package gnu.crypto.pki;

import gnu.crypto.der.BitString;
import gnu.crypto.der.DERReader;
import gnu.crypto.der.DERValue;
import gnu.crypto.der.OID;
import gnu.crypto.pki.ext.Extension;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public final class X509CertificateBuilder extends X509CertificateImpl {
    private static final long ONE_YEAR = 31536000000L;

    public X509CertificateBuilder() {
        this.version = 3;
    }

    private final byte[] sign(Signature signature) throws CertificateException, IOException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        ArrayList arrayList = new ArrayList(3);
        ArrayList arrayList2 = new ArrayList(9);
        if (this.version != 1) {
            arrayList2.add(new DERValue(96, BigInteger.valueOf(this.version - 1)));
        }
        if (this.serialNo == null) {
            throw new CertificateException("no serial number");
        }
        arrayList2.add(new DERValue(2, this.serialNo));
        ArrayList arrayList3 = new ArrayList(2);
        arrayList3.add(new DERValue(6, this.sigAlgId));
        if (this.sigAlgVal != null) {
            arrayList3.add(DERReader.read(this.sigAlgVal));
        } else {
            arrayList3.add(new DERValue(5, null));
        }
        DERValue dERValue = new DERValue(48, arrayList3);
        arrayList2.add(dERValue);
        if (this.issuer == null) {
            throw new CertificateException("no issuer");
        }
        arrayList2.add(DERReader.read(this.issuer.getDer()));
        if (this.notBefore == null) {
            this.notBefore = new Date();
        }
        if (this.notAfter == null) {
            this.notAfter = new Date(this.notBefore.getTime() + ONE_YEAR);
        }
        ArrayList arrayList4 = new ArrayList(2);
        arrayList4.add(new DERValue(24, this.notBefore));
        arrayList4.add(new DERValue(24, this.notAfter));
        arrayList2.add(new DERValue(48, arrayList4));
        if (this.subject == null) {
            throw new CertificateException("no subject");
        }
        arrayList2.add(DERReader.read(this.subject.getDer()));
        if (this.subjectKey == null) {
            throw new CertificateException("no public key");
        }
        if ("X.509".equals(this.subjectKey.getFormat())) {
            arrayList2.add(DERReader.read(this.subjectKey.getEncoded()));
        } else {
            arrayList2.add(DERReader.read(((PublicKey) KeyFactory.getInstance(this.subjectKey.getAlgorithm()).translateKey(this.subjectKey)).getEncoded()));
        }
        if (this.issuerUniqueId != null) {
            if (this.version < 2) {
                throw new CertificateException("issuerUniqueId is only valid for version 2 or 3");
            }
            arrayList2.add(new DERValue(65, this.issuerUniqueId));
        }
        if (this.subjectUniqueId != null) {
            if (this.version < 2) {
                throw new CertificateException("subjectUniqueId is only valid for version 2 or 3");
            }
            arrayList2.add(new DERValue(66, this.subjectUniqueId));
        }
        if (this.extensions.size() > 0 && this.version < 3) {
            throw new CertificateException("extensions are only valid for version 3");
        }
        if (this.extensions.size() > 0) {
            ArrayList arrayList5 = new ArrayList(this.extensions.size());
            Iterator it = this.extensions.values().iterator();
            while (it.hasNext()) {
                arrayList5.add(((Extension) it.next()).getDerValue());
            }
            arrayList2.add(new DERValue(67, arrayList5));
        }
        DERValue dERValue2 = new DERValue(48, arrayList2);
        this.tbsCertBytes = dERValue2.getEncoded();
        signature.update(this.tbsCertBytes);
        this.signature = signature.sign();
        arrayList.add(dERValue2);
        arrayList.add(dERValue);
        arrayList.add(new DERValue(4, this.signature));
        return new DERValue(48, arrayList).getEncoded();
    }

    public final void addExtension(Extension extension) {
        this.extensions.put(extension.getOid(), extension);
        this.encoded = null;
    }

    @Override // gnu.crypto.pki.X509CertificateImpl, java.security.cert.Certificate
    public final byte[] getEncoded() throws CertificateEncodingException {
        if (this.encoded != null) {
            return (byte[]) this.encoded.clone();
        }
        throw new CertificateEncodingException("not encoded");
    }

    @Override // gnu.crypto.pki.X509CertificateImpl, java.security.cert.X509Certificate
    public final Date getNotAfter() {
        if (this.notAfter != null) {
            return (Date) this.notAfter.clone();
        }
        throw new IllegalStateException("notAfter not set");
    }

    @Override // gnu.crypto.pki.X509CertificateImpl, java.security.cert.X509Certificate
    public final Date getNotBefore() {
        if (this.notBefore != null) {
            return (Date) this.notBefore.clone();
        }
        throw new IllegalStateException("notBefore not set");
    }

    @Override // gnu.crypto.pki.X509CertificateImpl, java.security.cert.X509Certificate
    public final byte[] getSignature() {
        if (this.signature == null) {
            return (byte[]) this.signature.clone();
        }
        throw new IllegalStateException("certificate has not been signed");
    }

    @Override // gnu.crypto.pki.X509CertificateImpl, java.security.cert.X509Certificate
    public final byte[] getTBSCertificate() throws CertificateEncodingException {
        if (this.tbsCertBytes != null) {
            return (byte[]) this.tbsCertBytes.clone();
        }
        throw new CertificateEncodingException("not encoded");
    }

    public final void setIssuer(X500Name x500Name) {
        this.issuer = x500Name;
        this.encoded = null;
    }

    public final void setIssuer(X500Principal x500Principal) throws IOException {
        this.issuer = new X500Name(x500Principal.getEncoded());
        this.encoded = null;
    }

    public final void setIssuerUniqueId(BitString bitString) {
        this.issuerUniqueId = bitString;
        this.encoded = null;
    }

    public final void setNotAfter(Date date) {
        this.notAfter = date;
        this.encoded = null;
    }

    public final void setNotBefore(Date date) {
        this.notBefore = date;
        this.encoded = null;
    }

    public final void setPublicKey(PublicKey publicKey) {
        this.subjectKey = publicKey;
        this.encoded = null;
    }

    public final void setSerialNumber(BigInteger bigInteger) {
        if (bigInteger.signum() < 0 || bigInteger.equals(BigInteger.ZERO)) {
            throw new IllegalArgumentException("serial numbers must be positive");
        }
        this.serialNo = bigInteger;
        this.encoded = null;
    }

    public final void setSigAlg(String str) {
        if (str.equals("DSAwithSHA1") || str.equals("DSS")) {
            this.sigAlgId = ID_DSA_WITH_SHA1;
            return;
        }
        if (str.equals("MD2withRSA")) {
            this.sigAlgId = ID_RSA_WITH_MD2;
            return;
        }
        if (str.equals("MD5withRSA")) {
            this.sigAlgId = ID_RSA_WITH_MD5;
        } else if (str.equals("SHA1withRSA")) {
            this.sigAlgId = ID_RSA_WITH_SHA1;
        } else {
            this.sigAlgId = new OID(str);
        }
    }

    public final void setSigParams(byte[] bArr) {
        this.sigAlgVal = bArr == null ? null : (byte[]) bArr.clone();
        this.encoded = null;
    }

    public final void setSubject(X500Name x500Name) {
        this.subject = x500Name;
        this.encoded = null;
    }

    public final void setSubject(X500Principal x500Principal) throws IOException {
        this.subject = new X500Name(x500Principal.getEncoded());
        this.encoded = null;
    }

    public final void setSubjectUniqueId(BitString bitString) {
        this.subjectUniqueId = bitString;
        this.encoded = null;
    }

    public final void setVersion(int i) {
        if (i <= 0 || i > 3) {
            StringBuffer stringBuffer = new StringBuffer("invalid version: ");
            stringBuffer.append(i);
            throw new IllegalArgumentException(stringBuffer.toString());
        }
        this.version = i;
        this.encoded = null;
    }

    public final void sign(PrivateKey privateKey, String str) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, SignatureException {
        setSigAlg(str);
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        try {
            this.encoded = sign(signature);
        } catch (IOException e) {
            CertificateEncodingException certificateEncodingException = new CertificateEncodingException();
            certificateEncodingException.initCause(e);
            throw certificateEncodingException;
        }
    }

    public final void sign(PrivateKey privateKey, String str, String str2) throws CertificateException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        setSigAlg(str);
        Signature signature = Signature.getInstance(str, str2);
        signature.initSign(privateKey);
        try {
            this.encoded = sign(signature);
        } catch (IOException e) {
            CertificateEncodingException certificateEncodingException = new CertificateEncodingException();
            certificateEncodingException.initCause(e);
            throw certificateEncodingException;
        }
    }
}
