package com.circleblue.ecrmodel.ecrPki.security;

import android.os.Build;
import android.util.Base64;
import com.circleblue.ecrmodel.config.sections.DeviceConfigSection;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: CertificateBuilder.kt */
@Metadata(d1 = {"\u0000Z\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u001e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00152\f\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0002J\u0006\u0010\u0017\u001a\u00020\u0018J\u000e\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001aJ\u000e\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u001b\u001a\u00020\u001cJ\u0014\u0010\u0003\u001a\u00020\u00002\f\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004J\u000e\u0010\u0006\u001a\u00020\u00002\u0006\u0010\u0006\u001a\u00020\u0007J\u000e\u0010\b\u001a\u00020\u00002\u0006\u0010\b\u001a\u00020\tJ\u000e\u0010\n\u001a\u00020\u00002\u0006\u0010\n\u001a\u00020\u000bJ\u000e\u0010\f\u001a\u00020\u00002\u0006\u0010\f\u001a\u00020\u000bJ\b\u0010\u001d\u001a\u00020\u000bH\u0002J\u000e\u0010\r\u001a\u00020\u00002\u0006\u0010\r\u001a\u00020\u000eJ\u000e\u0010\u000f\u001a\u00020\u00002\u0006\u0010\u000f\u001a\u00020\u0010J\u000e\u0010\u0011\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u0007J\u000e\u0010\u0012\u001a\u00020\u00002\u0006\u0010\u0012\u001a\u00020\u0013R\u0014\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\n\u001a\u00020\u000bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\u000bX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0007X\u0082.¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082.¢\u0006\u0002\n\u0000¨\u0006\u001e"}, d2 = {"Lcom/circleblue/ecrmodel/ecrPki/security/CertificateBuilder;", "", "()V", "extensions", "", "Lcom/circleblue/ecrmodel/ecrPki/security/CertificateExtension;", "issuerDistinguishedName", "Lcom/circleblue/ecrmodel/ecrPki/security/DistinguishedName;", "issuerKeyPair", "Ljava/security/KeyPair;", "notAfter", "Ljava/util/Date;", "notBefore", DeviceConfigSection.KEY_SERIAL_NUMBER, "Ljava/math/BigInteger;", "signatureAlgorithm", "Lcom/circleblue/ecrmodel/ecrPki/security/SignatureAlgorithm;", "subjectDistinguishedName", "subjectPublicKey", "Ljava/security/PublicKey;", "addExtension", "Lorg/spongycastle/cert/X509v3CertificateBuilder;", "builder", "build", "Ljava/security/cert/X509Certificate;", "certificateByteArray", "", "certificateBase64", "", "oneYearAfter", "model_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class CertificateBuilder {
    private List<CertificateExtension> extensions;
    private DistinguishedName issuerDistinguishedName;
    private KeyPair issuerKeyPair;
    private Date notAfter;
    private SignatureAlgorithm signatureAlgorithm;
    private DistinguishedName subjectDistinguishedName;
    private PublicKey subjectPublicKey;
    private BigInteger serialNumber = new BigInteger(128, new SecureRandom());
    private Date notBefore = new Date();

    public CertificateBuilder() {
        Date oneYearAfter;
        if (Build.VERSION.SDK_INT >= 26) {
            oneYearAfter = Date.from(ZonedDateTime.now().plusYears(1L).toInstant());
            Intrinsics.checkNotNullExpressionValue(oneYearAfter, "{\n        Date.from(Zone…ars(1).toInstant())\n    }");
        } else {
            oneYearAfter = oneYearAfter();
        }
        this.notAfter = oneYearAfter;
        this.signatureAlgorithm = SignatureAlgorithm.RS512;
    }

    private final X509v3CertificateBuilder addExtension(X509v3CertificateBuilder builder, List<CertificateExtension> extensions) {
        for (CertificateExtension certificateExtension : extensions) {
            builder.addExtension(certificateExtension.getOid(), certificateExtension.getIsCritical(), certificateExtension.getValue());
        }
        return builder;
    }

    private final Date oneYearAfter() {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date());
        calendar.add(1, 1);
        Date time = calendar.getTime();
        Intrinsics.checkNotNullExpressionValue(time, "calendar.time");
        return time;
    }

    public final X509Certificate build() {
        PublicKey publicKey = this.subjectPublicKey;
        KeyPair keyPair = null;
        if (publicKey == null) {
            Intrinsics.throwUninitializedPropertyAccessException("subjectPublicKey");
            publicKey = null;
        }
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        DistinguishedName distinguishedName = this.issuerDistinguishedName;
        if (distinguishedName == null) {
            Intrinsics.throwUninitializedPropertyAccessException("issuerDistinguishedName");
            distinguishedName = null;
        }
        X500Name x500Name = distinguishedName.getX500Name();
        BigInteger bigInteger = this.serialNumber;
        Date date = this.notBefore;
        Date date2 = this.notAfter;
        DistinguishedName distinguishedName2 = this.subjectDistinguishedName;
        if (distinguishedName2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("subjectDistinguishedName");
            distinguishedName2 = null;
        }
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, date, date2, distinguishedName2.getX500Name(), subjectPublicKeyInfo);
        List<CertificateExtension> list = this.extensions;
        if (list == null) {
            Intrinsics.throwUninitializedPropertyAccessException("extensions");
            list = null;
        }
        X509v3CertificateBuilder addExtension = addExtension(x509v3CertificateBuilder, list);
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.signatureAlgorithm.getJcaName());
        KeyPair keyPair2 = this.issuerKeyPair;
        if (keyPair2 == null) {
            Intrinsics.throwUninitializedPropertyAccessException("issuerKeyPair");
        } else {
            keyPair = keyPair2;
        }
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(addExtension.build(jcaContentSignerBuilder.build(keyPair.getPrivate())));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConver…().getCertificate(holder)");
        return certificate;
    }

    public final X509Certificate build(String certificateBase64) {
        Intrinsics.checkNotNullParameter(certificateBase64, "certificateBase64");
        byte[] bytes = certificateBase64.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        byte[] decodeCertificate = Base64.decode(bytes, 2);
        Intrinsics.checkNotNullExpressionValue(decodeCertificate, "decodeCertificate");
        return build(decodeCertificate);
    }

    public final X509Certificate build(byte[] certificateByteArray) {
        Intrinsics.checkNotNullParameter(certificateByteArray, "certificateByteArray");
        Certificate generateCertificate = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(certificateByteArray));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    public final CertificateBuilder extensions(List<CertificateExtension> extensions) {
        Intrinsics.checkNotNullParameter(extensions, "extensions");
        this.extensions = extensions;
        return this;
    }

    public final CertificateBuilder issuerDistinguishedName(DistinguishedName issuerDistinguishedName) {
        Intrinsics.checkNotNullParameter(issuerDistinguishedName, "issuerDistinguishedName");
        this.issuerDistinguishedName = issuerDistinguishedName;
        return this;
    }

    public final CertificateBuilder issuerKeyPair(KeyPair issuerKeyPair) {
        Intrinsics.checkNotNullParameter(issuerKeyPair, "issuerKeyPair");
        this.issuerKeyPair = issuerKeyPair;
        return this;
    }

    public final CertificateBuilder notAfter(Date notAfter) {
        Intrinsics.checkNotNullParameter(notAfter, "notAfter");
        this.notAfter = notAfter;
        return this;
    }

    public final CertificateBuilder notBefore(Date notBefore) {
        Intrinsics.checkNotNullParameter(notBefore, "notBefore");
        this.notBefore = notBefore;
        return this;
    }

    public final CertificateBuilder serialNumber(BigInteger serialNumber) {
        Intrinsics.checkNotNullParameter(serialNumber, "serialNumber");
        this.serialNumber = serialNumber;
        return this;
    }

    public final CertificateBuilder signatureAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        this.signatureAlgorithm = signatureAlgorithm;
        return this;
    }

    public final CertificateBuilder subjectDistinguishedName(DistinguishedName subjectDistinguishedName) {
        Intrinsics.checkNotNullParameter(subjectDistinguishedName, "subjectDistinguishedName");
        this.subjectDistinguishedName = subjectDistinguishedName;
        return this;
    }

    public final CertificateBuilder subjectPublicKey(PublicKey subjectPublicKey) {
        Intrinsics.checkNotNullParameter(subjectPublicKey, "subjectPublicKey");
        this.subjectPublicKey = subjectPublicKey;
        return this;
    }
}
