package com.android.mdl.appreader.readercertgen;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import kotlin.Metadata;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: CertificateGenerator.kt */
@Metadata(d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\bÇ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J \u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0007R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u000e"}, d2 = {"Lcom/android/mdl/appreader/readercertgen/CertificateGenerator;", "", "()V", "CRITICAL", "", "NOT_CRITICAL", "generateCertificate", "Ljava/security/cert/X509Certificate;", "data", "Lcom/android/mdl/appreader/readercertgen/DataMaterial;", "certMaterial", "Lcom/android/mdl/appreader/readercertgen/CertificateMaterial;", "keyMaterial", "Lcom/android/mdl/appreader/readercertgen/KeyMaterial;", "appverifier_debug"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes24.dex */
public final class CertificateGenerator {
    private static final boolean CRITICAL = true;
    private static final boolean NOT_CRITICAL = false;
    public static final CertificateGenerator INSTANCE = new CertificateGenerator();
    public static final int $stable = LiveLiterals$CertificateGeneratorKt.INSTANCE.m6544Int$classCertificateGenerator();

    private CertificateGenerator() {
    }

    @JvmStatic
    public static final X509Certificate generateCertificate(DataMaterial data, CertificateMaterial certMaterial, KeyMaterial keyMaterial) throws CertIOException, CertificateException, OperatorCreationException {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(certMaterial, "certMaterial");
        Intrinsics.checkNotNullParameter(keyMaterial, "keyMaterial");
        Optional<X509Certificate> issuerCertificate = keyMaterial.getIssuerCertificate();
        X500Name x500Name = new X500Name(data.getSubjectDN());
        X500Name x500Name2 = new X500Name(data.getIssuerDN());
        ContentSigner build = new JcaContentSignerBuilder(keyMaterial.getSigningAlgorithm()).build(keyMaterial.getSigningKey());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name2, certMaterial.getSerialNumber(), certMaterial.getStartDate(), certMaterial.getEndDate(), x500Name, keyMaterial.getPublicKey());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        if (issuerCertificate.isPresent()) {
            try {
                jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(issuerCertificate.get().getPublicKey()));
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        SubjectKeyIdentifier createSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyMaterial.getPublicKey());
        Intrinsics.checkNotNullExpressionValue(createSubjectKeyIdentifier, "jcaX509ExtensionUtils.cr…er(keyMaterial.publicKey)");
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier);
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(certMaterial.getKeyUsage()));
        Optional<String> issuerAlternativeName = data.getIssuerAlternativeName();
        if (issuerAlternativeName.isPresent()) {
            jcaX509v3CertificateBuilder.addExtension(Extension.issuerAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(6, issuerAlternativeName.get())));
        }
        int pathLengthConstraint = certMaterial.getPathLengthConstraint();
        if (pathLengthConstraint != -1) {
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(pathLengthConstraint));
        }
        Optional<String> extendedKeyUsage = certMaterial.getExtendedKeyUsage();
        if (extendedKeyUsage.isPresent()) {
            jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.getInstance(new ASN1ObjectIdentifier(extendedKeyUsage.get()))}));
        }
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(build));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConver…der.build(contentSigner))");
        return certificate;
    }
}
