package com.barclubstats2.mobiledl.certificates;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes4.dex */
public final class CertificateGenerator {
    private static final boolean CRITICAL = true;
    private static final boolean NOT_CRITICAL = false;

    private CertificateGenerator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate generateCertificate(DataMaterial dataMaterial, CertificateMaterial certificateMaterial, KeyMaterial keyMaterial) throws CertIOException, CertificateException, OperatorCreationException {
        Security.addProvider(new BouncyCastleProvider());
        Optional<X509Certificate> issuerCertificate = keyMaterial.issuerCertificate();
        X500Name x500Name = new X500Name(dataMaterial.subjectDN());
        X500Name x500Name2 = new X500Name(dataMaterial.issuerDN());
        ContentSigner build = new JcaContentSignerBuilder(keyMaterial.signingAlgorithm()).build(keyMaterial.signingKey());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name2, certificateMaterial.serialNumber(), certificateMaterial.startDate(), certificateMaterial.endDate(), x500Name, keyMaterial.publicKey());
        try {
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            if (issuerCertificate.isPresent()) {
                try {
                    jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(issuerCertificate.get().getPublicKey()));
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyMaterial.publicKey()));
            jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(certificateMaterial.keyUsage()));
            Optional<String> issuerAlternativeName = dataMaterial.issuerAlternativeName();
            if (issuerAlternativeName.isPresent()) {
                jcaX509v3CertificateBuilder.addExtension(Extension.issuerAlternativeName, false, (ASN1Encodable) new GeneralNames(new GeneralName(6, issuerAlternativeName.get())));
            }
            int pathLengthConstraint = certificateMaterial.pathLengthConstraint();
            if (pathLengthConstraint != -1) {
                jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(pathLengthConstraint));
            }
            Optional<String> extendedKeyUsage = certificateMaterial.extendedKeyUsage();
            if (extendedKeyUsage.isPresent()) {
                jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, true, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.getInstance(new ASN1ObjectIdentifier(extendedKeyUsage.get()))}));
            }
            return new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(build));
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
