package be.fgov.ehealth.technicalconnector.ra.domain;

import be.ehealth.technicalconnector.beid.BeIDInfo;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.fgov.ehealth.technicalconnector.ra.enumaration.UsageType;
import be.fgov.ehealth.technicalconnector.ra.utils.CertificateUtils;
import be.fgov.ehealth.technicalconnector.ra.utils.RaPropertiesLoader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/ra/domain/NewCertificateContract.class */
public class NewCertificateContract extends Request {
    private static final long serialVersionUID = 1;
    private String dn;
    private ContactData contact;
    private byte[] pkcs10;
    private LocalizedText text;
    private List<UsageType> usageTypes;
    private Actor signer;

    public NewCertificateContract(GeneratedContract generatedContract, KeyPair keyPair, List<UsageType> list) throws TechnicalConnectorException {
        super(BeIDInfo.getInstance().getIdentity());
        this.usageTypes = new ArrayList();
        Validate.notNull(generatedContract);
        Validate.isTrue(generatedContract.isContractViewed());
        Validate.notEmpty(generatedContract.getDN());
        Validate.notNull(generatedContract.getSigner());
        Validate.notNull(generatedContract.getContactData());
        Validate.notNull(generatedContract.getIdentifierType());
        Validate.notNull(keyPair);
        this.contact = generatedContract.getContactData();
        this.dn = generatedContract.getDN().replace(generatedContract.getIdentifierType().getType(48) + "=", generatedContract.getIdentifierType().getType(48) + "\\=");
        this.text = generatedContract.getText();
        this.usageTypes = list;
        this.signer = generatedContract.getSigner();
        this.pkcs10 = CertificateUtils.createCSR(generatedContract.getDN(), keyPair);
        verifyPKCS10(this.pkcs10, this.dn);
    }

    public ContactData getContact() {
        return this.contact;
    }

    public byte[] getPkcs10DerEncoded() {
        return ArrayUtils.clone(this.pkcs10);
    }

    public String getDn() {
        return this.dn;
    }

    public List<UsageType> getUsageTypes() {
        return this.usageTypes;
    }

    public Actor getSigner() {
        return this.signer;
    }

    public LocalizedText getText() {
        return this.text;
    }

    private void verifyPKCS10(byte[] bArr, String str) {
        Validate.notNull(bArr);
        try {
            PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(bArr);
            SubjectPublicKeyInfo subjectPublicKeyInfo = pKCS10CertificationRequest.getSubjectPublicKeyInfo();
            Validate.isTrue(RaPropertiesLoader.getProperty(RaPropertiesLoader.AUTH_KEY_ALGO_OID).equals(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId()), "Public key was not RSA.");
            Validate.isTrue(getKeySize(subjectPublicKeyInfo) >= Integer.parseInt(RaPropertiesLoader.getProperty(RaPropertiesLoader.AUTH_KEY_SIZE)));
            Validate.isTrue(pKCS10CertificationRequest.getSubject().equals(new X500Name(str)));
        } catch (IOException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private int getKeySize(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(subjectPublicKeyInfo.getAlgorithm().getAlgorithm().getId()).generatePublic(new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo.getEncoded()).getBytes()));
            return ((RSAPublicKeySpec) KeyFactory.getInstance(generatePublic.getAlgorithm()).getKeySpec(generatePublic, RSAPublicKeySpec.class)).getModulus().toString(2).length();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.domain.Request
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        NewCertificateContract newCertificateContract = (NewCertificateContract) obj;
        return new EqualsBuilder().appendSuper(super.equals(obj)).append(getDn(), newCertificateContract.getDn()).append(getContact(), newCertificateContract.getContact()).append(this.pkcs10, newCertificateContract.pkcs10).append(getText(), newCertificateContract.getText()).append(getUsageTypes(), newCertificateContract.getUsageTypes()).append(getSigner(), newCertificateContract.getSigner()).isEquals();
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.domain.Request
    public int hashCode() {
        return new HashCodeBuilder(17, 37).appendSuper(super.hashCode()).append(getDn()).append(getContact()).append(this.pkcs10).append(getText()).append(getUsageTypes()).append(getSigner()).toHashCode();
    }
}
