package dev.sigstore.trustroot;

import dev.sigstore.proto.ProtoMutators;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.immutables.value.Value;

@Value.Immutable
/* loaded from: input_file:dev/sigstore/trustroot/CertificateAuthority.class */
public abstract class CertificateAuthority {
    public abstract CertPath getCertPath();

    public abstract URI getUri();

    public abstract ValidFor getValidFor();

    public abstract Subject getSubject();

    public boolean isCurrent() {
        return getValidFor().contains(Instant.now());
    }

    @Value.Lazy
    public TrustAnchor asTrustAnchor() throws CertificateException, InvalidAlgorithmParameterException {
        List<? extends Certificate> certificates = getCertPath().getCertificates();
        TrustAnchor trustAnchor = new TrustAnchor((X509Certificate) certificates.get(certificates.size() - 1), null);
        new PKIXParameters((Set<TrustAnchor>) Collections.singleton(trustAnchor));
        return trustAnchor;
    }

    public static CertificateAuthority from(dev.sigstore.proto.trustroot.v1.CertificateAuthority certificateAuthority) throws CertificateException {
        return ImmutableCertificateAuthority.builder().certPath(ProtoMutators.toCertPath(certificateAuthority.getCertChain().getCertificatesList())).validFor(ValidFor.from(certificateAuthority.getValidFor())).uri(URI.create(certificateAuthority.getUri())).subject(Subject.from(certificateAuthority.getSubject())).build();
    }
}
