package com.eero.android.pki;

import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: X509.kt */
/* loaded from: classes.dex */
public final class X509Kt {
    public static final int CERT_EXPIRY_YEARS = 1;
    public static final String signatureAlg = "SHA256WITHECDSA";

    private static final X509Certificate certFromCertHolder(X509CertificateHolder x509CertificateHolder) {
        Certificate eeX509CertificateStructure = x509CertificateHolder.toASN1Structure();
        Intrinsics.checkExpressionValueIsNotNull(eeX509CertificateStructure, "eeX509CertificateStructure");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded());
        java.security.cert.Certificate engineGenerateCertificate = new CertificateFactory().engineGenerateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        if (engineGenerateCertificate != null) {
            return (X509Certificate) engineGenerateCertificate;
        }
        throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
    }

    public static final String certToPem(java.security.cert.Certificate cert) {
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(cert);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        String stringWriter2 = stringWriter.toString();
        Intrinsics.checkExpressionValueIsNotNull(stringWriter2, "stringWriter.toString()");
        return stringWriter2;
    }

    public static final X509Certificate createLeafCertificate(PrivateKey issuerPrivate, PublicKey subjectPublic, String issuer, String subject, BigInteger serial, Date expiry, GeneralName[] generalNameArr) {
        Intrinsics.checkParameterIsNotNull(issuerPrivate, "issuerPrivate");
        Intrinsics.checkParameterIsNotNull(subjectPublic, "subjectPublic");
        Intrinsics.checkParameterIsNotNull(issuer, "issuer");
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(serial, "serial");
        Intrinsics.checkParameterIsNotNull(expiry, "expiry");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name(issuer), serial, new Date(), expiry, new X500Name(subject), subjectPublic);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(224));
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
        if (generalNameArr != null) {
            if (!(generalNameArr.length == 0)) {
                jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(generalNameArr));
            }
        }
        X509CertificateHolder holder = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(issuerPrivate));
        Intrinsics.checkExpressionValueIsNotNull(holder, "holder");
        return certFromCertHolder(holder);
    }

    public static final X509Certificate createRootCertificateAuthority(PrivateKey privateKey, PublicKey publicKey, String subjectAndIssuer, BigInteger serial, Date expiry) {
        Intrinsics.checkParameterIsNotNull(privateKey, "private");
        Intrinsics.checkParameterIsNotNull(publicKey, "public");
        Intrinsics.checkParameterIsNotNull(subjectAndIssuer, "subjectAndIssuer");
        Intrinsics.checkParameterIsNotNull(serial, "serial");
        Intrinsics.checkParameterIsNotNull(expiry, "expiry");
        X500Name x500Name = new X500Name(subjectAndIssuer);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, serial, new Date(), expiry, x500Name, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        SubjectKeyIdentifier createSubjectKeyIdentifier = jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey);
        AuthorityKeyIdentifier createAuthorityKeyIdentifier = jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyIdentifier);
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyIdentifier);
        X509CertificateHolder holder = jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(signatureAlg).build(privateKey));
        Intrinsics.checkExpressionValueIsNotNull(holder, "holder");
        return certFromCertHolder(holder);
    }

    public static final Date expiryForStartDate(Date nowDate) {
        Intrinsics.checkParameterIsNotNull(nowDate, "nowDate");
        return new Date(nowDate.getTime() + TimeUnit.DAYS.toMillis(365L));
    }

    public static final String getPemEncodedString(java.security.cert.Certificate receiver$0) {
        Intrinsics.checkParameterIsNotNull(receiver$0, "receiver$0");
        return certToPem(receiver$0);
    }

    public static final BigInteger leafCertSerialFromCaSerial(BigInteger caSerial) {
        Intrinsics.checkParameterIsNotNull(caSerial, "caSerial");
        byte[] byteArray = caSerial.toByteArray();
        byte[] bArr = new byte[byteArray.length + 1];
        bArr[0] = 15;
        System.arraycopy(byteArray, 0, bArr, 1, byteArray.length);
        return new BigInteger(bArr);
    }

    public static final BigInteger randomCertSerial() {
        return new BigInteger(128, new SecureRandom());
    }
}
