package com.webauthn4j.test;

import com.webauthn4j.util.exception.UnexpectedCheckedException;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Date;
import java.time.Instant;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/webauthn4j/test/AttestationCertificateBuilder.class */
public class AttestationCertificateBuilder {
    private final X509v3CertificateBuilder certificateBuilder;

    public AttestationCertificateBuilder(X509Certificate x509Certificate, X500Principal x500Principal, PublicKey publicKey) {
        this.certificateBuilder = new JcaX509v3CertificateBuilder(x509Certificate, BigInteger.valueOf(1L), Date.from(Instant.parse("2000-01-01T00:00:00Z")), Date.from(Instant.parse("2999-12-31T23:59:59Z")), x500Principal, publicKey);
    }

    public void addSubjectAlternativeNamesExtension(String str) {
        try {
            this.certificateBuilder.addExtension(Extension.subjectAlternativeName, true, new DERSequence(new ASN1Encodable[]{new GeneralName(4, str)}));
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public void addBasicConstraintsExtension() {
        try {
            this.certificateBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public void addKeyUsageExtension() {
        try {
            this.certificateBuilder.addExtension(Extension.keyUsage, false, new KeyUsage(4));
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public void addExtendedKeyUsageExtension(KeyPurposeId keyPurposeId) {
        try {
            this.certificateBuilder.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(keyPurposeId));
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public X509Certificate build(PrivateKey privateKey) {
        try {
            return new JcaX509CertificateConverter().getCertificate(this.certificateBuilder.build(new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey)));
        } catch (OperatorCreationException e) {
            throw new UnexpectedCheckedException(e);
        } catch (CertificateException e2) {
            throw new com.webauthn4j.validator.exception.CertificateException(e2);
        }
    }

    public void addExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z, ASN1Encodable aSN1Encodable) {
        try {
            this.certificateBuilder.addExtension(aSN1ObjectIdentifier, z, aSN1Encodable);
        } catch (CertIOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
