package net.ripe.rpki.commons.provisioning.x509;

import java.math.BigInteger;
import java.security.KeyPair;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import org.apache.commons.lang.Validate;
import org.joda.time.DateTime;
import org.joda.time.ReadableInstant;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/x509/ProvisioningIdentityCertificateBuilder.class */
public class ProvisioningIdentityCertificateBuilder {
    private static final int DEFAULT_VALIDITY_TIME_YEARS_FROM_NOW = 10;
    private KeyPair selfSigningKeyPair;
    private X500Principal selfSigningSubject;
    private String signatureProvider = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;
    private X509CertificateBuilderHelper builderHelper = new X509CertificateBuilderHelper();

    public ProvisioningIdentityCertificateBuilder withSelfSigningKeyPair(KeyPair keyPair) {
        this.selfSigningKeyPair = keyPair;
        return this;
    }

    public ProvisioningIdentityCertificateBuilder withSelfSigningSubject(X500Principal x500Principal) {
        this.selfSigningSubject = x500Principal;
        return this;
    }

    public ProvisioningIdentityCertificateBuilder withSignatureProvider(String str) {
        this.signatureProvider = str;
        return this;
    }

    public ProvisioningIdentityCertificate build() {
        Validate.notNull(this.selfSigningKeyPair, "Self Signing KeyPair is required");
        Validate.notNull(this.selfSigningSubject, "Self Signing DN is required");
        Validate.notNull(this.signatureProvider, "Signature Provider is required");
        setUpImplicitRequirementsForBuilderHelper();
        this.builderHelper.withPublicKey(this.selfSigningKeyPair.getPublic());
        this.builderHelper.withSigningKeyPair(this.selfSigningKeyPair);
        this.builderHelper.withSubjectDN(this.selfSigningSubject);
        this.builderHelper.withIssuerDN(this.selfSigningSubject);
        this.builderHelper.withSignatureProvider(this.signatureProvider);
        return new ProvisioningIdentityCertificate(this.builderHelper.generateCertificate());
    }

    private void setUpImplicitRequirementsForBuilderHelper() {
        this.builderHelper.withSerial(BigInteger.ONE);
        this.builderHelper.withValidityPeriod(new ValidityPeriod((ReadableInstant) new DateTime(), (ReadableInstant) new DateTime().plusYears(DEFAULT_VALIDITY_TIME_YEARS_FROM_NOW)));
        this.builderHelper.withCa(true);
        this.builderHelper.withKeyUsage(6);
    }
}
