package app.cash.trifle.delegate;

import app.cash.trifle.Certificate;
import app.cash.trifle.CertificateRequest;
import app.cash.trifle.internal.signers.TrifleContentSigner;
import java.math.BigInteger;
import java.time.Instant;
import java.time.Period;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.jvm.internal.Intrinsics;
import okio.ByteString;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.jetbrains.annotations.NotNull;

/* compiled from: DelegateImpl.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��0\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0010\u0018��2\u00020\u00012\u00020\u0002B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0010\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH\u0016J\u0018\u0010\n\u001a\u00020\u000b2\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\rH\u0016J\u0018\u0010\u000e\u001a\u00020\u000b2\u0006\u0010\u000f\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u0007H\u0016R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0011"}, d2 = {"Lapp/cash/trifle/delegate/DelegateImpl;", "Lapp/cash/trifle/delegate/CertificateAuthorityDelegate;", "Lapp/cash/trifle/delegate/EndEntityDelegate;", "contentSigner", "Lapp/cash/trifle/internal/signers/TrifleContentSigner;", "(Lapp/cash/trifle/internal/signers/TrifleContentSigner;)V", "createCertRequest", "Lapp/cash/trifle/CertificateRequest;", "entityName", "", "createRootSigningCertificate", "Lapp/cash/trifle/Certificate;", "validityPeriod", "Ljava/time/Period;", "signCertificate", "issuerCertificate", "certificateRequest", "jvm"})
/* loaded from: input_file:app/cash/trifle/delegate/DelegateImpl.class */
public class DelegateImpl implements CertificateAuthorityDelegate, EndEntityDelegate {

    @NotNull
    private final TrifleContentSigner contentSigner;

    public DelegateImpl(@NotNull TrifleContentSigner trifleContentSigner) {
        Intrinsics.checkNotNullParameter(trifleContentSigner, "contentSigner");
        this.contentSigner = trifleContentSigner;
    }

    @Override // app.cash.trifle.delegate.CertificateAuthorityDelegate
    @NotNull
    public Certificate signCertificate(@NotNull Certificate certificate, @NotNull CertificateRequest certificateRequest) {
        Intrinsics.checkNotNullParameter(certificate, "issuerCertificate");
        Intrinsics.checkNotNullParameter(certificateRequest, "certificateRequest");
        if (!(certificateRequest instanceof CertificateRequest.PKCS10Request)) {
            throw new NoWhenBranchMatchedException();
        }
        Instant now = Instant.now();
        byte[] encoded = new X509v3CertificateBuilder(new X509CertificateHolder(certificate.getCertificate$jvm()).getSubject(), BigInteger.valueOf(now.toEpochMilli()), Date.from(now), Date.from(now.plus((TemporalAmount) Period.ofDays(180))), ((CertificateRequest.PKCS10Request) certificateRequest).getPkcs10Req().getSubject(), ((CertificateRequest.PKCS10Request) certificateRequest).getPkcs10Req().getSubjectPublicKeyInfo()).build(this.contentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded, 0, 2, null);
    }

    @Override // app.cash.trifle.delegate.CertificateAuthorityDelegate
    @NotNull
    public Certificate createRootSigningCertificate(@NotNull String str, @NotNull Period period) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        Intrinsics.checkNotNullParameter(period, "validityPeriod");
        X500Name x500Name = new X500Name("CN=" + str);
        Instant now = Instant.now();
        X509v3CertificateBuilder addExtension = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, Date.from(now), Date.from(now.plus((TemporalAmount) period)), x500Name, this.contentSigner.subjectPublicKeyInfo()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true)).addExtension(Extension.keyUsage, true, new KeyUsage(4));
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectKeyIdentifier;
        ByteString.Companion companion = ByteString.Companion;
        byte[] bytes = this.contentSigner.subjectPublicKeyInfo().getPublicKeyData().getBytes();
        Intrinsics.checkNotNullExpressionValue(bytes, "contentSigner.subjectPub…nfo().publicKeyData.bytes");
        byte[] encoded = addExtension.addExtension(aSN1ObjectIdentifier, true, new DEROctetString(ByteString.Companion.of$default(companion, bytes, 0, 0, 3, (Object) null).sha1().toByteArray())).build(this.contentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded, 0, 2, null);
    }

    @Override // app.cash.trifle.delegate.EndEntityDelegate
    @NotNull
    public CertificateRequest createCertRequest(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        PKCS10CertificationRequest build = new PKCS10CertificationRequestBuilder(new X500Name("CN=" + str), this.contentSigner.subjectPublicKeyInfo()).build(this.contentSigner);
        ByteString.Companion companion = ByteString.Companion;
        byte[] encoded = build.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "pkcS10CertificationRequest.encoded");
        return new CertificateRequest.PKCS10Request(ByteString.Companion.of$default(companion, encoded, 0, 0, 3, (Object) null));
    }
}
