package kotlin;

import ch.qos.logback.core.net.SyslogConstants;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import kotlin.Metadata;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: CompatX509.kt */
@Metadata(bv = {}, d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0010\u000e\n\u0002\b\u0006\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u001b\u0010\u001cJ&\u0010\u000b\u001a\u00020\n2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\t\u001a\u00020\bJ\u000e\u0010\u000e\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\fJJ\u0010\u001a\u001a\u00020\n2\u0006\u0010\u000f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u00022\u0006\u0010\u0012\u001a\u00020\u00112\b\u0010\u0014\u001a\u0004\u0018\u00010\u00132\b\u0010\u0015\u001a\u0004\u0018\u00010\u00132\f\u0010\u0018\u001a\b\u0012\u0004\u0012\u00020\u00170\u00162\u0006\u0010\u0019\u001a\u00020\bH\u0002¨\u0006\u001d"}, d2 = {"Ly/yk2;", "", "Ljava/security/PrivateKey;", "privateKey", "Ljava/security/PublicKey;", "publicKey", "Lorg/bouncycastle/openpgp/PGPPublicKey;", "pgpPublicKey", "", "publicRingEncoded", "Ljava/security/cert/X509Certificate;", "a", "Ljava/io/InputStream;", "certData", "c", "pubKey", "privKey", "Lorg/bouncycastle/asn1/x500/X500Name;", "subject", "Ljava/util/Date;", "creationTime", "validTo", "", "", "subjectAltNames", "publicKeyData", "b", "<init>", "()V", "crypto_proAyobawebRelease"}, k = 1, mv = {1, 7, 1})
/* loaded from: classes2.dex */
public final class yk2 {
    public static final yk2 a = new yk2();

    public final X509Certificate a(PrivateKey privateKey, PublicKey publicKey, PGPPublicKey pgpPublicKey, byte[] publicRingEncoded) throws PGPException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, IOException, OperatorCreationException {
        nr7.g(privateKey, "privateKey");
        nr7.g(publicKey, "publicKey");
        nr7.g(pgpPublicKey, "pgpPublicKey");
        nr7.g(publicRingEncoded, "publicRingEncoded");
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        x500NameBuilder.addRDN(BCStyle.O, "OpenPGP to X.509 Bridge");
        LinkedList linkedList = new LinkedList();
        Iterator<String> userIDs = pgpPublicKey.getUserIDs();
        nr7.f(userIDs, "pgpPublicKey.userIDs");
        while (userIDs.hasNext()) {
            String next = userIDs.next();
            x500NameBuilder.addRDN(BCStyle.CN, next);
            g6b c = g6b.c(next);
            if (c != null && c.a() != null) {
                String a2 = c.a();
                nr7.f(a2, "uid.email");
                linkedList.add(a2);
            }
        }
        X500Name build = x500NameBuilder.build();
        Date creationTime = pgpPublicKey.getCreationTime();
        Date date = pgpPublicKey.getValidSeconds() > 0 ? new Date(creationTime.getTime() + (pgpPublicKey.getValidSeconds() * 1000)) : null;
        nr7.f(build, "x509name");
        return b(publicKey, privateKey, build, creationTime, date, linkedList, publicRingEncoded);
    }

    public final X509Certificate b(PublicKey pubKey, PrivateKey privKey, X500Name subject, Date creationTime, Date validTo, List<String> subjectAltNames, byte[] publicKeyData) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException, CertificateException, NoSuchProviderException, IOException, OperatorCreationException {
        if (creationTime == null) {
            creationTime = new Date(System.currentTimeMillis());
        }
        if (validTo == null) {
            validTo = creationTime;
        }
        Locale locale = Locale.US;
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject, BigInteger.ONE, new Time(creationTime, locale), new Time(validTo, locale), subject, pubKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, true, (ASN1Encodable) new KeyUsage(236));
        jcaX509v3CertificateBuilder.addExtension(MiscObjectIdentifiers.netscapeCertType, false, (ASN1Encodable) new NetscapeCertType(SyslogConstants.LOG_LOCAL4));
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createSubjectKeyIdentifier(pubKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) jcaX509ExtensionUtils.createAuthorityKeyIdentifier(pubKey));
        if (subjectAltNames.size() > 0) {
            int size = subjectAltNames.size();
            GeneralName[] generalNameArr = new GeneralName[size];
            for (int i = 0; i < size; i++) {
                generalNameArr[i] = new GeneralName(0, new e3h(subjectAltNames.get(i)));
            }
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new GeneralNames(generalNameArr));
        }
        jcaX509v3CertificateBuilder.addExtension(gre.e, false, (ASN1Encodable) new gre(publicKeyData));
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA1WithRSAEncryption");
        mg3 mg3Var = mg3.a;
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(mg3Var.m()).getCertificate(jcaX509v3CertificateBuilder.build(jcaContentSignerBuilder.setProvider(mg3Var.m()).build(privKey)));
        certificate.verify(pubKey);
        nr7.f(certificate, "cert");
        return certificate;
    }

    public final X509Certificate c(InputStream certData) throws CertificateException {
        nr7.g(certData, "certData");
        Certificate generateCertificate = CertificateFactory.getInstance("X.509", mg3.a.m()).generateCertificate(certData);
        nr7.e(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        X509Certificate x509Certificate = (X509Certificate) generateCertificate;
        try {
            certData.close();
        } catch (IOException unused) {
        }
        return x509Certificate;
    }
}
