package org.wso2.carbon.mdm.mobileservices.windows.services.wstep.util;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.wso2.carbon.mdm.mobileservices.windows.common.PluginConstants;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.CertificateGenerationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WAPProvisioningException;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/services/wstep/util/CertificateSigningService.class */
public class CertificateSigningService {
    private static final long MILLI_SECONDS = 86400000;
    private static Log log = LogFactory.getLog(CertificateSigningService.class);

    /* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/services/wstep/util/CertificateSigningService$PropertyIndex.class */
    private enum PropertyIndex {
        COMMON_NAME_INDEX(0),
        NOT_BEFORE_DAYS_INDEX(1),
        NOT_AFTER_DAYS_INDEX(2);

        private final int itemPosition;

        PropertyIndex(int i) {
            this.itemPosition = i;
        }

        public int getValue() {
            return this.itemPosition;
        }
    }

    public static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest, PrivateKey privateKey, X509Certificate x509Certificate, List list) throws CertificateGenerationException, WAPProvisioningException {
        try {
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, BigInteger.valueOf(new SecureRandom().nextInt(Integer.MAX_VALUE)), new Date(System.currentTimeMillis() - (86400000 * ((Integer) list.get(PropertyIndex.NOT_BEFORE_DAYS_INDEX.getValue())).intValue())), new Date(System.currentTimeMillis() + (86400000 * ((Integer) list.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue())).intValue())), new X500Principal((String) list.get(PropertyIndex.COMMON_NAME_INDEX.getValue())), jcaPKCS10CertificationRequest.getPublicKey());
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, new KeyUsage(128));
            jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
            return new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(PluginConstants.CertificateEnrolment.ALGORITHM).setProvider("BC").build(privateKey)));
        } catch (InvalidKeyException e) {
            throw new CertificateGenerationException("CSR's public key is invalid", (Exception) e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateGenerationException("Certificate cannot be generated", (Exception) e2);
        } catch (CertificateException e3) {
            throw new CertificateGenerationException("Signed certificate cannot be generated", (Exception) e3);
        } catch (CertIOException e4) {
            throw new CertificateGenerationException("Cannot add extension(s) to signed certificate", (Exception) e4);
        } catch (OperatorCreationException e5) {
            throw new CertificateGenerationException("Content signer cannot be created", (Exception) e5);
        }
    }
}
