package mitm.common.security.certificate.impl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import mitm.common.security.certificate.CertificateBuilderException;
import mitm.common.security.certificate.CertificateVersion;
import mitm.common.security.certificate.ExtendedKeyUsageType;
import mitm.common.security.certificate.KeyUsageType;
import mitm.common.security.certificate.X500PrincipalUtils;
import mitm.common.security.certificate.X509CertificateBuilder;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.crl.CRLDistributionPointsBuilder;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes2.dex */
public class StandardX509CertificateBuilder implements X509CertificateBuilder {
    private boolean addSubjectKeyIdentier;
    private GeneralNames altNames;
    private boolean altNamesCritical;
    private boolean cACritical;
    private final String certificateProvider;
    private Collection<String> crlDistributionPointURIs;
    private Set<ExtendedKeyUsageType> extendedKeyUsage;
    private boolean extendedKeyUsageCritical;
    private boolean isCA;
    private X500Principal issuer;
    private Set<KeyUsageType> keyUsage;
    private boolean keyUsageCritical;
    private Date notAfter;
    private Date notBefore;
    private Integer pathLengthConstraint;
    private PublicKey publicKey;
    private BigInteger serialNumber;
    private String signatureAlgorithm;
    private final String signingProvider;
    private X500Principal subject;
    private CertificateVersion version = CertificateVersion.V3;
    private boolean addAuthorityKeyIdentier = true;

    public StandardX509CertificateBuilder(String str, String str2) {
        this.signingProvider = str;
        this.certificateProvider = str2;
    }

    private X509Certificate getCertificate(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider(this.certificateProvider);
        return jcaX509CertificateConverter.getCertificate(x509CertificateHolder);
    }

    private ContentSigner getContentSigner(PrivateKey privateKey) throws OperatorCreationException {
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.signatureAlgorithm);
        jcaContentSignerBuilder.setProvider(this.signingProvider);
        return jcaContentSignerBuilder.build(privateKey);
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void addAuthorityKeyIdentifier(boolean z) {
        this.addAuthorityKeyIdentier = z;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void addSubjectKeyIdentifier(boolean z) {
        this.addSubjectKeyIdentier = z;
    }

    protected SubjectKeyIdentifier createSubjectKeyIdentifier(PublicKey publicKey) throws NoSuchAlgorithmException {
        return new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey);
    }

    protected X509v1CertificateBuilder createX509v1CertificateBuilder(X509Certificate x509Certificate) throws IOException {
        X500Principal issuer = getIssuer();
        if (x509Certificate != null) {
            issuer = x509Certificate.getSubjectX500Principal();
        }
        return new X509v1CertificateBuilder(X500PrincipalUtils.toX500Name(issuer), this.serialNumber, this.notBefore, this.notAfter, X500PrincipalUtils.toX500Name(this.subject), SubjectPublicKeyInfo.getInstance(this.publicKey.getEncoded()));
    }

    protected X509v3CertificateBuilder createX509v3CertificateBuilder(X509Certificate x509Certificate) throws IOException, CertificateParsingException, NoSuchAlgorithmException {
        X500Principal issuer = getIssuer();
        if (x509Certificate != null) {
            issuer = x509Certificate.getSubjectX500Principal();
        }
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(X500PrincipalUtils.toX500Name(issuer), this.serialNumber, this.notBefore, this.notAfter, X500PrincipalUtils.toX500Name(this.subject), SubjectPublicKeyInfo.getInstance(this.publicKey.getEncoded()));
        if (this.isCA) {
            x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, this.cACritical, this.pathLengthConstraint == null ? new BasicConstraints(true) : new BasicConstraints(this.pathLengthConstraint.intValue()));
        }
        Set<KeyUsageType> set = this.keyUsage;
        if (set != null && set.size() > 0) {
            x509v3CertificateBuilder.addExtension(X509Extension.keyUsage, this.keyUsageCritical, getKeyUsageASN1());
        }
        Set<ExtendedKeyUsageType> set2 = this.extendedKeyUsage;
        if (set2 != null && set2.size() > 0) {
            x509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, this.extendedKeyUsageCritical, getExtendedKeyUsageASN1());
        }
        if (this.altNames != null) {
            x509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, this.altNamesCritical, this.altNames);
        }
        if (this.addSubjectKeyIdentier) {
            x509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(this.publicKey));
        }
        if (x509Certificate != null && this.addAuthorityKeyIdentier) {
            x509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, (ASN1Encodable) getAuthorityKeyIdentifier(x509Certificate));
        }
        Collection<String> collection = this.crlDistributionPointURIs;
        if (collection != null && collection.size() > 0) {
            CRLDistributionPointsBuilder cRLDistributionPointsBuilder = new CRLDistributionPointsBuilder();
            Iterator<String> it = this.crlDistributionPointURIs.iterator();
            while (it.hasNext()) {
                cRLDistributionPointsBuilder.addDistributionPoint(it.next());
            }
            x509v3CertificateBuilder.addExtension(X509Extension.cRLDistributionPoints, false, (ASN1Encodable) cRLDistributionPointsBuilder.buildCRLDistPoint());
        }
        return x509v3CertificateBuilder;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public X509Certificate generateCertificate(PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateBuilderException {
        return generateCertificateInternal(privateKey, x509Certificate);
    }

    protected X509Certificate generateCertificateInternal(PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateBuilderException {
        return getVersion() == CertificateVersion.V1 ? generateV1CertificateInternal(privateKey, x509Certificate) : generateV3CertificateInternal(privateKey, x509Certificate);
    }

    protected X509Certificate generateV1CertificateInternal(PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateBuilderException {
        try {
            return getCertificate(createX509v1CertificateBuilder(x509Certificate).build(getContentSigner(privateKey)));
        } catch (IOException e) {
            throw new CertificateBuilderException(e);
        } catch (CertificateParsingException e2) {
            throw new CertificateBuilderException(e2);
        } catch (CertificateException e3) {
            throw new CertificateBuilderException(e3);
        } catch (OperatorCreationException e4) {
            throw new CertificateBuilderException(e4);
        }
    }

    protected X509Certificate generateV3CertificateInternal(PrivateKey privateKey, X509Certificate x509Certificate) throws CertificateBuilderException {
        try {
            return getCertificate(createX509v3CertificateBuilder(x509Certificate).build(getContentSigner(privateKey)));
        } catch (IOException e) {
            throw new CertificateBuilderException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateBuilderException(e2);
        } catch (CertificateParsingException e3) {
            throw new CertificateBuilderException(e3);
        } catch (CertificateException e4) {
            throw new CertificateBuilderException(e4);
        } catch (OperatorCreationException e5) {
            throw new CertificateBuilderException(e5);
        }
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public GeneralNames getAltNames() {
        return this.altNames;
    }

    protected AuthorityKeyIdentifier getAuthorityKeyIdentifier(X509Certificate x509Certificate) throws CertificateParsingException, IOException {
        X509CertificateInspector x509CertificateInspector = new X509CertificateInspector(x509Certificate);
        GeneralNames generalNames = new GeneralNames(new GeneralName(x509CertificateInspector.getIssuerX500Name()));
        byte[] subjectKeyIdentifier = x509CertificateInspector.getSubjectKeyIdentifier();
        return subjectKeyIdentifier != null ? new AuthorityKeyIdentifier(subjectKeyIdentifier, generalNames, x509Certificate.getSerialNumber()) : new AuthorityKeyIdentifier(generalNames, x509Certificate.getSerialNumber());
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public Set<ExtendedKeyUsageType> getExtendedKeyUsage() {
        return this.extendedKeyUsage;
    }

    protected ExtendedKeyUsage getExtendedKeyUsageASN1() {
        Vector vector = new Vector();
        Iterator<ExtendedKeyUsageType> it = this.extendedKeyUsage.iterator();
        while (it.hasNext()) {
            vector.add(it.next().getKeyPurposeId());
        }
        return new ExtendedKeyUsage(vector);
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public X500Principal getIssuer() {
        return this.issuer;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public Set<KeyUsageType> getKeyUsage() {
        return this.keyUsage;
    }

    protected KeyUsage getKeyUsageASN1() {
        Iterator<KeyUsageType> it = this.keyUsage.iterator();
        int i = 0;
        while (it.hasNext()) {
            i |= it.next().getBitValue();
        }
        return new KeyUsage(i);
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public Date getNotAfter() {
        return this.notAfter;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public Date getNotBefore() {
        return this.notBefore;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public Integer getPathLengthConstraint() {
        return this.pathLengthConstraint;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public X500Principal getSubject() {
        return this.subject;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public CertificateVersion getVersion() {
        return this.version;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isAddAuthorityKeyIdentifier() {
        return this.addAuthorityKeyIdentier;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isAddSubjectKeyIdentifier() {
        return this.addSubjectKeyIdentier;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isAltNamesCritical() {
        return this.altNamesCritical;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isCA() {
        return this.isCA;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isCACritical() {
        return this.cACritical;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isExtendedKeyUsageCritical() {
        return this.extendedKeyUsageCritical;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public boolean isKeyUsageCritical() {
        return this.keyUsageCritical;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setAltNames(GeneralNames generalNames, boolean z) {
        this.altNames = generalNames;
        this.altNamesCritical = z;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setCRLDistributionPoints(Collection<String> collection) {
        this.crlDistributionPointURIs = collection;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setExtendedKeyUsage(Set<ExtendedKeyUsageType> set, boolean z) {
        this.extendedKeyUsage = set;
        this.extendedKeyUsageCritical = z;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setIsCA(boolean z, boolean z2) {
        this.isCA = z;
        this.cACritical = z2;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setIssuer(X500Principal x500Principal) {
        this.issuer = x500Principal;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setKeyUsage(Set<KeyUsageType> set, boolean z) {
        this.keyUsage = set;
        this.keyUsageCritical = z;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setNotAfter(Date date) {
        this.notAfter = date;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setNotBefore(Date date) {
        this.notBefore = date;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setPathLengthConstraint(Integer num) {
        this.pathLengthConstraint = num;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setSerialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setSubject(X500Principal x500Principal) {
        this.subject = x500Principal;
    }

    @Override // mitm.common.security.certificate.X509CertificateBuilder
    public void setVersion(CertificateVersion certificateVersion) {
        this.version = certificateVersion;
    }
}
