package org.graylog.security.certutil.csr;

import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Objects;
import java.util.stream.Stream;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.graylog.security.certutil.CertConstants;
import org.graylog2.plugin.certificates.RenewalPolicy;

/* loaded from: input_file:org/graylog/security/certutil/csr/CsrSigner.class */
public class CsrSigner {
    private boolean isValidName(int i) {
        switch (i) {
            case 1:
            case 2:
            case 7:
                return true;
            default:
                return false;
        }
    }

    public X509Certificate sign(PrivateKey privateKey, X509Certificate x509Certificate, PKCS10CertificationRequest pKCS10CertificationRequest, RenewalPolicy renewalPolicy) throws Exception {
        Instant now = Instant.now();
        return sign(privateKey, x509Certificate, pKCS10CertificationRequest, now, now.plus((TemporalAmount) Duration.parse(renewalPolicy.certificateLifetime())));
    }

    public X509Certificate sign(PrivateKey privateKey, X509Certificate x509Certificate, PKCS10CertificationRequest pKCS10CertificationRequest, int i) throws Exception {
        Instant now = Instant.now();
        return sign(privateKey, x509Certificate, pKCS10CertificationRequest, now, now.plus((TemporalAmount) Duration.ofDays(i)));
    }

    private X509Certificate sign(PrivateKey privateKey, X509Certificate x509Certificate, PKCS10CertificationRequest pKCS10CertificationRequest, Instant instant, Instant instant2) throws Exception {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()), BigInteger.valueOf(System.currentTimeMillis()), Date.from(instant), Date.from(instant2), pKCS10CertificationRequest.getSubject(), pKCS10CertificationRequest.getSubjectPublicKeyInfo());
        Attribute[] attributes = pKCS10CertificationRequest.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        if (attributes != null && attributes.length > 0) {
            ArrayList arrayList = new ArrayList();
            for (Attribute attribute : attributes) {
                GeneralNames fromExtensions = GeneralNames.fromExtensions(Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)), Extension.subjectAlternativeName);
                if (fromExtensions != null && fromExtensions.getNames() != null) {
                    Stream filter = Arrays.stream(fromExtensions.getNames()).filter(generalName -> {
                        return isValidName(generalName.getTagNo());
                    });
                    Objects.requireNonNull(arrayList);
                    filter.forEach((v1) -> {
                        r1.add(v1);
                    });
                }
            }
            if (!arrayList.isEmpty()) {
                x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) arrayList.toArray(new GeneralName[arrayList.size()])));
            }
        }
        return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(CertConstants.SIGNING_ALGORITHM).build(privateKey)));
    }
}
