package net.ripe.rpki.commons.provisioning.x509.pkcs10;

import java.io.IOException;
import java.net.URI;
import java.security.KeyPair;
import java.util.ArrayList;
import javax.security.auth.x500.X500Principal;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateInformationAccessDescriptor;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: input_file:net/ripe/rpki/commons/provisioning/x509/pkcs10/RpkiCaCertificateRequestBuilder.class */
public class RpkiCaCertificateRequestBuilder {
    private X500Principal subject;
    private URI caRepositoryUri;
    private URI manifestUri;
    private URI notificationUri;
    private String signatureAlgorithm = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM;
    private String signatureProvider = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;

    public RpkiCaCertificateRequestBuilder withSubject(X500Principal x500Principal) {
        this.subject = x500Principal;
        return this;
    }

    public RpkiCaCertificateRequestBuilder withCaRepositoryUri(URI uri) {
        this.caRepositoryUri = uri;
        return this;
    }

    public RpkiCaCertificateRequestBuilder withManifestUri(URI uri) {
        this.manifestUri = uri;
        return this;
    }

    public RpkiCaCertificateRequestBuilder withNotificationUri(URI uri) {
        this.notificationUri = uri;
        return this;
    }

    public RpkiCaCertificateRequestBuilder withSignatureProvider(String str) {
        this.signatureProvider = str;
        return this;
    }

    public RpkiCaCertificateRequestBuilder withSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
        return this;
    }

    public PKCS10CertificationRequest build(KeyPair keyPair) {
        try {
            Extensions createExtensions = createExtensions();
            ContentSigner build = new JcaContentSignerBuilder(this.signatureAlgorithm).setProvider(this.signatureProvider).build(keyPair.getPrivate());
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(this.subject, keyPair.getPublic());
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, createExtensions);
            return jcaPKCS10CertificationRequestBuilder.build(build);
        } catch (Exception e) {
            throw new RpkiCaCertificateRequestBuilderException(e);
        }
    }

    private Extensions createExtensions() throws IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Extension(Extension.subjectInfoAccess, false, new DEROctetString(new DERSequence(X509CertificateInformationAccessDescriptor.convertAccessDescriptors(this.notificationUri == null ? new X509CertificateInformationAccessDescriptor[]{new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, this.caRepositoryUri), new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, this.manifestUri)} : new X509CertificateInformationAccessDescriptor[]{new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY, this.caRepositoryUri), new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST, this.manifestUri), new X509CertificateInformationAccessDescriptor(X509CertificateInformationAccessDescriptor.ID_AD_RPKI_NOTIFY, this.notificationUri)})).getEncoded())));
        arrayList.add(new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(6))));
        arrayList.add(new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true))));
        return new Extensions((Extension[]) arrayList.toArray(new Extension[arrayList.size()]));
    }
}
