package app.cash.trifle;

import app.cash.trifle.internal.signers.TrifleContentSigner;
import app.cash.trifle.protos.api.alpha.MobileCertificateRequest;
import java.math.BigInteger;
import java.time.Instant;
import java.time.Period;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import kotlin.Metadata;
import kotlin.UInt;
import kotlin.jvm.internal.Intrinsics;
import okio.ByteString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.jetbrains.annotations.NotNull;

/* compiled from: CertificateUtil.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��F\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rJ\u001e\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\f\u001a\u00020\rJ\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015J\u001e\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u0017\u001a\u00020\u000f2\u0006\u0010\u0018\u001a\u00020\u00132\u0006\u0010\f\u001a\u00020\rR\u0019\u0010\u0003\u001a\u00020\u0004X\u0082Tø\u0001��ø\u0001\u0001ø\u0001\u0002¢\u0006\u0004\n\u0002\u0010\u0005R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��\u0082\u0002\u000f\n\u0002\b\u0019\n\u0005\b¡\u001e0\u0001\n\u0002\b!¨\u0006\u0019"}, d2 = {"Lapp/cash/trifle/CertificateUtil;", "", "()V", "MOBILE_CERTIFICATE_REQUEST_VERSION", "Lkotlin/UInt;", "I", "MOBILE_CERTIFICATE_VALIDITY_PERIOD_DAYS", "", "createMobileCertRequest", "Lapp/cash/trifle/protos/api/alpha/MobileCertificateRequest;", "entityName", "", "contentSigner", "Lapp/cash/trifle/internal/signers/TrifleContentSigner;", "createRootSigningCertificate", "Lapp/cash/trifle/Certificate;", "validityPeriod", "Ljava/time/Period;", "mobileCertRequestToCertRequest", "Lapp/cash/trifle/CertificateRequest;", "payload", "Lokio/ByteString;", "signCertificate", "issuerCertificate", "certificateRequest", "jvm"})
/* loaded from: input_file:app/cash/trifle/CertificateUtil.class */
public final class CertificateUtil {

    @NotNull
    public static final CertificateUtil INSTANCE = new CertificateUtil();
    private static final int MOBILE_CERTIFICATE_VALIDITY_PERIOD_DAYS = 180;
    private static final int MOBILE_CERTIFICATE_REQUEST_VERSION = 0;

    private CertificateUtil() {
    }

    @NotNull
    public final CertificateRequest mobileCertRequestToCertRequest(@NotNull ByteString byteString) {
        Intrinsics.checkNotNullParameter(byteString, "payload");
        MobileCertificateRequest mobileCertificateRequest = (MobileCertificateRequest) MobileCertificateRequest.ADAPTER.decode(byteString);
        Integer num = mobileCertificateRequest.version;
        Intrinsics.checkNotNull(num);
        if (!(UInt.constructor-impl(num.intValue()) == 0)) {
            throw new IllegalStateException("Check failed.".toString());
        }
        ByteString byteString2 = mobileCertificateRequest.pkcs10_request;
        Intrinsics.checkNotNull(byteString2);
        return new CertificateRequest(new PKCS10CertificationRequest(byteString2.toByteArray()));
    }

    @NotNull
    public final Certificate signCertificate(@NotNull Certificate certificate, @NotNull CertificateRequest certificateRequest, @NotNull TrifleContentSigner trifleContentSigner) {
        Intrinsics.checkNotNullParameter(certificate, "issuerCertificate");
        Intrinsics.checkNotNullParameter(certificateRequest, "certificateRequest");
        Intrinsics.checkNotNullParameter(trifleContentSigner, "contentSigner");
        Instant now = Instant.now();
        PKCS10CertificationRequest csr = certificateRequest.getCsr();
        byte[] encoded = new X509v3CertificateBuilder(new X509CertificateHolder(certificate.getCertificate$jvm()).getSubject(), BigInteger.valueOf(now.toEpochMilli()), Date.from(now), Date.from(now.plus((TemporalAmount) Period.ofDays(MOBILE_CERTIFICATE_VALIDITY_PERIOD_DAYS))), csr.getSubject(), csr.getSubjectPublicKeyInfo()).build(trifleContentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded);
    }

    @NotNull
    public final Certificate createRootSigningCertificate(@NotNull String str, @NotNull Period period, @NotNull TrifleContentSigner trifleContentSigner) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        Intrinsics.checkNotNullParameter(period, "validityPeriod");
        Intrinsics.checkNotNullParameter(trifleContentSigner, "contentSigner");
        X500Name x500Name = new X500Name("CN=" + str);
        Instant now = Instant.now();
        byte[] encoded = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, Date.from(now), Date.from(now.plus((TemporalAmount) period)), x500Name, trifleContentSigner.subjectPublicKeyInfo()).build(trifleContentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded);
    }

    @NotNull
    public final MobileCertificateRequest createMobileCertRequest(@NotNull String str, @NotNull TrifleContentSigner trifleContentSigner) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        Intrinsics.checkNotNullParameter(trifleContentSigner, "contentSigner");
        PKCS10CertificationRequest build = new PKCS10CertificationRequestBuilder(new X500Name("CN=" + str), trifleContentSigner.subjectPublicKeyInfo()).build(trifleContentSigner);
        Integer valueOf = Integer.valueOf(MOBILE_CERTIFICATE_REQUEST_VERSION);
        ByteString.Companion companion = ByteString.Companion;
        byte[] encoded = build.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "pkcS10CertificationRequest.encoded");
        return new MobileCertificateRequest(valueOf, ByteString.Companion.of$default(companion, encoded, MOBILE_CERTIFICATE_REQUEST_VERSION, MOBILE_CERTIFICATE_REQUEST_VERSION, 3, (Object) null), null, 4, null);
    }
}
