package be.fgov.ehealth.technicalconnector.ra.domain;

import be.ehealth.technicalconnector.beid.BeIDInfo;
import be.ehealth.technicalconnector.beid.domain.Identity;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.fgov.ehealth.technicalconnector.ra.enumaration.UsageType;
import be.fgov.ehealth.technicalconnector.ra.utils.RaPropertiesLoader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.Validate;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/ra/domain/NewCertificateContract.class */
public class NewCertificateContract extends Contract {
    private static final long serialVersionUID = 1;
    private DistinguishedName name;
    private ContactData contact;
    private byte[] pkcs10;
    private Set<UsageType> usageTypes;
    private String contract;

    public NewCertificateContract(DistinguishedName distinguishedName, ContactData contactData, UsageType... usageTypeArr) throws TechnicalConnectorException {
        super(BeIDInfo.getInstance().getIdentity());
        this.usageTypes = new HashSet();
        Validate.notNull(distinguishedName);
        Validate.notNull(contactData);
        this.name = distinguishedName;
        this.contact = contactData;
        if (ArrayUtils.isNotEmpty(usageTypeArr)) {
            this.usageTypes.addAll(Arrays.asList(usageTypeArr));
        }
        this.contract = generatedContract(distinguishedName, contactData, getRequestor());
    }

    public ContactData getContact() {
        return this.contact;
    }

    public Set<UsageType> getUsageTypes() {
        return this.usageTypes;
    }

    public DistinguishedName getDistinguishedName() {
        return this.name;
    }

    public void setPkcs10DerEncoded(byte[] bArr) {
        verifyPKCS10(bArr, this.name);
        this.pkcs10 = ArrayUtils.clone(bArr);
    }

    public byte[] getPkcs10DerEncoded() {
        return this.pkcs10;
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.domain.Contract
    protected String getContent() {
        return this.contract;
    }

    private static String generatedContract(DistinguishedName distinguishedName, ContactData contactData, Identity identity) throws TechnicalConnectorException {
        HashMap hashMap = new HashMap();
        hashMap.put("oids", distinguishedName.toOIDMap());
        hashMap.put("identity", identity);
        hashMap.put("contact", contactData);
        hashMap.put("name", distinguishedName);
        return generatedContract(hashMap, "/templates/contract.create." + contactData.getLanguage().getLanguageAbbreviation() + ".html");
    }

    private static void verifyPKCS10(byte[] bArr, DistinguishedName distinguishedName) {
        Validate.notNull(bArr);
        try {
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(bArr);
            SubjectPublicKeyInfo subjectPublicKeyInfo = pKCS10CertificationRequest.getSubjectPublicKeyInfo();
            Validate.isTrue(RaPropertiesLoader.getProperty(RaPropertiesLoader.AUTH_KEY_ALGO_OID).equals(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId()), "Public key was not RSA.");
            Validate.isTrue(getKeySize(subjectPublicKeyInfo) >= Integer.parseInt(RaPropertiesLoader.getProperty(RaPropertiesLoader.AUTH_KEY_SIZE)));
            Validate.isTrue(pKCS10CertificationRequest.getSubject().equals(new X500Name(distinguishedName.asNormalizedEhealthDN())));
        } catch (IOException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static int getKeySize(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId()).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo.getEncoded()).getBytes()));
            return ((RSAPublicKeySpec) KeyFactory.getInstance(generatePublic.getAlgorithm()).getKeySpec(generatePublic, RSAPublicKeySpec.class)).getModulus().toString(2).length();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
