package com.ibm.gsk.ikeyman.basic;

import com.ibm.crypto.pkcs11.provider.PKCS11DSAKeyPairParameterSpec;
import com.ibm.crypto.pkcs11.provider.PKCS11RSAKeyPairParameterSpec;
import com.ibm.security.pkcs10.CertificationRequest;
import com.ibm.security.pkcs10.CertificationRequestInfo;
import com.ibm.security.pkcsutil.PKCSAttributes;
import com.ibm.security.pkcsutil.PKCSException;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.CertificateAlgorithmId;
import com.ibm.security.x509.CertificateExtensions;
import com.ibm.security.x509.CertificateIssuerName;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.CertificateSubjectName;
import com.ibm.security.x509.CertificateValidity;
import com.ibm.security.x509.CertificateVersion;
import com.ibm.security.x509.CertificateX509Key;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509CertInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;

/* loaded from: input_file:efixes/PQ89734_nd_aix/components/prereq.jdk/update.jar:/java/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/basic/SelfSignedCert.class */
public final class SelfSignedCert {
    private static final String DSA_SIGNING = "PKCS11SHA1withDSA";
    private static final String RSA_SIGNING = "PKCS11MD5withRSA";
    private byte[] keyidentifier;
    private boolean isDSA;
    private SecureRandom prng;
    private String sigAlg;
    private KeyPairGenerator keyGen;
    private PublicKey publicKey;
    private PrivateKey privateKey;
    private KeyStore keystore;
    private X500Name issuer;

    public SelfSignedCert(String str, String str2, KeyStore keyStore) throws NoSuchAlgorithmException {
        this.keyidentifier = null;
        this.isDSA = false;
        if (str.equalsIgnoreCase("DSA")) {
            this.keyGen = KeyPairGenerator.getInstance("PKCS11DSA");
            this.sigAlg = DSA_SIGNING;
            this.isDSA = true;
        } else if (str.equalsIgnoreCase("RSA")) {
            this.keyGen = KeyPairGenerator.getInstance("PKCS11RSA");
            this.sigAlg = RSA_SIGNING;
            this.isDSA = false;
        }
        this.keystore = keyStore;
        try {
            this.keyidentifier = "IkeymanCertificateRequest".getBytes("8859_1");
        } catch (UnsupportedEncodingException e) {
            this.keyidentifier = "IkeymanCertificateRequest".getBytes();
        }
    }

    public void setRandom(SecureRandom secureRandom) {
        this.prng = secureRandom;
    }

    public void generate(int i, String str) throws InvalidKeyException {
        try {
            if (this.prng == null) {
                this.prng = new SecureRandom();
            }
            this.keyGen.initialize(this.sigAlg.equals(DSA_SIGNING) ? new PKCS11DSAKeyPairParameterSpec(this.keystore, i, null) : new PKCS11RSAKeyPairParameterSpec(this.keystore, i, str), this.prng);
            KeyPair generateKeyPair = this.keyGen.generateKeyPair();
            this.publicKey = generateKeyPair.getPublic();
            this.privateKey = generateKeyPair.getPrivate();
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public KeyPairGenerator getKeyPairGenerator() {
        return this.keyGen;
    }

    public X509Certificate getSelfCertificate(X500Name x500Name, long j) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date2.getTime() + (j * 1000));
            CertificateValidity certificateValidity = new CertificateValidity(date, date2);
            X509CertInfo x509CertInfo = new X509CertInfo();
            x509CertInfo.set("version", new CertificateVersion(2));
            x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (date.getTime() / 1000)));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(this.isDSA ? AlgorithmId.getAlgorithmId("SHA1/DSA") : AlgorithmId.getAlgorithmId("MD5/RSA")));
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
            x509CertInfo.set("key", new CertificateX509Key(this.publicKey));
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(this.privateKey, this.sigAlg);
            return x509CertImpl;
        } catch (IOException e) {
            throw new CertificateEncodingException(new StringBuffer().append("getSelfCert: ").append(e.getMessage()).toString());
        }
    }

    public X509Certificate getSelfCertificate(X500Name x500Name, long j, int i) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        return getSelfCertificate(x500Name, j, i, false);
    }

    private X509Certificate getSelfCertificate(X500Name x500Name, long j, int i, boolean z) throws CertificateException, InvalidKeyException, SignatureException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date2.getTime() + (j * 1000));
            CertificateValidity certificateValidity = new CertificateValidity(date, date2);
            X509CertInfo x509CertInfo = new X509CertInfo();
            if (i == 0 || i == 1 || i == 2) {
                x509CertInfo.set("version", new CertificateVersion(i));
            } else {
                x509CertInfo.set("version", new CertificateVersion(2));
            }
            x509CertInfo.set("serialNumber", new CertificateSerialNumber((int) (date.getTime() / 1000)));
            x509CertInfo.set("algorithmID", new CertificateAlgorithmId(this.isDSA ? AlgorithmId.getAlgorithmId("SHA1/DSA") : AlgorithmId.getAlgorithmId("MD5/RSA")));
            x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
            x509CertInfo.set("key", new CertificateX509Key(this.publicKey));
            x509CertInfo.set("validity", certificateValidity);
            x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
            if (z) {
                SubjectKeyIdentifierExtension subjectKeyIdentifierExtension = new SubjectKeyIdentifierExtension(this.keyidentifier);
                CertificateExtensions certificateExtensions = new CertificateExtensions();
                certificateExtensions.set(subjectKeyIdentifierExtension.getName(), subjectKeyIdentifierExtension);
                x509CertInfo.set("extensions", certificateExtensions);
            }
            X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
            x509CertImpl.sign(this.privateKey, this.sigAlg);
            return x509CertImpl;
        } catch (IOException e) {
            throw new CertificateEncodingException(new StringBuffer().append("getSelfCert: ").append(e.getMessage()).toString());
        }
    }

    public CertificationRequest getCertRequest(X500Name x500Name) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            return new CertificationRequest(new CertificationRequestInfo(x500Name, this.publicKey, (PKCSAttributes) null)).sign(this.sigAlg, this.privateKey);
        } catch (PKCSException e) {
            throw new SignatureException(new StringBuffer().append(this.sigAlg).append(" PKCSException").toString());
        }
    }

    public CertificationRequest getCertRequest(X500Name x500Name, String str, KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, KeyStoreManagerException {
        try {
            CertificationRequest sign = new CertificationRequest(new CertificationRequestInfo(x500Name, this.publicKey, (PKCSAttributes) null)).sign(this.sigAlg, this.privateKey);
            try {
                try {
                    keyStore.setKeyEntry(str, this.privateKey, cArr, new Certificate[]{getSelfCertificate(x500Name, 1L, 3, true)});
                    return sign;
                } catch (KeyStoreException e) {
                    throw new KeyStoreManagerException("Cannot generate key info for certification request");
                }
            } catch (Exception e2) {
                throw new KeyStoreManagerException("Cannot generate key info for certification request");
            }
        } catch (PKCSException e3) {
            throw new SignatureException(new StringBuffer().append(this.sigAlg).append(" PKCSException").toString());
        }
    }
}
