package app.cash.trifle.delegate;

import app.cash.trifle.Certificate;
import app.cash.trifle.CertificateRequest;
import app.cash.trifle.SignedData;
import app.cash.trifle.internal.signers.TrifleContentSigner;
import java.io.OutputStream;
import java.math.BigInteger;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.List;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import okio.ByteString;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.jetbrains.annotations.NotNull;

/* compiled from: DelegateImpl.kt */
@Metadata(mv = {1, 7, 1}, k = 1, xi = 48, d1 = {"��X\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n��\n\u0002\u0010 \n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0010\u0018��2\u00020\u00012\u00020\u0002B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0010\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0016J\u0018\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u001e\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\f\u0010\u0014\u001a\b\u0012\u0004\u0012\u00020\r0\u0015H\u0016J \u0010\u0016\u001a\u00020\r2\u0006\u0010\u0017\u001a\u00020\r2\u0006\u0010\u0018\u001a\u00020\t2\u0006\u0010\u0019\u001a\u00020\u000fH\u0016J\f\u0010\u001a\u001a\u00020\u001b*\u00020\u001cH\u0002J\f\u0010\u001d\u001a\u00020\u001e*\u00020\u001cH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001f"}, d2 = {"Lapp/cash/trifle/delegate/DelegateImpl;", "Lapp/cash/trifle/delegate/CertificateAuthorityDelegate;", "Lapp/cash/trifle/delegate/EndEntityDelegate;", "contentSigner", "Lapp/cash/trifle/internal/signers/TrifleContentSigner;", "(Lapp/cash/trifle/internal/signers/TrifleContentSigner;)V", "x509BCUtils", "Lorg/bouncycastle/cert/jcajce/JcaX509ExtensionUtils;", "createCertRequest", "Lapp/cash/trifle/CertificateRequest;", "entityName", "", "createRootSigningCertificate", "Lapp/cash/trifle/Certificate;", "validityPeriod", "Ljava/time/Duration;", "createSignedData", "Lapp/cash/trifle/SignedData;", "data", "", "certificates", "", "signCertificate", "issuerCertificate", "certificateRequest", "validity", "toAuthorityKeyIdentifier", "Lorg/bouncycastle/asn1/x509/AuthorityKeyIdentifier;", "Lorg/bouncycastle/asn1/x509/SubjectPublicKeyInfo;", "toSubjectKeyIdentifier", "Lorg/bouncycastle/asn1/x509/SubjectKeyIdentifier;", "jvm"})
/* loaded from: input_file:app/cash/trifle/delegate/DelegateImpl.class */
public class DelegateImpl implements CertificateAuthorityDelegate, EndEntityDelegate {

    @NotNull
    private final TrifleContentSigner contentSigner;

    @NotNull
    private final JcaX509ExtensionUtils x509BCUtils;

    public DelegateImpl(@NotNull TrifleContentSigner trifleContentSigner) {
        Intrinsics.checkNotNullParameter(trifleContentSigner, "contentSigner");
        this.contentSigner = trifleContentSigner;
        this.x509BCUtils = new JcaX509ExtensionUtils();
    }

    @Override // app.cash.trifle.delegate.CertificateAuthorityDelegate
    @NotNull
    public Certificate signCertificate(@NotNull Certificate certificate, @NotNull CertificateRequest certificateRequest, @NotNull Duration duration) {
        Intrinsics.checkNotNullParameter(certificate, "issuerCertificate");
        Intrinsics.checkNotNullParameter(certificateRequest, "certificateRequest");
        Intrinsics.checkNotNullParameter(duration, "validity");
        if (!(certificateRequest instanceof CertificateRequest.PKCS10Request)) {
            throw new NoWhenBranchMatchedException();
        }
        Instant now = Instant.now();
        X509v3CertificateBuilder addExtension = new X509v3CertificateBuilder(new X509CertificateHolder(certificate.getCertificate$jvm()).getSubject(), BigInteger.valueOf(now.toEpochMilli()), Date.from(now), Date.from(now.plus((TemporalAmount) duration)), ((CertificateRequest.PKCS10Request) certificateRequest).getPkcs10Req().getSubject(), ((CertificateRequest.PKCS10Request) certificateRequest).getPkcs10Req().getSubjectPublicKeyInfo()).addExtension(Extension.authorityKeyIdentifier, false, toAuthorityKeyIdentifier(this.contentSigner.subjectPublicKeyInfo()));
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectKeyIdentifier;
        SubjectPublicKeyInfo subjectPublicKeyInfo = ((CertificateRequest.PKCS10Request) certificateRequest).getPkcs10Req().getSubjectPublicKeyInfo();
        Intrinsics.checkNotNullExpressionValue(subjectPublicKeyInfo, "certificateRequest.pkcs10Req.subjectPublicKeyInfo");
        byte[] encoded = addExtension.addExtension(aSN1ObjectIdentifier, false, toSubjectKeyIdentifier(subjectPublicKeyInfo)).build(this.contentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded, 0, 2, null);
    }

    @Override // app.cash.trifle.delegate.CertificateAuthorityDelegate
    @NotNull
    public Certificate createRootSigningCertificate(@NotNull String str, @NotNull Duration duration) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        Intrinsics.checkNotNullParameter(duration, "validityPeriod");
        X500Name x500Name = new X500Name("CN=" + str);
        Instant now = Instant.now();
        SubjectPublicKeyInfo subjectPublicKeyInfo = this.contentSigner.subjectPublicKeyInfo();
        byte[] encoded = new X509v3CertificateBuilder(x500Name, BigInteger.ONE, Date.from(now), Date.from(now.plus((TemporalAmount) duration)), x500Name, this.contentSigner.subjectPublicKeyInfo()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true)).addExtension(Extension.keyUsage, true, new KeyUsage(4)).addExtension(Extension.authorityKeyIdentifier, false, toAuthorityKeyIdentifier(subjectPublicKeyInfo)).addExtension(Extension.subjectKeyIdentifier, false, toSubjectKeyIdentifier(subjectPublicKeyInfo)).build(this.contentSigner).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "signedCert.encoded");
        return new Certificate(encoded, 0, 2, null);
    }

    @Override // app.cash.trifle.delegate.EndEntityDelegate
    @NotNull
    public CertificateRequest createCertRequest(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "entityName");
        PKCS10CertificationRequest build = new PKCS10CertificationRequestBuilder(new X500Name("CN=" + str), this.contentSigner.subjectPublicKeyInfo()).build(this.contentSigner);
        ByteString.Companion companion = ByteString.Companion;
        byte[] encoded = build.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "pkcS10CertificationRequest.encoded");
        return new CertificateRequest.PKCS10Request(ByteString.Companion.of$default(companion, encoded, 0, 0, 3, (Object) null));
    }

    @Override // app.cash.trifle.delegate.EndEntityDelegate
    @NotNull
    public SignedData createSignedData(@NotNull byte[] bArr, @NotNull List<Certificate> list) {
        Intrinsics.checkNotNullParameter(bArr, "data");
        Intrinsics.checkNotNullParameter(list, "certificates");
        if (!(!list.isEmpty())) {
            throw new IllegalStateException("Certificates should not be empty.".toString());
        }
        SignedData.EnvelopedData envelopedData = new SignedData.EnvelopedData(0, this.contentSigner.m24getAlgorithmIdentifier(), bArr);
        OutputStream outputStream = this.contentSigner.getOutputStream();
        Throwable th = null;
        try {
            try {
                outputStream.write(envelopedData.serialize());
                byte[] signature = this.contentSigner.getSignature();
                CloseableKt.closeFinally(outputStream, (Throwable) null);
                Intrinsics.checkNotNullExpressionValue(signature, "signature");
                return new SignedData(envelopedData, signature, list);
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(outputStream, th);
            throw th2;
        }
    }

    private final AuthorityKeyIdentifier toAuthorityKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        AuthorityKeyIdentifier createAuthorityKeyIdentifier = this.x509BCUtils.createAuthorityKeyIdentifier(subjectPublicKeyInfo);
        Intrinsics.checkNotNullExpressionValue(createAuthorityKeyIdentifier, "x509BCUtils.createAuthorityKeyIdentifier(this)");
        return createAuthorityKeyIdentifier;
    }

    private final SubjectKeyIdentifier toSubjectKeyIdentifier(SubjectPublicKeyInfo subjectPublicKeyInfo) {
        SubjectKeyIdentifier createSubjectKeyIdentifier = this.x509BCUtils.createSubjectKeyIdentifier(subjectPublicKeyInfo);
        Intrinsics.checkNotNullExpressionValue(createSubjectKeyIdentifier, "x509BCUtils.createSubjectKeyIdentifier(this)");
        return createSubjectKeyIdentifier;
    }
}
