package net.ripe.rpki.commons.crypto.crl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.crl.X509Crl;
import net.ripe.rpki.commons.crypto.util.BouncyCastleUtil;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import org.apache.commons.lang.Validate;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/crl/X509CrlBuilder.class */
public class X509CrlBuilder {
    public static final int CRL_VERSION_2 = 2;
    private X500Principal issuerDN;
    private DateTime thisUpdateTime;
    private DateTime nextUpdateTime;
    private AuthorityKeyIdentifier authorityKeyIdentifier;
    private CRLNumber crlNumber;
    private String signatureProvider = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;
    private SortedMap<BigInteger, X509Crl.Entry> entries = new TreeMap();

    public X509CrlBuilder withSignatureProvider(String str) {
        this.signatureProvider = str;
        return this;
    }

    public X509CrlBuilder withIssuerDN(X500Principal x500Principal) {
        this.issuerDN = x500Principal;
        return this;
    }

    public X509CrlBuilder withThisUpdateTime(DateTime dateTime) {
        this.thisUpdateTime = dateTime;
        return this;
    }

    public DateTime getThisUpdateTime() {
        return this.thisUpdateTime;
    }

    public X509CrlBuilder withNextUpdateTime(DateTime dateTime) {
        this.nextUpdateTime = dateTime;
        return this;
    }

    public DateTime getNextUpdateTime() {
        return this.nextUpdateTime;
    }

    public X509CrlBuilder withNumber(BigInteger bigInteger) {
        this.crlNumber = new CRLNumber(bigInteger);
        return this;
    }

    public X509CrlBuilder withAuthorityKeyIdentifier(PublicKey publicKey) {
        this.authorityKeyIdentifier = BouncyCastleUtil.createAuthorityKeyIdentifier(publicKey);
        return this;
    }

    public X509CrlBuilder addEntry(BigInteger bigInteger, DateTime dateTime) {
        Validate.isTrue(!this.entries.containsKey(bigInteger), "duplicate CRL entry");
        this.entries.put(bigInteger, new X509Crl.Entry(bigInteger, dateTime));
        return this;
    }

    public X509Crl.Entry getRevokedCertificate(BigInteger bigInteger) {
        return this.entries.get(bigInteger);
    }

    public X509CrlBuilder clearEntries() {
        this.entries.clear();
        return this;
    }

    public X509Crl build(PrivateKey privateKey) {
        validateCrlFields();
        try {
            return new X509Crl(createCrlGenerator().build(new JcaContentSignerBuilder(X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM).setProvider(this.signatureProvider).build(privateKey)).getEncoded());
        } catch (IOException e) {
            throw new X509CrlBuilderException(e);
        } catch (OperatorCreationException e2) {
            throw new X509CrlBuilderException(e2);
        }
    }

    private void validateCrlFields() {
        Validate.notNull(this.issuerDN, "issuerDN is null");
        Validate.notNull(this.thisUpdateTime, "thisUpdateTime is null");
        Validate.notNull(this.nextUpdateTime, "nextUpdateTime is null");
        Validate.notNull(this.crlNumber, "crlNumber is null");
        Validate.notNull(this.authorityKeyIdentifier, "authorityKeyIdentifier is null");
    }

    private X509v2CRLBuilder createCrlGenerator() throws CertIOException {
        X509v2CRLBuilder x509v2CRLBuilder = new X509v2CRLBuilder(X500Name.getInstance(this.issuerDN.getEncoded()), this.thisUpdateTime.toDate());
        x509v2CRLBuilder.setNextUpdate(this.nextUpdateTime.toDate());
        x509v2CRLBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, this.authorityKeyIdentifier);
        x509v2CRLBuilder.addExtension(X509Extension.cRLNumber, false, this.crlNumber);
        for (X509Crl.Entry entry : this.entries.values()) {
            x509v2CRLBuilder.addCRLEntry(entry.getSerialNumber(), entry.getRevocationDateTime().toDate(), 0);
        }
        return x509v2CRLBuilder;
    }

    public boolean isSatisfiedByEntries(X509Crl x509Crl) {
        return x509Crl.getRevokedCertificates().containsAll(this.entries.values());
    }
}
