package org.jboss.as.domain.management.security;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.chrono.ChronoZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedList;
import javax.security.auth.x500.X500Principal;
import org.dom4j.rule.Pattern;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.logging.Logger;
import org.keycloak.models.ClientModel;
import org.opensaml.security.crypto.JCAConstants;
import org.wildfly.common.Assert;
import org.wildfly.security.util.ByteStringBuilder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-2.2.0.Final.jar:org/jboss/as/domain/management/security/X509CertificateBuilder.class */
public final class X509CertificateBuilder {
    private static final ZonedDateTime LATEST_VALID = ZonedDateTime.of(Pattern.NONE, 12, 31, 23, 59, 59, 0, ZoneOffset.UTC);
    private static DomainManagementLogger log = (DomainManagementLogger) Logger.getMessageLogger(DomainManagementLogger.class, "org.jboss.as.domain.management.certificate-generation");
    private X500Principal subjectDn;
    private byte[] subjectUniqueId;
    private X500Principal issuerDn;
    private byte[] issuerUniqueId;
    private PublicKey publicKey;
    private PrivateKey signingKey;
    private String signatureAlgorithmName;
    private int version = 3;
    private BigInteger serialNumber = BigInteger.ONE;
    private ZonedDateTime notValidBefore = ZonedDateTime.now();
    private ZonedDateTime notValidAfter = LATEST_VALID;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-2.2.0.Final.jar:org/jboss/as/domain/management/security/X509CertificateBuilder$ASN1.class */
    public static class ASN1 {
        public static final int BOOLEAN_TYPE = 1;
        public static final int INTEGER_TYPE = 2;
        public static final int BIT_STRING_TYPE = 3;
        public static final int OCTET_STRING_TYPE = 4;
        public static final int NULL_TYPE = 5;
        public static final int OBJECT_IDENTIFIER_TYPE = 6;
        public static final int UTF8_STRING_TYPE = 12;
        public static final int PRINTABLE_STRING_TYPE = 19;
        public static final int IA5_STRING_TYPE = 22;
        public static final int GENERALIZED_TIME_TYPE = 24;
        public static final int UNIVERSAL_STRING_TYPE = 28;
        public static final int BMP_STRING_TYPE = 30;
        public static final int SEQUENCE_TYPE = 48;
        public static final int SET_TYPE = 49;
        public static final int CONSTRUCTED_MASK = 32;
        public static final int APPLICATION_SPECIFIC_MASK = 64;
        public static final int CONTEXT_SPECIFIC_MASK = 128;
        public static final int CLASS_MASK = 192;
        public static final int TAG_NUMBER_MASK = 31;
        public static final String OID_SHA1_WITH_DSA = "1.2.840.10040.4.3";
        public static final String OID_SHA1_WITH_ECDSA = "1.2.840.10045.4.1";
        public static final String OID_SHA224_WITH_ECDSA = "1.2.840.10045.4.3.1";
        public static final String OID_SHA256_WITH_ECDSA = "1.2.840.10045.4.3.2";
        public static final String OID_SHA384_WITH_ECDSA = "1.2.840.10045.4.3.3";
        public static final String OID_SHA512_WITH_ECDSA = "1.2.840.10045.4.3.4";
        public static final String OID_MD2_WITH_RSA = "1.2.840.113549.1.1.2";
        public static final String OID_MD4_WITH_RSA = "1.2.840.113549.1.1.3";
        public static final String OID_MD5_WITH_RSA = "1.2.840.113549.1.1.4";
        public static final String OID_SHA1_WITH_RSA = "1.2.840.113549.1.1.5";
        public static final String OID_SHA256_WITH_RSA = "1.2.840.113549.1.1.11";
        public static final String OID_SHA384_WITH_RSA = "1.2.840.113549.1.1.12";
        public static final String OID_SHA512_WITH_RSA = "1.2.840.113549.1.1.13";

        ASN1() {
        }

        public static String oidFromSignatureAlgorithm(String str) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -1364698020:
                    if (str.equals(JCAConstants.SIGNATURE_RSA_MD5)) {
                        z = 2;
                        break;
                    }
                    break;
                case -794853417:
                    if (str.equals(JCAConstants.SIGNATURE_RSA_SHA384)) {
                        z = 5;
                        break;
                    }
                    break;
                case -754129337:
                    if (str.equals("SHA1withDSA")) {
                        z = 8;
                        break;
                    }
                    break;
                case -754115883:
                    if (str.equals("SHA1withRSA")) {
                        z = 3;
                        break;
                    }
                    break;
                case -611254448:
                    if (str.equals(JCAConstants.SIGNATURE_RSA_SHA512)) {
                        z = 6;
                        break;
                    }
                    break;
                case -280290445:
                    if (str.equals("SHA256withRSA")) {
                        z = 4;
                        break;
                    }
                    break;
                case 65786932:
                    if (str.equals("ECDSA")) {
                        z = 10;
                        break;
                    }
                    break;
                case 637568043:
                    if (str.equals(JCAConstants.SIGNATURE_ECDSA_SHA384)) {
                        z = 13;
                        break;
                    }
                    break;
                case 982518116:
                    if (str.equals(JCAConstants.SIGNATURE_ECDSA_SHA512)) {
                        z = 14;
                        break;
                    }
                    break;
                case 1034462420:
                    if (str.equals("NONEwithDSA")) {
                        z = 7;
                        break;
                    }
                    break;
                case 1034475874:
                    if (str.equals("NONEwithRSA")) {
                        z = false;
                        break;
                    }
                    break;
                case 1131632553:
                    if (str.equals(JCAConstants.SIGNATURE_ECDSA_SHA1)) {
                        z = 11;
                        break;
                    }
                    break;
                case 1211345095:
                    if (str.equals(JCAConstants.SIGNATURE_ECDSA_SHA256)) {
                        z = 12;
                        break;
                    }
                    break;
                case 1981392630:
                    if (str.equals("NONEwithECDSA")) {
                        z = 9;
                        break;
                    }
                    break;
                case 1996805567:
                    if (str.equals("MD2withRSA")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return null;
                case true:
                    return OID_MD2_WITH_RSA;
                case true:
                    return OID_MD5_WITH_RSA;
                case true:
                    return OID_SHA1_WITH_RSA;
                case true:
                    return OID_SHA256_WITH_RSA;
                case true:
                    return OID_SHA384_WITH_RSA;
                case true:
                    return OID_SHA512_WITH_RSA;
                case true:
                    return null;
                case true:
                    return OID_SHA1_WITH_DSA;
                case true:
                    return null;
                case true:
                case true:
                    return OID_SHA1_WITH_ECDSA;
                case true:
                    return OID_SHA256_WITH_ECDSA;
                case true:
                    return OID_SHA384_WITH_ECDSA;
                case true:
                    return OID_SHA512_WITH_ECDSA;
                default:
                    return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-2.2.0.Final.jar:org/jboss/as/domain/management/security/X509CertificateBuilder$DEREncoder.class */
    public static class DEREncoder {
        private static final long LARGEST_UNSHIFTED_LONG = 922337203685477580L;
        private ByteStringBuilder currentBuffer;
        private final ByteStringBuilder target;
        private static final TagComparator TAG_COMPARATOR = new TagComparator();
        private static final DateTimeFormatter GENERALIZED_TIME_FORMAT = DateTimeFormatter.ofPattern("yyyyMMddHHmmssX");
        private static final BigInteger[] digits = {BigInteger.ZERO, BigInteger.ONE, BigInteger.valueOf(2), BigInteger.valueOf(3), BigInteger.valueOf(4), BigInteger.valueOf(5), BigInteger.valueOf(6), BigInteger.valueOf(7), BigInteger.valueOf(8), BigInteger.valueOf(9)};
        private final ArrayDeque<EncoderState> states = new ArrayDeque<>();
        private final ArrayList<ByteStringBuilder> buffers = new ArrayList<>();
        private int currentBufferPos = -1;
        private int implicitTag = -1;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-2.2.0.Final.jar:org/jboss/as/domain/management/security/X509CertificateBuilder$DEREncoder$EncoderState.class */
        public class EncoderState {
            private final int tag;
            private final int bufferPos;
            private LinkedList<EncoderState> childElements = new LinkedList<>();
            private int childLength = 0;

            public EncoderState(int i, int i2) {
                this.tag = i;
                this.bufferPos = i2;
            }

            public int getTag() {
                return this.tag;
            }

            public int getBufferPos() {
                return this.bufferPos;
            }

            public ByteStringBuilder getBuffer() {
                return (ByteStringBuilder) DEREncoder.this.buffers.get(getBufferPos());
            }

            public int getChildLength() {
                return this.childLength;
            }

            public LinkedList<EncoderState> getSortedChildElements(Comparator<EncoderState> comparator) {
                Collections.sort(this.childElements, comparator);
                return this.childElements;
            }

            public void addChildElement(int i, int i2) {
                this.childElements.add(new EncoderState(i, i2));
            }

            public void addChildLength(int i) {
                this.childLength += i;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-2.2.0.Final.jar:org/jboss/as/domain/management/security/X509CertificateBuilder$DEREncoder$TagComparator.class */
        public static class TagComparator implements Comparator<EncoderState> {
            private TagComparator() {
            }

            @Override // java.util.Comparator
            public int compare(EncoderState encoderState, EncoderState encoderState2) {
                return (encoderState.getTag() | 32) - (encoderState2.getTag() | 32);
            }
        }

        public DEREncoder(ByteStringBuilder byteStringBuilder) {
            this.target = byteStringBuilder;
            this.currentBuffer = byteStringBuilder;
        }

        public void startSequence() {
            startConstructedElement(48);
        }

        public void startSet() {
            startConstructedElement(49);
        }

        public void startSetOf() {
            startSet();
        }

        public void startExplicit(int i) {
            startExplicit(128, i);
        }

        public void startExplicit(int i, int i2) {
            startConstructedElement(i | 32 | i2);
        }

        private void startConstructedElement(int i) {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast != null && peekLast.getTag() == 49) {
                updateCurrentBuffer();
                peekLast.addChildElement(i, this.currentBufferPos);
            }
            writeTag(i, this.currentBuffer);
            if (i != 49) {
                updateCurrentBuffer();
            }
            this.states.add(new EncoderState(i, this.currentBufferPos));
        }

        public void endSequence() throws IllegalStateException {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast == null || peekLast.getTag() != 48) {
                throw X509CertificateBuilder.log.noSequenceToEnd();
            }
            endConstructedElement();
        }

        public void endExplicit() throws IllegalStateException {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast == null || peekLast.getTag() == 48 || peekLast.getTag() == 49 || (peekLast.getTag() & 32) == 0) {
                throw X509CertificateBuilder.log.noExplicitlyTaggedElementToEnd();
            }
            endConstructedElement();
        }

        private void endConstructedElement() {
            ByteStringBuilder byteStringBuilder = this.currentBufferPos > 0 ? this.buffers.get(this.currentBufferPos - 1) : this.target;
            int length = this.currentBuffer.length();
            int writeLength = writeLength(length, byteStringBuilder);
            byteStringBuilder.append(this.currentBuffer);
            this.currentBuffer.setLength(0);
            this.currentBuffer = byteStringBuilder;
            this.currentBufferPos--;
            this.states.removeLast();
            EncoderState peekLast = this.states.peekLast();
            if (peekLast == null || peekLast.getTag() != 49) {
                return;
            }
            peekLast.addChildLength(1 + writeLength + length);
        }

        public void endSet() throws IllegalStateException {
            endSet(TAG_COMPARATOR);
        }

        private void endSet(Comparator<EncoderState> comparator) {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast == null || peekLast.getTag() != 49) {
                throw X509CertificateBuilder.log.noSetToEnd();
            }
            LinkedList<EncoderState> sortedChildElements = peekLast.getSortedChildElements(comparator);
            int bufferPos = peekLast.getBufferPos();
            ByteStringBuilder byteStringBuilder = bufferPos >= 0 ? this.buffers.get(bufferPos) : this.target;
            int childLength = peekLast.getChildLength();
            int writeLength = writeLength(peekLast.getChildLength(), byteStringBuilder);
            Iterator<EncoderState> it = sortedChildElements.iterator();
            while (it.hasNext()) {
                ByteStringBuilder byteStringBuilder2 = this.buffers.get(it.next().getBufferPos());
                byteStringBuilder.append(byteStringBuilder2);
                byteStringBuilder2.setLength(0);
            }
            this.currentBuffer = byteStringBuilder;
            this.currentBufferPos = bufferPos;
            this.states.removeLast();
            EncoderState peekLast2 = this.states.peekLast();
            if (peekLast2 == null || peekLast2.getTag() != 49) {
                return;
            }
            peekLast2.addChildLength(1 + writeLength + childLength);
        }

        public void encodeBitString(byte[] bArr) {
            encodeBitString(bArr, 0);
        }

        public void encodeBitString(byte[] bArr, int i) {
            byte[] bArr2 = new byte[bArr.length + 1];
            bArr2[0] = (byte) i;
            System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
            writeElement(3, bArr2);
        }

        public void encodeGeneralizedTime(ZonedDateTime zonedDateTime) {
            writeElement(24, GENERALIZED_TIME_FORMAT.format(zonedDateTime).getBytes(StandardCharsets.UTF_8));
        }

        public void encodeObjectIdentifier(String str) {
            int length = str.length();
            if (length == 0) {
                throw X509CertificateBuilder.log.asnOidMustHaveAtLeast2Components();
            }
            int i = 0;
            long j = 0;
            int i2 = 0;
            int i3 = -1;
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            while (true) {
                int i4 = i;
                i++;
                char charAt = str.charAt(0 + i4);
                if (Character.isDigit(charAt)) {
                    int digit = Character.digit(charAt, 10);
                    if (j > LARGEST_UNSHIFTED_LONG) {
                        BigInteger add = BigInteger.valueOf(j).multiply(BigInteger.TEN).add(digits[digit]);
                        j = 0;
                        do {
                            int i5 = i;
                            i++;
                            char charAt2 = str.charAt(0 + i5);
                            if (Character.isDigit(charAt2)) {
                                add = add.multiply(BigInteger.TEN).add(digits[Character.digit(charAt2, 10)]);
                            } else {
                                if (charAt2 != '.') {
                                    throw X509CertificateBuilder.log.asnInvalidOidCharacter();
                                }
                                if (i2 == 0) {
                                    i3 = validateFirstOIDComponent(add);
                                } else {
                                    encodeOIDComponent(add, byteStringBuilder, i2, i3);
                                }
                                i2++;
                            }
                        } while (i != length);
                        if (i2 == 0) {
                            throw X509CertificateBuilder.log.asnOidMustHaveAtLeast2Components();
                        }
                        encodeOIDComponent(add, byteStringBuilder, i2, i3);
                        writeElement(6, byteStringBuilder);
                        return;
                    }
                    j = (10 * j) + digit;
                } else {
                    if (charAt != '.') {
                        throw X509CertificateBuilder.log.asnInvalidOidCharacter();
                    }
                    if (i2 == 0) {
                        i3 = validateFirstOIDComponent(j);
                    } else {
                        encodeOIDComponent(j, byteStringBuilder, i2, i3);
                    }
                    i2++;
                    j = 0;
                }
                if (i == length) {
                    if (charAt == '.') {
                        throw X509CertificateBuilder.log.asnInvalidOidCharacter();
                    }
                    if (i2 == 0) {
                        throw X509CertificateBuilder.log.asnOidMustHaveAtLeast2Components();
                    }
                    encodeOIDComponent(j, byteStringBuilder, i2, i3);
                    writeElement(6, byteStringBuilder);
                    return;
                }
            }
        }

        public void encodeImplicit(int i) {
            encodeImplicit(128, i);
        }

        public void encodeImplicit(int i, int i2) {
            if (this.implicitTag == -1) {
                this.implicitTag = i | i2;
            }
        }

        void encodeInteger(int i) {
            encodeInteger(BigInteger.valueOf(i));
        }

        public void encodeInteger(BigInteger bigInteger) {
            writeElement(2, bigInteger.toByteArray());
        }

        public void writeEncoded(byte[] bArr) {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast != null && peekLast.getTag() == 49) {
                updateCurrentBuffer();
                peekLast.addChildElement(bArr[0], this.currentBufferPos);
            }
            if (this.implicitTag != -1) {
                writeTag(bArr[0], this.currentBuffer);
                this.currentBuffer.append(bArr, 1, bArr.length - 1);
            } else {
                this.currentBuffer.append(bArr);
            }
            if (peekLast == null || peekLast.getTag() != 49) {
                return;
            }
            peekLast.addChildLength(this.currentBuffer.length());
        }

        public void flush() {
            while (this.states.size() != 0) {
                EncoderState peekLast = this.states.peekLast();
                if (peekLast.getTag() == 48) {
                    endSequence();
                } else if (peekLast.getTag() == 49) {
                    endSet();
                }
            }
        }

        private int validateFirstOIDComponent(long j) {
            if (j < 0 || j > 2) {
                throw X509CertificateBuilder.log.asnInvalidValueForFirstOidComponent();
            }
            return (int) j;
        }

        private int validateFirstOIDComponent(BigInteger bigInteger) {
            if (bigInteger.compareTo(BigInteger.valueOf(0L)) == -1 || bigInteger.compareTo(BigInteger.valueOf(2L)) == 1) {
                throw X509CertificateBuilder.log.asnInvalidValueForFirstOidComponent();
            }
            return bigInteger.intValue();
        }

        private void validateSecondOIDComponent(long j, int i) {
            if (i < 2 && j > 39) {
                throw X509CertificateBuilder.log.asnInvalidValueForSecondOidComponent();
            }
        }

        private void validateSecondOIDComponent(BigInteger bigInteger, int i) {
            if (i < 2 && bigInteger.compareTo(BigInteger.valueOf(39L)) == 1) {
                throw X509CertificateBuilder.log.asnInvalidValueForSecondOidComponent();
            }
        }

        private void encodeOIDComponent(long j, ByteStringBuilder byteStringBuilder, int i, int i2) {
            if (i != 1) {
                encodeOIDComponent(j, byteStringBuilder);
            } else {
                validateSecondOIDComponent(j, i2);
                encodeOIDComponent(j + (40 * i2), byteStringBuilder);
            }
        }

        private void encodeOIDComponent(BigInteger bigInteger, ByteStringBuilder byteStringBuilder, int i, int i2) {
            if (i != 1) {
                encodeOIDComponent(bigInteger, byteStringBuilder);
            } else {
                validateSecondOIDComponent(bigInteger, i2);
                encodeOIDComponent(bigInteger.add(BigInteger.valueOf(40 * i2)), byteStringBuilder);
            }
        }

        private void encodeOIDComponent(long j, ByteStringBuilder byteStringBuilder) {
            int i = 56;
            while (true) {
                int i2 = i;
                if (i2 <= 0) {
                    byteStringBuilder.append((byte) (j & 127));
                    return;
                } else {
                    if (j >= (1 << i2)) {
                        byteStringBuilder.append((byte) ((j >>> i2) | 128));
                    }
                    i = i2 - 7;
                }
            }
        }

        private void encodeOIDComponent(BigInteger bigInteger, ByteStringBuilder byteStringBuilder) {
            int bitLength = (bigInteger.bitLength() + 6) / 7;
            if (bitLength == 0) {
                byteStringBuilder.append((byte) 0);
                return;
            }
            byte[] bArr = new byte[bitLength];
            BigInteger bigInteger2 = bigInteger;
            for (int i = bitLength - 1; i >= 0; i--) {
                bArr[i] = (byte) ((bigInteger2.intValue() & 127) | 128);
                bigInteger2 = bigInteger2.shiftRight(7);
            }
            int i2 = bitLength - 1;
            bArr[i2] = (byte) (bArr[i2] & Byte.MAX_VALUE);
            byteStringBuilder.append(bArr);
        }

        private void writeTag(int i, ByteStringBuilder byteStringBuilder) {
            int i2 = i & 32;
            if (this.implicitTag != -1) {
                i = this.implicitTag | i2;
                this.implicitTag = -1;
            }
            int i3 = i & 192;
            int i4 = i & 31;
            if (i4 < 31) {
                byteStringBuilder.append((byte) (i3 | i2 | i4));
                return;
            }
            byteStringBuilder.append((byte) (i3 | i2 | 31));
            if (i4 < 128) {
                byteStringBuilder.append((byte) i4);
                return;
            }
            int i5 = 28;
            while (true) {
                int i6 = i5;
                if (i6 <= 0) {
                    byteStringBuilder.append((byte) (i4 & 127));
                    return;
                } else {
                    if (i4 >= (1 << i6)) {
                        byteStringBuilder.append((byte) ((i4 >>> i6) | 128));
                    }
                    i5 = i6 - 7;
                }
            }
        }

        private int writeLength(int i, ByteStringBuilder byteStringBuilder) {
            int i2;
            if (i < 0) {
                throw X509CertificateBuilder.log.asnInvalidLength();
            }
            if (i > 127) {
                i2 = 1;
                int i3 = i;
                while (true) {
                    int i4 = i3 >>> 8;
                    i3 = i4;
                    if (i4 == 0) {
                        break;
                    }
                    i2++;
                }
            } else {
                i2 = 1;
            }
            if (i > 127) {
                byteStringBuilder.append((byte) (i2 | 128));
            }
            for (int i5 = (i2 - 1) * 8; i5 >= 0; i5 -= 8) {
                byteStringBuilder.append((byte) (i >> i5));
            }
            return i2;
        }

        private void updateCurrentBuffer() {
            this.currentBufferPos++;
            if (this.currentBufferPos < this.buffers.size()) {
                this.currentBuffer = this.buffers.get(this.currentBufferPos);
                return;
            }
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            this.buffers.add(byteStringBuilder);
            this.currentBuffer = byteStringBuilder;
        }

        private void writeElement(int i, byte[] bArr) {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast != null && peekLast.getTag() == 49) {
                updateCurrentBuffer();
                peekLast.addChildElement(i, this.currentBufferPos);
            }
            writeTag(i, this.currentBuffer);
            writeLength(bArr.length, this.currentBuffer);
            this.currentBuffer.append(bArr);
            if (peekLast == null || peekLast.getTag() != 49) {
                return;
            }
            peekLast.addChildLength(this.currentBuffer.length());
        }

        private void writeElement(int i, ByteStringBuilder byteStringBuilder) {
            EncoderState peekLast = this.states.peekLast();
            if (peekLast != null && peekLast.getTag() == 49) {
                updateCurrentBuffer();
                peekLast.addChildElement(i, this.currentBufferPos);
            }
            writeTag(i, this.currentBuffer);
            writeLength(byteStringBuilder.length(), this.currentBuffer);
            this.currentBuffer.append(byteStringBuilder);
            if (peekLast == null || peekLast.getTag() != 49) {
                return;
            }
            peekLast.addChildLength(this.currentBuffer.length());
        }
    }

    public int getVersion() {
        return this.version;
    }

    public X509CertificateBuilder setVersion(int i) {
        Assert.checkMinimumParameter("version", 1, i);
        Assert.checkMaximumParameter("version", 3, i);
        this.version = i;
        return this;
    }

    public BigInteger getSerialNumber() {
        return this.serialNumber;
    }

    public X509CertificateBuilder setSerialNumber(BigInteger bigInteger) {
        Assert.checkNotNullParam("serialNumber", bigInteger);
        if (BigInteger.ONE.compareTo(bigInteger) > 0) {
            throw log.serialNumberTooSmall();
        }
        if (bigInteger.bitLength() > 160) {
            throw log.serialNumberTooLarge();
        }
        this.serialNumber = bigInteger;
        return this;
    }

    public X500Principal getSubjectDn() {
        return this.subjectDn;
    }

    public X509CertificateBuilder setSubjectDn(X500Principal x500Principal) {
        Assert.checkNotNullParam("subjectDn", x500Principal);
        this.subjectDn = x500Principal;
        return this;
    }

    public byte[] getSubjectUniqueId() {
        return this.subjectUniqueId;
    }

    public X509CertificateBuilder setSubjectUniqueId(byte[] bArr) {
        Assert.checkNotNullParam("subjectUniqueId", bArr);
        this.subjectUniqueId = bArr;
        return this;
    }

    public X500Principal getIssuerDn() {
        return this.issuerDn;
    }

    public X509CertificateBuilder setIssuerDn(X500Principal x500Principal) {
        Assert.checkNotNullParam("issuerDn", x500Principal);
        this.issuerDn = x500Principal;
        return this;
    }

    public byte[] getIssuerUniqueId() {
        return this.issuerUniqueId;
    }

    public X509CertificateBuilder setIssuerUniqueId(byte[] bArr) {
        Assert.checkNotNullParam("issuerUniqueId", bArr);
        this.issuerUniqueId = bArr;
        return this;
    }

    public ZonedDateTime getNotValidBefore() {
        return this.notValidBefore;
    }

    public X509CertificateBuilder setNotValidBefore(ZonedDateTime zonedDateTime) {
        Assert.checkNotNullParam("notValidBefore", zonedDateTime);
        this.notValidBefore = zonedDateTime;
        return this;
    }

    public ZonedDateTime getNotValidAfter() {
        return this.notValidAfter;
    }

    public X509CertificateBuilder setNotValidAfter(ZonedDateTime zonedDateTime) {
        Assert.checkNotNullParam("notValidAfter", zonedDateTime);
        this.notValidAfter = zonedDateTime;
        return this;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public X509CertificateBuilder setPublicKey(PublicKey publicKey) {
        Assert.checkNotNullParam(ClientModel.PUBLIC_KEY, publicKey);
        this.publicKey = publicKey;
        return this;
    }

    public PrivateKey getSigningKey() {
        return this.signingKey;
    }

    public X509CertificateBuilder setSigningKey(PrivateKey privateKey) {
        Assert.checkNotNullParam("signingKey", privateKey);
        this.signingKey = privateKey;
        return this;
    }

    public String getSignatureAlgorithmName() {
        return this.signatureAlgorithmName;
    }

    public X509CertificateBuilder setSignatureAlgorithmName(String str) {
        Assert.checkNotNullParam("signatureAlgorithmName", str);
        this.signatureAlgorithmName = str;
        return this;
    }

    public X509Certificate build() throws CertificateException {
        byte[] tBSBytes = getTBSBytes();
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        DEREncoder dEREncoder = new DEREncoder(byteStringBuilder);
        dEREncoder.startSequence();
        dEREncoder.writeEncoded(tBSBytes);
        String str = this.signatureAlgorithmName;
        String oidFromSignatureAlgorithm = ASN1.oidFromSignatureAlgorithm(str);
        dEREncoder.startSequence();
        dEREncoder.encodeObjectIdentifier(oidFromSignatureAlgorithm);
        dEREncoder.endSequence();
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(this.signingKey);
            signature.update(tBSBytes);
            dEREncoder.encodeBitString(signature.sign());
            dEREncoder.endSequence();
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteStringBuilder.toArray()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw log.certSigningFailed(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v22, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r1v24, types: [java.time.ZonedDateTime] */
    byte[] getTBSBytes() {
        BigInteger bigInteger = this.serialNumber;
        int i = this.version;
        String str = this.signatureAlgorithmName;
        if (str == null) {
            throw log.noSignatureAlgorithmNameGiven();
        }
        String oidFromSignatureAlgorithm = ASN1.oidFromSignatureAlgorithm(str);
        if (oidFromSignatureAlgorithm == null) {
            throw log.unknownSignatureAlgorithmName(str);
        }
        PrivateKey privateKey = this.signingKey;
        if (privateKey == null) {
            throw log.noSigningKeyGiven();
        }
        String algorithm = privateKey.getAlgorithm();
        if (!str.endsWith("with" + algorithm) || str.contains("with" + algorithm + "and")) {
            throw log.signingKeyNotCompatWithSig(algorithm, str);
        }
        ZonedDateTime zonedDateTime = this.notValidBefore;
        ZonedDateTime zonedDateTime2 = this.notValidAfter;
        if (zonedDateTime.compareTo((ChronoZonedDateTime<?>) zonedDateTime2) > 0) {
            throw log.validAfterBeforeValidBefore(zonedDateTime, zonedDateTime2);
        }
        X500Principal x500Principal = this.issuerDn;
        if (x500Principal == null) {
            throw log.noIssuerDnGiven();
        }
        X500Principal x500Principal2 = this.subjectDn;
        PublicKey publicKey = this.publicKey;
        if (publicKey == null) {
            throw log.noPublicKeyGiven();
        }
        byte[] bArr = this.issuerUniqueId;
        byte[] bArr2 = this.subjectUniqueId;
        if (i < 2 && (bArr != null || bArr2 != null)) {
            throw log.uniqueIdNotAllowed();
        }
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        DEREncoder dEREncoder = new DEREncoder(byteStringBuilder);
        dEREncoder.startSequence();
        dEREncoder.startExplicit(0);
        dEREncoder.encodeInteger(i - 1);
        dEREncoder.endExplicit();
        dEREncoder.encodeInteger(bigInteger);
        dEREncoder.startSequence();
        dEREncoder.encodeObjectIdentifier(oidFromSignatureAlgorithm);
        dEREncoder.endSequence();
        dEREncoder.writeEncoded(x500Principal.getEncoded());
        dEREncoder.startSequence();
        dEREncoder.encodeGeneralizedTime(zonedDateTime.withZoneSameInstant((ZoneId) ZoneOffset.UTC));
        dEREncoder.encodeGeneralizedTime(zonedDateTime2.withZoneSameInstant((ZoneId) ZoneOffset.UTC));
        dEREncoder.endSequence();
        if (x500Principal2 != null) {
            dEREncoder.writeEncoded(x500Principal2.getEncoded());
        }
        String algorithm2 = publicKey.getAlgorithm();
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(algorithm2);
            dEREncoder.writeEncoded(((X509EncodedKeySpec) keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class)).getEncoded());
            if (bArr != null) {
                dEREncoder.encodeImplicit(1);
                dEREncoder.encodeBitString(bArr);
            }
            if (bArr2 != null) {
                dEREncoder.encodeImplicit(2);
                dEREncoder.encodeBitString(bArr2);
            }
            dEREncoder.endSequence();
            return byteStringBuilder.toArray();
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw log.invalidKeyForCert(algorithm2, e);
        }
    }
}
