package org.cryptomator.cryptolib.common;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Date;
import java.util.UUID;
import org.cryptomator.cryptolib.shaded.bouncycastle.asn1.ASN1Encodable;
import org.cryptomator.cryptolib.shaded.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.cryptomator.cryptolib.shaded.bouncycastle.asn1.x500.X500Name;
import org.cryptomator.cryptolib.shaded.bouncycastle.cert.CertIOException;
import org.cryptomator.cryptolib.shaded.bouncycastle.cert.X509CertificateHolder;
import org.cryptomator.cryptolib.shaded.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.cryptomator.cryptolib.shaded.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.cryptomator.cryptolib.shaded.bouncycastle.operator.ContentSigner;
import org.cryptomator.cryptolib.shaded.bouncycastle.operator.OperatorCreationException;
import org.cryptomator.cryptolib.shaded.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes3.dex */
public class X509CertBuilder {
    private static final ASN1ObjectIdentifier ASN1_SUBJECT_KEY_ID = new ASN1ObjectIdentifier("2.5.29.14");
    private X500Name issuer;
    private final KeyPair keyPair;
    private Date notAfter;
    private Date notBefore;
    private final ContentSigner signer;
    private X500Name subject;

    private X509CertBuilder(KeyPair keyPair, ContentSigner contentSigner) {
        this.keyPair = keyPair;
        this.signer = contentSigner;
    }

    private X509CertificateHolder buildCertHolder() throws CertIOException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.issuer, randomSerialNo(), this.notBefore, this.notAfter, this.subject, this.keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(ASN1_SUBJECT_KEY_ID, false, (ASN1Encodable) getX509ExtensionUtils().createSubjectKeyIdentifier(this.keyPair.getPublic()));
        return jcaX509v3CertificateBuilder.build(this.signer);
    }

    private static CertificateFactory getCertFactory() {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException unused) {
            throw new IllegalStateException("Every implementation of the Java platform is required to support X.509.");
        }
    }

    private static JcaX509ExtensionUtils getX509ExtensionUtils() {
        try {
            return new JcaX509ExtensionUtils();
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalStateException("Every implementation of the Java platform is required to support SHA-1.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509CertBuilder init(KeyPair keyPair, String str) {
        try {
            return new X509CertBuilder(keyPair, new JcaContentSignerBuilder(str).build(keyPair.getPrivate()));
        } catch (OperatorCreationException e) {
            throw new IllegalArgumentException("Invalid signature algorithm / key combination", e);
        }
    }

    private static BigInteger randomSerialNo() {
        return BigInteger.valueOf(UUID.randomUUID().getMostSignificantBits());
    }

    private void validate() throws IllegalStateException {
        Preconditions.checkState(this.issuer != null, "issuer not set");
        Preconditions.checkState(this.subject != null, "subject not set");
        Preconditions.checkState(this.notBefore != null, "notBefore not set");
        Preconditions.checkState(this.notAfter != null, "notAfter not set");
        Preconditions.checkState(this.notBefore.compareTo(this.notAfter) < 0, "notBefore must be before notAfter");
    }

    public X509Certificate build() throws CertificateException, IllegalStateException {
        validate();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(buildCertHolder().getEncoded());
            try {
                X509Certificate x509Certificate = (X509Certificate) getCertFactory().generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException e) {
            throw new CertificateException(e);
        }
    }

    public X509CertBuilder withIssuer(String str) {
        this.issuer = new X500Name(str);
        return this;
    }

    public X509CertBuilder withNotAfter(Instant instant) {
        this.notAfter = Date.from(instant);
        return this;
    }

    public X509CertBuilder withNotBefore(Instant instant) {
        this.notBefore = Date.from(instant);
        return this;
    }

    public X509CertBuilder withSubject(String str) {
        this.subject = new X500Name(str);
        return this;
    }
}
