package com.eero.android.pki;

import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: X509.kt */
@Metadata(d1 = {"\u0000J\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u000b\u001a\u0010\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002\u001a\u000e\u0010\f\u001a\u00020\u00032\u0006\u0010\r\u001a\u00020\u0005\u001aM\u0010\u000e\u001a\u00020\t2\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00032\u0006\u0010\u0014\u001a\u00020\u00032\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u00182\u0010\b\u0002\u0010\u0019\u001a\n\u0012\u0004\u0012\u00020\u001b\u0018\u00010\u001a¢\u0006\u0002\u0010\u001c\u001a.\u0010\u001d\u001a\u00020\t2\u0006\u0010\u001e\u001a\u00020\u00102\u0006\u0010\u001f\u001a\u00020\u00122\u0006\u0010 \u001a\u00020\u00032\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018\u001a\u000e\u0010!\u001a\u00020\u00182\u0006\u0010\"\u001a\u00020\u0018\u001a\u000e\u0010#\u001a\u00020\u00162\u0006\u0010$\u001a\u00020\u0016\u001a\u0006\u0010%\u001a\u00020\u0016\"\u000e\u0010\u0000\u001a\u00020\u0001X\u0086T¢\u0006\u0002\n\u0000\"\u000e\u0010\u0002\u001a\u00020\u0003X\u0086T¢\u0006\u0002\n\u0000\"\u0015\u0010\u0004\u001a\u00020\u0003*\u00020\u00058F¢\u0006\u0006\u001a\u0004\b\u0006\u0010\u0007¨\u0006&"}, d2 = {"CERT_EXPIRY_YEARS", "", "signatureAlg", "", "pemEncodedString", "Ljava/security/cert/Certificate;", "getPemEncodedString", "(Ljava/security/cert/Certificate;)Ljava/lang/String;", "certFromCertHolder", "Ljava/security/cert/X509Certificate;", "holder", "Lorg/bouncycastle/cert/X509CertificateHolder;", "certToPem", "cert", "createLeafCertificate", "issuerPrivate", "Ljava/security/PrivateKey;", "subjectPublic", "Ljava/security/PublicKey;", "issuer", "subject", "serial", "Ljava/math/BigInteger;", "expiry", "Ljava/util/Date;", "subjectAltNames", "", "Lorg/bouncycastle/asn1/x509/GeneralName;", "(Ljava/security/PrivateKey;Ljava/security/PublicKey;Ljava/lang/String;Ljava/lang/String;Ljava/math/BigInteger;Ljava/util/Date;[Lorg/bouncycastle/asn1/x509/GeneralName;)Ljava/security/cert/X509Certificate;", "createRootCertificateAuthority", "private", "public", "subjectAndIssuer", "expiryForStartDate", "nowDate", "leafCertSerialFromCaSerial", "caSerial", "randomCertSerial", "pki_release"}, k = 2, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class X509Kt {
    public static final int CERT_EXPIRY_YEARS = 1;
    public static final String signatureAlg = "SHA256WITHECDSA";

    private static final X509Certificate certFromCertHolder(X509CertificateHolder x509CertificateHolder) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509CertificateHolder.toASN1Structure().getEncoded());
        Certificate engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        Intrinsics.checkNotNull(engineGenerateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) engineGenerateCertificate;
    }

    public static final String certToPem(Certificate cert) {
        Intrinsics.checkNotNullParameter(cert, "cert");
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(cert);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        String stringWriter2 = stringWriter.toString();
        Intrinsics.checkNotNullExpressionValue(stringWriter2, "toString(...)");
        return stringWriter2;
    }

    public static final X509Certificate createLeafCertificate(PrivateKey issuerPrivate, PublicKey subjectPublic, String issuer, String subject, BigInteger serial, Date expiry, GeneralName[] generalNameArr) {
        Intrinsics.checkNotNullParameter(issuerPrivate, "issuerPrivate");
        Intrinsics.checkNotNullParameter(subjectPublic, "subjectPublic");
        Intrinsics.checkNotNullParameter(issuer, "issuer");
        Intrinsics.checkNotNullParameter(subject, "subject");
        Intrinsics.checkNotNullParameter(serial, "serial");
        Intrinsics.checkNotNullParameter(expiry, "expiry");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer), serial, new Date(), expiry, new X500Name(subject), subjectPublic);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(224));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
        if (generalNameArr != null) {
            if (!(generalNameArr.length == 0)) {
                jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
            }
        }
        X509CertificateHolder build = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(issuerPrivate));
        Intrinsics.checkNotNull(build);
        return certFromCertHolder(build);
    }

    public static /* synthetic */ X509Certificate createLeafCertificate$default(PrivateKey privateKey, PublicKey publicKey, String str, String str2, BigInteger bigInteger, Date date, GeneralName[] generalNameArr, int i, Object obj) {
        if ((i & 64) != 0) {
            generalNameArr = null;
        }
        return createLeafCertificate(privateKey, publicKey, str, str2, bigInteger, date, generalNameArr);
    }

    public static final X509Certificate createRootCertificateAuthority(PrivateKey privateKey, PublicKey publicKey, String subjectAndIssuer, BigInteger serial, Date expiry) {
        Intrinsics.checkNotNullParameter(privateKey, "private");
        Intrinsics.checkNotNullParameter(publicKey, "public");
        Intrinsics.checkNotNullParameter(subjectAndIssuer, "subjectAndIssuer");
        Intrinsics.checkNotNullParameter(serial, "serial");
        Intrinsics.checkNotNullParameter(expiry, "expiry");
        X500Name x500Name = new X500Name(subjectAndIssuer);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, serial, new Date(), expiry, x500Name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        SubjectKeyIdentifier createSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey);
        AuthorityKeyIdentifier createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier);
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier);
        X509CertificateHolder build = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(privateKey));
        Intrinsics.checkNotNull(build);
        return certFromCertHolder(build);
    }

    public static final Date expiryForStartDate(Date nowDate) {
        Intrinsics.checkNotNullParameter(nowDate, "nowDate");
        return new Date(nowDate.getTime() + TimeUnit.DAYS.toMillis(365L));
    }

    public static final String getPemEncodedString(Certificate certificate) {
        Intrinsics.checkNotNullParameter(certificate, "<this>");
        return certToPem(certificate);
    }

    public static final BigInteger leafCertSerialFromCaSerial(BigInteger caSerial) {
        Intrinsics.checkNotNullParameter(caSerial, "caSerial");
        byte[] byteArray = caSerial.toByteArray();
        byte[] bArr = new byte[byteArray.length + 1];
        bArr[0] = 15;
        System.arraycopy(byteArray, 0, bArr, 1, byteArray.length);
        return new BigInteger(bArr);
    }

    public static final BigInteger randomCertSerial() {
        return new BigInteger(128, new SecureRandom());
    }
}
