package com.github.gv2011.util.bc;

import com.github.gv2011.util.Pair;
import com.github.gv2011.util.Verify;
import com.github.gv2011.util.bytes.ByteUtils;
import com.github.gv2011.util.ex.Exceptions;
import com.github.gv2011.util.icol.ISortedSet;
import com.github.gv2011.util.sec.CertificateBuilder;
import com.github.gv2011.util.sec.Domain;
import com.github.gv2011.util.sec.RsaKeyPair;
import com.github.gv2011.util.sec.SecUtils;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Instant;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import javax.naming.ldap.LdapName;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStrictStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;

/* loaded from: input_file:com/github/gv2011/util/bc/BcCertificateBuilder.class */
public final class BcCertificateBuilder implements CertificateBuilder {
    private static final Instant REMOTE_FUTURE = Instant.parse("3000-01-01T00:00:00Z");
    private static final Instant REMOTE_PAST = Instant.parse("2000-01-01T00:00:00Z");
    private LdapName subject;
    private RSAPublicKey subjectPublicKey;
    private Instant notBefore;
    private Instant notAfter;
    private LdapName issuer;

    /* loaded from: input_file:com/github/gv2011/util/bc/BcCertificateBuilder$Supplier.class */
    public static final class Supplier implements CertificateBuilder.CertificateBuilderSupplier {
        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public CertificateBuilder m7get() {
            return new BcCertificateBuilder();
        }
    }

    /* renamed from: setSubject, reason: merged with bridge method [inline-methods] */
    public BcCertificateBuilder m6setSubject(LdapName ldapName) {
        this.subject = ldapName;
        return this;
    }

    public BcCertificateBuilder setDomains(Pair<Domain, ISortedSet<Domain>> pair) {
        this.subject = (LdapName) Exceptions.call(() -> {
            return new LdapName(Exceptions.format("CN={}", new Object[]{pair.getKey()}));
        });
        return this;
    }

    /* renamed from: setSubjectPublicKey, reason: merged with bridge method [inline-methods] */
    public BcCertificateBuilder m4setSubjectPublicKey(RSAPublicKey rSAPublicKey) {
        this.subjectPublicKey = rSAPublicKey;
        return this;
    }

    /* renamed from: setNotBefore, reason: merged with bridge method [inline-methods] */
    public BcCertificateBuilder m3setNotBefore(Instant instant) {
        this.notBefore = instant;
        return this;
    }

    /* renamed from: setNotAfter, reason: merged with bridge method [inline-methods] */
    public BcCertificateBuilder m2setNotAfter(Instant instant) {
        this.notAfter = instant;
        return this;
    }

    /* renamed from: setIssuer, reason: merged with bridge method [inline-methods] */
    public BcCertificateBuilder m1setIssuer(LdapName ldapName) {
        this.issuer = ldapName;
        return this;
    }

    public X509Certificate build(RsaKeyPair rsaKeyPair) {
        LdapName ldapName = (LdapName) Verify.notNull(this.subject);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) Optional.ofNullable(this.subjectPublicKey).orElse(rsaKeyPair.getPublic());
        X509CertificateHolder build = new X509v1CertificateBuilder(convert((LdapName) Verify.notNull((LdapName) Optional.ofNullable(this.issuer).orElse(ldapName))), BigInteger.ONE, Date.from((Instant) Verify.notNull((Instant) Optional.ofNullable(this.notBefore).orElse(REMOTE_PAST))), Date.from((Instant) Verify.notNull((Instant) Optional.ofNullable(this.notAfter).orElse(REMOTE_FUTURE))), convert((LdapName) Verify.notNull(ldapName)), convert((RSAPublicKey) Verify.notNull(rSAPublicKey))).build(createContentSigner(rsaKeyPair.getPrivate()));
        Objects.requireNonNull(build);
        return SecUtils.readCertificate(ByteUtils.newBytes((byte[]) Exceptions.call(build::getEncoded)));
    }

    private SubjectPublicKeyInfo convert(RSAPublicKey rSAPublicKey) {
        return SubjectPublicKeyInfo.getInstance(rSAPublicKey.getEncoded());
    }

    private ContentSigner createContentSigner(RSAPrivateCrtKey rSAPrivateCrtKey) {
        AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
        AlgorithmIdentifier find2 = new DefaultDigestAlgorithmIdentifierFinder().find(find);
        RSAPrivateCrtKeyParameters convert = convert(rSAPrivateCrtKey);
        return (ContentSigner) Exceptions.call(() -> {
            return new BcRSAContentSignerBuilder(find, find2).build(convert);
        });
    }

    private X500Name convert(LdapName ldapName) {
        X500Name x500Name = new X500Name(BCStrictStyle.INSTANCE, ldapName.toString());
        Verify.verifyEqual(ldapName.toString(), x500Name.toString());
        return x500Name;
    }

    private RSAPrivateCrtKeyParameters convert(RSAPrivateCrtKey rSAPrivateCrtKey) {
        return new RSAPrivateCrtKeyParameters(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
    }

    /* renamed from: setDomains, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ CertificateBuilder m5setDomains(Pair pair) {
        return setDomains((Pair<Domain, ISortedSet<Domain>>) pair);
    }
}
