package com.yahoo.security;

import com.yahoo.security.SubjectAlternativeName;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:com/yahoo/security/Pkcs10CsrBuilder.class */
public class Pkcs10CsrBuilder {
    private final X500Principal subject;
    private final KeyPair keyPair;
    private final List<SubjectAlternativeName> subjectAlternativeNames = new ArrayList();
    private final SignatureAlgorithm signatureAlgorithm;
    private BasicConstraintsExtension basicConstraintsExtension;

    private Pkcs10CsrBuilder(X500Principal x500Principal, KeyPair keyPair, SignatureAlgorithm signatureAlgorithm) {
        this.subject = x500Principal;
        this.keyPair = keyPair;
        this.signatureAlgorithm = signatureAlgorithm;
    }

    public static Pkcs10CsrBuilder fromKeypair(X500Principal x500Principal, KeyPair keyPair, SignatureAlgorithm signatureAlgorithm) {
        return new Pkcs10CsrBuilder(x500Principal, keyPair, signatureAlgorithm);
    }

    public Pkcs10CsrBuilder addSubjectAlternativeName(String str) {
        this.subjectAlternativeNames.add(new SubjectAlternativeName(SubjectAlternativeName.Type.DNS, str));
        return this;
    }

    public Pkcs10CsrBuilder addSubjectAlternativeName(SubjectAlternativeName subjectAlternativeName) {
        this.subjectAlternativeNames.add(subjectAlternativeName);
        return this;
    }

    public Pkcs10CsrBuilder addSubjectAlternativeName(SubjectAlternativeName.Type type, String str) {
        this.subjectAlternativeNames.add(new SubjectAlternativeName(type, str));
        return this;
    }

    public Pkcs10CsrBuilder setBasicConstraints(boolean z, boolean z2) {
        this.basicConstraintsExtension = new BasicConstraintsExtension(z, z2);
        return this;
    }

    public Pkcs10CsrBuilder setIsCertAuthority(boolean z) {
        return setBasicConstraints(true, z);
    }

    public Pkcs10Csr build() {
        try {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(this.subject.getName()), this.keyPair.getPublic());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            if (this.basicConstraintsExtension != null) {
                extensionsGenerator.addExtension(org.bouncycastle.asn1.x509.Extension.basicConstraints, this.basicConstraintsExtension.isCritical, new BasicConstraints(this.basicConstraintsExtension.isCertAuthorityCertificate));
            }
            if (!this.subjectAlternativeNames.isEmpty()) {
                extensionsGenerator.addExtension(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName, false, new GeneralNames((GeneralName[]) this.subjectAlternativeNames.stream().map((v0) -> {
                    return v0.toGeneralName();
                }).toArray(i -> {
                    return new GeneralName[i];
                })));
            }
            if (!extensionsGenerator.isEmpty()) {
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            }
            return new Pkcs10Csr(jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder(this.signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(this.keyPair.getPrivate())));
        } catch (OperatorCreationException e) {
            throw new RuntimeException((Throwable) e);
        } catch (IOException e2) {
            throw new UncheckedIOException(e2);
        }
    }
}
