package org.openscdp.pkidm.cvc.path;

import de.cardcontact.opencard.eac.CardVerifiableCertificate;
import de.cardcontact.opencard.eac.cvc.CVCertificate;
import de.cardcontact.opencard.eac.cvc.CVCertificateGenerator;
import de.cardcontact.opencard.eac.cvc.CVCertificateRequestGenerator;
import de.cardcontact.opencard.eac.cvc.CertificateEffectiveDate;
import de.cardcontact.opencard.eac.cvc.CertificateExpirationDate;
import de.cardcontact.opencard.eac.cvc.CertificateHolderReference;
import de.cardcontact.opencard.eac.cvc.CertificationAuthorityReference;
import de.cardcontact.opencard.eac.cvc.ECPublicKeyTLV;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.time.LocalDate;
import java.util.LinkedList;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.openscdp.pkidb.dto.CertificateDTO;
import org.openscdp.pkidb.dto.HolderDTO;
import org.openscdp.pkidb.dto.SignerDTO;
import org.openscdp.pkidm.cvc.CVCCAPolicy;
import org.openscdp.pkidm.cvc.CryptoProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openscdp/pkidm/cvc/path/CVCCA.class */
public class CVCCA {
    private final Logger logger = LoggerFactory.getLogger(CVCCA.class);
    private LinkedList<CardVerifiableCertificate> caChain;
    private CVCertificateStore store;
    private CryptoProvider provider;
    private String path;

    public CVCCA(CVCertificateStore cVCertificateStore, String str, CryptoProvider cryptoProvider) {
        this.store = cVCertificateStore;
        this.path = str;
        this.provider = cryptoProvider;
    }

    public void setProvider(CryptoProvider cryptoProvider) {
        this.provider = cryptoProvider;
    }

    public CardVerifiableCertificate getCACert() throws Exception {
        if (getCertificateChain().isEmpty()) {
            return null;
        }
        return getCertificateChain().getLast();
    }

    public LinkedList<CardVerifiableCertificate> getCertificateChain() throws Exception {
        if (this.caChain == null) {
            LinkedList<CardVerifiableCertificate> linkedList = new LinkedList<>();
            String[] split = this.path.split("/");
            String str = "";
            int i = 1;
            while (i < split.length) {
                str = str + "/" + split[i];
                CertificateDTO currentCertificate = this.store.getCurrentCertificate(str);
                if (currentCertificate == null) {
                    this.logger.warn("CVCCA " + this.path + " is not operational");
                    return linkedList;
                }
                CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(currentCertificate.getBytes());
                cardVerifiableCertificate.verify(i == 1 ? cardVerifiableCertificate.getPublicKey() : linkedList.get(i - 2).getPublicKey(), "SHA256withECDSA", "BC");
                linkedList.add(cardVerifiableCertificate);
                i++;
            }
            this.caChain = linkedList;
        }
        return this.caChain;
    }

    public String getPath() {
        return this.path;
    }

    private String getPath(CardVerifiableCertificate cardVerifiableCertificate) {
        return this.path + "/" + cardVerifiableCertificate.getCertificateHolderReference().getHolder();
    }

    private PrivateKey getPrivateKey(CertificateHolderReference certificateHolderReference) throws Exception {
        SignerDTO signer = this.store.getSigner(this.path, certificateHolderReference);
        return signer.getKeyblob() != null ? this.provider.getPrivateKey(signer.getKeyblob()) : this.provider.getPrivateKey(signer.getKeyId(), signer.getKeyDomain(), signer.getKeyblob());
    }

    public CardVerifiableCertificate generateRequest(CertificationAuthorityReference certificationAuthorityReference, AlgorithmParameterSpec algorithmParameterSpec) throws Exception {
        CertificateHolderReference certificateHolderReference = new CertificateHolderReference(getHolder().getName() + "00000");
        String certificateHolderReference2 = certificateHolderReference.toString();
        KeyPair generateKeyPair = this.provider.generateKeyPair(algorithmParameterSpec, certificateHolderReference2);
        byte[] bArr = null;
        if (generateKeyPair.getPrivate().getEncoded() != null) {
            bArr = PrivateKeyInfo.getInstance(generateKeyPair.getPrivate().getEncoded()).getEncoded();
        }
        byte[] bytes = certificateHolderReference2.getBytes();
        this.store.storeSigner(this.path, certificateHolderReference.getHolder(), bytes, null, bArr);
        CVCertificateRequestGenerator cVCertificateRequestGenerator = new CVCertificateRequestGenerator(this.provider.getProvider());
        cVCertificateRequestGenerator.setCertificateHolderReference(certificateHolderReference);
        cVCertificateRequestGenerator.setCertificationAuthorityReference(certificationAuthorityReference);
        cVCertificateRequestGenerator.setPublicKey(generateKeyPair.getPublic());
        CVCertificate generate = cVCertificateRequestGenerator.generate(generateKeyPair.getPrivate());
        CardVerifiableCertificate cardVerifiableCertificate = new CardVerifiableCertificate(generate.getBytes());
        this.store.storeRequest(this.path, generate.getBytes(), bytes);
        return cardVerifiableCertificate;
    }

    private boolean isRoot() {
        return this.path.indexOf("/", 1) == -1;
    }

    private CardVerifiableCertificate generateCertificate(CardVerifiableCertificate cardVerifiableCertificate, CVCCAPolicy cVCCAPolicy) throws Exception {
        CertificationAuthorityReference certificationAuthorityReference;
        PublicKey publicKey;
        CVCertificateGenerator cVCertificateGenerator = new CVCertificateGenerator(this.provider.getProvider());
        cVCertificateGenerator.setCertificateEffectiveDate(new CertificateEffectiveDate(LocalDate.now()));
        cVCertificateGenerator.setCertificateExpirationDate(new CertificateExpirationDate(LocalDate.now().plusDays(cVCCAPolicy.getCertificateValidityDays())));
        if (getCACert() != null) {
            certificationAuthorityReference = new CertificationAuthorityReference(getCACert().getCertificateHolderReference().toString());
            publicKey = getCACert().getPublicKey();
        } else {
            if (!isRoot()) {
                throw new Exception("CA Certificate not found");
            }
            this.logger.debug("Generate self-signed CVC");
            certificationAuthorityReference = new CertificationAuthorityReference(cardVerifiableCertificate.getCertificateHolderReference().toString());
            publicKey = cardVerifiableCertificate.getPublicKey();
        }
        cVCertificateGenerator.setCertificationAuthorityReference(certificationAuthorityReference);
        cVCertificateGenerator.setCertificateHolderReference(cardVerifiableCertificate.getCertificateHolderReference());
        cVCertificateGenerator.setCertificateHolderAuthorizationTemplate(cVCCAPolicy.getChat());
        ECPublicKeyTLV publicKeyTLV = cardVerifiableCertificate.getCVCertificate().getCertificateBody().getPublicKeyTLV();
        PublicKey publicKey2 = null;
        if ((publicKeyTLV instanceof ECPublicKeyTLV) && !publicKeyTLV.hasDomainParameter()) {
            publicKey2 = cardVerifiableCertificate.getPublicKey(getCertificateChain().getFirst().getECParameterSpec());
        }
        if (publicKey2 == null) {
            publicKey2 = cardVerifiableCertificate.getPublicKey();
        }
        cVCertificateGenerator.setPublicKey(publicKey2, cVCCAPolicy.getPublicKeyOID());
        cVCertificateGenerator.withDomainParameter(cVCCAPolicy.isIncludeDomainParameter());
        PrivateKey privateKey = getPrivateKey(new CertificateHolderReference(certificationAuthorityReference.toString()));
        String signAlgoForOID = CardVerifiableCertificate.signAlgoForOID(cVCCAPolicy.getPublicKeyOID());
        CardVerifiableCertificate cardVerifiableCertificate2 = new CardVerifiableCertificate((signAlgoForOID != null ? cVCertificateGenerator.generate(privateKey, signAlgoForOID) : cVCertificateGenerator.generate(privateKey)).getBytes());
        cardVerifiableCertificate2.verify(publicKey);
        return cardVerifiableCertificate2;
    }

    private HolderDTO getHolder() throws Exception {
        return this.store.getOrCreateHolder(this.path);
    }

    public CertificateHolderReference getNextCHR(long j, String str) throws Exception {
        return this.store.getNextCHR(getHolder(), j, str);
    }

    public CardVerifiableCertificate issueCertificate(CardVerifiableCertificate cardVerifiableCertificate, CVCCAPolicy cVCCAPolicy, Long l) throws Exception {
        CardVerifiableCertificate generateCertificate = generateCertificate(cardVerifiableCertificate, cVCCAPolicy);
        this.store.storeCertificate(getPath(generateCertificate), generateCertificate, true, l);
        return generateCertificate;
    }

    public CardVerifiableCertificate issueSelfSignedCertificate(CardVerifiableCertificate cardVerifiableCertificate, CVCCAPolicy cVCCAPolicy, Long l) throws Exception {
        CardVerifiableCertificate generateCertificate = generateCertificate(cardVerifiableCertificate, cVCCAPolicy);
        this.store.storeCertificate("/" + generateCertificate.getCertificateHolderReference().getHolder(), generateCertificate, true, l);
        return generateCertificate;
    }
}
