package net.ripe.rpki.commons.crypto.x509cert;

import java.math.BigInteger;
import java.net.URI;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.EnumSet;
import javax.security.auth.x500.X500Principal;
import net.ripe.ipresource.IpResourceSet;
import net.ripe.ipresource.IpResourceType;
import net.ripe.rpki.commons.crypto.ValidityPeriod;
import org.apache.commons.lang3.Validate;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/x509cert/GenericRpkiCertificateBuilder.class */
public abstract class GenericRpkiCertificateBuilder {
    private PublicKey publicKey;
    private KeyPair signingKeyPair;
    private BigInteger serial;
    private X500Principal subject;
    private X500Principal issuer;
    private ValidityPeriod validityPeriod;
    private URI crlUri;
    private URI parentResourceCertificatePublicationUri;
    private IpResourceSet resources = new IpResourceSet();
    private EnumSet<IpResourceType> inheritedResourceTypes = EnumSet.noneOf(IpResourceType.class);
    private String signatureProvider = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;

    public void withPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public void withSigningKeyPair(KeyPair keyPair) {
        this.signingKeyPair = keyPair;
    }

    public void withSerial(BigInteger bigInteger) {
        this.serial = bigInteger;
    }

    public void withResources(IpResourceSet ipResourceSet) {
        this.resources = ipResourceSet;
    }

    public void withInheritedResourceTypes(EnumSet<IpResourceType> enumSet) {
        this.inheritedResourceTypes = EnumSet.copyOf((EnumSet) enumSet);
    }

    public void withSubjectDN(X500Principal x500Principal) {
        this.subject = x500Principal;
    }

    public void withIssuerDN(X500Principal x500Principal) {
        this.issuer = x500Principal;
    }

    public void withValidityPeriod(ValidityPeriod validityPeriod) {
        this.validityPeriod = validityPeriod;
    }

    public void withCrlUri(URI uri) {
        Validate.notNull(uri, "CRL Uri can not be null", new Object[0]);
        validateIsRsyncUri(uri);
        this.crlUri = uri;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateIsRsyncUri(URI uri) {
        Validate.isTrue(uri.toString().startsWith("rsync:"), "Rsync URI is required, multiple repositories not supported by this builder at this time", new Object[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSelfSigned() {
        return this.signingKeyPair.getPublic().equals(this.publicKey);
    }

    public void withParentResourceCertificatePublicationUri(URI uri) {
        this.parentResourceCertificatePublicationUri = uri;
    }

    public void withSignatureProvider(String str) {
        this.signatureProvider = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509ResourceCertificateBuilder createGenericRpkiCertificateBuilder(int i) {
        X509ResourceCertificateBuilder x509ResourceCertificateBuilder = new X509ResourceCertificateBuilder();
        x509ResourceCertificateBuilder.withPublicKey(this.publicKey);
        x509ResourceCertificateBuilder.withSigningKeyPair(this.signingKeyPair);
        x509ResourceCertificateBuilder.withSerial(this.serial);
        x509ResourceCertificateBuilder.withResources(this.resources);
        x509ResourceCertificateBuilder.withInheritedResourceTypes(this.inheritedResourceTypes);
        x509ResourceCertificateBuilder.withSubjectDN(this.subject);
        x509ResourceCertificateBuilder.withIssuerDN(this.issuer);
        x509ResourceCertificateBuilder.withValidityPeriod(this.validityPeriod);
        if (!isSelfSigned()) {
            x509ResourceCertificateBuilder.withCrlDistributionPoints(this.crlUri);
            x509ResourceCertificateBuilder.withAuthorityInformationAccess(new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_CA_CA_ISSUERS, this.parentResourceCertificatePublicationUri));
            x509ResourceCertificateBuilder.withAuthorityKeyIdentifier(true);
        }
        x509ResourceCertificateBuilder.withSignatureProvider(this.signatureProvider);
        x509ResourceCertificateBuilder.withKeyUsage(i);
        return x509ResourceCertificateBuilder;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateFields() {
        Validate.notNull(this.publicKey, "Public Key is required", new Object[0]);
        Validate.notNull(this.signingKeyPair, "Signing Key Pair is required", new Object[0]);
        Validate.notNull(this.serial, "Serial is required", new Object[0]);
        Validate.isTrue((this.inheritedResourceTypes.isEmpty() && this.resources.isEmpty()) ? false : true, "Resources are required. Inherited resources are allowed but not advised (unless you are building an EE cert for manifests)", new Object[0]);
        Validate.notNull(this.subject, "Subject is required", new Object[0]);
        Validate.notNull(this.issuer, "Issuer is required", new Object[0]);
        Validate.notNull(this.validityPeriod, "ValidityPeriod is required", new Object[0]);
        if (!isSelfSigned()) {
            Validate.notNull(this.crlUri, "CRL URI is required (except for self-signed (root) certificates)", new Object[0]);
            Validate.notNull(this.parentResourceCertificatePublicationUri, "Parent Certificate Publication URI is required", new Object[0]);
        }
        Validate.notNull(this.signatureProvider, "SignatureProvider is required", new Object[0]);
    }
}
