package com.webauthn4j.ctap.authenticator.attestation;

import com.webauthn4j.data.SignatureAlgorithm;
import com.webauthn4j.data.attestation.authenticator.AAGUID;
import com.webauthn4j.util.exception.UnexpectedCheckedException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: AttestationCertificateBuilder.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��<\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u00152\u00020\u0001:\u0001\u0015B1\b��\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0003\u0012\u0006\u0010\u0007\u001a\u00020\b\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0004\b\u000b\u0010\fJ\u000e\u0010\r\u001a\u00020��2\u0006\u0010\r\u001a\u00020\u000eJ\u000e\u0010\u0010\u001a\u00020��2\u0006\u0010\u0010\u001a\u00020\u000eJ\u000e\u0010\u0011\u001a\u00020��2\u0006\u0010\u0011\u001a\u00020\u0012J\u0006\u0010\u0013\u001a\u00020\u0014R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��R\u0016\u0010\r\u001a\n \u000f*\u0004\u0018\u00010\u000e0\u000eX\u0082\u000e¢\u0006\u0002\n��R\u0016\u0010\u0010\u001a\n \u000f*\u0004\u0018\u00010\u000e0\u000eX\u0082\u000e¢\u0006\u0002\n��R\u0010\u0010\u0011\u001a\u0004\u0018\u00010\u0012X\u0082\u000e¢\u0006\u0002\n��¨\u0006\u0016"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/attestation/AttestationCertificateBuilder;", "", "subjectDN", "", "publicKey", "Ljava/security/PublicKey;", "issuerDN", "issuerPrivateKey", "Ljava/security/PrivateKey;", "signatureAlgorithm", "Lcom/webauthn4j/data/SignatureAlgorithm;", "<init>", "(Ljava/lang/String;Ljava/security/PublicKey;Ljava/lang/String;Ljava/security/PrivateKey;Lcom/webauthn4j/data/SignatureAlgorithm;)V", "notBefore", "Ljava/time/Instant;", "kotlin.jvm.PlatformType", "notAfter", "aaguid", "Lcom/webauthn4j/data/attestation/authenticator/AAGUID;", "build", "Ljava/security/cert/X509Certificate;", "Companion", "webauthn4j-ctap-authenticator"})
/* loaded from: input_file:com/webauthn4j/ctap/authenticator/attestation/AttestationCertificateBuilder.class */
public final class AttestationCertificateBuilder {

    @NotNull
    private final String subjectDN;

    @NotNull
    private final PublicKey publicKey;

    @NotNull
    private final String issuerDN;

    @NotNull
    private final PrivateKey issuerPrivateKey;

    @NotNull
    private final SignatureAlgorithm signatureAlgorithm;
    private Instant notBefore;
    private Instant notAfter;

    @Nullable
    private AAGUID aaguid;

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final ASN1ObjectIdentifier ID_FIDO_GEN_CE_AAGUID = new ASN1ObjectIdentifier("1.3.6.1.4.1.45724.1.1.4").intern();

    /* compiled from: AttestationCertificateBuilder.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��\u0014\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u0016\u0010\u0004\u001a\n \u0006*\u0004\u0018\u00010\u00050\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0007"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/attestation/AttestationCertificateBuilder$Companion;", "", "<init>", "()V", "ID_FIDO_GEN_CE_AAGUID", "Lorg/bouncycastle/asn1/ASN1ObjectIdentifier;", "kotlin.jvm.PlatformType", "webauthn4j-ctap-authenticator"})
    /* loaded from: input_file:com/webauthn4j/ctap/authenticator/attestation/AttestationCertificateBuilder$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public AttestationCertificateBuilder(@NotNull String str, @NotNull PublicKey publicKey, @NotNull String str2, @NotNull PrivateKey privateKey, @NotNull SignatureAlgorithm signatureAlgorithm) {
        Intrinsics.checkNotNullParameter(str, "subjectDN");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        Intrinsics.checkNotNullParameter(str2, "issuerDN");
        Intrinsics.checkNotNullParameter(privateKey, "issuerPrivateKey");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        this.subjectDN = str;
        this.publicKey = publicKey;
        this.issuerDN = str2;
        this.issuerPrivateKey = privateKey;
        this.signatureAlgorithm = signatureAlgorithm;
        this.notBefore = Instant.parse("2000-01-01T00:00:00Z");
        this.notAfter = Instant.parse("2999-12-31T23:59:59Z");
    }

    @NotNull
    public final AttestationCertificateBuilder notBefore(@NotNull Instant instant) {
        Intrinsics.checkNotNullParameter(instant, "notBefore");
        this.notBefore = instant;
        return this;
    }

    @NotNull
    public final AttestationCertificateBuilder notAfter(@NotNull Instant instant) {
        Intrinsics.checkNotNullParameter(instant, "notAfter");
        this.notAfter = instant;
        return this;
    }

    @NotNull
    public final AttestationCertificateBuilder aaguid(@NotNull AAGUID aaguid) {
        Intrinsics.checkNotNullParameter(aaguid, "aaguid");
        this.aaguid = aaguid;
        return this;
    }

    @NotNull
    public final X509Certificate build() {
        try {
            X509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Principal(this.issuerDN), BigInteger.valueOf(1L), Date.from(this.notBefore), Date.from(this.notAfter), new X500Principal(this.subjectDN), this.publicKey);
            AAGUID aaguid = this.aaguid;
            if (aaguid != null) {
                jcaX509v3CertificateBuilder.addExtension(ID_FIDO_GEN_CE_AAGUID, false, new DEROctetString(aaguid.getBytes()));
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(this.signatureAlgorithm.getJcaName()).build(this.issuerPrivateKey)));
            Intrinsics.checkNotNull(certificate);
            return certificate;
        } catch (OperatorCreationException e) {
            throw new UnexpectedCheckedException(e);
        } catch (CertificateException e2) {
            throw new UnexpectedCheckedException(e2);
        } catch (CertIOException e3) {
            throw new UnexpectedCheckedException(e3);
        }
    }
}
