCert.getCertificateHolderReference().getHolder();
    }

    private String getPath(CardVerifiableCertificate cardVerifiableCertificate) {
        return getPath() + "/" + cardVerifiableCertificate.getCertificateHolderReference().getHolder();
    }

    private PrivateKey getPrivateKey() {
        throw new RuntimeException("Not implemented");
    }

    private CardVerifiableCertificate generateCertificate(CardVerifiableCertificate cardVerifiableCertificate) throws GeneralSecurityException {
        CVCertificateGenerator cVCertificateGenerator = new CVCertificateGenerator();
        cVCertificateGenerator.setCertificateEffectiveDate(new CertificateEffectiveDate(LocalDate.now()));
        cVCertificateGenerator.setCertificateExpirationDate(this.caCert.getCVCertificate().getCertificateBody().getCertificateExpirationDate());
        cVCertificateGenerator.setCertificationAuthorityReference(new CertificationAuthorityReference(this.caCert.getCertificateHolderReference().toString()));
        cVCertificateGenerator.setCertificateHolderReference(cardVerifiableCertificate.getCertificateHolderReference());
        cVCertificateGenerator.setCertificateHolderAuthorizationTemplate(new CertificateHolderAuthorizationTemplate(new ObjectIdentifier("1.3.6.1.4.1.24991.3.1.1"), new byte[2]));
        ObjectIdentifier objectIdentifier = this.caCert.getCVCertificate().getCertificateBody().getPublicKeyTLV().getObjectIdentifier();
        cVCertificateGenerator.setPublicKey(cardVerifiableCertificate.getPublicKey(), objectIdentifier);
        CardVerifiableCertificate cardVerifiableCertificate2 = new CardVerifiableCertificate(cVCertificateGenerator.generate(getPrivateKey(), CardVerifiableCertificate.signAlgoForOID(objectIdentifier)).getBytes());
        cardVerifiableCertificate2.verify(this.caCert.getPublicKey());
        return cardVerifiableCertificate2;
    }

    public CardVerifiableCertificate issueCertificate(CardVerifiableCertificate cardVerifiableCertificate, Long l) throws Exception {
        CardVerifiableCertificate generateCertificate = generateCertificate(cardVerifiableCertificate);
        this.store.storeCertificate(getPath(generateCertificate), generateCertificate, true, l);
        return generateCertificate;
    }
}
