package org.jenkinsci.remoting.protocol.cert;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;

/* loaded from: input_file:org/jenkinsci/remoting/protocol/cert/X509CertificateRule.class */
public class X509CertificateRule implements TestRule {
    private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
    private final KeyPairRule<? extends PublicKey, ? extends PrivateKey> subjectKey;
    private final KeyPairRule<? extends PublicKey, ? extends PrivateKey> signerKey;
    private X509CertificateRule signerCertificate;
    private final long startDateOffsetMillis;
    private final long endDateOffsetMillis;
    private final String id;
    private X509Certificate certificate;

    @Target({ElementType.METHOD, ElementType.TYPE})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:org/jenkinsci/remoting/protocol/cert/X509CertificateRule$Skip.class */
    public @interface Skip {
        String[] value() default {};
    }

    public static <PUB extends PublicKey, PRIV extends PrivateKey> X509CertificateRule selfSigned(String str, KeyPairRule<PUB, PRIV> keyPairRule) {
        return new X509CertificateRule(str, keyPairRule, keyPairRule, null, -7L, 7L, TimeUnit.DAYS);
    }

    public static <PUB extends PublicKey, PRIV extends PrivateKey> X509CertificateRule create(String str, KeyPairRule<PUB, PRIV> keyPairRule, KeyPairRule<PUB, PRIV> keyPairRule2, X509CertificateRule x509CertificateRule) {
        return new X509CertificateRule(str, keyPairRule, keyPairRule2, x509CertificateRule, -7L, 7L, TimeUnit.DAYS);
    }

    public static <PUB extends PublicKey, PRIV extends PrivateKey> X509CertificateRule selfSigned(KeyPairRule<PUB, PRIV> keyPairRule) {
        return selfSigned("", keyPairRule);
    }

    public static <PUB extends PublicKey, PRIV extends PrivateKey> X509CertificateRule create(KeyPairRule<PUB, PRIV> keyPairRule, KeyPairRule<PUB, PRIV> keyPairRule2, X509CertificateRule x509CertificateRule) {
        return create("", keyPairRule, keyPairRule2, x509CertificateRule);
    }

    public static <PUB extends PublicKey, PRIV extends PrivateKey> X509CertificateRule create(String str, KeyPairRule<PUB, PRIV> keyPairRule, KeyPairRule<PUB, PRIV> keyPairRule2, X509CertificateRule x509CertificateRule, long j, long j2, TimeUnit timeUnit) {
        return new X509CertificateRule(str, keyPairRule, keyPairRule2, x509CertificateRule, j, j2, timeUnit);
    }

    public X509CertificateRule(String str, KeyPairRule<? extends PublicKey, ? extends PrivateKey> keyPairRule, KeyPairRule<? extends PublicKey, ? extends PrivateKey> keyPairRule2, X509CertificateRule x509CertificateRule, long j, long j2, TimeUnit timeUnit) {
        this.id = str;
        this.subjectKey = keyPairRule;
        this.signerKey = keyPairRule2;
        this.signerCertificate = x509CertificateRule;
        this.startDateOffsetMillis = timeUnit.toMillis(j);
        this.endDateOffsetMillis = timeUnit.toMillis(j2);
    }

    public X509Certificate certificate() {
        return this.certificate;
    }

    public Statement apply(final Statement statement, final Description description) {
        Skip skip = (Skip) description.getAnnotation(Skip.class);
        return (skip == null || !(skip.value().length == 0 || Arrays.asList(skip.value()).contains(this.id))) ? new Statement() { // from class: org.jenkinsci.remoting.protocol.cert.X509CertificateRule.1
            public void evaluate() throws Throwable {
                Date date = new Date();
                Date date2 = new Date(date.getTime() + X509CertificateRule.this.startDateOffsetMillis);
                Date date3 = new Date(date.getTime() + X509CertificateRule.this.endDateOffsetMillis);
                X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
                if (X509CertificateRule.this.id != null) {
                    x500NameBuilder.addRDN(BCStyle.CN, X509CertificateRule.this.id);
                }
                X500Principal x500Principal = new X500Principal(x500NameBuilder.addRDN(BCStyle.CN, description.getDisplayName()).addRDN(BCStyle.C, "US").build().toString());
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(X509CertificateRule.this.signerCertificate != null ? X509CertificateRule.this.signerCertificate.certificate().getSubjectX500Principal() : x500Principal, BigInteger.ONE, date2, date3, x500Principal, X509CertificateRule.this.subjectKey.getPublic());
                jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(X509CertificateRule.this.subjectKey.getPublic()));
                X509CertificateRule.this.certificate = new JcaX509CertificateConverter().setProvider(X509CertificateRule.BOUNCY_CASTLE_PROVIDER).getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(X509CertificateRule.BOUNCY_CASTLE_PROVIDER).build(X509CertificateRule.this.signerKey.getPrivate())));
                try {
                    statement.evaluate();
                    X509CertificateRule.this.certificate = null;
                } catch (Throwable th) {
                    X509CertificateRule.this.certificate = null;
                    throw th;
                }
            }
        } : statement;
    }
}
